1. Cross-site scripting (reflected)
1.6. https://www.cargurus.com/Cars/authentication/renderLoginForm.action [redirectUrl parameter]
3. Cookie without HttpOnly flag set
3.1. http://www.cargurus.com/Cars/inventorylisting/viewListingDetailAjax.action
3.2. http://www.cargurus.com/Cars/jsonBannerAds.action
3.4. http://www.cargurus.com/Cars/getModelList.action
3.5. http://www.cargurus.com/Cars/inventorylisting/ajaxFetchSubsetInventoryListing.action
3.6. http://www.cargurus.com/Cars/inventorylisting/priceAnalysis.action
3.7. http://www.cargurus.com/Cars/inventorylisting/viewDetailsFilterViewInventoryListing.action
3.8. http://www.cargurus.com/Cars/ping/doubleClickBannerAd
3.9. http://www.cargurus.com/Cars/serveJumpstartAd.action
3.10. http://www.cargurus.com/Cars/track
3.11. http://www.cargurus.com/favicon.ico
3.12. http://www.cargurus.com/gfx/icons/silk/help.png
3.13. http://www.cargurus.com/gfx/icons/silk/star.png
3.14. http://www.cargurus.com/gfx/mini/star.gif
3.15. http://www.cargurus.com/gfx/mini/star_grey.gif
3.16. http://www.cargurus.com/gfx/mini/star_half_grey.gif
3.17. http://www.cargurus.com/js/jquery/easySlider1.7.js
3.18. https://www.cargurus.com/Cars/authentication/renderLoginForm.action
3.19. https://www.cargurus.com/favicon.ico
4. Password field with autocomplete enabled
4.1. https://www.cargurus.com/Cars/authentication/renderLoginForm.action
4.2. https://www.cargurus.com/Cars/authentication/renderLoginForm.action
5. SSL cookie without secure flag set
5.1. https://www.cargurus.com/Cars/authentication/renderLoginForm.action
5.2. https://www.cargurus.com/favicon.ico
6. Cross-domain Referer leakage
6.1. http://www.cargurus.com/Cars/inventorylisting/viewDetailsFilterViewInventoryListing.action
6.2. http://www.cargurus.com/Cars/serveJumpstartAd.action
6.3. http://www.cargurus.com/Cars/serveJumpstartAd.action
6.4. https://www.cargurus.com/Cars/authentication/renderLoginForm.action
7. Cross-domain script include
7.2. http://www.cargurus.com/Cars/inventorylisting/viewDetailsFilterViewInventoryListing.action
7.3. https://www.cargurus.com/Cars/authentication/renderLoginForm.action
8. Credit card numbers disclosed
8.1. http://www.cargurus.com/Cars/inventorylisting/ajaxFetchSubsetInventoryListing.action
8.2. http://www.cargurus.com/Cars/inventorylisting/ajaxFetchSubsetInventoryListing.action
10. Content type incorrectly stated
10.1. http://www.cargurus.com/Cars/inventorylisting/priceAnalysis.action
10.2. http://www.cargurus.com/Cars/jsonBannerAds.action
10.3. http://www.cargurus.com/favicon.ico
| Severity: | High |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /Cars/inventorylisting |
| GET /Cars/inventorylisting Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:14:13 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:14:13 GMT Access-Control-Allow Set-Cookie: preferredContactInfo Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020a Content-Length: 143810 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... /inventorylisting var listingsSearchManager = new ListingsSearchManager 'carGurusHomePage_false_0766d1';alert(1)/ 15, '', '', ...[SNIP]... |
| Severity: | High |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /Cars/inventorylisting |
| GET /Cars/inventorylisting Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:58 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:58 GMT Access-Control-Allow Set-Cookie: preferredContactInfo Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020a Content-Length: 142503 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... <script type="text/javascript"> zipCode = '02110eeba1';alert(1)/ var baseListingDetailUrl = '/Cars/inventorylisting var listingsSearchManager = new ListingsSearchManager ...[SNIP]... |
| Severity: | High |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /Cars/inventorylisting |
| GET /Cars/inventorylisting Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:55 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:55 GMT Access-Control-Allow Set-Cookie: preferredContactInfo Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020a Content-Length: 142517 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... client.DM_addEncToLoc( client.DM_addEncToLoc( client.DM_addEncToLoc( client.DM_addEncToLoc( } } </script> ...[SNIP]... |
| Severity: | High |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /Cars/inventorylisting |
| GET /Cars/inventorylisting Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html, */*; q=0.01 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:42 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:42 GMT Access-Control-Allow Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020a Content-Length: 29249 <div class="cg-listingDetail <div class="cg-listingDetail <div class="cg-sharePanel"> <div class="cg-sharePanel <div id="f ...[SNIP]... on(){ panelExpanded = false; panelLoaded = false; $(".cg-listingDetail if(panelExpanded == false){ showShareContent(24317110 panelExpanded = true; return false; }else{ clearSharePanel(); } return false; }) $(".cg-close ...[SNIP]... |
| Severity: | High |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /Cars/inventorylisting |
| GET /Cars/inventorylisting Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html, */*; q=0.01 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:38 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:38 GMT Access-Control-Allow Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020a Content-Length: 29268 <div class="cg-listingDetail <div class="cg-listingDetail <div class="cg-sharePanel"> <div class="cg-sharePanel <div id="f ...[SNIP]... <button id="contactSellerButton" onclick="clearEmptyFields ...[SNIP]... |
| Severity: | High |
| Confidence: | Certain |
| Host: | https://www.cargurus.com |
| Path: | /Cars/authentication |
| GET /Cars/authentication Host: www.cargurus.com Connection: keep-alive Referer: http://www.cargurus.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:57 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:57 GMT Content-Language: en-US Vary: Accept-Encoding,User Keep-Alive: timeout=4, max=100 Connection: Keep-Alive Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020c Content-Length: 14620 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... ing.action?ign-makerId ...[SNIP]... |
| Severity: | Medium |
| Confidence: | Certain |
| Host: | https://www.cargurus.com |
| Path: | / |
| Issued to: | www.cargurus.com |
| Issued by: | VeriSign Class 3 Extended Validation SSL SGC CA |
| Valid from: | Sun Jun 12 19:00:00 CDT 2011 |
| Valid to: | Wed Jun 05 18:59:59 CDT 2013 |
| Severity: | Low |
| Confidence: | Firm |
| Host: | http://www.cargurus.com |
| Path: | /Cars/inventorylisting |
| GET /Cars/inventorylisting Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html, */*; q=0.01 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:17 GMT Server: Apache/2.2.3 (CentOS) Set-Cookie: JSESSIONID=6D0B38D1C Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:17 GMT Access-Control-Allow Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020a Content-Length: 29221 <div class="cg-listingDetail <div class="cg-listingDetail <div class="cg-sharePanel"> <div class="cg-sharePanel <div id="f ...[SNIP]... |
| Severity: | Low |
| Confidence: | Firm |
| Host: | http://www.cargurus.com |
| Path: | /Cars/jsonBannerAds |
| GET /Cars/jsonBannerAds Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: application/json, text/javascript, */*; q=0.01 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:17 GMT Server: Apache/2.2.3 (CentOS) Set-Cookie: JSESSIONID=6CEBADA83 Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:17 GMT Content-Disposition: inline Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/plain;charset=ISO Set-Cookie: Coyote-2-c0a8020a Content-Length: 1851 {"jsAdsMap":{"MEDIUM ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | / |
| GET / HTTP/1.1 Host: www.cargurus.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:12:44 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:12:44 GMT Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020a Content-Length: 59071 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /Cars/getModelList.action |
| GET /Cars/getModelList.action Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com/ X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html, */*; q=0.01 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:00 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:00 GMT Content-Disposition: inline Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/plain;charset=ISO Set-Cookie: Coyote-2-c0a8020a Content-Length: 139 A=d191=CL;A=d36=Integra;A |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /Cars/inventorylisting |
| POST /Cars/inventorylisting Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com Content-Length: 352 Origin: http://www.cargurus.com X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Content-Type: application/x-www-form Accept: application/json, text/javascript, */*; q=0.01 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E zip=02110&address=Boston ...[SNIP]... |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:11 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:11 GMT Set-Cookie: cargurusGeoLocation=42 Set-Cookie: cargurusGeoLocation=42 Access-Control-Allow Set-Cookie: pastListingSearches="{@d@ Content-Disposition: inline Content-Language: en-US Vary: Accept-Encoding,User Content-Type: application/json;charset Set-Cookie: Coyote-2-c0a8020a Content-Length: 398062 {"sellers":[{"proximity" ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /Cars/inventorylisting |
| GET /Cars/inventorylisting Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: application/json, text/javascript, */*; q=0.01 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:17 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:17 GMT Access-Control-Allow Content-Disposition: inline Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/plain;charset=ISO Set-Cookie: Coyote-2-c0a8020a Content-Length: 1425 {"avgLine":[[16000,24792 ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /Cars/inventorylisting |
| GET /Cars/inventorylisting Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:09 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:09 GMT Access-Control-Allow Set-Cookie: preferredContactInfo Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020a Content-Length: 143496 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /Cars/ping/doubleCli |
| GET /Cars/ping/doubleCli Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:11 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:11 GMT Content-Disposition: inline Content-Language: en-US Vary: Accept-Encoding,User Content-Type: image/png;charset=ISO Set-Cookie: Coyote-2-c0a8020a Content-Length: 177 .PNG . ...IHDR.................... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /Cars/serveJumpstartAd |
| GET /Cars/serveJumpstartAd Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:11 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:11 GMT Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020a Content-Length: 2492 <html> <head> <base href="http://ad </head> <body> <div class="jumpstartAd"> <script type="text/javascript"> function pr_swfver(){ var osf,osfd,i ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /Cars/track |
| GET /Cars/track?url=&pid Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:13 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:13 GMT Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/plain; charset=UTF-8 Set-Cookie: Coyote-2-c0a8020a Content-Length: 0 |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /favicon.ico |
| GET /favicon.ico HTTP/1.1 Host: www.cargurus.com Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: CarGurusUserT=50.23.123 |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:12:52 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Sat, 02 Aug 2008 22:35:40 GMT Accept-Ranges: bytes Vary: Accept-Encoding,User Content-Length: 3638 Content-Type: text/plain; charset=UTF-8 Set-Cookie: Coyote-2-c0a8020a ..............h...&... ..............(....... ...........@............. ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /gfx/icons/silk/help.png |
| GET /gfx/icons/silk/help.png HTTP/1.1 Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: CarGurusUserT=50.23.123 |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:17 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Tue, 15 Feb 2011 02:00:20 GMT Accept-Ranges: bytes Content-Length: 786 Cache-Control: max-age=31536000 Expires: Mon, 17 Sep 2012 13:13:17 GMT Content-Type: image/png Set-Cookie: Coyote-2-c0a8020a .PNG . ...IHDR................a... j....o.".&.. .b"_..Dx.U....5...Z...{.. ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /gfx/icons/silk/star.png |
| GET /gfx/icons/silk/star.png HTTP/1.1 Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: CarGurusUserT=50.23.123 |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:17 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Mon, 12 Sep 2011 17:32:52 GMT Accept-Ranges: bytes Content-Length: 670 Cache-Control: max-age=31536000 Expires: Mon, 17 Sep 2012 13:13:17 GMT Content-Type: image/png Set-Cookie: Coyote-2-c0a8020a .PNG . ...IHDR................a... ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /gfx/mini/star.gif |
| GET /gfx/mini/star.gif HTTP/1.1 Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: CarGurusUserT=50.23.123 |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:13 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Sat, 02 Aug 2008 22:34:07 GMT Accept-Ranges: bytes Content-Length: 973 Cache-Control: max-age=31536000 Expires: Mon, 17 Sep 2012 13:13:13 GMT Content-Type: image/gif Set-Cookie: Coyote-2-c0a8020a GIF89a..................! ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /gfx/mini/star_grey.gif |
| GET /gfx/mini/star_grey.gif HTTP/1.1 Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: CarGurusUserT=50.23.123 |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:13 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Sat, 02 Aug 2008 22:34:07 GMT Accept-Ranges: bytes Content-Length: 971 Cache-Control: max-age=31536000 Expires: Mon, 17 Sep 2012 13:13:13 GMT Content-Type: image/gif Set-Cookie: Coyote-2-c0a8020a GIF89a................... ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /gfx/mini/star_half_grey |
| GET /gfx/mini/star_half_grey Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: CarGurusUserT=50.23.123 |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:13 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Sat, 02 Aug 2008 22:34:07 GMT Accept-Ranges: bytes Content-Length: 972 Cache-Control: max-age=31536000 Expires: Mon, 17 Sep 2012 13:13:13 GMT Content-Type: image/gif Set-Cookie: Coyote-2-c0a8020a GIF89a............*..0..2 ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /js/jquery/easySlider1.7 |
| GET /js/jquery/easySlider1.7 Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: CarGurusUserT=50.23.123 |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:10 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Wed, 13 Apr 2011 21:42:28 GMT Accept-Ranges: bytes Cache-Control: max-age=31536000 Expires: Mon, 17 Sep 2012 13:13:10 GMT Vary: Accept-Encoding,User Content-Length: 5728 Content-Type: application/x-javascript Set-Cookie: Coyote-2-c0a8020a /* * Easy Slider 1.7 - jQuery plugin * written by Alen Grakalic * http://cssglobe.com/post * * Copyright (c) 2009 Alen Grakalic (http:// ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | https://www.cargurus.com |
| Path: | /Cars/authentication |
| GET /Cars/authentication Host: www.cargurus.com Connection: keep-alive Referer: http://www.cargurus.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:36 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:36 GMT Content-Language: en-US Vary: Accept-Encoding,User Keep-Alive: timeout=4, max=100 Connection: Keep-Alive Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020c Content-Length: 14419 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | https://www.cargurus.com |
| Path: | /favicon.ico |
| GET /favicon.ico HTTP/1.1 Host: www.cargurus.com Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: CarGurusUserT=50.23.123 |
| HTTP/1.1 302 Found Date: Sun, 18 Sep 2011 13:13:37 GMT Server: Apache/2.2.3 (CentOS) Location: http://www.cargurus.com Content-Length: 302 Keep-Alive: timeout=4, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug Set-Cookie: Coyote-2-c0a8020c <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.cargurus ...[SNIP]... |
| Severity: | Low |
| Confidence: | Certain |
| Host: | https://www.cargurus.com |
| Path: | /Cars/authentication |
| GET /Cars/authentication Host: www.cargurus.com Connection: keep-alive Referer: http://www.cargurus.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:36 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:36 GMT Content-Language: en-US Vary: Accept-Encoding,User Keep-Alive: timeout=4, max=100 Connection: Keep-Alive Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020c Content-Length: 14419 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... <div class="loginRegisterForm" <form id="loginUser" name="loginUser" action="/Cars/authen <table class="wwFormTable"> ...[SNIP]... <td class="tdContent" ><input type="password" name="loginPassword" id="loginUser_loginP ...[SNIP]... |
| Severity: | Low |
| Confidence: | Certain |
| Host: | https://www.cargurus.com |
| Path: | /Cars/authentication |
| GET /Cars/authentication Host: www.cargurus.com Connection: keep-alive Referer: http://www.cargurus.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:36 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:36 GMT Content-Language: en-US Vary: Accept-Encoding,User Keep-Alive: timeout=4, max=100 Connection: Keep-Alive Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020c Content-Length: 14419 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... <div class="loginRegisterForm" <form id="registerUser" name="registerUser" action="/Cars/authen <table class="wwFormTable"> ...[SNIP]... <td class="tdContent" ><input type="password" name="person.password" id="registerUser_person ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | https://www.cargurus.com |
| Path: | /Cars/authentication |
| GET /Cars/authentication Host: www.cargurus.com Connection: keep-alive Referer: http://www.cargurus.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:36 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:36 GMT Content-Language: en-US Vary: Accept-Encoding,User Keep-Alive: timeout=4, max=100 Connection: Keep-Alive Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020c Content-Length: 14419 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | https://www.cargurus.com |
| Path: | /favicon.ico |
| GET /favicon.ico HTTP/1.1 Host: www.cargurus.com Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: CarGurusUserT=50.23.123 |
| HTTP/1.1 302 Found Date: Sun, 18 Sep 2011 13:13:37 GMT Server: Apache/2.2.3 (CentOS) Location: http://www.cargurus.com Content-Length: 302 Keep-Alive: timeout=4, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug Set-Cookie: Coyote-2-c0a8020c <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.cargurus ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /Cars/inventorylisting |
| GET /Cars/inventorylisting Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:09 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:09 GMT Access-Control-Allow Set-Cookie: preferredContactInfo Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020a Content-Length: 143496 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... </script> <script type="text/javascript" src="http://www.google ...[SNIP]... <div class="cg-dealFinder <img style="width:152px;" src="http://images.cars ...[SNIP]... <div class="cg-dealFinder <img style="width:152px;" src="http://images.cars ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /Cars/serveJumpstartAd |
| GET /Cars/serveJumpstartAd Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:17 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:17 GMT Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020a Content-Length: 2587 <html> <head> <base href="http://ad </head> <body> <div class="jumpstartAd"> <script type="text/javascript"> function pr_swfver(){ var osf,osfd,i ...[SNIP]... <!-- Begin Interstitial Ad --> <img src="http://ad.doubl </div> ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /Cars/serveJumpstartAd |
| GET /Cars/serveJumpstartAd Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:11 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:11 GMT Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020a Content-Length: 2492 <html> <head> <base href="http://ad </head> <body> <div class="jumpstartAd"> <script type="text/javascript"> function pr_swfver(){ var osf,osfd,i ...[SNIP]... <!-- Begin Interstitial Ad --> <img src="http://ad.doubl </div> ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | https://www.cargurus.com |
| Path: | /Cars/authentication |
| GET /Cars/authentication Host: www.cargurus.com Connection: keep-alive Referer: http://www.cargurus.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:36 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:36 GMT Content-Language: en-US Vary: Accept-Encoding,User Keep-Alive: timeout=4, max=100 Connection: Keep-Alive Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020c Content-Length: 14419 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... <!-- Include core styles --> <link rel="stylesheet" type="text/css" media="all" href="https://d3m77u <!-- End include core styles --> <link rel="stylesheet" type="text/css" media="all" href="https://d3m77u <link rel="shortcut icon" href="/favicon.ico" type="image/vnd.microsoft <script type="text/javascript" src="https://d3m77u1 <script type="text/javascript" src="https://d3m77u1 ...[SNIP]... <a href="#" class="g-searchButton"><img src="https://d3m77u1 ...[SNIP]... </script> <script type="text/javascript" src="https://www.google ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | / |
| GET / HTTP/1.1 Host: www.cargurus.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:12:44 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:12:44 GMT Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020a Content-Length: 59071 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... </script> <script type="text/javascript" src="http://www.google ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /Cars/inventorylisting |
| GET /Cars/inventorylisting Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:09 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:09 GMT Access-Control-Allow Set-Cookie: preferredContactInfo Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020a Content-Length: 143496 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... </script> <script type="text/javascript" src="http://www.google ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | https://www.cargurus.com |
| Path: | /Cars/authentication |
| GET /Cars/authentication Host: www.cargurus.com Connection: keep-alive Referer: http://www.cargurus.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:36 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:36 GMT Content-Language: en-US Vary: Accept-Encoding,User Keep-Alive: timeout=4, max=100 Connection: Keep-Alive Content-Type: text/html;charset=UTF-8 Set-Cookie: Coyote-2-c0a8020c Content-Length: 14419 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... <link rel="shortcut icon" href="/favicon.ico" type="image/vnd.microsoft <script type="text/javascript" src="https://d3m77u1 <script type="text/javascript" src="https://d3m77u1 ...[SNIP]... </script> <script type="text/javascript" src="https://www.google ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /Cars/inventorylisting |
| POST /Cars/inventorylisting Host: www.cargurus.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Keep-Alive: 115 Proxy-Connection: keep-alive Content-Type: application/x-www-form X-Requested-With: XMLHttpRequest Referer: http://www.cargurus.com Content-Length: 373 Cookie: JSESSIONID=67BBD60AC Pragma: no-cache Cache-Control: no-cache zip=02110eeba1'%3Balert(1 ...[SNIP]... |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:15:14 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:15:14 GMT Access-Control-Allow Set-Cookie: pastListingSearches="{@d@ Content-Disposition: inline Content-Language: en-US Vary: Accept-Encoding,User Content-Type: application/json;charset Set-Cookie: Coyote-2-c0a8020a Content-Length: 1988434 {"sellers":[{"id":233435, ...[SNIP]... ishkill, NY","longitude":-73 ...[SNIP]... awndale, CA","longitude":-118 ...[SNIP]... hall, PA","longitude":-80 ...[SNIP]... 5620002746582},{"id":870, ...[SNIP]... tude":33.64039993286133}, ...[SNIP]... den City, ID","longitude":-116 ...[SNIP]... 3399353027344},{"id" ...[SNIP]... ":28.055700302124023},{ ...[SNIP]... tude":36.0015983581543},{ ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | http://www.cargurus.com |
| Path: | /Cars/inventorylisting |
| POST /Cars/inventorylisting Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com Content-Length: 352 Origin: http://www.cargurus.com X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Content-Type: application/x-www-form Accept: application/json, text/javascript, */*; q=0.01 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E zip=02110&address=Boston ...[SNIP]... |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:11 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:11 GMT Set-Cookie: cargurusGeoLocation=42 Set-Cookie: cargurusGeoLocation=42 Access-Control-Allow Set-Cookie: pastListingSearches="{@d@ Content-Disposition: inline Content-Language: en-US Vary: Accept-Encoding,User Content-Type: application/json;charset Set-Cookie: Coyote-2-c0a8020a Content-Length: 398062 {"sellers":[{"proximity" ...[SNIP]... d":1158,"longitude":-71 ...[SNIP]... :232463,"longitude":-71 ...[SNIP]... |
| Severity: | Information |
| Confidence: | Certain |
| Host: | https://www.cargurus.com |
| Path: | /Cars/authentication |
| GET /robots.txt HTTP/1.0 Host: www.cargurus.com |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:38 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Thu, 16 Jun 2011 17:12:04 GMT Accept-Ranges: bytes Content-Length: 81 Vary: Accept-Encoding,User Connection: close Content-Type: text/plain; charset=UTF-8 Set-Cookie: Coyote-2-c0a8020c User-agent: Googlebot Disallow: / User-agent: * Disallow: / |
| Severity: | Information |
| Confidence: | Firm |
| Host: | http://www.cargurus.com |
| Path: | /Cars/inventorylisting |
| GET /Cars/inventorylisting Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: application/json, text/javascript, */*; q=0.01 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:17 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:17 GMT Access-Control-Allow Content-Disposition: inline Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/plain;charset=ISO Set-Cookie: Coyote-2-c0a8020a Content-Length: 1425 {"avgLine":[[16000,24792 ...[SNIP]... |
| Severity: | Information |
| Confidence: | Firm |
| Host: | http://www.cargurus.com |
| Path: | /Cars/jsonBannerAds |
| GET /Cars/jsonBannerAds Host: www.cargurus.com Proxy-Connection: keep-alive Referer: http://www.cargurus.com X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: application/json, text/javascript, */*; q=0.01 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: JSESSIONID=77CB4FE9E |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:13:11 GMT Server: Apache/2.2.3 (CentOS) Cache-Control: no-cache,no-store,must Pragma: no-cache Expires: 0 Last-Modified: Sun, 18 Sep 2011 13:13:11 GMT Content-Disposition: inline Content-Language: en-US Vary: Accept-Encoding,User Content-Type: text/plain;charset=ISO Set-Cookie: Coyote-2-c0a8020a Content-Length: 1719 {"jsAdsMap":{"LEADERBOARD ...[SNIP]... |
| Severity: | Information |
| Confidence: | Firm |
| Host: | http://www.cargurus.com |
| Path: | /favicon.ico |
| GET /favicon.ico HTTP/1.1 Host: www.cargurus.com Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: CarGurusUserT=50.23.123 |
| HTTP/1.1 200 OK Date: Sun, 18 Sep 2011 13:12:52 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Sat, 02 Aug 2008 22:35:40 GMT Accept-Ranges: bytes Vary: Accept-Encoding,User Content-Length: 3638 Content-Type: text/plain; charset=UTF-8 Set-Cookie: Coyote-2-c0a8020a ..............h...&... ..............(....... ...........@............. ...[SNIP]... |