Content Type Incorrectly Stated, Content-type, Example, Report

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways.

Report generated by XSS.CX at Sun Mar 20 09:20:41 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler
Loading

1. Content type incorrectly stated

1.1. http://12e899.r.axf8.net/mr/a.gif

1.2. http://ads.pointroll.com/PortalServe/

1.3. http://altfarm.mediaplex.com/ad/js/10433-118675-1629-11

1.4. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1

1.5. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2

1.6. http://bannerfarm.ace.advertising.com/bannerfarm/84352/siteIDs.txt

1.7. http://bidder.mathtag.com/iframe/notify

1.8. http://bs.serving-sys.com/BurstingPipe/adServer.bs

1.9. http://charmingshoppesinter.tt.omtrdc.net/m2/charmingshoppesinter/mbox/standard

1.10. http://cmls.overture.com/ls_js_1_0/

1.11. http://content3.myyearbook.com/stickers/6a/20/6a20fbd7b0e37c9ef593b3dc5771f8c3.jpg

1.12. http://creative.doubleclick.net/2880922/blue300-250b.jpg

1.13. http://feeds.feedburner.com/~s/politicaldisgust

1.14. http://files.livejournal.com/userapps/10/image

1.15. http://files.livejournal.com/userapps/2/image

1.16. http://files.livejournal.com/userapps/3/image

1.17. http://files.livejournal.com/userapps/5/image

1.18. http://files.livejournal.com/userapps/9/image

1.19. http://goods.adnectar.com/analytics/get_avia_js

1.20. http://imp.fetchback.com/serve/fb/adtag.js

1.21. http://l-stat.livejournal.com/

1.22. http://l-stat.livejournal.com/js/

1.23. http://mbox12e.offermatica.com/m2/tmobile/mbox/standard

1.24. http://r.nexac.com/e/getdata.xgi

1.25. http://rad.msn.com/ADSAdClient31.dll

1.26. http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh

1.27. http://s3.amazonaws.com/wootsaleimages/Asus_Intel_Core_i5_15_6__Notebook_with_WiMaxerqThumbnail.jpg

1.28. http://s3.amazonaws.com/wootsaleimages/Limited_Edition___Green_Buckyballs_216_Piece_Magnetic_Set___2_Packk8kThumbnail.jpg

1.29. http://sale.images.woot.com/Asus_Intel_Core_i5_15_6__Notebook_with_WiMaxerqThumbnail.jpg

1.30. http://sale.images.woot.com/Blanket_w_Sleeves_and_Booklight___2_Pack4nhThumbnail.jpg

1.31. http://sale.images.woot.com/Casio_Exilim_12_1MP_Digital_Cameran08Thumbnail.jpg

1.32. http://sale.images.woot.com/Castle_Rock_Winery_Mixed_Red_CasecrkThumbnail.jpg

1.33. http://sale.images.woot.com/Criss_Angel_Street_Magic_Bundlean4Thumbnail.jpg

1.34. http://sale.images.woot.com/Flip_SlideHD_16GB_Video_CameracoeStandard.jpg

1.35. http://sale.images.woot.com/Franklin_Covey_Leather_Steno_Pad_Holdercx0Thumbnail.jpg

1.36. http://sale.images.woot.com/HP_Touchsmart_23__All-In-One_PC668Thumbnail.jpg

1.37. http://sale.images.woot.com/Hype_USB_Tape_to_MP3_ConverterssaThumbnail.jpg

1.38. http://sale.images.woot.com/Isotoner_Men_s_GloveszyvThumbnail.jpg

1.39. http://sale.images.woot.com/Kanen_Earphones4txThumbnail.jpg

1.40. http://sale.images.woot.com/Kitrics_Digital_Nutrition_Label_ScalefrqThumbnail.jpg

1.41. http://sale.images.woot.com/Limited_Edition___Green_Buckyballs_216_Piece_Magnetic_Set___2_Packk8kThumbnail.jpg

1.42. http://sale.images.woot.com/Mystery_Science_Theater_3000__Volume_XVIII_-_4_DVD_Set46pThumbnail.jpg

1.43. http://sale.images.woot.com/Optoma_PK102_Pico_Pocket_Projectorx9hThumbnail.jpg

1.44. http://sale.images.woot.com/PetZoom_Self-Cleaning_Grooming_Brush_3-Pack_with_Trimmer5gsThumbnail.jpg

1.45. http://sale.images.woot.com/Polaroid_14MP_Digital_Camera_with_5x_Optical_Zoom___2_7__LCD_Screenof0Thumbnail.jpg

1.46. http://sale.images.woot.com/ROK_Blocks_Preschool_Deluxe_Building_Set_by_Rokenbokh1nThumbnail.jpg

1.47. http://sale.images.woot.com/Screaming_Giant_Monkey_with_Black_Woot_CapewzwThumbnail.jpg

1.48. http://sale.images.woot.com/Sony_Dash_Personal_Internet_Viewerqo9Thumbnail.jpg

1.49. http://sale.images.woot.com/chumby_one__Smart_Internet_CompanionixwThumbnail.jpg

1.50. http://sale.images.woot.com/cy-fi_Wireless_Sport_Speaker_for_iPod_or_BluetoothwmvThumbnail.jpg

1.51. http://sales.liveperson.net/hcp/html/mTag.js

1.52. http://sales.liveperson.net/visitor/addons/deploy.asp

1.53. http://showads.pubmatic.com/AdServer/AdServerServlet

1.54. http://showadsak.pubmatic.com/AdServer/AdServerServlet

1.55. http://spd.pointroll.com/PointRoll/Ads/PRScript.dll

1.56. http://tcla.mmismm.com/mmmss.php

1.57. http://www.facebook.com/extern/login_status.php

1.58. http://www.lanebryant.com/assets/lb/assets/favicon.ico

1.59. http://www.livejournal.com/tools/endpoints/journalspotlight.bml

1.60. https://www.livejournal.com/js/esn.js

1.61. https://www.livejournal.com/js/horizon.js

1.62. https://www.livejournal.com/js/lj_ippu.js

1.63. https://www.livejournal.com/js/ljwidget_ippu.js

1.64. http://www.nick.com/dynamo/video/data/mediaGen.jhtml

1.65. http://www.nick.com/sbcom/data/json/next-on.jhtml

1.66. http://www.nick.com/sbcom/data/json/poll_to_json.jhtml

1.67. http://www.nick.com/sbcom/data/kca/okca.jhtml

1.68. http://www.nick.com/sbcom/data/scenic/cover_flow_data.jhtml

1.69. http://www.politicaldisgust.com/xmlrpc.php

1.70. http://www.quantcast.com/wpapi/menus

1.71. http://www.shockwave.com/activityFeed/getHappeningNowMessages.jsp

1.72. http://www.snapengage.com/snapabug/ServiceGetConfig

1.73. http://www.t-mobile.com//htmlservices/navigation/TMobileNavigation.ashx

1.74. http://www.teennick.com/js/coda/teennick/codaAdConfig.js


1. Content type incorrectly stated
There are 74 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

1.1. http://12e899.r.axf8.net/mr/a.gif  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://12e899.r.axf8.net
Path:   /mr/a.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /mr/a.gif?a=12E899&v=1 HTTP/1.1
Host: 12e899.r.axf8.net
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 69
Content-Type: application/x-javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 20 Mar 2011 12:40:54 GMT

gomez.b2(300576019383302,1);gomez.b1(0.01,0);if(gomez.n0)gomez.n0(0);
1.2. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /PortalServe/?pid=1203631H30720110201170639&flash=10&time=0|9:5|-5&redir=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/3/0/%2a/p%3B235836628%3B0-0%3B3%3B52877536%3B4307-300/250%3B40571478/40589265/1%3Bu%3Dpos-atf|cat-2|%21category-hs_the_nightlife|show-hs_the_nightlife|demo-D|tag-adj|mtype-standard|sz-300x250|tile-3%3B%7Eaopt%3D2/0/d7/0%3B%7Esscs%3D%3f$CTURL$&r=0.1189111452549696 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.teennick.com/shows/the-nightlife
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=D00A51F3-34D8-48E5-A65B-AEA8240476C5; PRbu=EnLjDMH8P; PRsl=11022007583617319321424330414S; S5HitachiSeq=1*1330995589; PRvt=CIJVpEnbEvypYtAK4BBeJDmEnbE3X1F4ACjBAeJcgEnehzmXD9AAVBCeIyeEndpCn0aKAPQBAeIrUEndpEM2mD!G5BAeJHsEnfjOwXZa!cxBCeIJfEnjeJXBN5!RfBCeJhKEnpgtxXiZABzBAe; PRgo=BBBAAsJvCBC_!B!BCVBF4FR; PRimp=989E0400-C52D-9978-0309-84A000730100; PRca=|AKIo*5:1|AJsP*1892:1|AKIk*492:1|AJx5*48:1|AJrW*9395:1|AJor*856:1|AIgT*1774:4|AJi6*1774:2|AJPO*396:1|AJWc*130:1|AJla*1499:2|AJ2e*1153:2|AKEA*263:3|AJeS*12722:1|AJwv*1153:3|AKEU*852:1|AJtd*1329:3|#; PRcp=|AKIoAAAF:1|AJsPAA46:1|AKIkAAHw:1|AJx5AAAm:1|AJrWAC17:1|AJorAANo:1|AIgTAA2c:4|AJi6AA2c:2|AJPOAAGY:1|AJWcAACG:1|AJ2eAC0U:1|AJlaAAYL:2|AJ2eAASb:1|AKEAAAEP:3|AJeSADTM:1|AJwvAASb:3|AKEUAANk:1|AJtdAAV1:3|#; PRpl=|FKgU:1|FBju:1|FIiy:1|ExE4:1|FHwz:1|Etmg:1|EBro:4|EwWo:2|FFCp:1|FFCm:1|E1AQ:1|Eib5:1|Ef30:1|Erny:1|Ernx:1|Ef3M:1|FFCn:1|FFI2:1|FDTA:3|FEo9:1|Es48:1|Es49:1|Es4a:1|#; PRcr=|GHNR:1|GBuk:1|GGJs:1|GAV8:1|GFdm:1|FyK3:1|F8uJ:4|FudI:1|Fvl7:1|GEH2:1|GEHe:1|FiUb:1|FwsR:1|Fq6d:1|Fx3k:1|FyJY:1|FujS:1|GEH7:1|Ft0s:1|GCq8:3|GDle:1|Fxpv:2|Fxpu:1|#; PRpc=|FKgUGHNR:1|FBjuGBuk:1|FIiyGGJs:1|ExE4GAV8:1|FHwzGFdm:1|EtmgFyK3:1|EBroF8uJ:4|EwWoFudI:1|EwWoFvl7:1|FFCpGEH2:1|FFCmGEHe:1|E1AQFiUb:1|Eib5FwsR:1|Ef30Fq6d:1|ErnyFx3k:1|ErnxFyJY:1|Ef3MFujS:1|FFCnGEH7:1|FFI2Ft0s:1|FDTAGCq8:3|FEo9GDle:1|Es48Fxpv:1|Es49Fxpv:1|Es4aFxpu:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 20 Mar 2011 14:05:05 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 9297
Set-Cookie:PRvt=CJJVpEnbEvypYtAK4BBeJDmEnbE3X1F4ACjBAeJcgEnehzmXD9AAVBCeIyeEndpCn0aKAPQBAeIrUEndpEM2mD!G5BAeJHsEnfjOwXZa!cxBCeIJfEnjeJXBN5!RfBCeJhKEnpgtxXiZABzBAeJUREnup-fJ66AABBAe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BBBAAsJvCBC_!B!BCVBF4FR;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=EA9E0400-7C7F-BA9E-0309-511000010100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AJv5*214:1|AKIo*5:1|AJsP*1892:1|AKIk*492:1|AJx5*48:1|AJrW*9395:1|AJor*856:1|AIgT*1774:4|AJi6*1774:2|AJPO*396:1|AJWc*130:1|AJla*1499:2|AJ2e*1153:2|AKEA*263:3|AJeS*12722:1|AJwv*1153:3|AKEU*852:1|AJtd*1329:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AJv5AAD2:1|AKIoAAAF:1|AJsPAA46:1|AKIkAAHw:1|AJx5AAAm:1|AJrWAC17:1|AJorAANo:1|AIgTAA2c:4|AJi6AA2c:2|AJPOAAGY:1|AJWcAACG:1|AJ2eAC0U:1|AJlaAAYL:2|AJ2eAASb:1|AKEAAAEP:3|AJeSADTM:1|AJwvAASb:3|AKEUAANk:1|AJtdAAV1:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FDHZ:1|FKgU:1|FBju:1|FIiy:1|ExE4:1|FHwz:1|Etmg:1|EBro:4|EwWo:2|FFCp:1|FFCm:1|E1AQ:1|Eib5:1|Ef30:1|Erny:1|Ernx:1|Ef3M:1|FFCn:1|FFI2:1|FDTA:3|FEo9:1|Es48:1|Es49:1|Es4a:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GDV7:1|GHNR:1|GBuk:1|GGJs:1|GAV8:1|GFdm:1|FyK3:1|F8uJ:4|FudI:1|Fvl7:1|GEH2:1|GEHe:1|FiUb:1|FwsR:1|Fq6d:1|Fx3k:1|FyJY:1|FujS:1|GEH7:1|Ft0s:1|GCq8:3|GDle:1|Fxpv:2|Fxpu:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FDHZGDV7:1|FKgUGHNR:1|FBjuGBuk:1|FIiyGGJs:1|ExE4GAV8:1|FHwzGFdm:1|EtmgFyK3:1|EBroF8uJ:4|EwWoFudI:1|EwWoFvl7:1|FFCpGEH2:1|FFCmGEHe:1|E1AQFiUb:1|Eib5FwsR:1|Ef30Fq6d:1|ErnyFx3k:1|ErnxFyJY:1|Ef3MFujS:1|FFCnGEH7:1|FFI2Ft0s:1|FDTAGCq8:3|FEo9GDle:1|Es48Fxpv:1|Es49Fxpv:1|Es4aFxpu:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
1.3. http://altfarm.mediaplex.com/ad/js/10433-118675-1629-11  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://altfarm.mediaplex.com
Path:   /ad/js/10433-118675-1629-11

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ad/js/10433-118675-1629-11?mpt=1540631604&mpvc=http://r1-ads.ace.advertising.com/click/site=0000787694/mnum=0000985691/cstr=69689444=_4d85f5b3,1540631604,787694^985691^1183^0,1_/xsxdata=$XSXDATA/bnum=69689444/optn=64?trg= HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=10433:1629/1551:23636/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534; expires=Wed, 20-Mar-2013 4:28:56 GMT; path=/; domain=.mediaplex.com;
Content-Type: text/html
Content-Length: 405
Date: Sun, 20 Mar 2011 13:08:13 GMT

document.write('<a target="_blank" href="http://r1-ads.ace.advertising.com/click/site=0000787694/mnum=0000985691/cstr=69689444=_4d85f5b3,1540631604,787694^985691^1183^0,1_/xsxdata=$XSXDATA/bnum=696894
...[SNIP]...
1.4. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://altfarm.mediaplex.com
Path:   /ad/js/1551-47634-23636-1

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ad/js/1551-47634-23636-1?mpt=3954428&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/177/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//buzzya.com/category/gaming/|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Bf697ae1ea4f15758%3B12ed360c172,0%3B%3B%3B1235090291,KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcsFg0y4BAAAAAAAAADA2Mjc0NzVlLTUyZjMtMTFlMC04MzEwLTAwMzA0OGQ3MDM2YwA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fgaming%2F, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAUW9GzVfJwT.2KFyPwvXYPwb6RJ4kXcs.MzMzMzMz4z-wJeSDns3WPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMjXll-DOCZTwLr35lTZTcNHeyRCw3ujSUisIAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fgaming%2F,Z%3D300x250%26s%3D1602587%26_salt%3D409150463%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fgaming%252F%26r%3D0,0627475e-52f3-11e0-8310-003048d7036c
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 748
Date: Sun, 20 Mar 2011 13:07:38 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/177/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://buzzya.com/category/
...[SNIP]...
1.5. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://altfarm.mediaplex.com
Path:   /ad/js/1551-47634-23636-2

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ad/js/1551-47634-23636-2?mpt=2008632&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1ca/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B2e75bab3029d4c42%3B12ed3431171,0%3B%3B%3B2825860846,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAgAAAAYAAAAAAP8AAAABCHmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcBFD0y4BAAAAAAAAADdlNzFjN2Q0LTUyZWUtMTFlMC1hZTRjLTAwMzA0OGQ2ZDNhYwA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAgAAAAYAAAAAAP8AAAABCHmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfI8Gb.tjOCUrprrxPD33NNXpvaMrAs.Da0NhMAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D225907243%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,7e71c7d4-52ee-11e0-ae4c-003048d6d3ac
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:9866/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=1551:23636/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534; expires=Wed, 20-Mar-2013 5:23:59 GMT; path=/; domain=.mediaplex.com;
Content-Type: text/html
Content-Length: 864
Date: Sun, 20 Mar 2011 13:02:27 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1ca/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://rotator.adjuggler.com
...[SNIP]...
1.6. http://bannerfarm.ace.advertising.com/bannerfarm/84352/siteIDs.txt  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bannerfarm.ace.advertising.com
Path:   /bannerfarm/84352/siteIDs.txt

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /bannerfarm/84352/siteIDs.txt HTTP/1.1
Host: bannerfarm.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://bannerfarm.ace.advertising.com/bannerfarm/157921/3.15.11.CSG_TPN_LVS_20110307_01_BlueCupcake_300x250.swf?clickTag=http://r1-ads.ace.advertising.com/click/site=0000797066/mnum=0000961923/cstr=53391539=_4d85f468,1608651028,797066^961923^1183^0,1_/xsxdata=$xsxdata/bnum=53391539&city=Stowe&siteValue=0000797066
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=er080012979743200010; GUID=MTMwMDMxNTUwODsxOjE2bHNxaWkxbjFhM2NyOjM2NQ; aceRTB=rm%3DTue%2C%2022%20Mar%202011%2015%3A51%3A32%20GMT%7Cam%3DTue%2C%2022%20Mar%202011%2015%3A51%3A32%20GMT%7Cdc%3DTue%2C%2022%20Mar%202011%2015%3A51%3A32%20GMT%7Can%3DTue%2C%2022%20Mar%202011%2015%3A51%3A32%20GMT%7Crub%3DMon%2C%2018%20Apr%202011%2013%3A48%3A43%20GMT%7C; C2=oRfhNZK9FYVVGkXBaVlB5JpwHg02F72BdbdxudQshXsbHkZ4F72BYGexudgihXsbHQW4F72BfGexudw7NYsbHEY4F72BjGexudAghXsbHATiG72BvGexudgJjasbHgJaG72BoopxudA2kXsbH8Y4F72BdDmxudQRgasbHY4dG72sEDwQpaUlT+NA5ydRcaK+AoWVG1trUBgZAaU3Y6gAxMihaKbnCUUoGWNslQwhNagjmiQBp/jRBD7uEMpkG9Tr1Rge1ZgjuyEB/AoRmDr8Eo2kGxVr+BDBhacqz2tBapqx5xqjHo4bGPlr5fwkLa4X; F1=BgG9F2EBAAAABAAAAEAAgEA; BASE=gKQkRmhpjJjpy24mVRcoq4SdsN4DbAQwMFaeqnfwaxhNqD6gryqB6EvxQXY2KV5lL8PiUafUl/jd3CaTb8zQcHMAUV3HWkGbQWfZDNNgjsbfnuO9nV0Nlc61bCpIG8T/su4h8sC0cazEnP1KoTJVPzXGhkFlOjx42bzuO8yI3jmN9RQwSzfIwqE!; ROLL=AfAif6NQKVcMvoB!

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 16 Mar 2011 14:24:03 GMT
ETag: "b333e-49a4-49e9a4befc6c0"
Accept-Ranges: bytes
Content-Length: 18852
Content-Type: text/plain; charset=UTF-8
Date: Sun, 20 Mar 2011 12:49:50 GMT
Connection: close

...&siteVals=
85
9009
29700
30838
30848
84288
107683
38302
290981
290982
681098
681099
681100
683996
689259
689454
690334
690966
691074
691075
691171
691233
692681
692861
6935
...[SNIP]...
1.7. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /iframe/notify HTTP/1.1
Host: bidder.mathtag.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ts=1300624485; mt_mop=10004:1299934992|1:1297862934|10001:1297818481|11:1299460723|2:1299285586|3:1299090747|4:1299460679|5:1300624477|9:1300624484; uuid=4d5b2371-3928-7a83-24fb-d52328f5624b;

Response

HTTP/1.1 404 Not found
Date: Sun, 20 Mar 2011 14:03:12 GMT
Server: MMBD/3.4.6
Content-Type: text/html; charset=utf-8
Content-Length: 18
x-mm-host: ewr-bidder-x3
Connection: close

Request not found
1.8. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2304737&PluID=0&w=300&h=250&ord=3900663&ucm=true&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/18a/%2a/h%3B237723244%3B0-0%3B1%3B40342997%3B4307-300/250%3B41027822/41045609/1%3Bu%3Drmxli_2886211|surl_http%3A//www.therugged.com/featured/friday-link-drop-9/|pr_0.0000|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Bd198d17660363695%3B12ed35ff03c,0%3B%3B%3B4256993751,qkaAABt0GAB4wYMAAAAAAGOFIQAAAAAAAgAEAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAABDCiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAPPBf0y4BAAAAAAAAAGU2NGJjZDM4LTUyZjItMTFlMC1hNjY0LTAwMzA0OGQ3MDU3NgA4nyoAAAA=,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Ffriday-link-drop-9%2F,$$ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?qkaAABt0GAB4wYMAAAAAAGOFIQAAAAAAAgAEAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAABDCiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAAAAAAAAAAAAAAEA9KCLqPwAAAAAAAAAAAACAVkYa9D8AAAAAAAAAAAAAwPKPwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhymQ8YuDOCRUFtY7Db1JM.z9f1WkTONKzERUkAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Ffriday-link-drop-9%2F,Z%3D300x250%26s%3D1602587%26_salt%3D1250101646%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252Ffeatured%252Ffriday-link-drop-9%252F%26r%3D0,e64bcd38-52f2-11e0-a664-003048d70576
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=3a6c8499-0c84-46b7-b54f-f22315d657803GI08g; eyeblaster=BWVal=3746&BWDate=40608.545637&debuglevel=&FLV=10.2154&RES=128&WMPV=0; A3=hu3eaqHz09SF00000hvPTaiJy0c6L00001gnesamti0cbS00001hZrSaqHz0czK00001hecgas6h07pd00001hK5Samaw0bfZ00001eyx1as6d035P00001hgLkaoG50bMK00001gmUgas6f07pd00002hGiPaoG503sY00000hK5JalZa0bfZ00002hhb3aoGR0aVXaoGR1gEKaaoM009MT00000hQR+ar7h09MU00001hiGOas6h07pd00001htGGaoFg0aQh00001gimpas6Y02WG00001hUSuaq1W0cIY00001hpHlaoI503sY00001hXhvaq1W09QV00001gIlWai180aCf00001hvT0ar2P09SF00001gMGgas6f07pd00002hRW+atwy07tg00001hRMoaoFg0bfg00005heSmakII0c9M00001gEJ.aoM209MT00000gimAas6Y02WG00001hCekaqt40cmB00001hUzhaoFh0ckv00001hZsaaqHA0czK00001hKQdaq1W0cIY00000gCb0amtV08Y500001hRQzas7d092M00000gnhgai180cbS00001i6VYapQF0cbS00002gnfzamti0cbS00001; B3=8hkM0000000001ty8z6A0000000003tr7.VG0000000001ts7dNE0000000001tI8Faa0000000000tC8z2E0000000001tF86hj0000000001ts8r8g0000000001tf7Sz60000000001tF8do10000000001tM8JYZ0000000001tC88kt0000000000ty8t7R0000000005ty8IWT0000000001ty88kE0000000000ty6V.E0000000001tI8yXb0000000001tD7.VO0000000001ts7+zh0000000003tI7+zf0000000003tI8K.L0000000001tE8HIC0000000000tI8z130000000001th8y030000000000ty8K.I0000000001tE8w1t0000000001ty8Fa50000000001tC8vdX0000000001ty7.Ys0000000002tB7dPJ0000000001tI8y2H0000000000tE8qaI0000000001tn7.Ws0000000001tf

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=hecgas6h07pd00001hZrSaqHz0czK00001gnesamti0cbS00001hvPTaiJy0c6L00001hu3eaqHz09SF00000i5pdatwy06UE00001hK5Samaw0bfZ00001hgLkaoG50bMK00001eyx1as6d035P00001hQR+ar7h09MU00001gEKaaoM009MT00000hhb3aoGR0aVXaoGR1hK5JalZa0bfZ00002hGiPaoG503sY00000gmUgas6f07pd00002gimpas6Y02WG00001htGGaoFg0aQh00001hiGOas6h07pd00001hUSuaq1W0cIY00001hXhvaq1W09QV00001hpHlaoI503sY00001gIlWai180aCf00001gMGgas6f07pd00002hvT0ar2P09SF00001heSmakII0c9M00001hRMoaoFg0bfg00005hRW+atwy07tg00001gEJ.aoM209MT00000hZsaaqHA0czK00001hUzhaoFh0ckv00001hCekaqt40cmB00001gimAas6Y02WG00001hRQzas7d092M00000gCb0amtV08Y500001hKQdaq1W0cIY00000i6VYapQF0cbS00002gnhgai180cbS00001gnfzamti0cbS00001; expires=Sat, 18-Jun-2011 09:06:44 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=7dNE0000000001tI7.VG0000000001ts8z6A0000000003tr8hkM0000000001ty8Faa0000000000tC7Sz60000000001tF8r8g0000000001tf86hj0000000001ts8z2E0000000001tF8JYZ0000000001tC8do10000000001tM88kE0000000000ty8IWT0000000001ty8t7R0000000005ty88kt0000000000ty8yXb0000000001tD6V.E0000000001tI8OHx0000000001tM7+zh0000000003tI7.VO0000000001ts8HIC0000000000tI8K.L0000000001tE7+zf0000000003tI8K.I0000000001tE8y030000000000ty8z130000000001th8Fa50000000001tC8w1t0000000001ty7.Ys0000000002tB8vdX0000000001ty7dPJ0000000001tI8qaI0000000001tn8y2H0000000000tE7.Ws0000000001tf; expires=Sat, 18-Jun-2011 09:06:44 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sun, 20 Mar 2011 13:06:43 GMT
Connection: close
Content-Length: 2382

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
1.9. http://charmingshoppesinter.tt.omtrdc.net/m2/charmingshoppesinter/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://charmingshoppesinter.tt.omtrdc.net
Path:   /m2/charmingshoppesinter/mbox/standard

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/charmingshoppesinter/mbox/standard?mboxHost=www.lanebryant.com&mboxSession=1300624488082-862731&mboxPage=1300624488082-862731&screenHeight=1200&screenWidth=1920&browserWidth=1017&browserHeight=916&browserTimeOffset=-300&colorDepth=16&mboxCount=1&path=%2F&mbox=LB_global&mboxId=0&mboxTime=1300606488088&mboxURL=http%3A%2F%2Fwww.lanebryant.com%2F&mboxReferrer=&mboxVersion=39 HTTP/1.1
Host: charmingshoppesinter.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.lanebryant.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=CE085DEBCBBADCDE

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 164
Date: Sun, 20 Mar 2011 12:49:50 GMT
Server: Test & Target

mboxFactories.get('default').get('LB_global',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1300624488082-862731.17");
1.10. http://cmls.overture.com/ls_js_1_0/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://cmls.overture.com
Path:   /ls_js_1_0/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ls_js_1_0/?config=6694305600&linkspotId=nick_shows&NKw=10&NGrp=1&source=viacom_nick_ls_kwonly_ctxt HTTP/1.1
Host: cmls.overture.com
Proxy-Connection: keep-alive
Referer: http://www.teennick.com/shows/the-nightlife
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=enudd1d6n2v58&b=3&s=5d; UserData=02u3hs9yoaLQsFTjBpcnI2dDY3NTG2MDIwNHZUt0%2bLSi4sTU1JNbEBACNDF1dLYxNTI3MAS/xQ0ww=

Response

HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Server: Y! Linkspots
Cache-Control: private,
p3p: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"

var mapkey=[{title: 'New Video Games', keywords: 'Board Games, Toy Stores, Classic Board Games, Educational Toys, Childrens Toys, Childrens Crafts, Arts And Crafts For Kids'}];
1.11. http://content3.myyearbook.com/stickers/6a/20/6a20fbd7b0e37c9ef593b3dc5771f8c3.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://content3.myyearbook.com
Path:   /stickers/6a/20/6a20fbd7b0e37c9ef593b3dc5771f8c3.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /stickers/6a/20/6a20fbd7b0e37c9ef593b3dc5771f8c3.jpg HTTP/1.1
Host: content3.myyearbook.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; MYB_TARGET=_unknown_1000_____; __gads=ID=f3640abbd1b1cdb3:T=1300624489:S=ALNI_MbrX_Emgz4sKka8nHjyRqG1O3ly8w; __utmz=138725551.1300624490.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=138725551.528389796.1300624489.1300624489.1300624489.1; __utmc=138725551; __utmb=138725551.1.10.1300624489; __qca=P0-193244728-1300624490343; PHPSESSID=fdf70e60bc7204869a6429bf4a1984b3

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:37:20 GMT
Expires: Sun, 27 Mar 2011 12:26:07 GMT
Last-Modified: Tue, 18 Nov 2008 17:07:32 GMT
Cache-Control: max-age=604800
Content-Type: image/jpeg
ETag: "31988935"
Accept-Ranges: bytes
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.18
Content-Length: 36587

GIF89a...........$
+..6..(..9..9!).
'..:.
5..1-.,&%%<(7)'3,+81.;43;75.H..W..H".W!%I)&X'4N7"e.'h'*u&6g91t.7x6>XBG

N..I..U        \

X..N!.H)'J1.F86C<;V('X99g..d

l

h..v..r..t

{
.x..u.!g''h88x((v/0w77~>@N
...[SNIP]...
1.12. http://creative.doubleclick.net/2880922/blue300-250b.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://creative.doubleclick.net
Path:   /2880922/blue300-250b.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /2880922/blue300-250b.jpg HTTP/1.1
Host: creative.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAQAAIAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAUW9GzVfJwT.2KFyPwvXYPwb6RJ4kXcs.MzMzMzMz4z-wJeSDns3WPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHXmEhr-LOCR11i-2kw7nSXvlMDkksjh7J.so0AAAAAA==,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Fart-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%25e2%2580%2599s-day%2F,Z%3D300x250%26s%3D1602587%26_salt%3D2010477497%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252Ffeatured%252Fart-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%2525e2%252580%252599s-day%252F%26r%3D0,4588b184-52f4-11e0-850a-003048d6d582
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.0 200 OK
Content-Type: image/jpeg
Content-Length: 14733
Server: DCLK Creative
Date: Sun, 20 Mar 2011 13:16:34 GMT
Last-Modified: Mon, 31 Jan 2011 19:58:48 GMT

.PNG
.
...IHDR...,.........,.......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
1.13. http://feeds.feedburner.com/~s/politicaldisgust  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://feeds.feedburner.com
Path:   /~s/politicaldisgust

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /~s/politicaldisgust?i=http%3A//www.politicaldisgust.com/%3Fp%3D1700&showad=true HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:15:58 GMT
Expires: Sun, 20 Mar 2011 13:15:58 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 4

null
1.14. http://files.livejournal.com/userapps/10/image  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://files.livejournal.com
Path:   /userapps/10/image

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a JPEG image.

Request

GET /userapps/10/image HTTP/1.1
Host: files.livejournal.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljuniq=GdoShltCUTBwAH3:1300624474:pgstats0:m0; show_sponsored_vgifts=1

Response

HTTP/1.0 200 OK
Date: Sun, 20 Mar 2011 12:34:38 GMT
Last-Modified: Thu, 03 Feb 2011 11:13:41 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 37341
Connection: keep-alive
Keep-Alive: timeout=30, max=100

......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS5 Macintosh.2011:02:03 11:49:08.........................
...[SNIP]...
1.15. http://files.livejournal.com/userapps/2/image  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://files.livejournal.com
Path:   /userapps/2/image

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a PNG image.

Request

GET /userapps/2/image HTTP/1.1
Host: files.livejournal.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljuniq=GdoShltCUTBwAH3:1300624474:pgstats0:m0; show_sponsored_vgifts=1

Response

HTTP/1.0 200 OK
Date: Sun, 20 Mar 2011 12:34:38 GMT
Last-Modified: Thu, 03 Feb 2011 11:12:21 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 34106
Connection: keep-alive
Keep-Alive: timeout=30, max=100

.PNG
.
...IHDR...x...x.....9d6....    pHYs................ cHRM..z%..............u0...`..:....o._.F....IDATx...w.e.Y..V.{.X.ruW.nI..V..dI.A...6`0..0..f.C0.30..0.5.f<c<`...s.rR.r...].U...T...^..c..n...
...[SNIP]...
1.16. http://files.livejournal.com/userapps/3/image  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://files.livejournal.com
Path:   /userapps/3/image

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a PNG image.

Request

GET /userapps/3/image HTTP/1.1
Host: files.livejournal.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljuniq=GdoShltCUTBwAH3:1300624474:pgstats0:m0; show_sponsored_vgifts=1

Response

HTTP/1.0 200 OK
Date: Sun, 20 Mar 2011 12:34:38 GMT
Last-Modified: Wed, 02 Feb 2011 13:36:14 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 7904
Connection: keep-alive
Keep-Alive: timeout=30, max=100

.PNG
.
...IHDR...x...x.............tEXtSoftware.Adobe ImageReadyq.e<....PLTEb3)u....>oK......L..S.t...1.zH..w..V.....L.......h..P.........A..-...\......u$..;..
.....[......m....S.....j.x...ciu.....f
...[SNIP]...
1.17. http://files.livejournal.com/userapps/5/image  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://files.livejournal.com
Path:   /userapps/5/image

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a JPEG image.

Request

GET /userapps/5/image?v=1297170218 HTTP/1.1
Host: files.livejournal.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljuniq=GdoShltCUTBwAH3:1300624474:pgstats0:m0; show_sponsored_vgifts=1

Response

HTTP/1.0 200 OK
Date: Sun, 20 Mar 2011 12:37:50 GMT
Last-Modified: Tue, 08 Feb 2011 13:03:38 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 54641
Connection: keep-alive
Keep-Alive: timeout=30, max=100

......JFIF..............Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS2 Windows.2010:11:10 14:49:41.........
...[SNIP]...
1.18. http://files.livejournal.com/userapps/9/image  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://files.livejournal.com
Path:   /userapps/9/image

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a PNG image.

Request

GET /userapps/9/image HTTP/1.1
Host: files.livejournal.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljuniq=GdoShltCUTBwAH3:1300624474:pgstats0:m0; show_sponsored_vgifts=1

Response

HTTP/1.0 200 OK
Date: Sun, 20 Mar 2011 12:34:38 GMT
Last-Modified: Wed, 02 Feb 2011 13:37:34 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 34553
Connection: keep-alive
Keep-Alive: timeout=30, max=100

.PNG
.
...IHDR...x...x.............IDATx.....\..5z...r.....V..3.B..3...lc{l..=.......l..g.....l.....I(K-.:...............5WR....>..............g5.....Y(.....D.8Q...20.J.t..i...u....6.IB`,..qJ......
...[SNIP]...
1.19. http://goods.adnectar.com/analytics/get_avia_js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://goods.adnectar.com
Path:   /analytics/get_avia_js

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /analytics/get_avia_js?api_version=3.0.0&site_key=a9aa425c93ef5dff380c&avia_version=0.8.16 HTTP/1.1
Host: goods.adnectar.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Sun, 20 Mar 2011 12:38:24 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
Status: 200
ETag: "643abe138f06b030650a5c28ca19bdb4"
X-Runtime: 1
Content-Length: 6324
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: adnectar_id=PObkQ02F9UADVwRTOEyfAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"

var exceptionmessage = null;
try {
var avia_already_defined = false;
if (typeof(_an_tracker) !== 'undefined') {
avia_already_defined = true;
}

// First, define JS versions of methods not
...[SNIP]...
1.20. http://imp.fetchback.com/serve/fb/adtag.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://imp.fetchback.com
Path:   /serve/fb/adtag.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /serve/fb/adtag.js?tid=6436&type=lead&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253Bde8e87e7c08dcb01%253B12ed3430f73%2C0%253B%253B%253B3505910700%2CcLl%2DABt0GABXJh8AAAAAAArUCQAAAAAAAAAAAAYAAAAAAA0AAQABCHmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcw9D0y4BAAAAAAAAADdlMjQ0MmYyLTUyZWUtMTFlMC1iMzMwLTAwMzA0OGQ1NmFhNAA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Ftherugged%2Ecom%252F%2C HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?cLl-ABt0GABXJh8AAAAAAArUCQAAAAAAAAAAAAYAAAAAAA0AAQABCHmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjY8vVKW5z8NAiuHFtnwP7-fGi.dJPI.7FG4HoXr-T8.CtejcD3-P5qZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvvAOl.djOCUuT1BsThjs22HOeFbFpkZ8FEdeFAAAAAA==,,http%3A%2F%2Ftherugged.com%2F,Z%3D728x90%26s%3D1602587%26_salt%3D4236502337%26B%3D10%26u%3Dhttp%253A%252F%252Ftherugged.com%252F%26r%3D0,7e2442f2-52ee-11e0-b330-003048d56aa4
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=92051597.1299094491.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=92051597.1024711904.1299094491.1299094491.1299169676.2; uat=1_1299171815; cmp=1_1300411186_10164:0_10638:0_10640:0_10641:0_1437:0_8900:39_9081:108616_9085:108616_8956:108616_9083:108639_9084:108639_8956:108639_20:1241462; sit=1_1300411186_2701:39:39_719:121:0_2707:108839:108616_3225:390277:390277_828:912792:912792_11:1316717:1241462_3314:1320455:1239371_3289:1321705:1316218_2002:2548865:2547644; bpd=1_1300411186_h9i9:5WgZ; apd=1_1300411186; afl=1_1300411186; cre=1_1300549516_20053:11792:7:0_20056:11790:2:1003244_14598:11789:1:1180912; uid=1_1300549516_1297862321306:0415785655118336; kwd=1_1300549516_11317:138330_11717:138330_11718:138330_11719:138330_11722:246965_10827:246965_10842:246969_10839:246969_10824:247169; scg=1_1300549516; ppd=1_1300549516

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:01:26 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1300626086_1297862321306:0415785655118336; Domain=.fetchback.com; Expires=Fri, 18-Mar-2016 13:01:26 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 20 Mar 2011 13:01:26 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 621

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=6436&type=lead&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253Bde8e87e7c08dcb01%253B12ed3430f73%2C0%253B%25
...[SNIP]...
1.21. http://l-stat.livejournal.com/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://l-stat.livejournal.com
Path:   /

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET / HTTP/1.1
Host: l-stat.livejournal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ljuniq=GdoShltCUTBwAH3:1300624474:pgstats0:m0; show_sponsored_vgifts=1;

Response

HTTP/1.1 200 OK
Content-Type: text/html
Server: Perlbal
Content-Length: 44
Connection: close

<h1>200 - OK</h1>
Directory listing disabled
1.22. http://l-stat.livejournal.com/js/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://l-stat.livejournal.com
Path:   /js/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /js/ HTTP/1.1
Host: l-stat.livejournal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ljuniq=GdoShltCUTBwAH3:1300624474:pgstats0:m0; show_sponsored_vgifts=1;

Response

HTTP/1.1 200 OK
Content-Type: text/html
Server: Perlbal
Content-Length: 44
Connection: close

<h1>200 - OK</h1>
Directory listing disabled
1.23. http://mbox12e.offermatica.com/m2/tmobile/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://mbox12e.offermatica.com
Path:   /m2/tmobile/mbox/standard

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/tmobile/mbox/standard?mboxHost=www.t-mobile.com&mboxSession=1300624507874-511379&mboxPage=1300624510290-788077&mboxCount=2&mbox=hp_header_non_cookied&mboxId=0&mboxURL=http%3A%2F%2Fwww.t-mobile.com%2F&mboxReferrer=&mboxVersion=34 HTTP/1.1
Host: mbox12e.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.t-mobile.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 176
Date: Sun, 20 Mar 2011 12:35:09 GMT
Server: Test & Target

mboxFactories.get('default').get('hp_header_non_cookied',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1300624507874-511379.17");
1.24. http://r.nexac.com/e/getdata.xgi  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://r.nexac.com
Path:   /e/getdata.xgi

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /e/getdata.xgi HTTP/1.1
Host: r.nexac.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: na_id=2011030211314518281421320827; na_ps=1; na_tc=Y; OAX=rcHW801i4e0ADNVY;

Response

HTTP/1.1 200 OK
Connection: close
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
X-Powered-By: Jigawatts
Content-type: text/html
Date: Sun, 20 Mar 2011 14:01:15 GMT
Server: lighttpd/1.4.18
Content-Length: 65

na_id=2011030211314518281421320827&na_di=&na_mp=&na_mg=NM&na_da=
1.25. http://rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&PG=VUSSH3&AP=1089&accyyyrandom=1952100&aamst=swzzznol&aamsz=300x250&AXW=300&AXH=250 HTTP/1.1
Host: rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC01=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC05=FB=; FC06=FB=; FC07=FB=; FC08=FB=; FC09=FB=; MC1=V=3&GUID=1593e55bc6bd4a6fa24e1aa0798f062a; mh=MSFT; CC=US; CULTURE=EN-US; expid=id=2f286e706b7d43c2be7bbf23323df6c5&bd=2011-01-01T01:18:30.906&v=2; Sample=86; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; SRCHHPGUSR=AS=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 2351
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P6699705-T37386984-C1578416
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sun, 20 Mar 2011 12:34:17 GMT
Content-Length: 2351


//<![CDATA[
function getRADIds(){return{"adid":"1578416","pid":"6699705","targetid":"37386984"};}if(typeof(inDapIF) != "undefined" && parent._dapUtils.is_ie5up && (parent._dapUtils.majorVer < 9)){p
...[SNIP]...
1.26. http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://rotator.adjuggler.com
Path:   /servlet/ajrotator/1007517/0/vh

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click= HTTP/1.1
Host: rotator.adjuggler.com
Proxy-Connection: keep-alive
Referer: http://therugged.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ajess1_ADC1D6F36B45B656C8BC8A09=a; ajcmp=2023xy_39lD003AOp

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache, no-store
Expires: Tue, 01 Jan 2000 00:00:00 GMT
P3P: policyref="http://rotator.adjuggler.com:80/p3p/RotatorPolicyRef.xml", CP="NOI DSP COR CURa DEVa TAIa OUR SAMa NOR STP NAV STA LOC"
Set-Cookie: ajcmp=2023xy_39lD36Jz003Ic0; Expires=Tue, 19-Mar-2013 12:59:12 GMT; Path=/
Content-Type: text/html
Content-Length: 275
Date: Sun, 20 Mar 2011 12:59:12 GMT
Connection: close

<!-- BEGIN STANDARD TAG - 728 x 90 - The Rugged: Section 2 - DO NOT MODIFY -->
<IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=728 HEIGHT=90 SRC="http://ad.yieldmanager.com/st?a
...[SNIP]...
1.27. http://s3.amazonaws.com/wootsaleimages/Asus_Intel_Core_i5_15_6__Notebook_with_WiMaxerqThumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://s3.amazonaws.com
Path:   /wootsaleimages/Asus_Intel_Core_i5_15_6__Notebook_with_WiMaxerqThumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /wootsaleimages/Asus_Intel_Core_i5_15_6__Notebook_with_WiMaxerqThumbnail.jpg HTTP/1.1
Host: s3.amazonaws.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Blog/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: ZwAo92LcuDKG9+50IYEZmNixm7P2ruGLP0pm87CZMqLGQVM1TTqPzhxfE+DGHSQr
x-amz-request-id: A5418ABFC88D693A
Date: Sun, 20 Mar 2011 13:41:28 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Tue, 18 Mar 2031 18:47:07 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Tue, 18 Mar 2031 18:47:07 GMT
Last-Modified: Fri, 18 Mar 2011 18:47:08 GMT
ETag: "93405aac2b16a3e5f4eb5b69e2aec57c"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.28. http://s3.amazonaws.com/wootsaleimages/Limited_Edition___Green_Buckyballs_216_Piece_Magnetic_Set___2_Packk8kThumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://s3.amazonaws.com
Path:   /wootsaleimages/Limited_Edition___Green_Buckyballs_216_Piece_Magnetic_Set___2_Packk8kThumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /wootsaleimages/Limited_Edition___Green_Buckyballs_216_Piece_Magnetic_Set___2_Packk8kThumbnail.jpg HTTP/1.1
Host: s3.amazonaws.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Blog/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: EQOYXSjMy2/waQf6Nr6oP/nLMPSfCYqXWQzT/Paq7fvUwV9KYKTeDwa1J4xzH1Ch
x-amz-request-id: FA023C4128904D13
Date: Sun, 20 Mar 2011 13:41:28 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Sun, 16 Mar 2031 22:18:53 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Sun, 16 Mar 2031 22:18:53 GMT
Last-Modified: Wed, 16 Mar 2011 22:18:53 GMT
ETag: "6c2e5512cbe9824778b412b35ba7f5b6"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.29. http://sale.images.woot.com/Asus_Intel_Core_i5_15_6__Notebook_with_WiMaxerqThumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /Asus_Intel_Core_i5_15_6__Notebook_with_WiMaxerqThumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Asus_Intel_Core_i5_15_6__Notebook_with_WiMaxerqThumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 200 OK
x-amz-id-2: uDyWExhosF4VMMHu1DYf6PlbEB4jkqATgl8SFnFNt0dmKSykN5e1+3cSSzTwBA6s
x-amz-request-id: B16D569CC0B07D03
Date: Sat, 19 Mar 2011 05:00:02 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Tue, 18 Mar 2031 18:47:07 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Tue, 18 Mar 2031 18:47:07 GMT
Last-Modified: Fri, 18 Mar 2011 18:47:08 GMT
ETag: "93405aac2b16a3e5f4eb5b69e2aec57c"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 117672
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 8af81ebfec1d0d016c3551a54701795262c5d98b3d30b3fdf1a342d62c65f2cef13fc01ca5228f48
Via: 1.0 62806950c1110390d39d3d218951cb9b.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.30. http://sale.images.woot.com/Blanket_w_Sleeves_and_Booklight___2_Pack4nhThumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /Blanket_w_Sleeves_and_Booklight___2_Pack4nhThumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Blanket_w_Sleeves_and_Booklight___2_Pack4nhThumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 200 OK
x-amz-id-2: m+tG+7GHHTCCTfHIYsJSqFrWfvgsIZn1dHzaaDPlQUcZMZH1XK5AbmxjKDFotA7m
x-amz-request-id: C98B9BAD8FFD6A29
Date: Thu, 10 Mar 2011 03:35:39 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Fri, 07 Mar 2031 21:42:59 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Fri, 07 Mar 2031 21:42:59 GMT
Last-Modified: Mon, 07 Mar 2011 21:42:59 GMT
ETag: "94879b1ed3a882840f493074a94a1d29"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 900404
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: f24ea6ae8969dbfa9a4d9fb7fc4c016e04d123dbc1b09123d80ad67c6f7d783a27e24bf7ef2e0e90
Via: 1.0 b65f5fd32e96f191273c362476853f01.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.31. http://sale.images.woot.com/Casio_Exilim_12_1MP_Digital_Cameran08Thumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /Casio_Exilim_12_1MP_Digital_Cameran08Thumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Casio_Exilim_12_1MP_Digital_Cameran08Thumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 200 OK
x-amz-id-2: NakX+syhdx0WZxvsghPQnyrdE7A8czvKdSDB02UseQukWqvptLhfKoarP/f1g00f
x-amz-request-id: 43A4B0AEF00D2B62
Date: Sat, 12 Mar 2011 06:00:03 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Wed, 12 Mar 2031 02:21:22 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Wed, 12 Mar 2031 02:21:22 GMT
Last-Modified: Sat, 12 Mar 2011 03:21:23 GMT
ETag: "0118e2dd5ae42632d55f2bf711c0896b"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 718894
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 5bd9bcc6d66d0dbc452edcf2bc8443d8fc0b450e8cd62b01f73007d5e19ccf3385390f5ab3a287f4
Via: 1.0 36eac20498fac4ca8a7c83ef56b27396.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.32. http://sale.images.woot.com/Castle_Rock_Winery_Mixed_Red_CasecrkThumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /Castle_Rock_Winery_Mixed_Red_CasecrkThumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Castle_Rock_Winery_Mixed_Red_CasecrkThumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: 83DalhbYVifKHKgM6U/4VdrdmgRMHo22Lz+xrlC1qVnDsmbcpuNAP1kDp/i6NmtC
x-amz-request-id: 0F2CB650F91C7D6B
Date: Sat, 19 Mar 2011 00:08:10 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Tue, 18 Mar 2031 02:17:08 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Tue, 18 Mar 2031 02:17:08 GMT
Last-Modified: Fri, 18 Mar 2011 02:17:09 GMT
ETag: "87b6fbc84759f0ee6ed90714f027f737"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 131190
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: c37249211b51bfe3612c98e28f51625e2f3abf712890683e6672c98ce3f5c39203adb3c46c16fa1e
Via: 1.0 c662f4e5a3bc7b224ce1bbecb0a23d82.cloudfront.net:11180 (CloudFront), 1.0 e45b1f1e171044cf488be122ea3ff12a.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.33. http://sale.images.woot.com/Criss_Angel_Street_Magic_Bundlean4Thumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /Criss_Angel_Street_Magic_Bundlean4Thumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Criss_Angel_Street_Magic_Bundlean4Thumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 200 OK
x-amz-id-2: KoEZEiRv0f5XK4bJZzIoBkAGxF6JTpCO1mZb5p8TeqetvDegfZrVfoyswpDq92u/
x-amz-request-id: 95FCE094A2B2F760
Date: Thu, 10 Mar 2011 05:35:17 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Sun, 09 Mar 2031 19:59:56 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Sun, 09 Mar 2031 19:59:56 GMT
Last-Modified: Wed, 09 Mar 2011 20:59:56 GMT
ETag: "15423103ae7fb17750a2ab53a60affcf"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 893193
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 6f823d685279b1699f2b75d535b9267c1b5083c95f6b0bf83a0177f02f1f04da942551aad7c74526
Via: 1.0 62806950c1110390d39d3d218951cb9b.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.34. http://sale.images.woot.com/Flip_SlideHD_16GB_Video_CameracoeStandard.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /Flip_SlideHD_16GB_Video_CameracoeStandard.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Flip_SlideHD_16GB_Video_CameracoeStandard.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: j4FFjrnIK67OpHTwuSyPeMM86A4xmavaTmAwG2kWfybTYsymazwLej4p40dY03lj
x-amz-request-id: 20E59305D68CCCB0
Date: Sun, 20 Mar 2011 05:00:05 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Tue, 28 Jan 2031 23:34:33 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Tue, 28 Jan 2031 23:34:33 GMT
Last-Modified: Fri, 28 Jan 2011 23:34:33 GMT
ETag: "8b242b4d4e454fe8295ed2c111e1b2ca"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 16384
Server: AmazonS3
Age: 27270
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 2b41c4d3ee364ff9346996f27d43163c005b14a566e7206640a0fde13b539936d2dec144ed0db0ab
Via: 1.0 631bffa875a37a9e1df8e42a71f3397a.cloudfront.net:11180 (CloudFront), 1.0 e45b1f1e171044cf488be122ea3ff12a.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................V...."..............................
...[SNIP]...
1.35. http://sale.images.woot.com/Franklin_Covey_Leather_Steno_Pad_Holdercx0Thumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /Franklin_Covey_Leather_Steno_Pad_Holdercx0Thumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Franklin_Covey_Leather_Steno_Pad_Holdercx0Thumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 200 OK
x-amz-id-2: L/y4OlB8rZcBMQmDzgvgop43RcfBIeC6itBzIyjdC01qOOntXua6uj2gUZ2H3rEm
x-amz-request-id: F67611489217AF1F
Date: Thu, 10 Mar 2011 04:35:27 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Sun, 09 Mar 2031 19:50:19 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Sun, 09 Mar 2031 19:50:19 GMT
Last-Modified: Wed, 09 Mar 2011 20:50:20 GMT
ETag: "f09e7f563427f4dc66db28f9b365b7ad"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 896795
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: c3a542bae19b73deab7538b556095d391d1a7a5fd397bf3b463230fe5a8d316c11bfef132cdb54e3
Via: 1.0 b65f5fd32e96f191273c362476853f01.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.36. http://sale.images.woot.com/HP_Touchsmart_23__All-In-One_PC668Thumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /HP_Touchsmart_23__All-In-One_PC668Thumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /HP_Touchsmart_23__All-In-One_PC668Thumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 200 OK
x-amz-id-2: TjoY69pWwRKkcURnoWzA/t1GY4vEG6FVg2VUOROmrsam2QASEp1Av5oct2Q071QU
x-amz-request-id: A14DAD2CCBD036D4
Date: Sun, 13 Mar 2011 06:00:02 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Wed, 12 Mar 2031 23:39:30 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Wed, 12 Mar 2031 23:39:30 GMT
Last-Modified: Sun, 13 Mar 2011 00:39:31 GMT
ETag: "7d4e280d98ef14b3a0ac1076f7eae629"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 632494
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 408cea07fee53a18d52028a368381de3f2ab66bef0da20cd1f4f1d5b5264789701f8d1e42eba5739
Via: 1.0 a66b66777bcb1327d43930e7cba65de8.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.37. http://sale.images.woot.com/Hype_USB_Tape_to_MP3_ConverterssaThumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /Hype_USB_Tape_to_MP3_ConverterssaThumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Hype_USB_Tape_to_MP3_ConverterssaThumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 200 OK
x-amz-id-2: 89HU2kuFxc6aDfO0WirtPimlGt/NI/cwdJ0LudTQ4NihpODLYJD8riNZODKJaaeD
x-amz-request-id: BA9CFF3B3F094948
Date: Thu, 10 Mar 2011 05:22:51 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Fri, 07 Mar 2031 20:41:05 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Fri, 07 Mar 2031 20:41:05 GMT
Last-Modified: Mon, 07 Mar 2011 20:41:06 GMT
ETag: "860078a8e58be1796009e671dcc991f6"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 893945
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 1a524af332b8f50bcfe13df6f96ebe3fef8863b984ebfb5af27c9e6596063cf36a62970fa20114d3
Via: 1.0 631bffa875a37a9e1df8e42a71f3397a.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.38. http://sale.images.woot.com/Isotoner_Men_s_GloveszyvThumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /Isotoner_Men_s_GloveszyvThumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Isotoner_Men_s_GloveszyvThumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 200 OK
x-amz-id-2: kpx74TarViAkSdd1ChNIrQ12LtFQApKtMf29tWoW2fQ4M+l+Kh9qaAnF/+9ltmnq
x-amz-request-id: 6FD108989E0839D0
Date: Thu, 10 Mar 2011 04:54:03 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Mon, 03 Mar 2031 20:50:53 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Mon, 03 Mar 2031 20:50:53 GMT
Last-Modified: Thu, 03 Mar 2011 20:50:54 GMT
ETag: "cc4b58f91fd2e02dff58826c0d0ab6d7"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 895694
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 9059f1ed86d3c3a3114efaf81a72aa4bcd3233f7c37db82ef69f33c148b55615949f17a9317b0095
Via: 1.0 631bffa875a37a9e1df8e42a71f3397a.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.39. http://sale.images.woot.com/Kanen_Earphones4txThumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /Kanen_Earphones4txThumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Kanen_Earphones4txThumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 200 OK
x-amz-id-2: t0QqBHi4UV3RCpb6MIAaLA+/nFJ0PgGIJ5Dmr4lqb+dw/iHKOpSrx1OPSbv/Ej+m
x-amz-request-id: 926F754D35DF1B7E
Date: Thu, 10 Mar 2011 05:28:33 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Sun, 09 Mar 2031 19:55:56 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Sun, 09 Mar 2031 19:55:56 GMT
Last-Modified: Wed, 09 Mar 2011 20:55:57 GMT
ETag: "a5ee23a194b0ba731dd76832ed69cee2"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 893598
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: e9febf225c76b4619cfdcd17ce1ec427349ca8a259ef05a89bda52cca1cc72c3af75806a97dd223f
Via: 1.0 c249a854d569f0b1bebd71559fc52858.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.40. http://sale.images.woot.com/Kitrics_Digital_Nutrition_Label_ScalefrqThumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /Kitrics_Digital_Nutrition_Label_ScalefrqThumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Kitrics_Digital_Nutrition_Label_ScalefrqThumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 200 OK
x-amz-id-2: 38PiFg2sznaCpg5r9bCJ3JzNOeEe/fySnPHFcliN9nuN6JsIP8DmT+gIvNfbpB1B
x-amz-request-id: B8FA7DF369ABA9DD
Date: Wed, 16 Mar 2011 05:00:04 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Sun, 16 Mar 2031 03:55:18 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Sun, 16 Mar 2031 03:55:18 GMT
Last-Modified: Wed, 16 Mar 2011 03:55:19 GMT
ETag: "367337a9b0f896b5822426d83f7694cc"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 376876
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 47a91d44c5a7eb7807a056f124515267d40488d29d5130d4408915fc2174425c2cf77d474d041c4e
Via: 1.0 36eac20498fac4ca8a7c83ef56b27396.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.41. http://sale.images.woot.com/Limited_Edition___Green_Buckyballs_216_Piece_Magnetic_Set___2_Packk8kThumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /Limited_Edition___Green_Buckyballs_216_Piece_Magnetic_Set___2_Packk8kThumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Limited_Edition___Green_Buckyballs_216_Piece_Magnetic_Set___2_Packk8kThumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 200 OK
x-amz-id-2: dIfKAZHaCLbJl+dJDuILnp/0kl9xJna8uF10sdhj7OiILQWUcqFRyr5HJAH/mZzv
x-amz-request-id: FAA23C61AAD38D23
Date: Thu, 17 Mar 2011 05:00:07 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Sun, 16 Mar 2031 22:18:53 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Sun, 16 Mar 2031 22:18:53 GMT
Last-Modified: Wed, 16 Mar 2011 22:18:53 GMT
ETag: "6c2e5512cbe9824778b412b35ba7f5b6"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 290473
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: efcc12037f743a67b771149be79d11527e41bf3c1260fca1918445b8c2bcb1db9360563f3891d79c
Via: 1.0 c662f4e5a3bc7b224ce1bbecb0a23d82.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.42. http://sale.images.woot.com/Mystery_Science_Theater_3000__Volume_XVIII_-_4_DVD_Set46pThumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /Mystery_Science_Theater_3000__Volume_XVIII_-_4_DVD_Set46pThumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Mystery_Science_Theater_3000__Volume_XVIII_-_4_DVD_Set46pThumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 200 OK
x-amz-id-2: hp3RqaEh+vdrD95tnhrhpXztHD1NoQoBcyVJGKKsmD3Ojsxm+fAD3HC3od/XGE5a
x-amz-request-id: 42FF356FB463716D
Date: Thu, 10 Mar 2011 05:49:05 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Sat, 08 Mar 2031 19:23:05 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Sat, 08 Mar 2031 19:23:05 GMT
Last-Modified: Tue, 08 Mar 2011 19:23:06 GMT
ETag: "ed6dcc9e01d8d9adfbceccda77ffd164"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 892364
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 2748c426c4fbdfc382ffecea32f26eac8bc2b48c59554e2e894d8b610178f0c9792f265467807be8
Via: 1.0 c662f4e5a3bc7b224ce1bbecb0a23d82.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.43. http://sale.images.woot.com/Optoma_PK102_Pico_Pocket_Projectorx9hThumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /Optoma_PK102_Pico_Pocket_Projectorx9hThumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Optoma_PK102_Pico_Pocket_Projectorx9hThumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 200 OK
x-amz-id-2: 1EDN8wPSZa5Dg/Pf2koVkef66Ws0fC1SWhBz3b8yLmbHoAEIAATP0dIx+Mx0Sj2w
x-amz-request-id: 14E28B26B52E120A
Date: Fri, 11 Mar 2011 06:00:05 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Tue, 11 Mar 2031 00:02:53 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Tue, 11 Mar 2031 00:02:53 GMT
Last-Modified: Fri, 11 Mar 2011 01:02:54 GMT
ETag: "c21b0fac8ef84f8b918a91a5946ecb7f"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 805292
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: e1116d0548ec63f085803e3194cfe173ac0505fdbc92e82ec3d314d40e3683e28c0b4f5319a2f216
Via: 1.0 c662f4e5a3bc7b224ce1bbecb0a23d82.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.44. http://sale.images.woot.com/PetZoom_Self-Cleaning_Grooming_Brush_3-Pack_with_Trimmer5gsThumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /PetZoom_Self-Cleaning_Grooming_Brush_3-Pack_with_Trimmer5gsThumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /PetZoom_Self-Cleaning_Grooming_Brush_3-Pack_with_Trimmer5gsThumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 200 OK
x-amz-id-2: p0+dgVZF9wdkB51u/MK7Qa13mtIdmGw4MC0m91aN7b/C9jXq+sUQzyHhTGrf1+TZ
x-amz-request-id: 7B408864F0825D2D
Date: Tue, 15 Mar 2011 05:00:04 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Fri, 14 Mar 2031 21:48:56 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Fri, 14 Mar 2031 21:48:56 GMT
Last-Modified: Mon, 14 Mar 2011 21:48:57 GMT
ETag: "2f21638fa03b55a24b8bd84b47467aa9"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 463272
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: f36634974d84952c46a12d57887b40f051d873e246c6cc889ad13506b12164606be1df0ecdea83a8
Via: 1.0 631bffa875a37a9e1df8e42a71f3397a.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.45. http://sale.images.woot.com/Polaroid_14MP_Digital_Camera_with_5x_Optical_Zoom___2_7__LCD_Screenof0Thumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /Polaroid_14MP_Digital_Camera_with_5x_Optical_Zoom___2_7__LCD_Screenof0Thumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Polaroid_14MP_Digital_Camera_with_5x_Optical_Zoom___2_7__LCD_Screenof0Thumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 200 OK
x-amz-id-2: YJsNUZjbj9EXQpPiI/pyDpetDjW3EqmhHeDElbJzNOHNmRIAnN5dzDEgMLWlDz3n
x-amz-request-id: 30D81048D863D5B9
Date: Thu, 10 Mar 2011 04:23:09 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Sat, 08 Mar 2031 19:31:18 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Sat, 08 Mar 2031 19:31:18 GMT
Last-Modified: Tue, 08 Mar 2011 19:31:19 GMT
ETag: "6b0a539bb8d8036b59b8d5b3d1e811a5"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 897553
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: a481648524d5a3bc3722a6d50910ff6f5194305e1e79b5af37b50aa8f615720c0b86c9144dc8692e
Via: 1.0 e756b6b47c8f9469e963e5f531a3beed.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.46. http://sale.images.woot.com/ROK_Blocks_Preschool_Deluxe_Building_Set_by_Rokenbokh1nThumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /ROK_Blocks_Preschool_Deluxe_Building_Set_by_Rokenbokh1nThumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /ROK_Blocks_Preschool_Deluxe_Building_Set_by_Rokenbokh1nThumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: 7EMIPZn5SgixrbjOCUJbMFap2F7MoiV+u9bthFLVeQyBXWY1+uqra9i9/fyUTBKc
x-amz-request-id: 2DB2D6C4038AFF9C
Date: Thu, 17 Mar 2011 00:26:38 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Tue, 07 Jan 2031 21:04:53 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Tue, 07 Jan 2031 21:04:53 GMT
Last-Modified: Fri, 07 Jan 2011 21:04:54 GMT
ETag: "f6f9aaee5373f9cc0ef119d1a5c7af3b"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 302876
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: e014f7b46f554e96b7e49b7d78d57d48895f20e246346d1040054c2b2088949805c5148b40c16f3c
Via: 1.0 ecf6abe40feed656b4a0843263468b70.cloudfront.net:11180 (CloudFront), 1.0 e45b1f1e171044cf488be122ea3ff12a.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.47. http://sale.images.woot.com/Screaming_Giant_Monkey_with_Black_Woot_CapewzwThumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /Screaming_Giant_Monkey_with_Black_Woot_CapewzwThumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Screaming_Giant_Monkey_with_Black_Woot_CapewzwThumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 200 OK
x-amz-id-2: +1jovI8DP7VMPBFQrFQ/FdsI+IRIdDtHH8O1ykrGWFFeuG+3KoH7TDiX6cEGnlBo
x-amz-request-id: 9EC05C138603A3D0
Date: Thu, 10 Mar 2011 05:50:39 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Sun, 09 Mar 2031 20:50:38 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Sun, 09 Mar 2031 20:50:38 GMT
Last-Modified: Wed, 09 Mar 2011 21:50:38 GMT
ETag: "2219d043280e8766930e49a7123e3041"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 892265
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: df4eab944ab60e08d5600585806c2acb5017d4d865410ff1d328024d701163c41c9581484c18878a
Via: 1.0 692c975fab617742d287dbc89a9d21c8.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.48. http://sale.images.woot.com/Sony_Dash_Personal_Internet_Viewerqo9Thumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /Sony_Dash_Personal_Internet_Viewerqo9Thumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Sony_Dash_Personal_Internet_Viewerqo9Thumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: H+HNd88tyKkEfhrpD2BZybPRfj6x4w2pbW9R9NYdDNzqdageJtRYmh4gpryM6rX3
x-amz-request-id: CD72E8EA243A0257
Date: Tue, 15 Mar 2011 02:39:45 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Mon, 10 Feb 2031 22:30:34 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Mon, 10 Feb 2031 22:30:34 GMT
Last-Modified: Thu, 10 Feb 2011 22:30:35 GMT
ETag: "3518189c2765ca47b4e7bf6b298eb06b"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 467689
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: e9bb34c3898d27f74bcd7b62920b63efb157d68309915bc9540bbfe086313eefcda062d709dd590b
Via: 1.0 b65f5fd32e96f191273c362476853f01.cloudfront.net:11180 (CloudFront), 1.0 e45b1f1e171044cf488be122ea3ff12a.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.49. http://sale.images.woot.com/chumby_one__Smart_Internet_CompanionixwThumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /chumby_one__Smart_Internet_CompanionixwThumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /chumby_one__Smart_Internet_CompanionixwThumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 200 OK
x-amz-id-2: 4Qeof289pWyONyWcgRqzxOHmAOLWvmkCGhstKOaujZASVEiL3AwX7rLw9C8Ecrf2
x-amz-request-id: 16D47096A4841A29
Date: Thu, 10 Mar 2011 06:00:06 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Mon, 10 Mar 2031 03:18:20 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Mon, 10 Mar 2031 03:18:20 GMT
Last-Modified: Thu, 10 Mar 2011 04:18:21 GMT
ETag: "10280f2bdd4be38c26fc0c1771704dfa"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 891699
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: a8ffd907cc58f1d8339ae6d7061bf0e61163d2fb987281d24db4d6b6b68428c6013558c38e67e011
Via: 1.0 692c975fab617742d287dbc89a9d21c8.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.50. http://sale.images.woot.com/cy-fi_Wireless_Sport_Speaker_for_iPod_or_BluetoothwmvThumbnail.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sale.images.woot.com
Path:   /cy-fi_Wireless_Sport_Speaker_for_iPod_or_BluetoothwmvThumbnail.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /cy-fi_Wireless_Sport_Speaker_for_iPod_or_BluetoothwmvThumbnail.jpg HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 200 OK
x-amz-id-2: 7WEODxFXNvq+3UeRFW7s663b7n2DtbKPRIidVOrj6KOefIwyareUWU6The8855iR
x-amz-request-id: 44CDD161A9CAB35F
Date: Fri, 18 Mar 2011 15:14:58 GMT
x-amz-meta-content-type: image/jpeg
x-amz-meta-expires: Tue, 18 Mar 2031 15:12:03 GMT
x-amz-meta-x-amz-acl: public-read
Expires: Tue, 18 Mar 2031 15:12:03 GMT
Last-Modified: Fri, 18 Mar 2011 15:12:04 GMT
ETag: "9ef9d9afe14559b5e86a37981a256b30"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 8192
Server: AmazonS3
Age: 167198
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 0e03aabdc0d0343282489bfb6313fc4fb451236d6e83b7ca12a11306fa14ad1626711c09acb96b4b
Via: 1.0 ecf6abe40feed656b4a0843263468b70.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

......JFIF.....`.`.....C..............................................    .........    
   .
.......C.......................................................................`...."..............................
...[SNIP]...
1.51. http://sales.liveperson.net/hcp/html/mTag.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=53643872 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.t-mobile.com/locator.aspx?referer=%2fDefault.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=44502044936234,d=1297806164; ASPSESSIONIDCAABBQQQ=KMHOOFNCICJLBAJOOMEOEPBC

Response

HTTP/1.1 200 OK
Content-Length: 17291
Content-Type: application/x-javascript
Content-Location: http://sales.liveperson.net/lpWeb/default_ENT//hcpv/emt/mtag.js?site=53643872
Last-Modified: Sun, 13 Mar 2011 22:27:52 GMT
Accept-Ranges: bytes
ETag: "e0f243e4cde1cb1:276c"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Date: Sun, 20 Mar 2011 13:33:42 GMT

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...
1.52. http://sales.liveperson.net/visitor/addons/deploy.asp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /visitor/addons/deploy.asp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /visitor/addons/deploy.asp HTTP/1.1
Host: sales.liveperson.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: HumanClickKEY=4772067767537568202; LivePersonID=LP i=44502044936234,d=1297806164; HumanClickSiteContainerID_53643872=STANDALONE; ASPSESSIONIDCAABBQQQ=KMHOOFNCICJLBAJOOMEOEPBC;

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 20 Mar 2011 14:01:20 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Length: 403
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSSDAADRA=LCFEBGNCNLMAIGODJEBPFJEH; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Server.MapPath()</font> <font face="Arial" size=2>error 'ASP 0174 : 80004005'</font>
<p>
<font face="Arial" size=2>Invalid Path Character(s)</font>
<p>
<font face="Arial
...[SNIP]...
1.53. http://showads.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://showads.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26436&siteId=26437&adId=21304&kadwidth=300&kadheight=250&kbgColor=ffffff&ktextColor=000000&klinkColor=FFFFFF&pageURL=http://www.woot.com/&frameName=http_www_woot_comkomli_ads_frame12643626437&kltstamp=2011-2-20%207%3A34%3A37&ranreq=0.7504880619235337&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=458x450&adVisibility=1 HTTP/1.1
Host: showads.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:4470455573253905340; KRTBCOOKIE_133=1873-6pgp44i37uxw; KRTBCOOKIE_27=1216-uid:4d5b2371-3928-7a83-24fb-d52328f5624b; KRTBCOOKIE_32=1386-WH9qYVd2Q3FGAWJeBgV+WQlbaXsQfgZCDFxlX1ZL; KRTBCOOKIE_53=424-20108b4d-f8d0-4008-b157-1529097b61ab; KRTBCOOKIE_97=3385-uid:3c8eb88b-c9c1-47d0-9235-2d5e32a3350f; PUBRETARGET=78_1392641239.461_1392901736.403_1393381248.401_1393381248.1039_1301416785.1340_1393698747.362_1301682747.1469_1393892161.70_1301922274.1928_1302874361.375_1302874358.1376_1302874361

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:35:32 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: KADUSERCOOKIE=B391BFC7-DF10-4056-9466-14707AB94934; domain=pubmatic.com; expires=Mon, 19-Mar-2012 12:35:32 GMT; path=/
Set-Cookie: pubfreq_26437=; domain=pubmatic.com; expires=Tue, 22-Mar-2011 12:35:32 GMT; path=/
Set-Cookie: pubtime_26437=TMC; domain=pubmatic.com; expires=Mon, 21-Mar-2011 12:35:32 GMT; path=/
Set-Cookie: _curtime=1300624532; domain=pubmatic.com; expires=Sun, 20-Mar-2011 13:45:32 GMT; path=/
Set-Cookie: pubfreq_26437_21304_1005004847=243-1; domain=pubmatic.com; expires=Sun, 20-Mar-2011 13:15:32 GMT; path=/
Set-Cookie: PMDTSHR=; domain=pubmatic.com; expires=Mon, 21-Mar-2011 12:35:32 GMT; path=/
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 1822

document.write('<div id="http_www_woot_comkomli_ads_frame12643626437" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=RGcAAEVnAAA4UwAA3AEAAAAAAA
...[SNIP]...
1.54. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /AdServer/AdServerServlet?01AD=3q_xFPysNRRq5P6VdKt7tDWS4UmVb8m-YrrvHMmRPMfrin7Yk44Nd-Q&01RI=2500D83B99F60DD&01NA=&operId=2&pubId=26436&siteId=26437&adId=21762&kadwidth=300&kadheight=250&prevkadIds=21304_21306&kbgColor=ffffff&ktextColor=000000&klinkColor=FFFFFF&pageURL=http://www.woot.com/&frameName=http_www_woot_comkomli_ads_frame32643626437&kltstamp=2011-2-20%207%3A34%3A45&ranreq=0.8810346268583089&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=458x450&adVisibility=1 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:4470455573253905340; KRTBCOOKIE_133=1873-6pgp44i37uxw; KRTBCOOKIE_27=1216-uid:4d5b2371-3928-7a83-24fb-d52328f5624b; KRTBCOOKIE_32=1386-WH9qYVd2Q3FGAWJeBgV+WQlbaXsQfgZCDFxlX1ZL; KRTBCOOKIE_53=424-20108b4d-f8d0-4008-b157-1529097b61ab; KRTBCOOKIE_97=3385-uid:3c8eb88b-c9c1-47d0-9235-2d5e32a3350f; KADUSERCOOKIE=43A8ABFA-7497-471A-9AF6-2974D17EF335; pubfreq_26437=; pubtime_26437=TMC; pubfreq_26437_21304_990920136=243-1; KTPCACOOKIE=YES; KRTBCOOKIE_80=1336-002d9af2-d1e0-46f3-a4d5-a4e3b437adec.11265.18531.24197.6790.30337.8.6551.39832.10011.10012.4387.39857.7472.1073.51806.24680.39233.13893.13896.1097.13899.13902.38627.15694.15579.9691.51808.3427.18407.17256.24809.39536.39793.39794.11262.51069.1150.9855.; KRTBCOOKIE_22=488-pcv:1|uid:8392341830659049202; KRTBCOOKIE_58=1344-KH-00000000549735899; PUBRETARGET=78_1392641239.461_1392901736.403_1393381248.401_1393381248.1039_1301416785.1340_1393698747.362_1301682747.1469_1393892161.70_1301922274.1928_1302874361.375_1302874358.1376_1302874361.445_1308400481.79_1300710881; _curtime=1300624477; pubfreq_26437_21306_1985489030=243-1; PMDTSHR=cat:; PMAT=CT-1

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:42:03 GMT
Connection: close
Set-Cookie: PMAT=3q_xFPysNRRq5P6VdKt7tDWS4UmVb8m-YrrvHMmRPMfrin7Yk44Nd-Q; expires=Sun, 17-Apr-2011 12:42:03 GMT; path=/; domain=showadsak.pubmatic.com
Set-Cookie: _curtime=1300624924; domain=pubmatic.com; expires=Sun, 20-Mar-2011 13:52:04 GMT; path=/
Set-Cookie: pubfreq_26437_21762_427065418=243-1; domain=pubmatic.com; expires=Sun, 20-Mar-2011 13:22:04 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Mon, 21-Mar-2011 12:42:04 GMT; path=/
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"
Content-Length: 2038

document.writeln('<'+'script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5757398&cch=5766863&code=5766875&l=300x250&aid=25369308&ahcid=535345&bimpd=dBaahwzrbNZVmQvfgxL2kLpdzXGBtxb
...[SNIP]...
1.55. http://spd.pointroll.com/PointRoll/Ads/PRScript.dll  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://spd.pointroll.com
Path:   /PointRoll/Ads/PRScript.dll

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /PointRoll/Ads/PRScript.dll?v=128&pos=0&init=1&delay=0&push=0&set=2&bye=1 HTTP/1.1
Host: spd.pointroll.com
Proxy-Connection: keep-alive
Referer: http://ads.pointroll.com/PortalServe/?pid=1203631H30720110201170639&cid=1446008&pos=h&redir=http://ad.doubleclick.net/click%3Bh=v8/3ad0/3/0/*/p%3B235836628%3B0-0%3B3%3B52877536%3B4307-300/250%3B40571478/40589265/1%3Bu=pos-atf|cat-2|!category-hs_the_nightlife|show-hs_the_nightlife|demo-D|tag-adj|mtype-standard|sz-300x250|tile-3%3B~aopt=2/0/d7/0%3B~sscs=%3F$CTURL$&time=0|9:5|-5&r=0.1189111452549696&flash=10&server=polRedir
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRbu=EnLjDMH8P; PRsl=11022007583617319321424330414S; PRgo=BBBAAsJvCBC_!B!BCVBF4FR

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-Type: text/plain
Content-Length: 13001
Date: Sun, 20 Mar 2011 14:05:06 GMT
Connection: close

/*PointRoll.2011 v128*/var priw,prih,prz=0,przo=0,prsw=0,prrv=0,prpi=0,prtg=0,prta=1,prpc='',prpf,prcw,prad=0,prca=0,prff=0,prmh=0,prup=0,proto,proto2,prbf=0,proo=0,prgo=0,pria=0,prpdts,prpot=0,prFlag
...[SNIP]...
1.56. http://tcla.mmismm.com/mmmss.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://tcla.mmismm.com
Path:   /mmmss.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /mmmss.php?mm_pub=87268797280&mm_pub_channel=msngames/ros/300x250/jx/ss/a/L28&mm_flag= HTTP/1.1
Host: tcla.mmismm.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: G=10104000001069486483

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:49:22 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR BUS COM NAV"
Content-Length: 261
Content-Type: text/html; charset=UTF-8

document.write('<IFRAME WIDTH=0 HEIGHT=0 FRAMEBORDER=0 MARGINHEIGHT=0 MARGINWIDTH=0 SCROLLING=NO SRC="HTTP://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/7667
...[SNIP]...
1.57. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /extern/login_status.php?api_key=e33f0b90d70bcd4d017f6994cfc6dce5&extern=0&channel=http%3A%2F%2Fwww.thedailystew.com%2F%3Ffbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.thedailystew.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; gz=1; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Donline.wsj.com%26placement%3Drecommendations%26extra_1%3Dhttp%253A%252F%252Fonline.wsj.com%252Fhome-page%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.84.35
X-Cnection: close
Date: Sun, 20 Mar 2011 13:06:25 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
1.58. http://www.lanebryant.com/assets/lb/assets/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.lanebryant.com
Path:   /assets/lb/assets/favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /assets/lb/assets/favicon.ico HTTP/1.1
Host: www.lanebryant.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1570047594693638BED8218710595F35; PIPELINE_SESSION_ID=d342b367c0a8bb684adf294095078605; __utmz=162580515.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162580515.1209933332.1300624488.1300624488.1300624488.1; __utmc=162580515; __utmb=162580515.1.10.1300624488; mbox=check#true#1300624549|session#1300624488082-862731#1300626349|PC#1300624488082-862731.17#1301834090; s_cc=true; gpv_p5=Lane%20Bryant; c_m=undefinedDirect%20LoadDirect%20Load; s_evar32=Lane%20Bryant; s_cpm=%5B%5B%27Direct%20Load%27%2C%271300624489376%27%5D%5D; gpv_p4=Homepage; s_sq=%5B%5BB%5D%5D; LAST_PV=http%3A%2F%2Fwww.lanebryant.com%2Findex.jsp

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 19 Aug 2010 06:00:13 GMT
Accept-Ranges: bytes
Content-Length: 894
Content-Type: text/plain; charset=UTF-8
X-Pad: avoid browser bug
Date: Sun, 20 Mar 2011 12:56:30 GMT
Connection: close

..............h.......(....... ......................................................................................X.......vP.pG..|.B.."..(..[1......................z....H..)..,..H...^.h>.+..=
....
...[SNIP]...
1.59. http://www.livejournal.com/tools/endpoints/journalspotlight.bml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.livejournal.com
Path:   /tools/endpoints/journalspotlight.bml

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain JSON.

Request

GET /tools/endpoints/journalspotlight.bml?skip=1&limit=&show_userpics=1&user=&_rand=0.9782463377341628 HTTP/1.1
Host: www.livejournal.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljuniq=GdoShltCUTBwAH3:1300624474:pgstats0:m0; show_sponsored_vgifts=1

Response

HTTP/1.0 200 OK
Date: Sun, 20 Mar 2011 12:50:09 GMT
Server: Apache/2.2.3 (CentOS)
X-AWS-Id: ws33
Cache-Control: private, proxy-revalidate
ETag: "adc3d7c2bc7bae2c7718a229bd051a51"
Vary: Accept-Encoding
Keep-Alive: timeout=30, max=100
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Language: en
Content-Length: 3147

{"text":"<table width='100%'><tr><td valign='top' rowspan='2' style='padding-right: 5px;'>\n<div class='normal-users'>\n<ul class='nostyle pkg'>\n<li class='spotlight-1 with-userpic'><span class='user
...[SNIP]...
1.60. https://www.livejournal.com/js/esn.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.livejournal.com
Path:   /js/esn.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /js/esn.js?v=1283369669 HTTP/1.1
Host: www.livejournal.com
Connection: keep-alive
Referer: https://www.livejournal.com/login.bml?ret=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljuniq=GdoShltCUTBwAH3:1300624474:pgstats0:m0; show_sponsored_vgifts=1; __utmz=164322722.1300624490.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=164322722.1766814109.1300624490.1300624490.1300624490.1; __utmc=164322722

Response

HTTP/1.0 404 Not Found
Content-Type: text/html
Content-Length: 25
Server: Perlbal
Connection: keep-alive
Keep-Alive: timeout=30, max=100

<h1>404 - Not Found</h1>
1.61. https://www.livejournal.com/js/horizon.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.livejournal.com
Path:   /js/horizon.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /js/horizon.js?v=1283369669 HTTP/1.1
Host: www.livejournal.com
Connection: keep-alive
Referer: https://www.livejournal.com/login.bml?ret=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljuniq=GdoShltCUTBwAH3:1300624474:pgstats0:m0; show_sponsored_vgifts=1; __utmz=164322722.1300624490.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=164322722.1766814109.1300624490.1300624490.1300624490.1; __utmc=164322722

Response

HTTP/1.0 404 Not Found
Content-Type: text/html
Content-Length: 25
Server: Perlbal
Connection: keep-alive
Keep-Alive: timeout=30, max=100

<h1>404 - Not Found</h1>
1.62. https://www.livejournal.com/js/lj_ippu.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.livejournal.com
Path:   /js/lj_ippu.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /js/lj_ippu.js?v=1283369669 HTTP/1.1
Host: www.livejournal.com
Connection: keep-alive
Referer: https://www.livejournal.com/login.bml?ret=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljuniq=GdoShltCUTBwAH3:1300624474:pgstats0:m0; show_sponsored_vgifts=1; __utmz=164322722.1300624490.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=164322722.1766814109.1300624490.1300624490.1300624490.1; __utmc=164322722

Response

HTTP/1.0 404 Not Found
Content-Type: text/html
Content-Length: 25
Server: Perlbal
Connection: keep-alive
Keep-Alive: timeout=30, max=100

<h1>404 - Not Found</h1>
1.63. https://www.livejournal.com/js/ljwidget_ippu.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.livejournal.com
Path:   /js/ljwidget_ippu.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /js/ljwidget_ippu.js?v=1283369670 HTTP/1.1
Host: www.livejournal.com
Connection: keep-alive
Referer: https://www.livejournal.com/login.bml?ret=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljuniq=GdoShltCUTBwAH3:1300624474:pgstats0:m0; show_sponsored_vgifts=1; __utmz=164322722.1300624490.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=164322722.1766814109.1300624490.1300624490.1300624490.1; __utmc=164322722

Response

HTTP/1.0 404 Not Found
Content-Type: text/html
Content-Length: 25
Server: Perlbal
Connection: keep-alive
Keep-Alive: timeout=30, max=100

<h1>404 - Not Found</h1>
1.64. http://www.nick.com/dynamo/video/data/mediaGen.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nick.com
Path:   /dynamo/video/data/mediaGen.jhtml

Issue detail

The response contains the following Content-type statement:The response states that it contains XML. However, it actually appears to contain plain text.

Request

GET /dynamo/video/data/mediaGen.jhtml?mgid=mgid%3Acms%3Aitem%3Anick.com%3A653053&block=true&type=network HTTP/1.1
Host: www.nick.com
Proxy-Connection: keep-alive
Referer: http://www.teennick.com/assets/swf/Fan.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: app-instance=nick-com-1-kids-jboss-018; server=rugrats1; MTV_ID=24.143.206.71.1300629905332; JSESSIONID=066451513642F77800ADDB5E4343258E.kids-jboss-018-811-mtvi-com-28851

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Content-Length: 2307
Content-Type: text/xml
ETag: d145bd227774082538cb9ffce7bfbc5
Expires: Sun, 20 Mar 2011 14:06:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 14:06:10 GMT
Connection: close


<package version="1.4"><video>
<item startTime="0">
<rendition cdn="limelight" duration="31" bitrate="300" width="256" height="192"
type="video/mp4">
<src>rtmpe://viacom.fcod.llnwd.net/a3
...[SNIP]...
1.65. http://www.nick.com/sbcom/data/json/next-on.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nick.com
Path:   /sbcom/data/json/next-on.jhtml

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /sbcom/data/json/next-on.jhtml?callback=NICK.request.lstnrs[%22wwwnickcomsbcomdatajsonnextonjhtml1%22]&_=1300629912262&channelID=53&seriesID=30969 HTTP/1.1
Host: www.nick.com
Proxy-Connection: keep-alive
Referer: http://www.teennick.com/shows/the-nightlife
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
ETag: 569b68936598fa368dd32aeb59dfccdd
Last-Modified: Sun, 20 Mar 2011 14:05:05 GMT
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=60
Date: Sun, 20 Mar 2011 14:05:05 GMT
Connection: close
Content-Length: 99

NICK.request.lstnrs["wwwnickcomsbcomdatajsonnextonjhtml1"]({"code":"ok","data":{"schedule":[

]}})
1.66. http://www.nick.com/sbcom/data/json/poll_to_json.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nick.com
Path:   /sbcom/data/json/poll_to_json.jhtml

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /sbcom/data/json/poll_to_json.jhtml?callback=NICK.request.lstnrs[%22wwwnickcomsbcomdatajsonpoll_to_jsonjhtml1%22]&_=1300629912260 HTTP/1.1
Host: www.nick.com
Proxy-Connection: keep-alive
Referer: http://www.teennick.com/shows/the-nightlife
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Content-Length: 178
Content-Type: text/html
Set-Cookie: app-instance=nick-com-1-kids-jboss-135; Path=/
Set-Cookie: server=rugrats4; Domain=.nick.com; Path=/
Set-Cookie: MTV_ID=24.143.206.71.1300629905375; Domain=.nick.com; Expires=Wed, 17-Mar-2021 14:05:05 GMT; Path=/
Set-Cookie: JSESSIONID=B27F5B9A0DCA62EDB5F959514A876B8C.kids-jboss-135-811-mtvi-com-28851; Path=/
MTVi-Edge-control: no-cache-downstream
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 14:05:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 14:05:05 GMT
Connection: close

NICK.request.lstnrs["wwwnickcomsbcomdatajsonpoll_to_jsonjhtml1"]({"code":"ok","voteSubmitted":"false","data":[

{"name":"null","texts":["null","null","null"],"ballots":[

]}]});
1.67. http://www.nick.com/sbcom/data/kca/okca.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nick.com
Path:   /sbcom/data/kca/okca.jhtml

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /sbcom/data/kca/okca.jhtml?event=KCA_2011 HTTP/1.1
Host: www.nick.com
Proxy-Connection: keep-alive
Referer: http://www.teennick.com/shows/the-nightlife
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Pragma: no-cache
ETag: 5df9bb839b727c2a1c125fa316f35834
Last-Modified: Sun, 20 Mar 2011 13:44:25 GMT
Content-Type: text/html
Cache-Control: no-cache
Expires: Sun, 20 Mar 2011 14:04:58 GMT
Date: Sun, 20 Mar 2011 14:04:58 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 8033

(function(w) {
var DOMContentLoaded;
var isReady = false;
var isNick = false;
var currentOverlayStatus = "off";
var currentOverlay = "http://www.nick.com/nick-assets/shows/images/kids-choice-awards-20
...[SNIP]...
1.68. http://www.nick.com/sbcom/data/scenic/cover_flow_data.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nick.com
Path:   /sbcom/data/scenic/cover_flow_data.jhtml

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /sbcom/data/scenic/cover_flow_data.jhtml?urlAlias=the%2Dnightlife HTTP/1.1
Host: www.nick.com
Proxy-Connection: keep-alive
Referer: http://www.teennick.com/assets/swf/Fan.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: app-instance=nick-com-1-kids-jboss-018; server=rugrats1; MTV_ID=24.143.206.71.1300629905332; JSESSIONID=066451513642F77800ADDB5E4343258E.kids-jboss-018-811-mtvi-com-28851

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
ETag: e8dbd7e346da249dd3147ab7d9475
Last-Modified: Sun, 20 Mar 2011 14:05:07 GMT
Content-Type: text/html
Cache-Control: max-age=1779
Date: Sun, 20 Mar 2011 14:05:07 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 5623

<featuredTouts>

<featuredTout>
<title><![CDATA[The Nightlife: Landon Liboiron of Degrassi]]></title>
<shortTitle><![CDATA[The Nightlife: Landon Liboiron of Degrassi]]></shortTitle>
<description><![C
...[SNIP]...
1.69. http://www.politicaldisgust.com/xmlrpc.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.politicaldisgust.com
Path:   /xmlrpc.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /xmlrpc.php HTTP/1.1
Host: www.politicaldisgust.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=ecl93tmlfl7836nr5dne4ro944;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:59:59 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.11
Vary: Accept-Encoding,User-Agent
Content-Length: 42
Content-Type: text/html; charset=UTF-8
Connection: close

XML-RPC server accepts POST requests only.
1.70. http://www.quantcast.com/wpapi/menus  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.quantcast.com
Path:   /wpapi/menus

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain JSON.

Request

GET /wpapi/menus HTTP/1.1
Host: www.quantcast.com
Proxy-Connection: keep-alive
Referer: http://www.quantcast.com/top-sites-1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1138661367-1297862290557; __utmz=14861494.1297862294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=14861494.1792645891.1297862294.1300542320.1300624433.14; __utmb=14861494.1.10.1300624433; __utmc=14861494; __utmv=; qcVisitor=2|47|1297862270597|111|NOTSET; JSESSIONID=61A191C510FAB1968C7AA505026DBEFC

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Sun, 20 Mar 2011 12:33:54 GMT
Connection: close
Content-Length: 2439

{"About":{"title":"About","url":"javascript: void(0);","children":[{"title":"Careers","url":"/about/careers"},{"title":"Contact Us","url":"/contact"},{"title":"Investors","url":"/about/investors"},{"t
...[SNIP]...
1.71. http://www.shockwave.com/activityFeed/getHappeningNowMessages.jsp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.shockwave.com
Path:   /activityFeed/getHappeningNowMessages.jsp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

POST /activityFeed/getHappeningNowMessages.jsp HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
Origin: http://www.shockwave.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Content-Type: application/xml
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA
Content-Length: 0

Response

HTTP/1.1 200 OK
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Content-Language: en-US
Content-Type: text/html; charset=ISO-8859-1
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:37:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:37:17 GMT
Connection: close
Content-Length: 9839


       
...[SNIP]...
1.72. http://www.snapengage.com/snapabug/ServiceGetConfig  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.snapengage.com
Path:   /snapabug/ServiceGetConfig

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /snapabug/ServiceGetConfig?w=8aeec81a-4f05-4ba7-aaa5-4d024c7c47ff&p=1 HTTP/1.1
Host: www.snapengage.com
Proxy-Connection: keep-alive
Referer: http://socialspark.com/images37b68%22%3E%3Cscript%3Ealert(0x0024)%3C/script%3Eb4a78946341/claimdot.gif
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=30
Content-Type: text/javascript;charset=UTF-8
Date: Sun, 20 Mar 2011 13:42:33 GMT
Server: Google Frontend
Content-Length: 56

SnapABug.callbackGetWidgetConfig(0,"","","",1,0,1,0,0);
1.73. http://www.t-mobile.com//htmlservices/navigation/TMobileNavigation.ashx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.t-mobile.com
Path:   //htmlservices/navigation/TMobileNavigation.ashx

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain CSS.

Request

GET //htmlservices/navigation/TMobileNavigation.ashx?func=tmo&appId=LOCATOR&supportspanish=true&section=support&currentURL=http%3A//locator.t-mobile.com/Locator.aspx&format=json&jsoncallback=jsonp1300627102165&_=1300627102412 HTTP/1.1
Host: www.t-mobile.com
Proxy-Connection: keep-alive
Referer: http://locator.t-mobile.com/Locator.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TMobileCommon=TeaId=d676b058-7b88-48e0-a1a7-a54f7fb0806d; ASP.NET_SessionId=qquvpt55xmlorbb04afdz055; TMobileGeo=UserCurrentLocation=75207&UserCurrentCity=Dallas&UserCurrentCountry=United+States&GeoMarketId=8eb5dca0-f21b-4b24-8dc8-49933c6ff5d3&NeighborhoodName=Dallas&StateAbbreviation=TX&GeoMarketCode=DAT; TMobileUSStore=MarketUniqueID=8eb5dca0-f21b-4b24-8dc8-49933c6ff5d3&MarketCode=DAT&NeighborhoodName=Dallas&StateAbbreviation=TX&CityName=Dallas&StateName=Texas&ZIP=75207; cmTPSet=Y; mbox=PC#1300624507874-511379.17#1301836695|check#true#1300627155|session#1300627094627-816279#1300628955; mr_referredVisitor=0; TMobileSpanish=IsSpanishUser=false; WT_FPC=id=10.134.111.248-1143909120.30140155:lv=1300616298452:ss=1300616298452; TMobileSession=WT=&DCS=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Date: Sun, 20 Mar 2011 13:32:55 GMT
Content-Length: 27364

jsonp1300627102165({"HeaderHTML":"<script charset=\"utf-8\" type=\"text/javascript\"> var mytmoUrl='https://my.t-mobile.com/Login/LoginController.aspx';<\/script><div><div id=\"brand\"><div id=\"logo\
...[SNIP]...
1.74. http://www.teennick.com/js/coda/teennick/codaAdConfig.js  previous

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.teennick.com
Path:   /js/coda/teennick/codaAdConfig.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /js/coda/teennick/codaAdConfig.js HTTP/1.1
Host: www.teennick.com
Proxy-Connection: keep-alive
Referer: http://www.teennick.com/shows/the-nightlife
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ak-mobile-detected=no

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
ETag: W/"307-1300221712000"
Last-Modified: Tue, 15 Mar 2011 20:41:52 GMT
Content-Length: 307
Content-Type: text/javascript
Cache-Control: max-age=600
Date: Sun, 20 Mar 2011 14:04:59 GMT
Connection: close
Vary: User-Agent

mtvn.btg.config.AdSettings.DoubleClick.enabled = true;
mtvn.btg.config.AdSettings.DoubleClick.dartSite = "teennick.nol";
if(location.pathname.indexOf("/kids-choice-awards")>-1)
   mtvn.btg.config.AdS
...[SNIP]...
Report generated by XSS.CX at Sun Mar 20 09:20:41 CDT 2011.