Cross Domain Referer Leakage Example

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

1.1. https://account.woot.com/login next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://account.woot.com
Path:	/login

Issue detail

The page was loaded from a URL containing a query string:

https://account.woot.com/login?returnurl=http%3a%2f%2fwww.woot.com%2fdefault.aspx

The response contains the following links to other domains:

https://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js
https://ajax.googleapis.com/ajax/libs/jqueryui/1.7/jquery-ui.min.js
https://secure.quantserve.com/pixel/p-45WWkjSYwI3II.gif
https://www.facebook.com/login.php?api_key=96a4f6e52f4e4a332462297b89d043d7&extern=1&fbconnect=1&return_session=1&v=1.0&next=https://account.woot.com/facebook/authenticate&fb_connect=1&cancel_url=https://account.woot.com/login

Request

GET /login?returnurl=http%3a%2f%2fwww.woot.com%2fdefault.aspx HTTP/1.1
Host: account.woot.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; ASP.NET_SessionId=22t2jnvelpxe2wdtgccitn1b; __utmb=87498951.2.10.1300624488; __qca=P0-1285104554-1300624487224;

Response

HTTP/1.1 200 OK
Cache-Control: public, no-store, max-age=0
Content-Type: text/html; charset=utf-8
Expires: Sun, 20 Mar 2011 14:03:38 GMT
Last-Modified: Sun, 20 Mar 2011 14:03:38 GMT
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 20 Mar 2011 14:03:38 GMT
Connection: close
Content-Length: 13072

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml"
...[SNIP]...
<link href="/Styles/Account.css" rel="stylesheet" type="text/css" />
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js" type="text/javascript"></script>
<script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.7/jquery-ui.min.js" type="text/javascript"></script>
...[SNIP]...
<li><a href="https://www.facebook.com/login.php?api_key=96a4f6e52f4e4a332462297b89d043d7&extern=1&fbconnect=1&return_session=1&v=1.0&next=https://account.woot.com/facebook/authenticate&fb_connect=1&cancel_url=https://account.woot.com/login" target="_parent"><img src="/Images/Connections/facebook.png" alt="Facebook" />
...[SNIP]...
<noscript>
<img src="https://secure.quantserve.com/pixel/p-45WWkjSYwI3II.gif" style="display:none;" border="0" height="1" width="1" alt="Quantcast" />
</noscript>
...[SNIP]...

1.2. https://account.woot.com/signup previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://account.woot.com
Path:	/signup

Issue detail

The page was loaded from a URL containing a query string:

https://account.woot.com/signup?returnurl=http%3a%2f%2fwww.woot.com%2fdefault.aspx

The response contains the following links to other domains:

https://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js
https://ajax.googleapis.com/ajax/libs/jqueryui/1.7/jquery-ui.min.js
https://secure.quantserve.com/pixel/p-45WWkjSYwI3II.gif
https://www.facebook.com/login.php?api_key=96a4f6e52f4e4a332462297b89d043d7&extern=1&fbconnect=1&return_session=1&v=1.0&next=https://account.woot.com/facebook/authenticate&fb_connect=1&cancel_url=https://account.woot.com/login
https://www.google.com/recaptcha/api/challenge?k=6LfxmwQAAAAAAGh9lfv097LJ7e7mrVLv3mXmr6e0
https://www.google.com/recaptcha/api/noscript?k=6LfxmwQAAAAAAGh9lfv097LJ7e7mrVLv3mXmr6e0

Request

GET /signup?returnurl=http%3a%2f%2fwww.woot.com%2fdefault.aspx HTTP/1.1
Host: account.woot.com
Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488

Response

HTTP/1.1 200 OK
Cache-Control: public, no-store, max-age=0
Content-Type: text/html; charset=utf-8
Expires: Sun, 20 Mar 2011 13:39:23 GMT
Last-Modified: Sun, 20 Mar 2011 13:39:23 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=kj055u1p4rjlytavdwiqjuth; path=/; HttpOnly
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 20 Mar 2011 13:39:23 GMT
Content-Length: 14055

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml"
...[SNIP]...
<link href="/Styles/Account.css" rel="stylesheet" type="text/css" />
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js" type="text/javascript"></script>
<script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.7/jquery-ui.min.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.google.com/recaptcha/api/challenge?k=6LfxmwQAAAAAAGh9lfv097LJ7e7mrVLv3mXmr6e0">

</script><noscript>
<iframe src="https://www.google.com/recaptcha/api/noscript?k=6LfxmwQAAAAAAGh9lfv097LJ7e7mrVLv3mXmr6e0" width="500" height="300" frameborder="0">

</iframe>
...[SNIP]...
<li><a href="https://www.facebook.com/login.php?api_key=96a4f6e52f4e4a332462297b89d043d7&extern=1&fbconnect=1&return_session=1&v=1.0&next=https://account.woot.com/facebook/authenticate&fb_connect=1&cancel_url=https://account.woot.com/login" target="_parent"><img src="/Images/Connections/facebook.png" alt="Facebook" />
...[SNIP]...
<noscript>
<img src="https://secure.quantserve.com/pixel/p-45WWkjSYwI3II.gif" style="display:none;" border="0" height="1" width="1" alt="Quantcast" />
</noscript>
...[SNIP]...

1.3. http://ad.doubleclick.net/adi/N1558.advertising.com/B3897970.13 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N1558.advertising.com/B3897970.13

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N1558.advertising.com/B3897970.13;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000787694/mnum=0000759958/cstr=16369623=_4d85fc08,4560463311,787694%5E759958%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=16369623/optn=64?trg=;ord=4560463311?

The response contains the following links to other domains:

http://s0.2mdn.net/1774243/8million_728x90.gif
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N1558.advertising.com/B3897970.13;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000787694/mnum=0000759958/cstr=16369623=_4d85fc08,4560463311,787694%5E759958%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=16369623/optn=64?trg=;ord=4560463311? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:23:58 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:23:58 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6130

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
58/cstr=16369623=_4d85fc08,4560463311,787694%5E759958%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=16369623/optn=64?trg=http%3a%2f%2fwww.travelguard.com/vacations_can_fall_apart/%3Fcmpid%3Dbac-001-nov10-apart"><img src="http://s0.2mdn.net/1774243/8million_728x90.gif" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

1.4. http://ad.doubleclick.net/adi/N1558.advertising.com/B3897970.13 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N1558.advertising.com/B3897970.13

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N1558.advertising.com/B3897970.13;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000787694/mnum=0000759958/cstr=16369623=_4d85fc08,4560463311,787694%5E759958%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=16369623/optn=64?trg=;ord=4560463311?

The response contains the following links to other domains:

http://s0.2mdn.net/1774243/backup_728x90.gif
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:07:20 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:07:20 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6120

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
=0000759958/cstr=16369623=_4d85fc08,4560463311,787694%5E759958%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=16369623/optn=64?trg=http%3a%2f%2fwww.travelguard.com/cruise-coverage/%3Fcmpid%3Dbac-001-cruiseFeb11"><img src="http://s0.2mdn.net/1774243/backup_728x90.gif" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

1.5. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.44 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2524.134426.0710433834321/B4169763.44

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.44;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=BiQfiHAGGTfi-G8_zlAf68cThD5Wpie8BrYeJ8hLjqLazM_CL0wQQARgBIM-2sAM4AGDJBqABo67u9gOyAQx3d3cud29vdC5jb226AQozMDB4MjUwX2FzyAEJ2gEjaHR0cDovL3d3dy53b290LmNvbS9XaGF0SXNXb290LmFzcHi4AhjAAgXIAuXvxRjgAgDqAhJ3b290LWJsb2cxLTMwMHgyNTCQA6QDmAOkA6gDAdEDX7TNu-ilXeToA-0C6AOTBOgDqQb1AwQEAMTgBAE&num=1&sig=AGiWqtwPCfylAn4LjFnmamHhqeEpZGvhnw&client=ca-pub-2332856072838068&adurl=;ord=2113777662?

The response contains the following links to other domains:

http://s0.2mdn.net/578176/ns_0000_brand_300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N2524.134426.0710433834321/B4169763.44;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=BiQfiHAGGTfi-G8_zlAf68cThD5Wpie8BrYeJ8hLjqLazM_CL0wQQARgBIM-2sAM4AGDJBqABo67u9gOyAQx3d3cud29vdC5jb226AQozMDB4MjUwX2FzyAEJ2gEjaHR0cDovL3d3dy53b290LmNvbS9XaGF0SXNXb290LmFzcHi4AhjAAgXIAuXvxRjgAgDqAhJ3b290LWJsb2cxLTMwMHgyNTCQA6QDmAOkA6gDAdEDX7TNu-ilXeToA-0C6AOTBOgDqQb1AwQEAMTgBAE&num=1&sig=AGiWqtwPCfylAn4LjFnmamHhqeEpZGvhnw&client=ca-pub-2332856072838068&adurl=;ord=2113777662? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:29:01 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:29:01 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7053

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
lXeToA-0C6AOTBOgDqQb1AwQEAMTgBAE&num=1&sig=AGiWqtwPCfylAn4LjFnmamHhqeEpZGvhnw&client=ca-pub-2332856072838068&adurl=http%3a%2f%2fads.networksolutions.com/landing%3Fcode%3DP99C519S512N0B2A1D38E0000V109"><img src="http://s0.2mdn.net/578176/ns_0000_brand_300x250.jpg" width="300" height="250" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

1.6. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.44 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2524.134426.0710433834321/B4169763.44

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.44;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=BiQfiHAGGTfi-G8_zlAf68cThD5Wpie8BrYeJ8hLjqLazM_CL0wQQARgBIM-2sAM4AGDJBqABo67u9gOyAQx3d3cud29vdC5jb226AQozMDB4MjUwX2FzyAEJ2gEjaHR0cDovL3d3dy53b290LmNvbS9XaGF0SXNXb290LmFzcHi4AhjAAgXIAuXvxRjgAgDqAhJ3b290LWJsb2cxLTMwMHgyNTCQA6QDmAOkA6gDAdEDX7TNu-ilXeToA-0C6AOTBOgDqQb1AwQEAMTgBAE&num=1&sig=AGiWqtwPCfylAn4LjFnmamHhqeEpZGvhnw&client=ca-pub-2332856072838068&adurl=;ord=2113777662?

The response contains the following links to other domains:

http://s0.2mdn.net/578176/300x250-GREEN-499.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:42:25 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:42:25 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7089

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
QEAMTgBAE&num=1&sig=AGiWqtwPCfylAn4LjFnmamHhqeEpZGvhnw&client=ca-pub-2332856072838068&adurl=http%3a%2f%2fads.networksolutions.com/landing%3Fcode%3DP111C519S512N0B2A1D688E0000V101%26promo%3DBCXXX04226"><img src="http://s0.2mdn.net/578176/300x250-GREEN-499.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

1.7. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2524.134426.0710433834321/B4169763.45

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BDKyNGgGGTeW2G87tlQeXo9nTCpWpie8BnfOH8hLjqLazM7DgpQMQARgBIM-2sAM4AFDEwrTWBmDJBqABo67u9gOyAQx3d3cud29vdC5jb226AQk3Mjh4OTBfYXPIAQnaARtodHRwOi8vd3d3Lndvb3QuY29tL0ZvcnVtcy-4AhjAAgXIAuXvxRioAwHRA1-0zbvopV3k6AOzAugD7QL1AwQFAMQ&num=1&sig=AGiWqtwnk5CjmbYfnLHaK27gT0fU3IqnSA&client=ca-pub-2332856072838068&adurl=;ord=1414262516?

The response contains the following links to other domains:

http://s0.2mdn.net/578176/728X90-GREY-599.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BDKyNGgGGTeW2G87tlQeXo9nTCpWpie8BnfOH8hLjqLazM7DgpQMQARgBIM-2sAM4AFDEwrTWBmDJBqABo67u9gOyAQx3d3cud29vdC5jb226AQk3Mjh4OTBfYXPIAQnaARtodHRwOi8vd3d3Lndvb3QuY29tL0ZvcnVtcy-4AhjAAgXIAuXvxRioAwHRA1-0zbvopV3k6AOzAugD7QL1AwQFAMQ&num=1&sig=AGiWqtwnk5CjmbYfnLHaK27gT0fU3IqnSA&client=ca-pub-2332856072838068&adurl=;ord=1414262516? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2332856072838068&format=728x90_as&output=html&h=90&w=728&lmt=1300645740&channel=Blog728Image&ad_type=text_image&color_bg=FFFFFF&color_border=FFFFFF&color_link=4A6751&color_text=000000&color_url=B35A1E&flash=10.2.154&url=http%3A%2F%2Fwww.woot.com%2FForums%2F&dt=1300627740399&bpp=3&shv=r20110315&jsv=r20110317&correlator=1300627740639&frm=0&adk=453380111&ga_vid=473007276.1300627741&ga_sid=1300627741&ga_hid=602886886&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1096&bih=916&fu=0&ifi=1&dtd=506&xpc=A6InmP8TQy&p=http%3A//www.woot.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:41:57 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:41:57 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6859

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
QL1AwQFAMQ&num=1&sig=AGiWqtwnk5CjmbYfnLHaK27gT0fU3IqnSA&client=ca-pub-2332856072838068&adurl=http%3a%2f%2fads.networksolutions.com/landing%3Fcode%3DP61C519S512N0B2A1D573E0000V102%26promo%3DHOSTING599"><img src="http://s0.2mdn.net/578176/728X90-GREY-599.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

1.8. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2524.134426.0710433834321/B4169763.45

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BDKyNGgGGTeW2G87tlQeXo9nTCpWpie8BnfOH8hLjqLazM7DgpQMQARgBIM-2sAM4AFDEwrTWBmDJBqABo67u9gOyAQx3d3cud29vdC5jb226AQk3Mjh4OTBfYXPIAQnaARtodHRwOi8vd3d3Lndvb3QuY29tL0ZvcnVtcy-4AhjAAgXIAuXvxRioAwHRA1-0zbvopV3k6AOzAugD7QL1AwQFAMQ&num=1&sig=AGiWqtwnk5CjmbYfnLHaK27gT0fU3IqnSA&client=ca-pub-2332856072838068&adurl=;ord=1414262516?

The response contains the following links to other domains:

http://s0.2mdn.net/578176/728x90-TEAL-idea.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:29:00 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:29:00 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6794

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
RA1-0zbvopV3k6AOzAugD7QL1AwQFAMQ&num=1&sig=AGiWqtwnk5CjmbYfnLHaK27gT0fU3IqnSA&client=ca-pub-2332856072838068&adurl=http%3a%2f%2fads.networksolutions.com/landing%3Fcode%3DP99C519S512N0B2A1D38E0000V109"><img src="http://s0.2mdn.net/578176/728x90-TEAL-idea.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

1.9. http://ad.doubleclick.net/adi/N4518.247RealMedia/B4955444.24 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4518.247RealMedia/B4955444.24

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N4518.247RealMedia/B4955444.24;sz=728x90;click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/2030005299/Top1/USNetwork/BCN2011030297_004_Trion/20144021.html/726348573830316934646f4141767949?;ord=2030005299?

The response contains the following links to other domains:

http://s0.2mdn.net/2941448/rift_gameplay_progressive_728x90_en_buy.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N4518.247RealMedia/B4955444.24;sz=728x90;click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/2030005299/Top1/USNetwork/BCN2011030297_004_Trion/20144021.html/726348573830316934646f4141767949?;ord=2030005299? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:30:58 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:30:58 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6417

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
05299/Top1/USNetwork/BCN2011030297_004_Trion/20144021.html/726348573830316934646f4141767949?http://www.riftgame.com/preorder?utm_source=247_Real_Media&utm_medium=banner&utm_campaign=Pre-Sale_Campaign"><img src="http://s0.2mdn.net/2941448/rift_gameplay_progressive_728x90_en_buy.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

1.10. http://ad.doubleclick.net/adi/N5552.152304.TRADINGDESK/B5035357.75 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5552.152304.TRADINGDESK/B5035357.75

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N5552.152304.TRADINGDESK/B5035357.75;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzxWTgUAeAABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/;

The response contains the following links to other domains:

http://s0.2mdn.net/2784033/127875_DTR_APR_B_300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N5552.152304.TRADINGDESK/B5035357.75;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzxWTgUAeAABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:45:46 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:45:46 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7263

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
3a%2f%2fdoubletree.hilton.com/en/dt/promotions/netdirectratesdt/index.jhtml%3FWT.mc_id%3DzkdCSAA0US1DT2DMH3Tradingdesk4AdvancePurchase5BTEST7BR840890%26cssiteid%3D976350%26csdartid%3D5778037941159829"><img src="http://s0.2mdn.net/2784033/127875_DTR_APR_B_300x250.jpg" width="300" height="250" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

1.11. http://ad.doubleclick.net/adi/N5853.3630.1790008898421/B5154579.5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5853.3630.1790008898421/B5154579.5

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N5853.3630.1790008898421/B5154579.5;sz=728x90;click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/151114612/Top1/USNetwork/BCN2011020957_001_Ditech/Ditech_BT_728_New.html/726348573830316934646f4141767949?;ord=151114612?

The response contains the following links to other domains:

http://edge.quantserve.com/quant.js
http://pixel.quantserve.com/pixel/p-2cw55LrunGBGg.gif?media=ad&labels=_imp.adserver.doubleclick,_imp.publisher.58612726,_imp.placement.234771512,_imp.creative.40123988
http://s0.2mdn.net/2330649/74-seamless728x90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N5853.3630.1790008898421/B5154579.5;sz=728x90;click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/151114612/Top1/USNetwork/BCN2011020957_001_Ditech/Ditech_BT_728_New.html/726348573830316934646f4141767949?;ord=151114612? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:28:24 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:28:24 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7119

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
.com/r;a=p-2cw55LrunGBGg;labels=_click.adserver.doubleclick*http://homeloans.ditech.com/seamless.html?source=BA_Nov_Disp_C5&utm_source=247&utm_medium=banner&utm_campaign=Seamless_Ratesk&CP=24_cpm_ola"><img src="http://s0.2mdn.net/2330649/74-seamless728x90.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-2cw55LrunGBGg.gif?media=ad&labels=_imp.adserver.doubleclick,_imp.publisher.58612726,_imp.placement.234771512,_imp.creative.40123988" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...

1.12. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=759080438432283600?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3392428/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=759080438432283600? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:58:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:58:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3392428/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.13. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=886979484860785300?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3572382/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=886979484860785300? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:01:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:01:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3572382/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.14. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=571848897449672200?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2312788/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=571848897449672200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:40:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:40:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2312788/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.15. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=882866093958728100?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3032757/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=882866093958728100? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:52:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:52:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3032757/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.16. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=790231410670094200?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3212569/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=790231410670094200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:55:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:55:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3212569/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.17. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=138879573740996420?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=4473163/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=138879573740996420? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:16:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:16:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=4473163/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.18. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=285595307569019500?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3752241/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=285595307569019500? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:04:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:04:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3752241/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.19. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=738131550140678900?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3032678/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=738131550140678900? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:52:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:52:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3032678/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.20. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=461906685912981600?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3572382/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=461906685912981600? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:01:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:01:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3572382/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.21. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=615730535355396600?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3932553/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=615730535355396600? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:07:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:07:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3932553/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.22. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3;ord=396664395998232060?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=1952100/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3;ord=396664395998232060? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

1.23. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=974754494288936300?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2132913/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=974754494288936300? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:37:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:37:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2132913/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.24. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=561495134164579200?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=4653772/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=561495134164579200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:19:16 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:19:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=4653772/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.25. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=917197569715790500?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2492678/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=917197569715790500? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:43:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:43:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2492678/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.26. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdcopt-ist;ord=396664395998232060?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=1953163/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdcopt-ist;ord=396664395998232060? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:34:16 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:34:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=1953163/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.27. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=209918674943037300?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2312803/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=209918674943037300? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:40:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:40:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2312803/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.28. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=726008668006397800?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2132882/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=726008668006397800? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:37:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:37:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2132882/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.29. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=179194777854718270?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=5194163/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=179194777854718270? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:28:16 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:28:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=5194163/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.30. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=857191196340136200?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=4293100/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=857191196340136200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

1.31. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=615411270130425600?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=4113116/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=615411270130425600? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:10:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:10:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=4113116/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.32. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=926074913563206800?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2852725/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=926074913563206800? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:49:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:49:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2852725/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.33. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=337868778686970500?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2852710/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=337868778686970500? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:49:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:49:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2852710/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.34. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=554560093116015170?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3752241/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=554560093116015170? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:04:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:04:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3752241/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.35. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=413947022031061400?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=4833632/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=413947022031061400? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:22:16 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:22:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=4833632/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.36. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=155311757628805950?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=4473178/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=155311757628805950? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:16:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:16:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=4473178/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.37. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdcopt-ist;ord=396664395998232060?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=1952100/site=sw.nol/aamsz=728x90

Request

Response

1.38. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x135;tile=2;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x135%7Ctile-2;ord=396664395998232060?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/3099467/KI_template_POTW_00.png

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x135;tile=2;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x135%7Ctile-2;ord=396664395998232060? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:34:14 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:34:14 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 478

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/0/0/%2a/v;237770143;0-0;1;30931370;15173-300/135;41053931/41071718/1;u=!category-_hp|!category-pop|pos-atf|tag-adi|mtype-standard|sz-300x135|tile-2;~aopt=2/0/d79c/0;~sscs=%3fhttp://www.shockwave.com/gamelanding/wizard101.jsp?"><img src="http://s0.2mdn.net/viewad/3099467/KI_template_POTW_00.png" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

1.39. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=664333091001026300?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3392428/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=664333091001026300? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:58:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:58:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3392428/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.40. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=730744091887027100?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3932569/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=730744091887027100? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:07:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:07:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3932569/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.41. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=701796494214795500?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=5194194/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=701796494214795500? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:28:16 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:28:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=5194194/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.42. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=641610817052424000?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2492694/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=641610817052424000? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:43:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:43:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2492694/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.43. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=726008668006397800?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3952897/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=726008668006397800? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:07:35 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:07:35 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3952897/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.44. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=933992477948777300?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=4653772/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=933992477948777300? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:19:16 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:19:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=4653772/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.45. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=601611527078785000?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=4113116/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=601611527078785000? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:10:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:10:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=4113116/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.46. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=153578644921071800?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3212585/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=153578644921071800? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:55:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:55:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3212585/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.47. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=568318925355561100?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=5013678/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=568318925355561100? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:25:16 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:25:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=5013678/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.48. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=179906606371514500?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2672600/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=179906606371514500? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:46:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:46:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2672600/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.49. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=792457706178538500?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=4833663/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=792457706178538500? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:22:16 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:22:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=4833663/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.50. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=326381607120856640?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2672585/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=326381607120856640? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:46:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:46:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2672585/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.51. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=899866640660911700?

The response contains the following links to other domains:

http://s0.2mdn.net/1807016/pottyRacers2011_box_static.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=899866640660911700? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:13:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:13:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 4192

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0>


<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
stat?id=Wfo4fN0GvkE&offerid=146261&type=3&subid=0&tmpid=1826&u1=Potty-BNR-SW&RD_PARM1=http%253A%252F%252Fitunes.apple.com%252Fus%252Fapp%252Fid376427546%253Fmt%253D8%2526uo%253D4%2526partnerId%253D40"><img src="http://s0.2mdn.net/1807016/pottyRacers2011_box_static.jpg" border="0" alt="" ></a>
...[SNIP]...

1.52. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=770283972052857200?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=5013694/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=770283972052857200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:25:16 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:25:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=5013694/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.53. http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3;sz=300x250;click=http://r1-ads.ace.advertising.com/click/site=0000787693/mnum=0000884204/cstr=20240822=_4d860041,3743237811,787693%5E884204%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=20240822/optn=64?trg=;ord=3743237811?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2769103/Surprise_300x250_Free2011Score.gif

Request

GET /adj/N3175.272756.AOL-ADVERTISING2/B4640114.3;sz=300x250;click=http://r1-ads.ace.advertising.com/click/site=0000787693/mnum=0000884204/cstr=20240822=_4d860041,3743237811,787693%5E884204%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=20240822/optn=64?trg=;ord=3743237811? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 20 Mar 2011 13:25:21 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:25:21 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 570

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/c/b4/%2a/v;226750510;1-0;0;50154167;4307-300/250;39961082/39978869/1;;~sscs=%3fhttp://r1-ads.ace.advertising.com/clic
...[SNIP]...
60041,3743237811,787693%5E884204%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=20240822/optn=64?trg=http%3a%2f%2fwww.truecredit.com/%3Fenurl%3Dtruecredit.com%26am%3D2063%26channel%3Dpaid%26cid%3Ddisplay%3A2063"><img src="http://s0.2mdn.net/viewad/2769103/Surprise_300x250_Free2011Score.gif" border=0 alt="Advertisement"></a>
...[SNIP]...

1.54. http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3;sz=300x250;click=http://r1-ads.ace.advertising.com/click/site=0000787693/mnum=0000884204/cstr=20240822=_4d860041,3743237811,787693%5E884204%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=20240822/optn=64?trg=;ord=3743237811?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2769103/Frame_Rev_300x250.gif

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 20 Mar 2011 13:35:32 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:35:32 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 557

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/c/b4/%2a/b;226750510;0-0;0;50154167;4307-300/250;39921274/39939061/1;;~sscs=%3fhttp://r1-ads.ace.advertising.com/clic
...[SNIP]...
60041,3743237811,787693%5E884204%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=20240822/optn=64?trg=http%3a%2f%2fwww.truecredit.com/%3Fenurl%3Dtruecredit.com%26am%3D2063%26channel%3Dpaid%26cid%3Ddisplay%3A2063"><img src="http://s0.2mdn.net/viewad/2769103/Frame_Rev_300x250.gif" border=0 alt="Advertisement"></a>
...[SNIP]...

1.55. http://ad.doubleclick.net/adj/N3340.247realmedia.com/B5245409.18 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3340.247realmedia.com/B5245409.18

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3340.247realmedia.com/B5245409.18;sz=300x250;pc=[TPAS_ID];click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/1000160035/x15/USNetwork/BCN2011020355_006_Nissan/Nissan2.17_300.html/726348573830316934646f4141767949?;ord=1000160035?

The response contains the following link to another domain:

http://s0.2mdn.net/1361550/PID_1540640_300.jpg

Request

GET /adj/N3340.247realmedia.com/B5245409.18;sz=300x250;pc=[TPAS_ID];click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/1000160035/x15/USNetwork/BCN2011020355_006_Nissan/Nissan2.17_300.html/726348573830316934646f4141767949?;ord=1000160035? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 20 Mar 2011 13:08:36 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:08:36 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 39123

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
949?http://pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=altima&dcp=zmm.60007922.&dcc=40678675.236689265"><IMG SRC="http://s0.2mdn.net/1361550/PID_1540640_300.jpg" width="300" height="250" BORDER=0 alt=""></A>
...[SNIP]...

1.56. http://ad.doubleclick.net/adj/N3340.247realmedia.com/B5245409.19 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3340.247realmedia.com/B5245409.19

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3340.247realmedia.com/B5245409.19;sz=728x90;pc=[TPAS_ID];click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/813909198/Top1/USNetwork/BCN2011020355_006_Nissan/Nissan2.17_728.html/726348573830316934646f4141767949?;ord=813909198?

The response contains the following link to another domain:

http://s0.2mdn.net/1361550/PID_1540650_728.jpg

Request

GET /adj/N3340.247realmedia.com/B5245409.19;sz=728x90;pc=[TPAS_ID];click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/813909198/Top1/USNetwork/BCN2011020355_006_Nissan/Nissan2.17_728.html/726348573830316934646f4141767949?;ord=813909198? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 20 Mar 2011 13:35:33 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:35:33 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 38755

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
949?http://pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=altima&dcp=zmm.60007923.&dcc=40678677.236689177"><IMG SRC="http://s0.2mdn.net/1361550/PID_1540650_728.jpg" width="728" height="90" BORDER=0 alt=""></A>
...[SNIP]...

1.57. http://ad.doubleclick.net/adj/N3880.adwords.google.com/B5109627.9 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3880.adwords.google.com/B5109627.9

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3880.adwords.google.com/B5109627.9;dcove=o;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BeUAfGgGGTenHFsfOlQeE-o3pDun1-pYCkd_lxR-5zZWPRAAQARgBIM-2sAM4AGDJBrIBDHd3dy53b290LmNvbboBCjMwMHgyNTBfYXPIAQnaARtodHRwOi8vd3d3Lndvb3QuY29tL0ZvcnVtcy-YAswhuAIYwAIByALp8KEa4AIA6gIXd29vdC1jb21tdW5pdHkxLTMwMHgyNTCQA6QDmAOkA6gDAdEDX7TNu-ilXeToA7MC6APtAvUDBAUAxOAEAQ&num=1&sig=AGiWqtxxObGMGdGDDOWnMdJXAptYdjLF1g&client=ca-pub-2332856072838068&adurl=;ord=1302051679?

The response contains the following link to another domain:

http://s0.2mdn.net/2393316/PID_1519912_CHV_2010_Volt2010Launch_QA_RM_300x250.jpg

Request

GET /adj/N3880.adwords.google.com/B5109627.9;dcove=o;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BeUAfGgGGTenHFsfOlQeE-o3pDun1-pYCkd_lxR-5zZWPRAAQARgBIM-2sAM4AGDJBrIBDHd3dy53b290LmNvbboBCjMwMHgyNTBfYXPIAQnaARtodHRwOi8vd3d3Lndvb3QuY29tL0ZvcnVtcy-YAswhuAIYwAIByALp8KEa4AIA6gIXd29vdC1jb21tdW5pdHkxLTMwMHgyNTCQA6QDmAOkA6gDAdEDX7TNu-ilXeToA7MC6APtAvUDBAUAxOAEAQ&num=1&sig=AGiWqtxxObGMGdGDDOWnMdJXAptYdjLF1g&client=ca-pub-2332856072838068&adurl=;ord=1302051679? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 20 Mar 2011 13:41:50 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:41:50 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 37241

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
6gIXd29vdC1jb21tdW5pdHkxLTMwMHgyNTCQA6QDmAOkA6gDAdEDX7TNu-ilXeToA7MC6APtAvUDBAUAxOAEAQ&num=1&sig=AGiWqtxxObGMGdGDDOWnMdJXAptYdjLF1g&client=ca-pub-2332856072838068&adurl=http://www.chevrolet.com/volt/"><IMG SRC="http://s0.2mdn.net/2393316/PID_1519912_CHV_2010_Volt2010Launch_QA_RM_300x250.jpg" width="300" height="250" BORDER=0 alt=""></A>
...[SNIP]...

1.58. http://ad.doubleclick.net/adj/N3880.adwords.google.com/B5109627.9 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3880.adwords.google.com/B5109627.9

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3880.adwords.google.com/B5109627.9;dcove=o;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BeUAfGgGGTenHFsfOlQeE-o3pDun1-pYCkd_lxR-5zZWPRAAQARgBIM-2sAM4AGDJBrIBDHd3dy53b290LmNvbboBCjMwMHgyNTBfYXPIAQnaARtodHRwOi8vd3d3Lndvb3QuY29tL0ZvcnVtcy-YAswhuAIYwAIByALp8KEa4AIA6gIXd29vdC1jb21tdW5pdHkxLTMwMHgyNTCQA6QDmAOkA6gDAdEDX7TNu-ilXeToA7MC6APtAvUDBAUAxOAEAQ&num=1&sig=AGiWqtxxObGMGdGDDOWnMdJXAptYdjLF1g&client=ca-pub-2332856072838068&adurl=;ord=1302051679?

The response contains the following link to another domain:

http://s0.2mdn.net/2393316/PID_1519911_CHV_2010_Volt2010Launch_QA_RM_B_300x250.jpg

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 20 Mar 2011 13:28:59 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:28:59 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 37245

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
6gIXd29vdC1jb21tdW5pdHkxLTMwMHgyNTCQA6QDmAOkA6gDAdEDX7TNu-ilXeToA7MC6APtAvUDBAUAxOAEAQ&num=1&sig=AGiWqtxxObGMGdGDDOWnMdJXAptYdjLF1g&client=ca-pub-2332856072838068&adurl=http://www.chevrolet.com/volt/"><IMG SRC="http://s0.2mdn.net/2393316/PID_1519911_CHV_2010_Volt2010Launch_QA_RM_B_300x250.jpg" width="300" height="250" BORDER=0 alt=""></A>
...[SNIP]...

1.59. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.39 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N553.mediamath/B5123370.39

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N553.mediamath/B5123370.39;sz=300x250;pc=;click1=http://pixel.mathtag.com/click/img?mt_aid=62143273837836637&mt_id=111040&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=62143273837836637?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/1293907/bc_green_300x250.JPG

Request

GET /adj/N553.mediamath/B5123370.39;sz=300x250;pc=;click1=http://pixel.mathtag.com/click/img?mt_aid=62143273837836637&mt_id=111040&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=62143273837836637? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MjE0MzI3MzgzNzgzNjYzNy8xMTEwNDAvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pd3Nzb1g4SlNGczg1RjlCN293LWNUay8/InA55NeIGGV4hzZENaajIegtkxo&price=3.757000
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 20 Mar 2011 12:38:49 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:38:49 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 492

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/c/8a/%2a/y;235638469;0-0;0;59396963;4307-300/250;40463876/40481663/1;;~sscs=%3fhttp://pixel.mathtag.com/click/img?mt_aid=62143273837836637&mt_id=111040&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=https%3a%2f%2fwww.americanexpress.com/gift/giftcardslanding.shtml%3Fsource%3Ddisplay_mm"><img src="http://s0.2mdn.net/viewad/1293907/bc_green_300x250.JPG" border=0 alt="Advertisement"></a>
...[SNIP]...

1.60. http://ad.doubleclick.net/adj/lj.homepage/loggedout previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/lj.homepage/loggedout

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/lj.homepage/loggedout;a=1;r=0;w=0;c=se;pt=se;vert=_code;sz=236x90;pos=t;tile=2;ord=7173672060?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adj/lj.homepage/loggedout;a=1;r=0;w=0;c=se;pt=se;vert=_code;sz=236x90;pos=t;tile=2;ord=7173672060? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 20 Mar 2011 12:34:45 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:34:45 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 308

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ad0/0/0/%2a/z;44306;0-0;0;40107501;15133-236/90;0/0/0;;~okv=;a=1;r=0;w=0;c=se;pt=se;vert=_code;sz=236x90;pos=t;tile=2;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

1.61. http://ad.doubleclick.net/adj/teennick.nol/atf_j_s/shows/the_nightlife/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/teennick.nol/atf_j_s/shows/the_nightlife/index

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/teennick.nol/atf_j_s/shows/the_nightlife/index;sec0=shows;sec1=the_nightlife;sec2=index;pos=atf;cat=2;!category=hs_the_nightlife;show=hs_the_nightlife;demo=D;tag=adj;mtype=standard;sz=6x6;tile=1;u=pos-atf%7Ccat-2%7C!category-hs_the_nightlife%7Cshow-hs_the_nightlife%7Cdemo-D%7Ctag-adj%7Cmtype-standard%7Csz-6x6%7Ctile-1;ord=964462979417294200?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adj/teennick.nol/atf_j_s/shows/the_nightlife/index;sec0=shows;sec1=the_nightlife;sec2=index;pos=atf;cat=2;!category=hs_the_nightlife;show=hs_the_nightlife;demo=D;tag=adj;mtype=standard;sz=6x6;tile=1;u=pos-atf%7Ccat-2%7C!category-hs_the_nightlife%7Cshow-hs_the_nightlife%7Cdemo-D%7Ctag-adj%7Cmtype-standard%7Csz-6x6%7Ctile-1;ord=964462979417294200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.teennick.com/shows/the-nightlife
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 20 Mar 2011 14:05:01 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 14:05:01 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 339

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/0/0/%2a/y;44306;0-0;0;52877536;490-6/6;0/0/0;u=pos-atf|cat-2|!category-hs_the_nightlife|show-hs_the_nightlife|demo-D|tag-adj|mtype-standard|sz-6x6|tile-1;~aopt=2/0/d7/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="AD"></a>
...[SNIP]...

1.62. http://ad.turn.com/server/ads.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.htm

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.htm?&pub=2701141&code=5711646&cch=5711644&l=300x250&nonjs=1&sli=1989695&bli=1320666&exPub=298720&city=Dallas&acp=0.6000&rnd=1300626455&3c=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B510576aa26d330cd%253B12ed360bc30%2C0%253B%253B%253B1101847734%2CKnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMLxg0y4BAAAAAAAAADA1NmVjYmI2LTUyZjMtMTFlMC04YWZhLTAwMzA0OGQ2ZDM4NgA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252Fcategory%252Fplus%2Dfive%252F%2C&url=http%3A%2F%2Fbuzzya%2Ecom%2Fcategory%2Fplus%2Dfive%2F

The response contains the following links to other domains:

http://bs.serving-sys.com/BurstingPipe/BannerSource.asp?FlightID=1321455&Page=&PluID=0&Pos=2287
http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=1321455&PluID=0&w=300&h=250&ord=&ord=4005530758592425654&ucm=true&ncu=http://r.turn.com/r/tpclick/id/tm7NsgCBljeFlAgAcwABAA/3c/http%3A%2F%2Fad.yieldmanager.com%2Fclk%3F2%2C13%253B510576aa26d330cd%253B12ed360bc30%2C0%253B%253B%253B1101847734%2CKnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMLxg0y4BAAAAAAAAADA1NmVjYmI2LTUyZjMtMTFlMC04YWZhLTAwMzA0OGQ2ZDM4NgA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%2C/url/

Request

GET /server/ads.htm?&pub=2701141&code=5711646&cch=5711644&l=300x250&nonjs=1&sli=1989695&bli=1320666&exPub=298720&city=Dallas&acp=0.6000&rnd=1300626455&3c=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B510576aa26d330cd%253B12ed360bc30%2C0%253B%253B%253B1101847734%2CKnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMLxg0y4BAAAAAAAAADA1NmVjYmI2LTUyZjMtMTFlMC04YWZhLTAwMzA0OGQ2ZDM4NgA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252Fcategory%252Fplus%2Dfive%252F%2C&url=http%3A%2F%2Fbuzzya%2Ecom%2Fcategory%2Fplus%2Dfive%2F HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?KnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAA9yhcj8L12D.3KFyPwvXYPzQzMzMzM-M.NDMzMzMz4z80MzMzMzPjPzQzMzMzM-M.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABesxCRluDOCViSxm-ZYl7hHK-ojY2ZD-xTzD1fAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fplus-five%2F,Z%3D300x250%26s%3D1602587%26_salt%3D2720804788%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%26r%3D0,056ecbb6-52f3-11e0-8afa-003048d6d386
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=aWm1M4LjK5VIpxyiby4XYxEDYW1PshQ3vpBZa8uxHEph-L3XcPmT4hHXOQgApIlYh1NXgtHFGzzHzNFmm-KzX_9FnfDLNktuAMS6JsTomdlVpY3HjWkw231zQDelLH8_7MDefgoTZqF-bd3v_Qfs6OEZRtFGqduPVkD_gkg8VfV0ExsZAquLx2WiGNWvrnUszuICt27wBWASQBET6OeAytEy0WeBXOvyGLo3g2RyRxPMuJkSor3PooeE5HOb8MagG3H1Yh6KJus8Al0Tyl-_P0B_pSthw6Osds3vCU1DTz-z4otjDK2ixFI9HIYofu_jbt-1znRWuv4f0NnBSjg_DEGifQpKlSlg2JPncxaZQ7rJS-D340zJ0KEew_mwtQGaH27SKaSCTrWZJYQAanRpUpKgERJUW1YdGsZik0-okt7FAHdoDG0wmwYyeCzPe0spi39LGtEsLYa2RHjeXVKaXwxjz621UnXRIPElrss_9Bf3D5kPD76YDvIMjmnYUSqxgxaji_-otMFqmG9mmaQliekdOq3dCdMpBBYB6oxrLl9pdFEKrE3dKUxNz_PPP_A0oljWnUH_uUv0DheX3sKsfdGakli0ckXet5HgWuGAxOwjSx4LjXgDbmHu6Eh19fbovGRasNivyUiC-5nZMh1vJZclJZpWuXGcTDMvl_OekRPjS2MhCKHwMNU_BYoLCyOP7MDefgoTZqF-bd3v_Qfs6KVd2oSKolIwwEiITDQU2Lx0ExsZAquLx2WiGNWvrnUsd_PYU2DwATVpcslEDyf8hqiet1AIT80-jJlBpoUU7boLVM3uUWyLgHu6saG6i5PsBUqFp4KiueJFiSLkI0xYhQXlpwfxpWQdK7j4LVji2FVRCmp-Ng4uMeq-zvqbvux36ic_sEQwn-Xt_ClqlX8t_6DGXbcfdjdN_4BNnqMpaZCNRQCl9OpEhGua7KdmVMA9H27SKaSCTrWZJYQAanRpUjDmKTcPQFqbSQ5GlElX4-OPXp3pozvJlBPwzvc_9CbX0Eax0_okMfml7XV2gTBl77zbnfMNJ_ejhUj1ijcB8BL3D5kPD76YDvIMjmnYUSqxVTm50zwheMZKXjYTELCaRTMB1dlAsjcT9rVrLvj2jmVUL-jDhuW_PG6kDXW49rX2tzfWChaLz8qHVMsj8mXTQ5X_BsIvcSN0BmMTK-BlFS19ozX7FlWqx06TTt3zJMoidpDfoquYgeQVRQJMAHbPNzKbdG5BDLNqFInvCReDtR22Ma4NnjcBIUkCx_bHhhCO7MDefgoTZqF-bd3v_Qfs6BrVkQpn3sMfisSjNFR6Lph0ExsZAquLx2WiGNWvrnUsxG4zdt6QMXamb0MlO9-6e1Et3epiS-kFwEUk3ma5DYQLVM3uUWyLgHu6saG6i5PsCif1zoSmfZSqcudOf2tI_AtUze5RbIuAe7qxobqLk-whOajgwxbhQ2etCzicpyVTBeWnB_GlZB0ruPgtWOLYVT4g_J2kF4TffMfKOos7tSGYqdD0JO4s0XymPmMJRJDcQaJ9CkqVKWDYk-dzFplDuqwCXV-t7S-pFZ84tfYt394fbtIppIJOtZklhABqdGlSk3kOykyDTiOMXrl_1hSXbVPgP28vTqELfpOybpGjlbL1u2jaCL-G-9iQxe-i1zj0qnIvgJ1Cs1GitaawX0kTqPcPmQ8PvpgO8gyOadhRKrGUhUdZl_uWemjmxoBkqtZPlC4l-GnLAeLfqIKDfL1UZBu13BiEoKhy1nfBN8OlmthGyJL9eBp3R0ktcXzadt6Dlf8Gwi9xI3QGYxMr4GUVLSGbq4jqoA2S5xXIqloiZ1rJnlvqvTZp82d7AV1or2dUFOEFVYJjQMgMb7lS0C-xbKEPGbIcW-yfL1eczIB0nv7swN5-ChNmoX5t3e_9B-zo4ADEFwcAd4j4QaxZfExMqHQTGxkCq4vHZaIY1a-udSxde4MjDw009tPzSo6eSSgxdwNGJND06t-bjtn5J7KDlQtUze5RbIuAe7qxobqLk-zD_xVADK1Q9dfnRiJgoiDiBeWnB_GlZB0ruPgtWOLYVWRtxKwDSHoQbxPxzfXop_PGqBSQ6KpYW-OwrvDg8i80oMZdtx92N03_gE2eoylpkOa03F8PGEVyWKeOTLdjQBsfbtIppIJOtZklhABqdGlSTAOVu8HAwVUaLipJ9sHGrk8xcWupMSKM_8JiETgP7y2Lf0sa0SwthrZEeN5dUppfBHqNpdRWaYXKfEufY1_jM_cPmQ8PvpgO8gyOadhRKrEH2jhGaC4HJh3Lvv-bHhjZXJrqY1uo21_GLL5pntP7d1Qv6MOG5b88bqQNdbj2tfZUQpq4yPuFsSVWlf6dSHtGLEWhr4abofxDhC7P6sGwew4euBkqrCOJYGXaH5f2No8_2RdAhJaMbFOWHdRsIhatZ3trG8hf0eQqY8g-UGnErVl0dXhBHCfFaURcg86EWtLlFbsvCmEPdz0GvB-V7jB5awi2yagXokGer-T3duHYImsItsmoF6JBnq_k93bh2CJrCLbJqBeiQZ6v5Pd24dgi0fy9yH3cJpXYWOo6nSGwttH8vch93CaV2FjqOp0hsLaOT-BQHXXH-uznhhEs9x_Sw0tfzF6HcwwheEdKac2B-sNLX8xeh3MMIXhHSmnNgfoM2KaPI-sR5WE58gV6S3h5xnv5U9q3RmUdEcfcdtut4fcJCZU_BttKMXTDyrBfshtsU5_j_mocn2P_zfZY4qmabFOf4_5qHJ9j_832WOKpmug_cxXaULqo5K_--uRzgNIR8R--H-SzG21IeFe3_WqV2oTj14ksQ27ZtJZzx1gXZNqE49eJLENu2bSWc8dYF2TahOPXiSxDbtm0lnPHWBdk9C_Pu3wPYr2A_3dDgXogwmd09iZDTMtxv05d2hJrzm1ndPYmQ0zLcb9OXdoSa85tfCWfACzyR22c78m9rm0opXwlnwAs8kdtnO_Jva5tKKWGDrBTI6MoEsB4IrTcND0RHO90Ba4DNelbdwYVufELDtX6BfAY2sgFWzSh0EbYcfTBpmpd9hwiXKZXJsWFQCQVBsjiFrNHSK-_Gebf3rUW-DiUdeTQauTko8JT6bU5H7U4lHXk0Grk5KPCU-m1OR-1OJR15NBq5OSjwlPptTkftTiUdeTQauTko8JT6bU5H7WBDZuAVb1fiTqGwbz13XI0gQ2bgFW9X4k6hsG89d1yNIENm4BVvV-JOobBvPXdcjQoc_EAqGm2Vr9TWaHYU9GddhjhUYi9yiSqjz4yirqEttGX0otsn1Eo9ASeAp22-RzCmJKLA4L8yqghdd3XRDx7qf1MrHd4wjjnlzZT7-OanKn9TKx3eMI455c2U-_jmpyp_Uysd3jCOOeXNlPv45qc4FfPONitGRcGxKttYjNpmYIlBZfRYA7Tno9giphEEaGCJQWX0WAO056PYIqYRBGhxo3TegpnNfA0YZyu_rcByep30ZvJV6vlji6z2sRrikTqd9GbyVer5Y4us9rEa4pE6nfRm8lXq-WOLrPaxGuKROp30ZvJV6vlji6z2sRrikRAeKyhQvuA1Am1Hf99RKswWh2QKPH2KLJ2oGR8lOZM1ANe8zLs_kHddS6hlrOxdDk; fc=k01_H3DQgin2gUWbqEfHVnEgVJOySuH7g303wn-3ThPBhSQ9y8oNWj2jHjllm2qL9SGC6KvWqijMODBe-PTw-vVibMqUG0iKKCPAs_vD_eA0A7iP8ARnu5R4osC1ayLKRfOX1MD02-o6SZ1b0c_HcdJnnDxsS-ubYBpridlzat8; uid=8392341830659049202; pf=QNmKTCt50B8Kpjg3isR9W_Ir3yoWOiSMkKJqMqoVPY2F1SOb8aRLeTLNl-G3fsUKhUysT6tP_1ec7xFTzmyTOvZhkC75wKwc88nuAokFvQ9ZYY2MlOzDLPTu4F-Uvdt_4YcdqwNhq09cj3lKBwXbCI3NqI2oQask0RxIcweDv6GMvGOoSAiXlEejBUI4bVTZiG0CD7SN4iQwbZFOht5_PcUKhyzjZJcScR_VHmzU_n_fhPhtP5eGOnqRNnt1-OV92xXlB7VgscrJbhGIf_JilPRDCeImrEZCGkpU4h_63CxWG5zEusESadpgYRYL2p5MG_RdoPtoKDEjrNYQG7__lKjDMABh_QQeaoDba2RSMKg6e-hV0PbjfU-R5RsfY_iXHHJjlc65ejsfGk_Bhi8TLHmektSTNGWFbueds9H23VJFfVN5kj-_puNaGveyJPzS0OWMGE9a6E0drdXZhYMeXsC4vcynPn9Dotf0EEwoLz7AbGDzP165MyHrx4tSx2B8O9qIPoIdnpPJQCQT3fsKxMAWYsdDJ5k_sdNi8uFJSCQ255k6vYnNOgM7sltoObfRe7Nfdm5bvla8XcCi8mpJcxR9SWcdexG9cU6HZV_VJhdn40SIet0iwwqKbdSj4CL2bkG8vxygw5PYjAzgbfXuQGcN6QW2n8XRLy7UoAmSdBRnwSKp2TDgd2Lcz_qJvz2UQIXGjoBZ78Wshqhm4tb0CSAVFfu30wLyYuo1y7aS82LTLnxA3ggK2gyTUssar2d0VZEEXq24P2id3ypkSYZxDaGrEW4mATCBJcdbUsS6U6WlB0V5Jnrj8cA_1KNYNCmayGOF0nn5E6TLc-A2frbzWLZ78bJLnb6L0KoAtnvLV2pP81X4ANdqArViOJeQtd_KBgfW6zrQLmaDIleZdb-lWXaspIKRhbM6EZgcd53-A29aOa0ye1UD40069XkSXwnuCh-RAXxtefbOimbdrtxWQwySgP2B497OTuJjk4h_xz7h1RsCnD2sD6SzTA6FS0L5qaDwuUB-gusjbKGTbdorNQKIus_NVuwacB_n_GJkCjDeRWnTTHOTAUzRX7jz2Dtha6IYgwK4KHy8_huNe8GKEihRoyUkOlvRlegTV48BDCOJkf60Zr6_RPbt9P03q9zqXbkMIiHhRyraLmWVTI7LPDO0V_cWY7-ccITIWG4cEAVOX3OaMNRzdBC4-0RsvFyXuRiJhp9j10eguQj26V8UKLkQP0cLS8-CaS_G0biaU-lkiE1m1Xn_hKe9NfZLnwyCK2ncrj6VabuuuFr6c_o5qaCQ6oN7sH1l3MIGQoK8X6stp0kTmdEXBwprTQawoH105HoGs1Q83lthTB7Fi-VTyyXy_vCtpJySQt4PX48ZzIpuwEShzbmTtAHP6iCkM-HhsMYZ7YWC2tZwu4Tb45eBwQ2XRr6BMB9fSsap5sDS6rpQ2bGi-sM44BgEdgBbOlmMluxfbyihgyJXJzx1jJXLpuPXHdjanaO2pJ8yqKNT5UMTIw2oYtTZbgmSLFmFfbvQzRfufLqyfgPcMtBAkmyxKq4X6cfi80nt471PDAY1h5rLy4hs1GeJifs51BsOk2bX; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7C8%7C9%7C1001%7C1002%7C1003%7Cundefined%7C1004%7C1005%7C12; rds=15054%7C15054%7C15054%7C15050%7Cundefined%7C15054%7C15054%7C15038%7C15054%7C15054%7C15054%7C15054%7Cundefined%7C15054%7C15050%7C15054; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=8392341830659049202; Domain=.turn.com; Expires=Fri, 16-Sep-2011 13:07:34 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=QYdf8pQ322SIyBI2iUoAU4RjEWhnHVjNlGGMhSRuUKth-L3XcPmT4hHXOQgApIlYHYX4_NcWdx3_ane6F4B-14GhJc02ow2AtUwL6WPia2FGaLnf0zlcY_NlRLgfVWu_p2dXRupylG3NYnZS5bXKYP96WiAgIoOXEFUWrzhKF5gCw-urpRf-_9YebSTVOgNrqPihsYENeO8sXA9lvbRdayfMZtqW06LRo26dh_6mdAGJGTELtL4GqGulFNiuT83_JW8PFWxYJ1q2_24dlRk_ah5icQ-UlIA9kPFGJHuyqaq5VL3rxbStQ7qJq0UYbCEIsUtODQcKNwexAxOYVwN1nK5X96dOre3quYO9Z-8ufvZDTyl_SWg8JF85Vro55plfoTgVQZo2IE3aGhkEGjHTkTFiBYl1Y5wme5TkSr2cG_wgfqVSXeBNVe3tcWgG-cKlb6X9zJjlpwSm9YUJH9a4gJTCk-tuxUia_8m_xGP0ng-vamqLuW_YXqfv_SJ_aE8WewT_9aYmy1_kglD2-j2O9xEN2WSuwULQaF3F5bjuxzhmEuJsfxP5f1y2CMVwcPBKjitRrpYhjNWTpkhfFGNz1pMs9g0Q0vhgJiFRvR8WD6y1byxKhk0zupa7mhXtOt59TSvsYEqhZ0OHSuNp70BrBPgFZPUXsLmq7zd2bgatqFEtgpfxqN_T7QEW7hJnuqjPvjaUahkeh2AIOXYNj81E2z9CvciRuIEJCv8yxQ13OGBfB4P3wQx6U2WiVVEP-_Y7EOaV0vIfQZsAGrAD9lknuVDiL3nhapvU0GeEL2HT-L8OVgkB2bwToPK0KdNC16-jTfAO5O3oP_bfifepQZJrTx5icQ-UlIA9kPFGJHuyqarB6alCNElibRNjAQJxQ3wScEcZhGdHz3dGIuUYDCisolLji3VTL1tjXfqm-esg2sewf4n0X2poBn_JF16R7_JpoTgVQZo2IE3aGhkEGjHTkeeFQfumNuZsM8qSWC1YO88e0aAoBCNnU0MrQhAnhIPCOUygdo-nXLnZpGMXrI7zLHABVz72fi9fhT0whWU6oVuvamqLuW_YXqfv_SJ_aE8WghrAn-Vi2vPEwMGFNlZbYxEN2WSuwULQaF3F5bjuxzh7HBG162ww7piqD1aguph5yjHL13DurDt14-jGkVE335Ms9g0Q0vhgJiFRvR8WD6ypA0SKEqBppDDJhLx8qKy9TSvsYEqhZ0OHSuNp70BrBFPAk0ENEI9AkFKrpbmzGs3jQ_DNJLeHeL0m2Znba1buvjaUahkeh2AIOXYNj81E2-JjZ5NuKJfCva75n_nDp_hfB4P3wQx6U2WiVVEP-_Y7anyk5GyGEYfAPBsxHQjGZSlxmSbeaAgfibEHTq6nsWGJGTELtL4GqGulFNiuT83_aWjrAVXVlG7OWMAFleaNmJbd5mJVeqDBeYockQCeOAxxDWE5tfMM7qZbrjn2eVJNHmJxD5SUgD2Q8UYke7KpqkQLRuw_4qwIZ0RgbwcKb_zPkrK-DNPDU2d6IfOlnKh298JoqNIrcIOFh27SKktj64bitenuXABFvYGLN_FjpjihOBVBmjYgTdoaGQQaMdORRSUpCyAfviw4AHYe3ZFe1j_H39CNFZoidFAH_Wwsr2KYkmu9Efz59RTTwRXe0-z-VzZOXR8fEEZYabQJ5OvIrK9qaou5b9hep-_9In9oTxYDFxyCqW2pHLJpyn6DipzREQ3ZZK7BQtBoXcXluO7HOHYn_JVSl2TRope3S5e7WdCOJuOFdBL4jJzlrGgOb4HBkyz2DRDS-GAmIVG9HxYPrCWrE7nz-KJuRo7xf7_4TaxNK-xgSqFnQ4dK42nvQGsE6ABEyeT6GgYO9T7bPr2uOIHF81yXCYglNgztjlxXYaK-NpRqGR6HYAg5dg2PzUTbalw8lqs5Yl_9jBwMs9Tj-V8Hg_fBDHpTZaJVUQ_79jtEExTCNts46MM726dOHk03EHP-IMF08vrzIT3Bb7Svo5bd5mJVeqDBeYockQCeOAxOo3HTnz6UEXwFhetL-lkMHmJxD5SUgD2Q8UYke7KpqjCzTD1GHFKXcyzidRcl9QVgKfB9VVbr4TUFv2p7bOInOewUt5gP_VlI1Ump9cof8bgUMqrglLkQZ2MmUdI_wRihOBVBmjYgTdoaGQQaMdORXsA1mfR2ULXMKrWuUdGM7RySCcjLsN_cxeO5d6Ll7ah1ym-8DGu-cUq_NzKN12epXgVQXjOJNmBQaMF-8bSNxK9qaou5b9hep-_9In9oTxbS-ghZdhmAasmF69aaImA6EQ3ZZK7BQtBoXcXluO7HOMQfuZ4AWvTJ-mwSNztcWshzAqXI_s6r0eNAoWe_e9VLkyz2DRDS-GAmIVG9HxYPrH5VjA_u5FxGvMqUnf9TQBxNK-xgSqFnQ4dK42nvQGsEmI9YI0NszyrnjSHCBrHOF7N0yDfDXTWmk3YZuned4J1zHpbFxYCHf8ECnS552zQGcx6WxcWAh3_BAp0ueds0BnMelsXFgId_wQKdLnnbNAZzHpbFxYCHf8ECnS552zQGcx6WxcWAh3_BAp0ueds0BitnssvNEea-CDLDeF-fwACvWXqvkkof0pdy12XNR71Ur1l6r5JKH9KXctdlzUe9VK9Zeq-SSh_Sl3LXZc1HvVSvWXqvkkof0pdy12XNR71UF-e0dAu4qNmsK2oR2A9RUQVMCl8aLbGecDd_fKt7NywFTApfGi2xnnA3f3yrezcsBUwKXxotsZ5wN398q3s3LAYbc69DjOHmwnxze8q4bqJPPYJ8usI-1hBBRr5uFxgFqfvBa32ACLSnDYXKF1oBeqn7wWt9gAi0pw2FyhdaAXqp-8FrfYAItKcNhcoXWgF6qfvBa32ACLSnDYXKF1oBeqn7wWt9gAi0pw2FyhdaAXryDt3w8cVNrM49PHXxiClIeDq2PHxBb0G93bZOUEV_B3g6tjx8QW9Bvd22TlBFfwd4OrY8fEFvQb3dtk5QRX8HeDq2PHxBb0G93bZOUEV_B34IJwkHmIrESNkEHZ8g1949RfOkpegw2OWd5Gq1X3SAPUXzpKXoMNjlneRqtV90gD1F86Sl6DDY5Z3karVfdIDVzbApqLD2dXriygnNopblFch-eoCuDk8x64052zPt2RXIfnqArg5PMeuNOdsz7dkVyH56gK4OTzHrjTnbM-3ZFch-eoCuDk8x64052zPt2RXIfnqArg5PMeuNOdsz7dkVyH56gK4OTzHrjTnbM-3ZE1zi3eUCecg106GXWo6ZhRNc4t3lAnnINdOhl1qOmYUTXOLd5QJ5yDXToZdajpmFE1zi3eUCecg106GXWo6ZhfPSjW7H5Jkol9-9LsOFip_z0o1ux-SZKJffvS7DhYqf89KNbsfkmSiX370uw4WKn5tSaxPmfiTgjAFYfvIlraaZa6cUR-KH2UMf-39oRIqSmWunFEfih9lDH_t_aESKkiaPGMMoWG79KMJG1_6B63rd33erOmBTEWjk8EHWq8r_3d93qzpgUxFo5PBB1qvK_33J5TXdC2nyuG8O3c9hqKb9UW1UfXUu5_t-s3mYQevC2GfmtRhuVY6zT1uCqUTs7wcwsdHQlOWV3VIdjcK2T9k; Domain=.turn.com; Expires=Fri, 16-Sep-2011 13:07:34 GMT; Path=/
Set-Cookie: fc=k01_H3DQgin2gUWbqEfHVnEgVJOySuH7g303wn-3ThPBhSQ9y8oNWj2jHjllm2qL9SGC6KvWqijMODBe-PTw-vVibMqUG0iKKCPAs_vD_eA0A7iP8ARnu5R4osC1ayLKRfOX1MD02-o6SZ1b0c_HcdJnnDxsS-ubYBpridlzat8; Domain=.turn.com; Expires=Fri, 16-Sep-2011 13:07:34 GMT; Path=/
Set-Cookie: pf=apt8nUS_8g-os2zTpNH9S8BraYD4coGoPe8ylFU_g3W6o4VUW939ncJz_M9dzB62UJVQP26K-ikS_X_6rlRWMAeFdbGCpLFrA0anDxbFGwk9LbrWX20-UrBjicbubJadUP_jXyHjnmjK3rrz51boI6CBxA1xPMI6FIxSqVGspWCSKqnEyrwCKenpGxRQV_T5jSa4oDXhxZzP0dJh6rPSnc3vKSZRPdlwmRVNzIEeWUEL0x8wFB4ST8OfQRd0AHkWNMyVJERjf-FGSRAtXD4Nhi-unhgxoADyHNLh6ZDzCvrf226xnTIQQQmq5EgT_iESfo-zyO2mzOd-Ch5JgiT1BrBRqZWHPzi54l3Mmy73qMYYephq_CTqNSwxH1pwvb85f0uXstituK4BLz5PJm_wP-PMU83diYb3Y7rpEHLNMQMpBOgDXF1T8wK6QnvAMocQ8c2fJyJeVO-VkDGuoHZoX961OccaC9LXa8TZbmhrtplN8Wv_lboyvPuVgkwWlyueoXrtnkQeCARtQrPGlAjjp_7TZje4YoYaVdxgHe70aWZO3jSbIiK-1ezhwhOSA__6Z9ex2ErzUPCDmXHPVip7liY2Qh6CaTHwP1FBJp6RrEmjFnmOhwYX94V3gbOTfK9JGJY4fF04_Xfkft25X76d7kpl4DxOQY91EWvajOdwUHJQQH5v8Tt-aYcpJ7mu3QSv0s7owuJGUDMkgd-lrYxlqsTw9Tyhs5-Lx2i-xccfpwakxyKbsTp7iwJkB5aBkvxQg3iTh7EJteIJxc3MMJpCWuKgQ8ZlmPUZsxOX4w-f66_WkEkcO9UmX4UESRvBPLCIQ8CnL0HqIS_oeQVIZx-kkk41zR9Dzd_LsvCsLyvPcxkHvsGBIlOL9YQyxjcczMLmBD5QuMG_P68KP296xTfSUKDZr1y42fW0Gp8hhYtibaTLP8yKitG5b79rtm0lM9hovySSItes1M7pqw_gT0NZbY-JRI28XUe3I_wibFgIfX0ItbUL2laTCY4uwlPM5yLhHirjZY2i8uALOlPJahZrAqIuNVsviQj2PAjAIIXz6eQ8eoEI4sgLSHGy6RAG-E-0ABI9WFjZ5jQ2afTPjHR41kxFdwO2AOmQl_ejbEhy-tzc8HFK-9DM5Ky9EwXdGW0BIpD6i7xs06BVFi02IieV5W0j1cd7tPYvwMWMM9bJJCpdUmvcXrd0BRBgx2si0fBNrAv7l31yA8hU0DTXIKvdCrqkXn-v_AtdloUzYpPUf3yKZF_Z_llO_BCN9M32kK_AqSds3f0y3LOnRAnfGQ9xW7Q-514KtnNO3DDfwJnVSi8RbzvYVg3rh0EbDIc8E_e2zLtY8hgIv7zj4dU-WZHIT5roxsjyE6sdhHHPvtgrBB5H9iBOvD7olsUnsrN1yGsn_lyVeHNxOykVE34Te4Roltn-QS63rrfi7qOR_2snq1yE9m-hEeKSnfaSKyWbi9FNJwChI073rWJlPatNx0dyP3UCik4VbEo1AKSAXIBNd1P2WP7zAmgNITc0E_1skmBGA9sOeQP4ljjECUChGrh3Bw; Domain=.turn.com; Expires=Fri, 16-Sep-2011 13:07:34 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:07:34 GMT
Content-Length: 2477

   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
   <html>
   <head>
   <title>Turn Ads</title>

                                                                                   </head>
       <body style="bac
...[SNIP]...
<div id="ad_24832903">
               <script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=1321455&PluID=0&w=300&h=250&ord=&ord=4005530758592425654&ucm=true&ncu=http://r.turn.com/r/tpclick/id/tm7NsgCBljeFlAgAcwABAA/3c/http%3A%2F%2Fad.yieldmanager.com%2Fclk%3F2%2C13%253B510576aa26d330cd%253B12ed360bc30%2C0%253B%253B%253B1101847734%2CKnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMLxg0y4BAAAAAAAAADA1NmVjYmI2LTUyZjMtMTFlMC04YWZhLTAwMzA0OGQ2ZDM4NgA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%2C/url/"></script>
...[SNIP]...
4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%2C/url/http://bs.serving-sys.com/BurstingPipe/BannerRedirect.asp?FlightID=1321455&Page=&PluID=0&Pos=2287" target="_blank"><img src="http://bs.serving-sys.com/BurstingPipe/BannerSource.asp?FlightID=1321455&Page=&PluID=0&Pos=2287" border=0 width=300 height=250></a>
...[SNIP]...

1.63. http://ad.turn.com/server/ads.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.htm

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.htm?&pub=2701141&code=5711646&cch=5711644&l=300x250&nonjs=1&sli=1989695&bli=1320666&exPub=298720&city=Dallas&acp=0.6000&rnd=1300626455&3c=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B510576aa26d330cd%253B12ed360bc30%2C0%253B%253B%253B1101847734%2CKnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMLxg0y4BAAAAAAAAADA1NmVjYmI2LTUyZjMtMTFlMC04YWZhLTAwMzA0OGQ2ZDM4NgA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252Fcategory%252Fplus%2Dfive%252F%2C&url=http%3A%2F%2Fbuzzya%2Ecom%2Fcategory%2Fplus%2Dfive%2F

The response contains the following links to other domains:

http://bs.serving-sys.com/BurstingPipe/BannerSource.asp?FlightID=1321455&Page=&PluID=0&Pos=2287
http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=1321455&PluID=0&w=300&h=250&ord=&ord=3617952785064839197&ucm=true&ncu=http://r.turn.com/r/tpclick/id/Hcjsp-OMNTJROAoAdgABAA/3c/http%3A%2F%2Fad.yieldmanager.com%2Fclk%3F2%2C13%253B510576aa26d330cd%253B12ed360bc30%2C0%253B%253B%253B1101847734%2CKnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMLxg0y4BAAAAAAAAADA1NmVjYmI2LTUyZjMtMTFlMC04YWZhLTAwMzA0OGQ2ZDM4NgA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%2C/url/

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=8392341830659049202; Domain=.turn.com; Expires=Fri, 16-Sep-2011 13:29:52 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=a6IdZs1opxHnzOHz8oFkkzkUetLz_CmwKsOLnKdb8uxh-L3XcPmT4hHXOQgApIlYHYX4_NcWdx3_ane6F4B-10LjetnAXP8P8UUmhTCSeh1GaLnf0zlcY_NlRLgfVWu_Ryr2PrOVwm1mZQiByzuJb1daZJtc92NbTZOJmvbfITKrfpUaKeFcSMZdU1LpdOcwFh3h8y-lTYbAFttcJZJpHifMZtqW06LRo26dh_6mdAGJGTELtL4GqGulFNiuT83_JW8PFWxYJ1q2_24dlRk_ah5icQ-UlIA9kPFGJHuyqaq5VL3rxbStQ7qJq0UYbCEIsUtODQcKNwexAxOYVwN1nK5X96dOre3quYO9Z-8ufvZDTyl_SWg8JF85Vro55plfoTgVQZo2IE3aGhkEGjHTkTFiBYl1Y5wme5TkSr2cG_wgfqVSXeBNVe3tcWgG-cKlb6X9zJjlpwSm9YUJH9a4gJTCk-tuxUia_8m_xGP0ng-vamqLuW_YXqfv_SJ_aE8WewT_9aYmy1_kglD2-j2O9xEN2WSuwULQaF3F5bjuxzhmEuJsfxP5f1y2CMVwcPBKjitRrpYhjNWTpkhfFGNz1pMs9g0Q0vhgJiFRvR8WD6y1byxKhk0zupa7mhXtOt59TSvsYEqhZ0OHSuNp70BrBPgFZPUXsLmq7zd2bgatqFEtgpfxqN_T7QEW7hJnuqjPvjaUahkeh2AIOXYNj81E2z9CvciRuIEJCv8yxQ13OGBfB4P3wQx6U2WiVVEP-_Y7EOaV0vIfQZsAGrAD9lknuVDiL3nhapvU0GeEL2HT-L8OVgkB2bwToPK0KdNC16-jTfAO5O3oP_bfifepQZJrTx5icQ-UlIA9kPFGJHuyqarB6alCNElibRNjAQJxQ3wScEcZhGdHz3dGIuUYDCisolLji3VTL1tjXfqm-esg2sewf4n0X2poBn_JF16R7_JpoTgVQZo2IE3aGhkEGjHTkeeFQfumNuZsM8qSWC1YO88e0aAoBCNnU0MrQhAnhIPCOUygdo-nXLnZpGMXrI7zLHABVz72fi9fhT0whWU6oVuvamqLuW_YXqfv_SJ_aE8WghrAn-Vi2vPEwMGFNlZbYxEN2WSuwULQaF3F5bjuxzh7HBG162ww7piqD1aguph5yjHL13DurDt14-jGkVE335Ms9g0Q0vhgJiFRvR8WD6ypA0SKEqBppDDJhLx8qKy9TSvsYEqhZ0OHSuNp70BrBFPAk0ENEI9AkFKrpbmzGs3jQ_DNJLeHeL0m2Znba1buvjaUahkeh2AIOXYNj81E2-JjZ5NuKJfCva75n_nDp_hfB4P3wQx6U2WiVVEP-_Y7anyk5GyGEYfAPBsxHQjGZSlxmSbeaAgfibEHTq6nsWGJGTELtL4GqGulFNiuT83_aWjrAVXVlG7OWMAFleaNmJbd5mJVeqDBeYockQCeOAxxDWE5tfMM7qZbrjn2eVJNHmJxD5SUgD2Q8UYke7KpqkQLRuw_4qwIZ0RgbwcKb_zPkrK-DNPDU2d6IfOlnKh298JoqNIrcIOFh27SKktj64bitenuXABFvYGLN_FjpjihOBVBmjYgTdoaGQQaMdORRSUpCyAfviw4AHYe3ZFe1j_H39CNFZoidFAH_Wwsr2KYkmu9Efz59RTTwRXe0-z-VzZOXR8fEEZYabQJ5OvIrK9qaou5b9hep-_9In9oTxYDFxyCqW2pHLJpyn6DipzREQ3ZZK7BQtBoXcXluO7HOHYn_JVSl2TRope3S5e7WdCOJuOFdBL4jJzlrGgOb4HBkyz2DRDS-GAmIVG9HxYPrCWrE7nz-KJuRo7xf7_4TaxNK-xgSqFnQ4dK42nvQGsE6ABEyeT6GgYO9T7bPr2uOIHF81yXCYglNgztjlxXYaK-NpRqGR6HYAg5dg2PzUTbalw8lqs5Yl_9jBwMs9Tj-V8Hg_fBDHpTZaJVUQ_79jtEExTCNts46MM726dOHk03EHP-IMF08vrzIT3Bb7Svo5bd5mJVeqDBeYockQCeOAxOo3HTnz6UEXwFhetL-lkMHmJxD5SUgD2Q8UYke7KpqjCzTD1GHFKXcyzidRcl9QVgKfB9VVbr4TUFv2p7bOInOewUt5gP_VlI1Ump9cof8bgUMqrglLkQZ2MmUdI_wRihOBVBmjYgTdoaGQQaMdORXsA1mfR2ULXMKrWuUdGM7RySCcjLsN_cxeO5d6Ll7ah1ym-8DGu-cUq_NzKN12epXgVQXjOJNmBQaMF-8bSNxK9qaou5b9hep-_9In9oTxbS-ghZdhmAasmF69aaImA6EQ3ZZK7BQtBoXcXluO7HOMQfuZ4AWvTJ-mwSNztcWshzAqXI_s6r0eNAoWe_e9VLkyz2DRDS-GAmIVG9HxYPrH5VjA_u5FxGvMqUnf9TQBxNK-xgSqFnQ4dK42nvQGsEmI9YI0NszyrnjSHCBrHOFxza7XGJk02qpauwWR7fdpZzHpbFxYCHf8ECnS552zQGcx6WxcWAh3_BAp0ueds0BnMelsXFgId_wQKdLnnbNAZzHpbFxYCHf8ECnS552zQGcx6WxcWAh3_BAp0ueds0Bq9Zeq-SSh_Sl3LXZc1HvVSvWXqvkkof0pdy12XNR71Ur1l6r5JKH9KXctdlzUe9VK9Zeq-SSh_Sl3LXZc1HvVSvWXqvkkof0pdy12XNR71UBUwKXxotsZ5wN398q3s3LAVMCl8aLbGecDd_fKt7NywFTApfGi2xnnA3f3yrezcsBUwKXxotsZ5wN398q3s3LMCaLwNSJrENmm7V1soGFz1PPYJ8usI-1hBBRr5uFxgFqfvBa32ACLSnDYXKF1oBeqn7wWt9gAi0pw2FyhdaAXqp-8FrfYAItKcNhcoXWgF6qfvBa32ACLSnDYXKF1oBeqn7wWt9gAi0pw2FyhdaAXq0Agj2dwrNNJ_4JlENwRdLeDq2PHxBb0G93bZOUEV_B3g6tjx8QW9Bvd22TlBFfwd4OrY8fEFvQb3dtk5QRX8HeDq2PHxBb0G93bZOUEV_Bz1F86Sl6DDY5Z3karVfdIA9RfOkpegw2OWd5Gq1X3SAPUXzpKXoMNjlneRqtV90gD1F86Sl6DDY5Z3karVfdICTA05Wuw6tFWAfUzmDvhmSFch-eoCuDk8x64052zPt2RXIfnqArg5PMeuNOdsz7dkVyH56gK4OTzHrjTnbM-3ZFch-eoCuDk8x64052zPt2RXIfnqArg5PMeuNOdsz7dmtfy5ud8CHYuLxZS3nEa0BE1zi3eUCecg106GXWo6ZhRNc4t3lAnnINdOhl1qOmYUTXOLd5QJ5yDXToZdajpmFcsF2TrKXHO28WTPH9fnpI_PSjW7H5Jkol9-9LsOFip_z0o1ux-SZKJffvS7DhYqf89KNbsfkmSiX370uw4WKn8yxKiKiTWPKkkiOcoAi4XKZa6cUR-KH2UMf-39oRIqSmWunFEfih9lDH_t_aESKkre8mUo35pyb_Uyl8_iI_jTd33erOmBTEWjk8EHWq8r_3d93qzpgUxFo5PBB1qvK__1RbVR9dS7n-36zeZhB68IWfp2FZ5JVuAq1se7SHkKdzzWCryk-h24TxI9jrNDh6Qy6mS_4UzvyBOZzWa9LlPM; Domain=.turn.com; Expires=Fri, 16-Sep-2011 13:29:52 GMT; Path=/
Set-Cookie: fc=k01_H3DQgin2gUWbqEfHVnEgVJOySuH7g303wn-3ThPBhSQ9y8oNWj2jHjllm2qL9SGC6KvWqijMODBe-PTw-vVibMqUG0iKKCPAs_vD_eA0A7iP8ARnu5R4osC1ayLKRfOX1MD02-o6SZ1b0c_HcdJnnDxsS-ubYBpridlzat8; Domain=.turn.com; Expires=Fri, 16-Sep-2011 13:29:52 GMT; Path=/
Set-Cookie: pf=-ogS4wUPp2uOthlAhkua7efecn2SRWQfzZHRnDXGAba6o4VUW939ncJz_M9dzB62dqrSo0rlQrgRZPnrV25dosiO_2dDHnR4-kSqUJ-Qkzk9LbrWX20-UrBjicbubJadUP_jXyHjnmjK3rrz51boI6CBxA1xPMI6FIxSqVGspWCSKqnEyrwCKenpGxRQV_T5jSa4oDXhxZzP0dJh6rPSnc3vKSZRPdlwmRVNzIEeWUEL0x8wFB4ST8OfQRd0AHkWNMyVJERjf-FGSRAtXD4Nhi-unhgxoADyHNLh6ZDzCvrf226xnTIQQQmq5EgT_iESfo-zyO2mzOd-Ch5JgiT1BrBRqZWHPzi54l3Mmy73qMYYephq_CTqNSwxH1pwvb85f0uXstituK4BLz5PJm_wP-PMU83diYb3Y7rpEHLNMQMpBOgDXF1T8wK6QnvAMocQ8c2fJyJeVO-VkDGuoHZoX961OccaC9LXa8TZbmhrtplN8Wv_lboyvPuVgkwWlyueoXrtnkQeCARtQrPGlAjjp_7TZje4YoYaVdxgHe70aWZO3jSbIiK-1ezhwhOSA__6Z9ex2ErzUPCDmXHPVip7liY2Qh6CaTHwP1FBJp6RrEmjFnmOhwYX94V3gbOTfK9JGJY4fF04_Xfkft25X76d7kpl4DxOQY91EWvajOdwUHJQQH5v8Tt-aYcpJ7mu3QSv0s7owuJGUDMkgd-lrYxlqsTw9Tyhs5-Lx2i-xccfpwakxyKbsTp7iwJkB5aBkvxQg3iTh7EJteIJxc3MMJpCWuKgQ8ZlmPUZsxOX4w-f66_WkEkcO9UmX4UESRvBPLCIQ8CnL0HqIS_oeQVIZx-kkk41zR9Dzd_LsvCsLyvPcxkHvsGBIlOL9YQyxjcczMLmBD5QuMG_P68KP296xTfSUKDZr1y42fW0Gp8hhYtibaTLP8yKitG5b79rtm0lM9hovySSItes1M7pqw_gT0NZbY-JRI28XUe3I_wibFgIfX0ItbUL2laTCY4uwlPM5yLhHirjZY2i8uALOlPJahZrAqIuNVsviQj2PAjAIIXz6eQ8eoEI4sgLSHGy6RAG-E-0ABI9WFjZ5jQ2afTPjHR41kxFdwO2AOmQl_ejbEhy-tzc8HFK-9DM5Ky9EwXdGW0BIpD6i7xs06BVFi02IieV5W0j1cd7tPYvwMWMM9bJJCpdUmvcXrd0BRBgx2si0fBNrAv7l31yA8hU0DTXIKvdCrqkXn-v_AtdloUzYpPUf3yKZF_Z_llO_BCN9M32kK_AqSds3f0y3LOnRAnfGQ9xW7Q-514KtnNO3DDfwJnVSi8RbzvYVg3rh0EbDIc8E_e2zLtY8hgIv7zj4dU-WZHIT5roxsjyE6sdhHHPvtgrBB5H9iBOvD7olsUnsrN1yGsn_lyVeHNxOykVE34Te4Roltn-QS63rrfi7qOR_2snq1yE9m-hEeKSnfaSKyWbi9FNJwChI073rWJlPatNx0dyP3UCik4VbEo1AKSAXIBNd1P2WP7zAmgNITc0E_1skmBGA9sOeQP4ljjECUChGrh3Bw; Domain=.turn.com; Expires=Fri, 16-Sep-2011 13:29:52 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:29:52 GMT
Content-Length: 2477

   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
   <html>
   <head>
   <title>Turn Ads</title>

                                                                                   </head>
       <body style="bac
...[SNIP]...
<div id="ad_24832903">
               <script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=1321455&PluID=0&w=300&h=250&ord=&ord=3617952785064839197&ucm=true&ncu=http://r.turn.com/r/tpclick/id/Hcjsp-OMNTJROAoAdgABAA/3c/http%3A%2F%2Fad.yieldmanager.com%2Fclk%3F2%2C13%253B510576aa26d330cd%253B12ed360bc30%2C0%253B%253B%253B1101847734%2CKnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMLxg0y4BAAAAAAAAADA1NmVjYmI2LTUyZjMtMTFlMC04YWZhLTAwMzA0OGQ2ZDM4NgA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%2C/url/"></script>
...[SNIP]...
4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%2C/url/http://bs.serving-sys.com/BurstingPipe/BannerRedirect.asp?FlightID=1321455&Page=&PluID=0&Pos=2287" target="_blank"><img src="http://bs.serving-sys.com/BurstingPipe/BannerSource.asp?FlightID=1321455&Page=&PluID=0&Pos=2287" border=0 width=300 height=250></a>
...[SNIP]...

1.64. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.js?pub=5757398&cch=5766863&code=5766875&l=300x250&aid=25369308&ahcid=535345&bimpd=ZjNFN2hZ4i-YlydCdXsT0zZTuD8IubLL42BCS9LH_kU7Yi7NnmKey7h5ce7BWIM3Rux1S_qG8vICQji47dy2E024eYgQT0HpFSZWVesdccUgQeaQijGiqit_QPicgHK5ZZMUs7NpCCTHXflWLyQ9gG-3wDj3m_hPLqVkJ_2jOq48xNSvPXXIt__p10AGZJLfhVd0yR51mYGgtr88kk9pKdB4KuxJT2VpTSwLNXwZXg4zCpHIfbwNI9gJXjnp9W21ujPToIsuRZGfl8WEkkUw9Ua8Y_pn6CI8FT2XEgvyDGuPJv9385Kf6G5E3heIgSIs687bp01UqXCTTP9aXrmld7-TAYHSK0sv3Lw3yXzZz4paS9RecWGAeiDyekIyHp83tNp7CQptCawVC-54p-UewRw2jc1G4rEkoLiW0MRZIYy0V62KSSlYnX0LIbOpP3Jz00_3gOdpgmrTp3Jy74JTl73wc-cQ7FRKnITKYzO3zYVwdOuxgdv5_CYp89cY01huOiySebhNVquMNpVX58Yf46HG1sTGVle5vnwDWXwqi3RFY4bguUnvRTz9bsqCxNCQcmxkY_zvBwV6oRrqmbjeXea4OcyT17faPheb_5alGxB6vDyiosWvDSM9GQ_OeB_RT9rMK7M0d9tZKhGFc8ggTaSfPRztPAxd7KicgD3lJEcNkr_RW7y1hSGjdb2Qvr9O0cwgc6AhycSnUsmX6q1X86NfrrOorlvGJGSqB0P9f_Q&acp=2.828999&3c=http://track1000.pubmatic.com/AdServer/AdDisplayTrackerServlet?clickData=RGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA==_url=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie4;abr=!ie5;sz=300x250;ord=4368258591177512398?
http://ad.doubleclick.net/adi/N5552.152304.TRADINGDESK/B5035357.75;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzxWTgUAeAABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/;
http://ad.doubleclick.net/adj/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzxWTgUAeAABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/;
http://segments.adap.tv/data/?p=cadreon&type=gif&segment=11&add=true
http://segments.adap.tv/data/?p=cadreon&type=gif&segment=12&add=true

Request

GET /server/ads.js?pub=5757398&cch=5766863&code=5766875&l=300x250&aid=25369308&ahcid=535345&bimpd=ZjNFN2hZ4i-YlydCdXsT0zZTuD8IubLL42BCS9LH_kU7Yi7NnmKey7h5ce7BWIM3Rux1S_qG8vICQji47dy2E024eYgQT0HpFSZWVesdccUgQeaQijGiqit_QPicgHK5ZZMUs7NpCCTHXflWLyQ9gG-3wDj3m_hPLqVkJ_2jOq48xNSvPXXIt__p10AGZJLfhVd0yR51mYGgtr88kk9pKdB4KuxJT2VpTSwLNXwZXg4zCpHIfbwNI9gJXjnp9W21ujPToIsuRZGfl8WEkkUw9Ua8Y_pn6CI8FT2XEgvyDGuPJv9385Kf6G5E3heIgSIs687bp01UqXCTTP9aXrmld7-TAYHSK0sv3Lw3yXzZz4paS9RecWGAeiDyekIyHp83tNp7CQptCawVC-54p-UewRw2jc1G4rEkoLiW0MRZIYy0V62KSSlYnX0LIbOpP3Jz00_3gOdpgmrTp3Jy74JTl73wc-cQ7FRKnITKYzO3zYVwdOuxgdv5_CYp89cY01huOiySebhNVquMNpVX58Yf46HG1sTGVle5vnwDWXwqi3RFY4bguUnvRTz9bsqCxNCQcmxkY_zvBwV6oRrqmbjeXea4OcyT17faPheb_5alGxB6vDyiosWvDSM9GQ_OeB_RT9rMK7M0d9tZKhGFc8ggTaSfPRztPAxd7KicgD3lJEcNkr_RW7y1hSGjdb2Qvr9O0cwgc6AhycSnUsmX6q1X86NfrrOorlvGJGSqB0P9f_Q&acp=2.828999&3c=http://track1000.pubmatic.com/AdServer/AdDisplayTrackerServlet?clickData=RGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA==_url= HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=Wonw4SKQzJYWGPurqxtl0nuUzYJk6jXTg2kkRxPsf5PfaqaDzVRu9ZiuBStYaftYL8XNm3b3wEFLrI-bYDGMZspa2dzalgG5fKshqZFQ0gPE-iovOq8fXLrOOSDX_7RE4aP5h09o7k3cRcJp8kFALhcUtCbH2AU91mt_IKIcvF-dnVEIXl_o2VKbCOQ18gKB3TdfaSMq8ZmQLhPF-HDmXEO0DkgoB2K7NtvRYr_WLBLd_glL1pkpHKTZt_lIPJBER1eWajsac7h1LLqoQJdxq_LVmIVMjE0CeQFu2rmZbM75ztlAPWqlo6WakHRHQDJIug3BBFPTzPZU9a_De5ObQfS-FOkT22lzSBi1SyH2rdOEyvGy9ARJOsbfKu5zwAtywK2T6I_iNDRolqjg1OzTcmOmBomBI971b1aEnAXt992jScb5ykHoHXGqgsU2JXsEhKy7DL4leWeiolkQACcMJeDFfNLII8GWE_POOZEqdvSAlwAd2SMpuXja-1oqTvA74Bv87ktR-V-CI_fBW8ozCqpHrzMG7a1O-Bw1uWV3nCTXMMhqubSRk012wJ9TI5YEXDd38XvwUG3nRYRagkvUuiCki6dv9_ZBTPOR80NtxF90Tx9NnkbuE9oFmALVgGEUfnOnpPStJvBD7eMTp4e86K9aYVqIo0QJ8uo_fgCPTXl4d6AzZ5kL0Q3seR-QMTT54aP5h09o7k3cRcJp8kFALqjI0RR666J6yMcKhWq6NL-dnVEIXl_o2VKbCOQ18gKB5OTiSkIyAtUIxcH0kc2Z_r8mFTCd5ttVGpgCWv23BFzd_glL1pkpHKTZt_lIPJBEcjaG10wigUMyya21D2XcWPLVmIVMjE0CeQFu2rmZbM6gr6LeWJgmS_GYEF0jBxMut0ENHBIEVq_lRqV1FbhAaWaIpCiKWJzFCjE_rpqGSQ_AMLkX3xVdMEoiwUWtkl_8wK2T6I_iNDRolqjg1OzTckKhKx8gNr7j1i4lKSwVZVo5786SEOCxaDqnPJjkYPAbhKy7DL4leWeiolkQACcMJcv5JGu7PR53V4XHAO3Io4OAlwAd2SMpuXja-1oqTvA7Sby-AWn9Ao08NtBsZeyI32iQebtfIQ-g95Am5CKbjjGdX9SGy_mLofSIrTkkkZy7q_kymVsfRU5lp0Pu2QVi0ARmUVnGxwLABzMMwaHgl6ZZhmeV2wkprz8192ZLKDYi5nfmk03YwEf-csTjfghefqxfpgzc1VS-2ZSEBy1bfilWXaAbFc49ghutKx-kX83sFbZDNzeTaTd_CskNnL-gJYUhrqV02c7lrfNhksNY6EUSKZoIDqD4G7bFKUqmMV-obRSQfOqKLvEIVYVzZt3x7fyt1kS60aRmpMuHWG916ExzRX1Syet26XYSL2aR6sdzgDpDtFR-MhBo4SKLASMedrNlhtwwehJKZV_vqQ6TPomFT0b0CNqL1yDov6pCERYHrjdcB3-hMeuXpkthOjrlfmpI2EXioEJjgLbV10VkcXuhwiZ-NmqDn980RgRl5YCRsSMBuuGGbFuPRJa8whW0k6IDQXAakeNb4-iGLLL6vhICsdnGaSRoEnqOcIv7G5CzrcZxzHUt8FlPxz9qsQnKe4yFw3wjTmxxOfzbjyejukYkwsYpf4klfvVA_XCLxuitV-DkChzNBAZA7664Ecm9sJ8KpnA_mwIUzpMMvoHHE8H69Nv8ZmvmIfccRX7ppIDmK81F_-m52Kk6mklb9Gkz7cULXDK_DJBsJiPg260VBuB21BharSCDQyZkIvsj3tYWKCBcgK1KIuX3WD1wJn8hu0zvl4YurMpkt_KNXf21GXmMh3NIrtrwJ-PytJzw0bCN1JbrGOVJbR84q2JjTjm8h96r_zTQjil_yu87szG0AJSpAmYGrgDwofgjre60aLEVwGQ7VXceHmC6gPGCEolElhIpmggOoPgbtsUpSqYxX6hAIdI1m55J5HPTGq2yMrwQrQe8folUTs7yHBhE3jXdIqirG5pEDTVYoLJvdXZlZ78KIcHzd1FxJAPOlCIDY7YsrjdcB3-hMeuXpkthOjrlfnsK60K6G5zIvDNin7d_-XihwiZ-NmqDn980RgRl5YCRK7JzRSpPkaFxPAb0V4qxxlETd_XsDWTPOMhkKKyRYsQCsdnGaSRoEnqOcIv7G5CzlX-q_nDsklvWZp_SxUEVsoyFw3wjTmxxOfzbjyejukagr6LeWJgmS_GYEF0jBxMulbT4k7I3RFcH9USEGB8d7ehp9hmy5VmQ13eGV0p5qLQhVwiAdydT3PpB-fIjCiWZK81F_-m52Kk6mklb9Gkz7Z0a7PGvOJoJ72EBTvuMQxml7tqppY6LFE2g2xxURyWGmrwVBz_RVN4-Di2560zu3yYkwvb4gvrvji-WnwN0XjuMh3NIrtrwJ-PytJzw0bCNnaladC9RU6ry0d69z-Zz7SkUb9qGemCfvAL5h3MLwHvc3yMGel4rk0Sx0kOS5kYLJdP9tfIoTz5TKsdQg5NBZiXT_bXyKE8-UyrHUIOTQWZQlrT0o0JDb5JXBZDXw8ZNGElOiRir5xHZ8kAaarjTbBhJTokYq-cR2fJAGmq402wYSU6JGKvnEdnyQBpquNNsGElOiRir5xHZ8kAaarjTbJUxYTKvEAE3JAT4SvkHOGiVMWEyrxABNyQE-Er5BzholTFhMq8QATckBPhK-Qc4aJUxYTKvEAE3JAT4SvkHOGgqNhuM1tUzQHYZ3GHdzM7ZKjYbjNbVM0B2Gdxh3czO2XJ9Sw3jdHwwRW1AzobtH9t81_gjdGUYVukJY8YG-hGu4FfPONitGRcGxKttYjNpmYIlBZfRYA7Tno9giphEEaGCJQWX0WAO056PYIqYRBGhgiUFl9FgDtOej2CKmEQRocaN03oKZzXwNGGcrv63Acnqd9GbyVer5Y4us9rEa4pE6nfRm8lXq-WOLrPaxGuKRPkX-td7VA8q5XtcSwY3rEtaHZAo8fYosnagZHyU5kzUakfxoAiYEuqsAs6lVyErOLNUzJM8pvIuJwp8fvrU-Bkl0_218ihPPlMqx1CDk0FmJdP9tfIoTz5TKsdQg5NBZiXT_bXyKE8-UyrHUIOTQWYl0_218ihPPlMqx1CDk0FmUJa09KNCQ2-SVwWQ18PGTRhJTokYq-cR2fJAGmq402wYSU6JGKvnEdnyQBpquNNsGElOiRir5xHZ8kAaarjTbNWAVpIeQy-_rvNmNJZl0MuVMWEyrxABNyQE-Er5BzholTFhMq8QATckBPhK-Qc4aJUxYTKvEAE3JAT4SvkHOGi4IMq_Q-b1Bsvq4IHMVMMGKjYbjNbVM0B2Gdxh3czO2So2G4zW1TNAdhncYd3MztkqNhuM1tUzQHYZ3GHdzM7ZF_hnwsZOFT5I4eRW46LWcrCzHp4KI8EJF3gYURnVkXqwsx6eCiPBCRd4GFEZ1ZF6ONWHBOP2kK7zVWFthcPDncbv-tY65jMfDKTbdfT8ug3G7_rWOuYzHwyk23X0_LoNxu_61jrmMx8MpNt19Py6Dcbv-tY65jMfDKTbdfT8ug1ygQv0vtIAWYRj1Bwp4i9DzbefliSJ1pdkKBMKwCbwM7hvU7dM3_gDWrNcfv9Lfj8; fc=P8r1GRRUBPzt1rj093eSUyd0kIOGQ-01IqHp4E6nJR0sgJfvPMxam1XE0VXjRZkHDvAB7dj0g9rEc92kPRVoFw0-m0BkBmdsMbfLJKocp81E28M44OKTmpkvbjqqib7MAp1BJ3k6cxFoa6z2wZnSQRA23o3kcOf_vksOCkd4aIk; pf=UGHb8zI4aWtxtAmZyNeJNOHVFbSxqG9hsprN4v3Lz7LQ4qp2i9jCVLo21ITPxTJXB9En7PzxQcEcevWyHskThbQXXj1jA2FyUlkwwkhF7Ro2ZM7BNfD3Nrq6VH58nArltBKmEiDSJc28wBcf6WsZnUwqlFt-IvrL3Cyer2N_b_mQBT67XG3r_GqqLNCDP6TWM6QtivX9DfUZcKCbSzspOG4m4SNemiZsDiwHpMom7zAuHGj61Fo18HFz7Miw6CJ_lAToSBCIK8xd4Nhi3WZ5RVrFAd6zRhrKdfWaTudRRtzdw3uPJsigd4Z03fwI832qp0yYZ8xsq2g2JzvVLF3m0wYmvQ-7zazlMMeR5t48rmodxWJcKS5DgWnPQyOG3H9dle4JdVl67EbeBoMsCr3yKTNk5q5Z7Ye-yqAjt8FV6TEs0w1Mf61wa5sbZduLkMcmu6BxGVr1a1EtZ6VakW9qP0UsyZ23YtDx8Hp9aqDHgS7TLwotn8ChX3Ao59tcjALmIsfXlHObMd1dM-9EmR9zq1feDyJ1JsMdvufmKTEv8zYWEcVWdTIfg0R3HCs5Zgu8aqqZRUbE5cNgHLG-cyhwp9zF6bIQmuyiOkEVXhOR34lY8hTahfCesI1SII1o7GCSTkQctMdsR8ol26b8wwOWRulLcAuUbWv5XradSS5Og7yWq1NAPlM-71DUoari4r4P1Y5A3tzwkjyyX8-0gYHGU5jnzszrbJmm4ATS7VE3nQTOLZuOv6rXl3lXT98xe_hpQk1J2tMJ7uf0wgawDl5tZsTT5kN5mzq7cQ_zim8SvdxF5k8za64BvapgLtKI75QWoFdHsE8JeyafKsb518Z8yG2rlDCHXdIcSLBgYtlkloVO9_IUqGf6VJi47Jt9VzE1iUilagnqDfZezBDAgKeQJqma1IxzDiCoqn5pMBzKyly1EGZOdFA2-qArtbtQRT50YdNPvJqt7eLAf5C0e2pQiKZbm53MKuxT-xACBztAh4jFDcYPKkwR30hpsQ3QHTsbR1jwb4Tknj1lRvA_43zRPga4UleoT5uXiADlzwkOVA067MXkh4FAeKVzg1ACtjgSr5Gp6DR1BdDSotYHbfNzBgKBFuNAXObQP9_MMOI3eG1WGdO281P8amOaY7gqA06Qz3ZYqAavLj_IiDm0PZqfexb3wevMxi_3MpY_DV3nsHFBx31PTcSHvXJd2U5JBFuC4zIXCy6m3DgsRU-dDxSk0aAqkW75gcATwU4afh3aZM0faU7ttedZBHKMSUKU2-CLArzpv1sCFqKO2OO_7QHd61ElSVhkX8nCFJ8XYbO8pgqPz6rxA2zJp0kRUBjlvUbWcclJ3ktilOIca42ILmxDGq12QBEWUhzuVA36zOFcdBowxbu4TWEkjnoG3y3BQoeZ0WJ4-WctW3Z_ONfcXbWfjQNvc84m9Ucmpn2n7616Wmjkp_YRqKp502Bw_HclXEDNxATqSEvwR6YWNJOibQmjAIOFfhKbFkHTBHoHJsdi8MjHFkcfi4c9KAVErlkS3F2SFWLNhm5B3_eb2Qy3toXmjExHhirQMRh4tcgyEqZ-0Ko; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7C8%7C9%7C1001%7C1002%7C1003%7Cundefined%7C1004%7C1005%7C12; rds=15054%7C15054%7C15054%7C15050%7Cundefined%7C15054%7C15054%7C15038%7C15054%7C15054%7C15054%7C15054%7Cundefined%7C15054%7C15050%7C15054; rv=1; uid=8392341830659049202

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 22 Mar 2011 12:34:46 GMT
Set-Cookie: uid=8392341830659049202; Domain=.turn.com; Expires=Fri, 16-Sep-2011 12:34:46 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=aWm1M4LjK5VIpxyiby4XYxEDYW1PshQ3vpBZa8uxHEph-L3XcPmT4hHXOQgApIlYh1NXgtHFGzzHzNFmm-KzX_9FnfDLNktuAMS6JsTomdlVpY3HjWkw231zQDelLH8_7MDefgoTZqF-bd3v_Qfs6OEZRtFGqduPVkD_gkg8VfV0ExsZAquLx2WiGNWvrnUszuICt27wBWASQBET6OeAytEy0WeBXOvyGLo3g2RyRxPMuJkSor3PooeE5HOb8MagG3H1Yh6KJus8Al0Tyl-_P0B_pSthw6Osds3vCU1DTz-z4otjDK2ixFI9HIYofu_jbt-1znRWuv4f0NnBSjg_DEGifQpKlSlg2JPncxaZQ7rJS-D340zJ0KEew_mwtQGaH27SKaSCTrWZJYQAanRpUpKgERJUW1YdGsZik0-okt7FAHdoDG0wmwYyeCzPe0spi39LGtEsLYa2RHjeXVKaXwxjz621UnXRIPElrss_9Bf3D5kPD76YDvIMjmnYUSqxgxaji_-otMFqmG9mmaQliekdOq3dCdMpBBYB6oxrLl9pdFEKrE3dKUxNz_PPP_A0oljWnUH_uUv0DheX3sKsfdGakli0ckXet5HgWuGAxOwjSx4LjXgDbmHu6Eh19fbovGRasNivyUiC-5nZMh1vJZclJZpWuXGcTDMvl_OekRPjS2MhCKHwMNU_BYoLCyOP7MDefgoTZqF-bd3v_Qfs6KVd2oSKolIwwEiITDQU2Lx0ExsZAquLx2WiGNWvrnUsd_PYU2DwATVpcslEDyf8hqiet1AIT80-jJlBpoUU7boLVM3uUWyLgHu6saG6i5PsBUqFp4KiueJFiSLkI0xYhQXlpwfxpWQdK7j4LVji2FVRCmp-Ng4uMeq-zvqbvux36ic_sEQwn-Xt_ClqlX8t_6DGXbcfdjdN_4BNnqMpaZCNRQCl9OpEhGua7KdmVMA9H27SKaSCTrWZJYQAanRpUjDmKTcPQFqbSQ5GlElX4-OPXp3pozvJlBPwzvc_9CbX0Eax0_okMfml7XV2gTBl77zbnfMNJ_ejhUj1ijcB8BL3D5kPD76YDvIMjmnYUSqxVTm50zwheMZKXjYTELCaRTMB1dlAsjcT9rVrLvj2jmVUL-jDhuW_PG6kDXW49rX2tzfWChaLz8qHVMsj8mXTQ5X_BsIvcSN0BmMTK-BlFS19ozX7FlWqx06TTt3zJMoidpDfoquYgeQVRQJMAHbPNzKbdG5BDLNqFInvCReDtR22Ma4NnjcBIUkCx_bHhhCO7MDefgoTZqF-bd3v_Qfs6BrVkQpn3sMfisSjNFR6Lph0ExsZAquLx2WiGNWvrnUsxG4zdt6QMXamb0MlO9-6e1Et3epiS-kFwEUk3ma5DYQLVM3uUWyLgHu6saG6i5PsCif1zoSmfZSqcudOf2tI_AtUze5RbIuAe7qxobqLk-whOajgwxbhQ2etCzicpyVTBeWnB_GlZB0ruPgtWOLYVT4g_J2kF4TffMfKOos7tSGYqdD0JO4s0XymPmMJRJDcQaJ9CkqVKWDYk-dzFplDuqwCXV-t7S-pFZ84tfYt394fbtIppIJOtZklhABqdGlSk3kOykyDTiOMXrl_1hSXbVPgP28vTqELfpOybpGjlbL1u2jaCL-G-9iQxe-i1zj0qnIvgJ1Cs1GitaawX0kTqPcPmQ8PvpgO8gyOadhRKrGUhUdZl_uWemjmxoBkqtZPlC4l-GnLAeLfqIKDfL1UZBu13BiEoKhy1nfBN8OlmthGyJL9eBp3R0ktcXzadt6Dlf8Gwi9xI3QGYxMr4GUVLSGbq4jqoA2S5xXIqloiZ1rJnlvqvTZp82d7AV1or2dUFOEFVYJjQMgMb7lS0C-xbKEPGbIcW-yfL1eczIB0nv7swN5-ChNmoX5t3e_9B-zo4ADEFwcAd4j4QaxZfExMqHQTGxkCq4vHZaIY1a-udSxde4MjDw009tPzSo6eSSgxdwNGJND06t-bjtn5J7KDlQtUze5RbIuAe7qxobqLk-zD_xVADK1Q9dfnRiJgoiDiBeWnB_GlZB0ruPgtWOLYVWRtxKwDSHoQbxPxzfXop_PGqBSQ6KpYW-OwrvDg8i80oMZdtx92N03_gE2eoylpkOa03F8PGEVyWKeOTLdjQBsfbtIppIJOtZklhABqdGlSTAOVu8HAwVUaLipJ9sHGrk8xcWupMSKM_8JiETgP7y2Lf0sa0SwthrZEeN5dUppfBHqNpdRWaYXKfEufY1_jM_cPmQ8PvpgO8gyOadhRKrEH2jhGaC4HJh3Lvv-bHhjZXJrqY1uo21_GLL5pntP7d1Qv6MOG5b88bqQNdbj2tfZUQpq4yPuFsSVWlf6dSHtGLEWhr4abofxDhC7P6sGwew4euBkqrCOJYGXaH5f2No8_2RdAhJaMbFOWHdRsIhatZ3trG8hf0eQqY8g-UGnErVl0dXhBHCfFaURcg86EWtLlFbsvCmEPdz0GvB-V7jB5awi2yagXokGer-T3duHYImsItsmoF6JBnq_k93bh2CJrCLbJqBeiQZ6v5Pd24dgi0fy9yH3cJpXYWOo6nSGwttH8vch93CaV2FjqOp0hsLaOT-BQHXXH-uznhhEs9x_Sw0tfzF6HcwwheEdKac2B-sNLX8xeh3MMIXhHSmnNgfoM2KaPI-sR5WE58gV6S3h5xnv5U9q3RmUdEcfcdtut4fcJCZU_BttKMXTDyrBfshtsU5_j_mocn2P_zfZY4qmabFOf4_5qHJ9j_832WOKpmug_cxXaULqo5K_--uRzgNIR8R--H-SzG21IeFe3_WqV2oTj14ksQ27ZtJZzx1gXZNqE49eJLENu2bSWc8dYF2TahOPXiSxDbtm0lnPHWBdk9C_Pu3wPYr2A_3dDgXogwmd09iZDTMtxv05d2hJrzm1ndPYmQ0zLcb9OXdoSa85tfCWfACzyR22c78m9rm0opXwlnwAs8kdtnO_Jva5tKKWGDrBTI6MoEsB4IrTcND0RHO90Ba4DNelbdwYVufELDtX6BfAY2sgFWzSh0EbYcfTBpmpd9hwiXKZXJsWFQCQVBsjiFrNHSK-_Gebf3rUW-DiUdeTQauTko8JT6bU5H7U4lHXk0Grk5KPCU-m1OR-1OJR15NBq5OSjwlPptTkftTiUdeTQauTko8JT6bU5H7WBDZuAVb1fiTqGwbz13XI0gQ2bgFW9X4k6hsG89d1yNIENm4BVvV-JOobBvPXdcjQoc_EAqGm2Vr9TWaHYU9GddhjhUYi9yiSqjz4yirqEttGX0otsn1Eo9ASeAp22-RzCmJKLA4L8yqghdd3XRDx7qf1MrHd4wjjnlzZT7-OanKn9TKx3eMI455c2U-_jmpyp_Uysd3jCOOeXNlPv45qc4FfPONitGRcGxKttYjNpmYIlBZfRYA7Tno9giphEEaGCJQWX0WAO056PYIqYRBGhxo3TegpnNfA0YZyu_rcByep30ZvJV6vlji6z2sRrikTqd9GbyVer5Y4us9rEa4pE6nfRm8lXq-WOLrPaxGuKROp30ZvJV6vlji6z2sRrikRAeKyhQvuA1Am1Hf99RKswWh2QKPH2KLJ2oGR8lOZM1ANe8zLs_kHddS6hlrOxdDk; Domain=.turn.com; Expires=Fri, 16-Sep-2011 12:34:46 GMT; Path=/
Set-Cookie: fc=k01_H3DQgin2gUWbqEfHVnEgVJOySuH7g303wn-3ThPBhSQ9y8oNWj2jHjllm2qL9SGC6KvWqijMODBe-PTw-vVibMqUG0iKKCPAs_vD_eA0A7iP8ARnu5R4osC1ayLKRfOX1MD02-o6SZ1b0c_HcdJnnDxsS-ubYBpridlzat8; Domain=.turn.com; Expires=Fri, 16-Sep-2011 12:34:46 GMT; Path=/
Set-Cookie: pf=iOSm4jWzkK1eBsanX_Zvyrj_v8l1Pk_8sHmv_UQh7c7Q4qp2i9jCVLo21ITPxTJXhUysT6tP_1ec7xFTzmyTOvZhkC75wKwc88nuAokFvQ82ZM7BNfD3Nrq6VH58nArltBKmEiDSJc28wBcf6WsZnUwqlFt-IvrL3Cyer2N_b_mQBT67XG3r_GqqLNCDP6TWM6QtivX9DfUZcKCbSzspOG4m4SNemiZsDiwHpMom7zAuHGj61Fo18HFz7Miw6CJ_lAToSBCIK8xd4Nhi3WZ5RVrFAd6zRhrKdfWaTudRRtzdw3uPJsigd4Z03fwI832qp0yYZ8xsq2g2JzvVLF3m0wYmvQ-7zazlMMeR5t48rmodxWJcKS5DgWnPQyOG3H9dle4JdVl67EbeBoMsCr3yKTNk5q5Z7Ye-yqAjt8FV6TEs0w1Mf61wa5sbZduLkMcmu6BxGVr1a1EtZ6VakW9qP0UsyZ23YtDx8Hp9aqDHgS7TLwotn8ChX3Ao59tcjALmIsfXlHObMd1dM-9EmR9zq1feDyJ1JsMdvufmKTEv8zYWEcVWdTIfg0R3HCs5Zgu8aqqZRUbE5cNgHLG-cyhwp9zF6bIQmuyiOkEVXhOR34lY8hTahfCesI1SII1o7GCSTkQctMdsR8ol26b8wwOWRulLcAuUbWv5XradSS5Og7yWq1NAPlM-71DUoari4r4P1Y5A3tzwkjyyX8-0gYHGU5jnzszrbJmm4ATS7VE3nQTOLZuOv6rXl3lXT98xe_hpQk1J2tMJ7uf0wgawDl5tZsTT5kN5mzq7cQ_zim8SvdxF5k8za64BvapgLtKI75QWoFdHsE8JeyafKsb518Z8yG2rlDCHXdIcSLBgYtlkloVO9_IUqGf6VJi47Jt9VzE1iUilagnqDfZezBDAgKeQJqma1IxzDiCoqn5pMBzKyly1EGZOdFA2-qArtbtQRT50YdNPvJqt7eLAf5C0e2pQiKZbm53MKuxT-xACBztAh4jFDcYPKkwR30hpsQ3QHTsbR1jwb4Tknj1lRvA_43zRPga4UleoT5uXiADlzwkOVA067MXkh4FAeKVzg1ACtjgSr5Gp6DR1BdDSotYHbfNzBgKBFuNAXObQP9_MMOI3eG1WGdO281P8amOaY7gqA06Qz3ZYqAavLj_IiDm0PZqfexb3wevMxi_3MpY_DV3nsHFBx31PTcSHvXJd2U5JBFuC4zIXCy6m3DgsRU-dDxSk0aAqkW75gcATwU4afh3aZM0faU7ttedZBHKMSUKU2-CLArzpv1sCFqKO2OO_7QHd61ElSVhkX8nCFJ8XYbO8pgqPz6rxA2zJp0kRUBjlvUbWcclJ3ktilOIca42ILmxDGq12QBEWUhzuVA36zOFcdBowxbu4TWEkjnoG3y3BQoeZ0WJ4-WctW3Z_ONfcXbWfjQNvc84m9Ucmpn2n7616Wmjkp_YRqKp502Bw_HclXEDNxATqSEvwR6YWNJOibQmjAIOFfhKbFkHTBHoHJsdi8MjHFkcfi4c9KAVErlkS3F2SFWLNhm5B3_eb2Qy3toXmjExHhirQMRh4tcgyEqZ-0Ko; Domain=.turn.com; Expires=Fri, 16-Sep-2011 12:34:46 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 12:34:45 GMT
Content-Length: 11395

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
oncept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;

document.write('\n\n\n    \n\n     \n    \n        \n        \n    \n\n\n\n\n\n\n        \n        \n        \n                \n                \n            \n                \n                <IFRAME SRC="http://ad.doubleclick.net/adi/N5552.152304.TRADINGDESK/B5035357.75;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzxWTgUAeAABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/;" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzxWTgUAeAABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/;">\n</SCRIPT>
...[SNIP]...
TkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/http://ad.doubleclick.net/jump/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie4;abr=!ie5;sz=300x250;ord=4368258591177512398?">\n<IMG SRC="http://ad.doubleclick.net/ad/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie4;abr=!ie5;sz=300x250;ord=4368258591177512398?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<img border="0" src="http://r.turn.com/r/beacon?b2=1nQDmgx-ioCVF-rYXxu_HoBa_2gfzWMwdYEyIOrBROq03_Y86yLq7uu3PPVLuSSsBeNZcjtgqDuPA_-FABFnjw&cid="> \n                    <img height="1" width="1" style="border-style:none;" alt="" src="http://segments.adap.tv/data/?p=cadreon&type=gif&segment=11&add=true"/> \n                    <img height="1" width="1" style="border-style:none;" alt="" src="http://segments.adap.tv/data/?p=cadreon&type=gif&segment=12&add=true"/> \n                </span>
...[SNIP]...

1.65. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.js?pub=5757398&cch=5766863&code=5766875&l=300x250&aid=25369308&ahcid=535345&bimpd=ZjNFN2hZ4i-YlydCdXsT0zZTuD8IubLL42BCS9LH_kU7Yi7NnmKey7h5ce7BWIM3Rux1S_qG8vICQji47dy2E024eYgQT0HpFSZWVesdccUgQeaQijGiqit_QPicgHK5ZZMUs7NpCCTHXflWLyQ9gG-3wDj3m_hPLqVkJ_2jOq48xNSvPXXIt__p10AGZJLfhVd0yR51mYGgtr88kk9pKdB4KuxJT2VpTSwLNXwZXg4zCpHIfbwNI9gJXjnp9W21ujPToIsuRZGfl8WEkkUw9Ua8Y_pn6CI8FT2XEgvyDGuPJv9385Kf6G5E3heIgSIs687bp01UqXCTTP9aXrmld7-TAYHSK0sv3Lw3yXzZz4paS9RecWGAeiDyekIyHp83tNp7CQptCawVC-54p-UewRw2jc1G4rEkoLiW0MRZIYy0V62KSSlYnX0LIbOpP3Jz00_3gOdpgmrTp3Jy74JTl73wc-cQ7FRKnITKYzO3zYVwdOuxgdv5_CYp89cY01huOiySebhNVquMNpVX58Yf46HG1sTGVle5vnwDWXwqi3RFY4bguUnvRTz9bsqCxNCQcmxkY_zvBwV6oRrqmbjeXea4OcyT17faPheb_5alGxB6vDyiosWvDSM9GQ_OeB_RT9rMK7M0d9tZKhGFc8ggTaSfPRztPAxd7KicgD3lJEcNkr_RW7y1hSGjdb2Qvr9O0cwgc6AhycSnUsmX6q1X86NfrrOorlvGJGSqB0P9f_Q&acp=2.828999&3c=http://track1000.pubmatic.com/AdServer/AdDisplayTrackerServlet?clickData=RGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA==_url=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie4;abr=!ie5;sz=300x250;ord=4368258591177512398?
http://ad.doubleclick.net/adi/N5552.152304.TRADINGDESK/B5035357.75;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzyhvAYAbwABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/;
http://ad.doubleclick.net/adj/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzyhvAYAbwABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/;
http://segments.adap.tv/data/?p=cadreon&type=gif&segment=11&add=true
http://segments.adap.tv/data/?p=cadreon&type=gif&segment=12&add=true

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 22 Mar 2011 12:42:40 GMT
Set-Cookie: uid=8392341830659049202; Domain=.turn.com; Expires=Fri, 16-Sep-2011 12:42:40 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=yIwFGXG_ONNXYT9KVa7ARgYdhMdutDjUYx3YtxoIw_Nh-L3XcPmT4hHXOQgApIlYh1NXgtHFGzzHzNFmm-KzX4g90G1H2vpZoNOb9achAhCIt1gxQlepUlp4ml3sdNG97MDefgoTZqF-bd3v_Qfs6OEZRtFGqduPVkD_gkg8VfV0ExsZAquLx2WiGNWvrnUs66TrumjmrgmOt_6bhgpouBxkPuTLEr5IiK0NPDoDdGZ4Jv2wOThiY_xtrMTwfOMAaAyMOd4uGF3MC-CGXX4vMW1u4GqmTEyg7jKVZpHKQe_PD4Xt-Js7qCjW6RNzUibJvhpXhsNU9dle8CO-Yq58yguZYY-JrvoL-qJXZJ1yuPxYvM25ZoHa0yz0_GF1-k26H27SKaSCTrWZJYQAanRpUp6-8ItWMu0zx8opffmAg80Q2NcoZq2DmOiL11Y1aSDa0Eax0_okMfml7XV2gTBl7_RilTlv7STTUt74jXnFmkxXmw30aAMs65cz_bx2zPbI-_ewAyRcl8PlkxKSnlGjeIn_EmNzOs9qkghvEthcqEgT7mtD-WyULU_RZ6fVg1KoOEsanzEgq58e7v0MXv-Zt5X_BsIvcSN0BmMTK-BlFS0PB-14JrUhoFLPnz5aKcvNvGRasNivyUiC-5nZMh1vJRLdlT7zaGlPa6bZSrikfyuR1XYHjyrzNA4VOnu-u85G7MDefgoTZqF-bd3v_Qfs6Ea-nsCtv-M0FVyWmgTaYJR0ExsZAquLx2WiGNWvrnUskfkh1c6UGWIS5N3Qjcruf8kSTz_yj_0xSYdw0Z1SFxELVM3uUWyLgHu6saG6i5Ps9kP5ppIhskAoCcoCTrAghAXlpwfxpWQdK7j4LVji2FWvMv2YxyHmLdaNustJLe4wL8t9STRgxor-Wv7_2JAlU0GifQpKlSlg2JPncxaZQ7oV42htM5jx1YoospMm3LO2H27SKaSCTrWZJYQAanRpUjDmKTcPQFqbSQ5GlElX4-OPXp3pozvJlBPwzvc_9CbX0Eax0_okMfml7XV2gTBl77zbnfMNJ_ejhUj1ijcB8BL3D5kPD76YDvIMjmnYUSqxo0veabwYiVBq7X_zb-YZYDMB1dlAsjcT9rVrLvj2jmV-EF7DnzPm9aZLOC1nQbZtlKVwFIz0fG1Bs_b6nhyhEpX_BsIvcSN0BmMTK-BlFS19ozX7FlWqx06TTt3zJMoidpDfoquYgeQVRQJMAHbPN_WiDC-9tPc3fXOMseuvq--K-zgO7NoLM_jmXGcGtU327MDefgoTZqF-bd3v_Qfs6Oxkijh9oVlxu6lBUms7z7J0ExsZAquLx2WiGNWvrnUsOVVvRY4AYRs50cGAbbAbGGZruOvapKdVErBX-QzpM90LVM3uUWyLgHu6saG6i5PswizSddZ377EjzJLxqJ-wIAtUze5RbIuAe7qxobqLk-waC6VbWziYzPzZYEsPOu6lBeWnB_GlZB0ruPgtWOLYVaXIseB1coQlNcUX8Tx6_BWmnIkrQMYyVV001NYeCx77QaJ9CkqVKWDYk-dzFplDup26fxxLi0cDamgwCGuPcFIfbtIppIJOtZklhABqdGlSn6tci3W8cVUumNv4e6Jsa79AYoCcuZQevJby7J8Rci2VoAtiLlGBIkVRKX8ZT8khpXgXWxiDfl7mMS75UiObs_cPmQ8PvpgO8gyOadhRKrH_e4sHVLWOIoaoYniTq0h_lC4l-GnLAeLfqIKDfL1UZJOz-o9DYD-roxjsJC1eyvS4MvbBsZIJDa4a_Eok4G_ulf8Gwi9xI3QGYxMr4GUVLY4zgboL1tHVOdRw6zHxG63JnlvqvTZp82d7AV1or2dUK-LG9BtoUFPBV0w0XjD81z84BWQWwTt_7VJ9kV3Yk0vswN5-ChNmoX5t3e_9B-zoL3LJqasE_Q8FVpKlHghtGXQTGxkCq4vHZaIY1a-udSzFgmY8QOetcaJ-cMDdy9pPjCYOHG27Q3GmZasY4qTHgwtUze5RbIuAe7qxobqLk-z2XHJXrFoSqU-vGEg4zU6PBeWnB_GlZB0ruPgtWOLYVUnc1s8GqvB0YPXoEkPp5nPmTrwiyoeHjcg_nRv07nfyaPBk4OYUvCvkVVAnHSDIbqD8NBes3o-Ce0dMzjVRBgYfbtIppIJOtZklhABqdGlScNkaD9ey5GwOXFSxSucsLViMOoBgvjVPmppZou5G5Oz1u2jaCL-G-9iQxe-i1zj0BHqNpdRWaYXKfEufY1_jM_cPmQ8PvpgO8gyOadhRKrH7GlnJshzgtoHSy0JW6hjS0Y71Gya6aNjlY8hGPjk2YaJDuoGirKaIGqy2d0dleyw2pQa3XTHbwOpyCpUheA7AFrTqbfLoyl3J8Nk85ayOjY1oNWlujSGtPqbH4Mc-ck9NK-xgSqFnQ4dK42nvQGsEC1BX8VG4DvOOTZvBGdh3W1l0dXhBHCfFaURcg86EWtLlFbsvCmEPdz0GvB-V7jB5awi2yagXokGer-T3duHYImsItsmoF6JBnq_k93bh2CJrCLbJqBeiQZ6v5Pd24dgi0fy9yH3cJpXYWOo6nSGwttH8vch93CaV2FjqOp0hsLaOT-BQHXXH-uznhhEs9x_Sw0tfzF6HcwwheEdKac2B-sNLX8xeh3MMIXhHSmnNgfoM2KaPI-sR5WE58gV6S3h5xnv5U9q3RmUdEcfcdtut4fcJCZU_BttKMXTDyrBfshtsU5_j_mocn2P_zfZY4qmabFOf4_5qHJ9j_832WOKpmug_cxXaULqo5K_--uRzgNIR8R--H-SzG21IeFe3_WqV2oTj14ksQ27ZtJZzx1gXZNqE49eJLENu2bSWc8dYF2TahOPXiSxDbtm0lnPHWBdk9C_Pu3wPYr2A_3dDgXogwmd09iZDTMtxv05d2hJrzm1ndPYmQ0zLcb9OXdoSa85tfCWfACzyR22c78m9rm0opXwlnwAs8kdtnO_Jva5tKKWGDrBTI6MoEsB4IrTcND0RHO90Ba4DNelbdwYVufELDtX6BfAY2sgFWzSh0EbYcfTBpmpd9hwiXKZXJsWFQCQVBsjiFrNHSK-_Gebf3rUW-DiUdeTQauTko8JT6bU5H7U4lHXk0Grk5KPCU-m1OR-1OJR15NBq5OSjwlPptTkftTiUdeTQauTko8JT6bU5H7WBDZuAVb1fiTqGwbz13XI0gQ2bgFW9X4k6hsG89d1yNIENm4BVvV-JOobBvPXdcjQoc_EAqGm2Vr9TWaHYU9GddhjhUYi9yiSqjz4yirqEtiAqptJsyQVI9zPJ_EVQb2i-PQC9ET8YNkY6cuXcGCAhqf1MrHd4wjjnlzZT7-OanKn9TKx3eMI455c2U-_jmpyp_Uysd3jCOOeXNlPv45qc4FfPONitGRcGxKttYjNpmYIlBZfRYA7Tno9giphEEaGCJQWX0WAO056PYIqYRBGhxo3TegpnNfA0YZyu_rcByep30ZvJV6vlji6z2sRrikTqd9GbyVer5Y4us9rEa4pE6nfRm8lXq-WOLrPaxGuKROp30ZvJV6vlji6z2sRrikRAeKyhQvuA1Am1Hf99RKswWh2QKPH2KLJ2oGR8lOZM1ANe8zLs_kHddS6hlrOxdDk; Domain=.turn.com; Expires=Fri, 16-Sep-2011 12:42:40 GMT; Path=/
Set-Cookie: fc=m5RiL1vO1RqpbeR06rDSQdi-P9L6OOiujCMMWa_OuuTBhSQ9y8oNWj2jHjllm2qL9SGC6KvWqijMODBe-PTw-vU2npYFHN-QFxss5iBZjoo0A7iP8ARnu5R4osC1ayLKRfOX1MD02-o6SZ1b0c_HcdJnnDxsS-ubYBpridlzat8; Domain=.turn.com; Expires=Fri, 16-Sep-2011 12:42:40 GMT; Path=/
Set-Cookie: pf=Jd1kXf3m4CvakOPnkhxyiBgeT54GpsYPK4MHyiMybC4gFjeMd3kmKZT55Ypg5r9L3EOz12FQ-uNCAdfU7PD5Wkp-Orrqozj3BCOMbMIkasA5AgPo6YSdwT3MDItRNsVTcovE94huridJuBPk0YijKO9TlgSlxQZrmzRRzeKacbL6GKdXH5UwUKfOLcy0VcYQruMvoxOUF9diy9mNGQhlq2JtMCQ7lVq-hyJTdbqiW3DoxS652rZ4yALKekpvWmMPcz_D1A7UZdU-C4yxPwlGbTPa39d2XxGIybmmwFXlboOK1lqrs-ez7riUogPhhxgdLjdsuNkt4kilIGPDdZFqTDxcQoXd5M_X9_PRQ49Ytla1lpuVo27yABVSuxB-u3ZG0p4_mcPekRR39c8F2gKW8gNrvrHStmZqKyXyPYTcZqLGhGX7RT3sasDtmLoxu3GEsHGwkDF76-hjSCoANLicpcMQ0hGgE0Z3MU9PLDig9hx7K-2H7d7c401PVwgyIrDAG7ySaBAXZRf4sBmLP5WLg4CEJ0dOxjsRR8Pz88E6zXZ5pfjSLF7a93-Dg8KdE2uA4jtF0Bb6HP0QLqH7z3cWrAlc0sTt939bCxraXAuBqiXjg5K98Qt4G3KrZaFnMjwwL59sTCW_yVCgn2KZHtwwc_L5lem7W3ab54Dfse3tW8rWOxEtBTjdIFdbBTXS7s9G89E7LxmTNw2SS8CZLarLGvd7dCPvCGckYs7tpHOd2E5V7lqy-7Ifd1e0FiUzQ16ledghu_4tIGwvFiG2FVwrZMdMCO4KO-3ucQr2lmoU5z6fTnKKKyaYUpAZvGhHq5b6Lm9YkKQoZc-aYtdal0jXRZoOlGDcIPyHaWyPhpX3BTji5FKHM9LdERx7h_JxDFFn2JMPd782uBBQwvI9a2Zqvc02000rpaW__bSfqt8hfV8OrOabXNqyQL3_oJgh3ZKwFh3f5Y5KtIvFYHTUuAytKKL5za2o_8t9mYcO2EtYyGlYqXooYa1h3WFAwaFMVeZ3MNKOvsZ_neR7vB3FgAbmNXDKcOZrhw0Vgy6fST-VOgQTQnWhkwBbDpUeoIaXzjhU4Q5sFFyY7gYaWoDLySHXlo1ffNWVz7UEQW1NpINmSsOnTvY9_7BawSDWTKZMo_1imyLi2tPI1oo-o09_IJsH7AmkDlbdo5Nbl-8VrqJWsNMvnqaB8cNQu2Wuc9QMWNcOZ-4dnCdNf8QSGwGEu-9b9pbPeWt0Shi-R6junPcdLvGLFQOVNlMxUXa_emQvVKP8E0h6ICwfrRymwUIbtSR9F5tXkH_Ks47vlfXtW_WL_MardlQbZQY9c7dkIBGuNrg5Mc5gn6ZlcIYufHW-xFM0SVKYmkh3Ak_uFdBP8dSQujlmGGG10bAL953SS0rCyYCab1Crak338ET_hkm4WC65Ws9JsgfSpyPx0haE0ybXsp0Bwr6W_-M2ZYOpYr4LqM2HKExeIiG0FjnK52Zq8COPwLcxqEf0QVtcgYljFzopq3VDVi3n1JVa5uwc4d3D-j9K-SiC1LCMvHaMGTQa3m7kgqk8sefG6GGrltSH-snHclT7jx9mmcbv5kmzGYVtLPRW; Domain=.turn.com; Expires=Fri, 16-Sep-2011 12:42:40 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 12:42:39 GMT
Content-Length: 11395

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
oncept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;

document.write('\n\n\n    \n\n     \n    \n        \n        \n    \n\n\n\n\n\n\n        \n        \n        \n                \n                \n            \n                \n                <IFRAME SRC="http://ad.doubleclick.net/adi/N5552.152304.TRADINGDESK/B5035357.75;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzyhvAYAbwABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/;" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzyhvAYAbwABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/;">\n</SCRIPT>
...[SNIP]...
TkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/http://ad.doubleclick.net/jump/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie4;abr=!ie5;sz=300x250;ord=4368258591177512398?">\n<IMG SRC="http://ad.doubleclick.net/ad/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie4;abr=!ie5;sz=300x250;ord=4368258591177512398?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<img border="0" src="http://r.turn.com/r/beacon?b2=1nQDmgx-ioCVF-rYXxu_HoBa_2gfzWMwdYEyIOrBROq03_Y86yLq7uu3PPVLuSSsBeNZcjtgqDuPA_-FABFnjw&cid="> \n                    <img height="1" width="1" style="border-style:none;" alt="" src="http://segments.adap.tv/data/?p=cadreon&type=gif&segment=11&add=true"/> \n                    <img height="1" width="1" style="border-style:none;" alt="" src="http://segments.adap.tv/data/?p=cadreon&type=gif&segment=12&add=true"/> \n                </span>
...[SNIP]...

1.66. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?KnKABBt0GAAyz4UAAAAAAKwUIgAAAAAAAgAAAAYAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAABBtywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAASOF6FK5H9D9I4XoUrkf0PzMzMzMzM.8.MzMzMzMz.z8AAAAAAAAKQAAAAAAAAApAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3L--oUODOCQ2GUYTDE8B7CXQaUTsKgNAeJyW0AAAAAA==,,http%3A%2F%2Fbuzzya.com%2F,Z%3D728x90%26s%3D1602587%26_salt%3D483929992%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252F%26r%3D0,db8cfe30-52f2-11e0-8af9-003048d6d232

The response contains the following link to another domain:

http://ad.doubleclick.net/ad/oiq.rmx/;otp=11382;tile=1;sz=728x90;ord=123456789?

Request

GET /iframe3?KnKABBt0GAAyz4UAAAAAAKwUIgAAAAAAAgAAAAYAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAABBtywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAASOF6FK5H9D9I4XoUrkf0PzMzMzMzM.8.MzMzMzMz.z8AAAAAAAAKQAAAAAAAAApAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3L--oUODOCQ2GUYTDE8B7CXQaUTsKgNAeJyW0AAAAAA==,,http%3A%2F%2Fbuzzya.com%2F,Z%3D728x90%26s%3D1602587%26_salt%3D483929992%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252F%26r%3D0,db8cfe30-52f2-11e0-8af9-003048d6d232 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; ih="b!!!!J!%?RR!!!!%<rmMo!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1/]r!!!!#<rm6l!104d!!!!#<qn]E"; vuday1=1[Y'GI7PHz4d=[k!3w>80s=F:; liday1=!!o(=!3w>8dJn]d; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:06:25 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0321.2rm.ac4
Set-Cookie: ih="b!!!!K!%?RR!!!!%<rmMo!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; path=/; expires=Tue, 19-Mar-2013 13:06:25 GMT
Set-Cookie: vuday1=1[Y'GI7PHz4d=[k1[Y'G!3w>8TKT1*; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=!!o(=9.<FK!3w>8MNH=_; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:06:25 GMT
Pragma: no-cache
Content-Length: 1597
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(8769330);}
</script><!-- begin ad ta
...[SNIP]...
gA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2F,http://ad.doubleclick.net/jump/oiq.rmx/;otp=11382;tile=1;sz=728x90;u=rmxli_2930497|surl_http://buzzya.com/|pr_3.2500|pid_298720;ord=123456789?" target="_blank" ><img src="http://ad.doubleclick.net/ad/oiq.rmx/;otp=11382;tile=1;sz=728x90;ord=123456789?" border="0" alt="" /></a>
...[SNIP]...

1.67. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?KnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAA9yhcj8L12D.3KFyPwvXYPzQzMzMzM-M.NDMzMzMz4z80MzMzMzPjPzQzMzMzM-M.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABesxCRluDOCViSxm-ZYl7hHK-ojY2ZD-xTzD1fAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fplus-five%2F,Z%3D300x250%26s%3D1602587%26_salt%3D2720804788%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%26r%3D0,056ecbb6-52f3-11e0-8afa-003048d6d386

The response contains the following link to another domain:

http://ad.turn.com/server/ads.htm?&pub=2701141&code=5711646&cch=5711644&l=300x250&nonjs=1&sli=1989695&bli=1320666&exPub=298720&city=Dallas&acp=0.6000&rnd=1300626455&3c=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B510576aa26d330cd%253B12ed360bc30%2C0%253B%253B%253B1101847734%2CKnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMLxg0y4BAAAAAAAAADA1NmVjYmI2LTUyZjMtMTFlMC04YWZhLTAwMzA0OGQ2ZDM4NgA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252Fcategory%252Fplus%2Dfive%252F%2C&url=http%3A%2F%2Fbuzzya%2Ecom%2Fcategory%2Fplus%2Dfive%2F

Request

GET /iframe3?KnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAA9yhcj8L12D.3KFyPwvXYPzQzMzMzM-M.NDMzMzMz4z80MzMzMzPjPzQzMzMzM-M.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABesxCRluDOCViSxm-ZYl7hHK-ojY2ZD-xTzD1fAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fplus-five%2F,Z%3D300x250%26s%3D1602587%26_salt%3D2720804788%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%26r%3D0,056ecbb6-52f3-11e0-8afa-003048d6d386 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; lifb=8RJCHJ9E=%/(+W2; bh="b!!!%#!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!-?2!!!!*<pN)4!!-L3~~!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!04Z!!!!#<qgdp!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; liday1=8eD/s!!o(>9.<FK!3w>8aFdf(; ih="b!!!!P!%?RR!!!!'<rmNX!%?Rl!!!!%<rmNX!%?m7!!!!#<p]i+!'4A7!!!!%<rmNV!'4A9!!!!%<rmNV!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X3!!!!#<rmNa!1/X6!!!!$<rmNa!1/]r!!!!$<rmN1!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; vuday1=[cdPD1[Y'GI7PHz4d=[m1[Y'G!3w>8qxtPy; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:07:35 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0795.2rm.ac4
Set-Cookie: ih="b!!!!Q!%?RR!!!!'<rmNX!%?Rl!!!!%<rmNX!%?m7!!!!#<p]i+!'4A7!!!!%<rmNV!'4A9!!!!%<rmNV!(4uP!!!!#<p^*H!(^yZ!!!!#<rmNa!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X3!!!!#<rmNa!1/X6!!!!$<rmNa!1/]r!!!!$<rmN1!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; path=/; expires=Tue, 19-Mar-2013 13:07:35 GMT
Set-Cookie: vuday1=[cdPD1[Y'GI7PHz4d=[m1[Y'G!3w>8qxtPy; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!-!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!([!!v#F#IxPE!$Wiw!(^yZ!#PIK!!!%%!?5%!$px$-!w1K*!%0]Y!%7E2!$/h8~~~~~<rmNa~~"; path=/; expires=Tue, 19-Mar-2013 13:07:35 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=8eD/s!!o(>l-VP:9.<FK!3w>8mME=-; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:07:35 GMT
Pragma: no-cache
Content-Length: 1043
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(3489644);}
</script><iframe name="turn_ad_call_frame" width="300" height="250" frameborder="0" src="http://ad.turn.com/server/ads.htm?&pub=2701141&code=5711646&cch=5711644&l=300x250&nonjs=1&sli=1989695&bli=1320666&exPub=298720&city=Dallas&acp=0.6000&rnd=1300626455&3c=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B510576aa26d330cd%253B12ed360bc30%2C0%253B%253B%253B1101847734%2CKnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMLxg0y4BAAAAAAAAADA1NmVjYmI2LTUyZjMtMTFlMC04YWZhLTAwMzA0OGQ2ZDM4NgA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252Fcategory%252Fplus%2Dfive%252F%2C&url=http%3A%2F%2Fbuzzya%2Ecom%2Fcategory%2Fplus%2Dfive%2F" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no"></iframe>
...[SNIP]...

1.68. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAUW9GzVfJwT.2KFyPwvXYPwb6RJ4kXcs.MzMzMzMz4z-wJeSDns3WPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwVkO2l-DOCTGCXHbDfz0sufUj6vM0J-hwZAb8AAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fsports%2F,Z%3D300x250%26s%3D1602587%26_salt%3D796290819%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fsports%252F%26r%3D0,05b66e62-52f3-11e0-ba04-003048d6d066

The response contains the following link to another domain:

http://ad.doubleclick.net/ad/oiq.rmx/;otp=11042;tile=1;sz=300x250;ord=123456789?

Request

GET /iframe3?KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAUW9GzVfJwT.2KFyPwvXYPwb6RJ4kXcs.MzMzMzMz4z-wJeSDns3WPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwVkO2l-DOCTGCXHbDfz0sufUj6vM0J-hwZAb8AAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fsports%2F,Z%3D300x250%26s%3D1602587%26_salt%3D796290819%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fsports%252F%26r%3D0,05b66e62-52f3-11e0-ba04-003048d6d066 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; lifb=8RJCHJ9E=%/(+W2; bh="b!!!%#!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!-?2!!!!*<pN)4!!-L3~~!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!04Z!!!!#<qgdp!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; liday1=8eD/s!!o(>9.<FK!3w>8aFdf(; ih="b!!!!O!%?RR!!!!'<rmNX!%?Rl!!!!%<rmNX!%?m7!!!!#<p]i+!'4A7!!!!%<rmNV!'4A9!!!!%<rmNV!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!$<rmNa!1/]r!!!!$<rmN1!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; vuday1=[cdPD1[Y'GI7PHz4d=[m1[Y'G!3w>8qxtPy; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

1.69. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?qkaAABt0GAAyZScAAAAAALO6DQAAAAAAAgAIAAIAAAAAAP8AAAABCXmeHQAAAAAAtXkMAAAAAAAGchMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAFz.G3LWE2z8RWDm0yHbmP2C6SQwCK-U.SOF6FK5H8T-lcD0K16PxP83MzMzMzPw.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADu5FtsaeDOCYv3sRvSxprwnHoEirIo4nNC5D0hAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2F,Z%3D300x250%26s%3D1602587%26_salt%3D1181274879%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252F%26r%3D0,ea4ce35e-52f2-11e0-b423-003048d6d168

The response contains the following link to another domain:

http://content.yieldmanager.edgesuite.net/atoms/1e/76/1e767ba8693eab4c949153da36f873bb.js

Request

GET /iframe3?qkaAABt0GAAyZScAAAAAALO6DQAAAAAAAgAIAAIAAAAAAP8AAAABCXmeHQAAAAAAtXkMAAAAAAAGchMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAFz.G3LWE2z8RWDm0yHbmP2C6SQwCK-U.SOF6FK5H8T-lcD0K16PxP83MzMzMzPw.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADu5FtsaeDOCYv3sRvSxprwnHoEirIo4nNC5D0hAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2F,Z%3D300x250%26s%3D1602587%26_salt%3D1181274879%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252F%26r%3D0,ea4ce35e-52f2-11e0-b423-003048d6d168 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; liday1=!!o(>9.<FK!3w>8!0fWe; lifb=8RJCHJ9E=%/(+W2; ih="b!!!!M!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!#<rmN+!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; vuday1=[cdPCI7PHz4d=[l1[Y'G!3w>8Lq`:R; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:06:49 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0706.2rm.ac4
Set-Cookie: ih="b!!!!N!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!'4A7!!!!#<rmN1!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!#<rmN+!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; path=/; expires=Tue, 19-Mar-2013 13:06:49 GMT
Set-Cookie: vuday1=[cdPDI7PHz4d=[l1[Y'G!3w>8]+$lp; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:06:49 GMT
Pragma: no-cache
Content-Length: 327
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(2581810);}
</script><HTML>
<SCRIPT src='http://content.yieldmanager.edgesuite.net/atoms/1e/76/1e767ba8693eab4c949153da36f873bb.js'></SCRIPT>
...[SNIP]...

1.70. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?qkaAABt0GAB4wYMAAAAAAGOFIQAAAAAAAgAEAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAABDCiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAAAAAAAAAAAAAAEA9KCLqPwAAAAAAAAAAAACAVkYa9D8AAAAAAAAAAAAAwPKPwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhymQ8YuDOCRUFtY7Db1JM.z9f1WkTONKzERUkAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Ffriday-link-drop-9%2F,Z%3D300x250%26s%3D1602587%26_salt%3D1250101646%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252Ffeatured%252Ffriday-link-drop-9%252F%26r%3D0,e64bcd38-52f2-11e0-a664-003048d70576

The response contains the following link to another domain:

http://ad.doubleclick.net/ad/oiq.rmx/;otp=10932;tile=1;sz=300x250;ord=123456789?

Request

GET /iframe3?qkaAABt0GAB4wYMAAAAAAGOFIQAAAAAAAgAEAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAABDCiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAAAAAAAAAAAAAAEA9KCLqPwAAAAAAAAAAAACAVkYa9D8AAAAAAAAAAAAAwPKPwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhymQ8YuDOCRUFtY7Db1JM.z9f1WkTONKzERUkAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Ffriday-link-drop-9%2F,Z%3D300x250%26s%3D1602587%26_salt%3D1250101646%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252Ffeatured%252Ffriday-link-drop-9%252F%26r%3D0,e64bcd38-52f2-11e0-a664-003048d70576 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; ih="b!!!!K!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; vuday1=[cdPBI7PHz4d=[k1[Y'G!3w>8/WwDa; liday1=!!o(>9.<FK!3w>8!0fWe; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:06:43 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0915.2rm.ac4
Set-Cookie: ih="b!!!!L!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; path=/; expires=Tue, 19-Mar-2013 13:06:43 GMT
Set-Cookie: vuday1=[cdPCI7PHz4d=[k1[Y'G!3w>8WsZ:e; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: lifb=8RJCHJ9E=%/(+W2; path=/; expires=Sun, 20-Mar-2011 14:21:43 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:06:43 GMT
Pragma: no-cache
Content-Length: 1748
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(8634744);}
</script><!-- begin ad ta
...[SNIP]...
%2F,http://ad.doubleclick.net/jump/oiq.rmx/;otp=10932;tile=1;sz=300x250;u=rmxli_2886211|surl_http://www.therugged.com/featured/friday-link-drop-9/|pr_0.0000|pid_298720;ord=123456789?" target="_blank" ><img src="http://ad.doubleclick.net/ad/oiq.rmx/;otp=10932;tile=1;sz=300x250;ord=123456789?" border="0" alt="" /></a>
...[SNIP]...

1.71. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?qkaAABt0GABXJh8AAAAAAArUCQAAAAAAAAAAAAYAAAAAAA0AAQABCXmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjY8vVKW5z8NAiuHFtnwP7-fGi.dJPI.7FG4HoXr-T8.CtejcD3-P5qZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADCImL0YODOCdGDK9GnwdaAnPpH7qYYhGXawbabAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Ffriday-link-drop-9%2F,Z%3D728x90%26s%3D1602587%26_salt%3D1089396366%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252Ffeatured%252Ffriday-link-drop-9%252F%26r%3D0,e56df6d4-52f2-11e0-8af6-003048d6d61e

The response contains the following link to another domain:

http://imp.fetchback.com/serve/fb/adtag.js?tid=6436&type=lead&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B3348ad76d1b69cc3%253B12ed35fe792%2C0%253B%253B%253B2273949687%2CqkaAABt0GABXJh8AAAAAAArUCQAAAAAAAAAAAAYAAAAAAA0AAQABCXmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAkedf0y4BAAAAAAAAAGU1NmRmNmQ0LTUyZjItMTFlMC04YWY2LTAwMzA0OGQ2ZDYxZQA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fwww%2Etherugged%2Ecom%252Ffeatured%252Ffriday%2Dlink%2Ddrop%2D9%252F%2C

Request

GET /iframe3?qkaAABt0GABXJh8AAAAAAArUCQAAAAAAAAAAAAYAAAAAAA0AAQABCXmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjY8vVKW5z8NAiuHFtnwP7-fGi.dJPI.7FG4HoXr-T8.CtejcD3-P5qZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADCImL0YODOCdGDK9GnwdaAnPpH7qYYhGXawbabAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Ffriday-link-drop-9%2F,Z%3D728x90%26s%3D1602587%26_salt%3D1089396366%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252Ffeatured%252Ffriday-link-drop-9%252F%26r%3D0,e56df6d4-52f2-11e0-8af6-003048d6d61e HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; ih="b!!!!K!%?RR!!!!%<rmMo!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; vuday1=1[Y'GI7PHz4d=[k1[Y'G!3w>8TKT1*; liday1=!!o(=9.<FK!3w>8MNH=_; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:06:41 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad1135.2rm.ac4
Set-Cookie: ih="b!!!!K!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; path=/; expires=Tue, 19-Mar-2013 13:06:41 GMT
Set-Cookie: vuday1=[cdPBI7PHz4d=[k1[Y'G!3w>8/WwDa; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=!!o(>9.<FK!3w>8!0fWe; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:06:41 GMT
Pragma: no-cache
Content-Length: 795
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(2041431);}
</script><script language='javascript' type='text/javascript' src='http://imp.fetchback.com/serve/fb/adtag.js?tid=6436&type=lead&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B3348ad76d1b69cc3%253B12ed35fe792%2C0%253B%253B%253B2273949687%2CqkaAABt0GABXJh8AAAAAAArUCQAAAAAAAAAAAAYAAAAAAA0AAQABCXmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAkedf0y4BAAAAAAAAAGU1NmRmNmQ0LTUyZjItMTFlMC04YWY2LTAwMzA0OGQ2ZDYxZQA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fwww%2Etherugged%2Ecom%252Ffeatured%252Ffriday%2Dlink%2Ddrop%2D9%252F%2C'></script>
...[SNIP]...

1.72. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?KnKABBt0GAA-Jh8AAAAAAMmOHwAAAAAAAAAAAAIAAAAAAAMAAwABCXmeHQAAAAAAtXkMAAAAAABAjCkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAaZHtfD812j9pke18PzXaPylcj8L1KOQ.KVyPwvUo5D.NzMzMzMzwP83MzMzMzPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABpSavXj-DOCRzs9Pio4F71JSJEg.dGw-eNaOdqAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Ftech%2F,Z%3D300x250%26s%3D1602587%26_salt%3D976618604%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Ftech%252F%26r%3D0,01014b1c-52f3-11e0-b53a-003048d669d4

The response contains the following link to another domain:

http://imp.fetchback.com/serve/fb/adtag.js?tid=6438&type=mrect&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253Bcc03ec5ffa2b29e4%253B12ed3609d48%2C0%253B%253B%253B102709154%2CKnKABBt0GAA%2DJh8AAAAAAMmOHwAAAAAAAAAAAAIAAAAAAAMAAwABCXmeHQAAAAAAtXkMAAAAAABAjCkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAASJ1g0y4BAAAAAAAAADAxMDE0YjFjLTUyZjMtMTFlMC1iNTNhLTAwMzA0OGQ2NjlkNAA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252Fcategory%252Ftech%252F%2C

Request

GET /iframe3?KnKABBt0GAA-Jh8AAAAAAMmOHwAAAAAAAAAAAAIAAAAAAAMAAwABCXmeHQAAAAAAtXkMAAAAAABAjCkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAaZHtfD812j9pke18PzXaPylcj8L1KOQ.KVyPwvUo5D.NzMzMzMzwP83MzMzMzPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABpSavXj-DOCRzs9Pio4F71JSJEg.dGw-eNaOdqAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Ftech%2F,Z%3D300x250%26s%3D1602587%26_salt%3D976618604%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Ftech%252F%26r%3D0,01014b1c-52f3-11e0-b53a-003048d669d4 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; liday1=!!o(>9.<FK!3w>8!0fWe; lifb=8RJCHJ9E=%/(+W2; ih="b!!!!O!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!'4A7!!!!%<rmNV!'4A9!!!!%<rmNV!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!#<rmN+!1/]r!!!!$<rmN1!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; vuday1=[cdPD1[Y'GI7PHz4d=[m1[Y'G!3w>8qxtPy; bh="b!!!%#!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!-?2!!!!*<pN)4!!-L3~~!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!04Z!!!!#<qgdp!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:07:27 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad1330.2rm.ac4
Set-Cookie: ih="b!!!!O!%?RR!!!!'<rmNX!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!'4A7!!!!%<rmNV!'4A9!!!!%<rmNV!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!#<rmN+!1/]r!!!!$<rmN1!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; path=/; expires=Tue, 19-Mar-2013 13:07:27 GMT
Set-Cookie: vuday1=[cdPD1[Y'GI7PHz4d=[m1[Y'G!3w>8qxtPy; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=8eD/r!!o(>9.<FK!3w>8kHM^c; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:07:27 GMT
Pragma: no-cache
Content-Length: 768
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(2041406);}
</script><script language='javascript' type='text/javascript' src='http://imp.fetchback.com/serve/fb/adtag.js?tid=6438&type=mrect&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253Bcc03ec5ffa2b29e4%253B12ed3609d48%2C0%253B%253B%253B102709154%2CKnKABBt0GAA%2DJh8AAAAAAMmOHwAAAAAAAAAAAAIAAAAAAAMAAwABCXmeHQAAAAAAtXkMAAAAAABAjCkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAASJ1g0y4BAAAAAAAAADAxMDE0YjFjLTUyZjMtMTFlMC1iNTNhLTAwMzA0OGQ2NjlkNAA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252Fcategory%252Ftech%252F%2C'></script>
...[SNIP]...

1.73. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?qkaAABt0GAA0ZScAAAAAALO6DQAAAAAAAgAIAAYAAAAAAP8AAAABCXmeHQAAAAAAtXkMAAAAAAAGchMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAFz.G3LWE2z8RWDm0yHbmP2C6SQwCK-U.SOF6FK5H8T-lcD0K16PxP83MzMzMzPw.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACVVRtfaeDOCedv6r-OQrGz3DpvjTjKic0z2v78AAAAAA==,,http%3A%2F%2Fwww.therugged.com%2F,Z%3D728x90%26s%3D1602587%26_salt%3D2529262999%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252F%26r%3D0,ea7cbbf6-52f2-11e0-a172-003048d6d5de

The response contains the following link to another domain:

http://content.yieldmanager.edgesuite.net/atoms/11/75/1175ac11c3e9b6e2af69996ddbb8a325.js

Request

GET /iframe3?qkaAABt0GAA0ZScAAAAAALO6DQAAAAAAAgAIAAYAAAAAAP8AAAABCXmeHQAAAAAAtXkMAAAAAAAGchMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAFz.G3LWE2z8RWDm0yHbmP2C6SQwCK-U.SOF6FK5H8T-lcD0K16PxP83MzMzMzPw.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACVVRtfaeDOCedv6r-OQrGz3DpvjTjKic0z2v78AAAAAA==,,http%3A%2F%2Fwww.therugged.com%2F,Z%3D728x90%26s%3D1602587%26_salt%3D2529262999%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252F%26r%3D0,ea7cbbf6-52f2-11e0-a172-003048d6d5de HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; liday1=!!o(>9.<FK!3w>8!0fWe; lifb=8RJCHJ9E=%/(+W2; ih="b!!!!N!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!'4A7!!!!#<rmN1!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!#<rmN+!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; vuday1=[cdPDI7PHz4d=[l1[Y'G!3w>8]+$lp; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:06:49 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad1307.2rm.ac4
Set-Cookie: ih="b!!!!O!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!'4A7!!!!#<rmN1!'4A9!!!!#<rmN1!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!#<rmN+!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; path=/; expires=Tue, 19-Mar-2013 13:06:49 GMT
Set-Cookie: vuday1=[cdPEI7PHz4d=[l1[Y'G!3w>8mr.)N; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:06:49 GMT
Pragma: no-cache
Content-Length: 327
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(2581812);}
</script><HTML>
<SCRIPT src='http://content.yieldmanager.edgesuite.net/atoms/11/75/1175ac11c3e9b6e2af69996ddbb8a325.js'></SCRIPT>
...[SNIP]...

1.74. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAgAAAAYAAAAAAP8AAAABCHmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfI8Gb.tjOCUrprrxPD33NNXpvaMrAs.Da0NhMAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D225907243%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,7e71c7d4-52ee-11e0-ae4c-003048d6d3ac

The response contains the following link to another domain:

http://ad.doubleclick.net/ad/oiq.rmx/;otp=11047;tile=1;sz=728x90;ord=123456789?

Request

GET /iframe3?NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAgAAAAYAAAAAAP8AAAABCHmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfI8Gb.tjOCUrprrxPD33NNXpvaMrAs.Da0NhMAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D225907243%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,7e71c7d4-52ee-11e0-ae4c-003048d6d3ac HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; ih="b!!!!I!%?RR!!!!$<rm6l!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!104d!!!!#<qn]E"; vuday1=I7PHz!3w>8+87Sw; BX=6l13v316lnh2l&b=4&s=8i&t=47; liday1=!!o(<!3w>8I+R0c

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:35:11 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad1539.2rm.ac4
Set-Cookie: ih="b!!!!J!%?RR!!!!$<rm6l!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1/]r!!!!#<rm6l!104d!!!!#<qn]E"; path=/; expires=Tue, 19-Mar-2013 12:35:11 GMT
Set-Cookie: vuday1=I7PHz4d=[k!3w>8kY/*b; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 12:35:11 GMT
Pragma: no-cache
Content-Length: 1953
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(8689287);}
</script><!-- begin ad ta
...[SNIP]...
rmx/;otp=11047;tile=1;sz=728x90;u=rmxli_2904795|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;ord=123456789?" target="_blank" ><img src="http://ad.doubleclick.net/ad/oiq.rmx/;otp=11047;tile=1;sz=728x90;ord=123456789?" border="0" alt="" /></a>
...[SNIP]...

1.75. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?cLl-ABt0GABXJh8AAAAAAArUCQAAAAAAAAAAAAYAAAAAAA0AAQABCHmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjY8vVKW5z8NAiuHFtnwP7-fGi.dJPI.7FG4HoXr-T8.CtejcD3-P5qZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvvAOl.djOCUuT1BsThjs22HOeFbFpkZ8FEdeFAAAAAA==,,http%3A%2F%2Ftherugged.com%2F,Z%3D728x90%26s%3D1602587%26_salt%3D4236502337%26B%3D10%26u%3Dhttp%253A%252F%252Ftherugged.com%252F%26r%3D0,7e2442f2-52ee-11e0-b330-003048d56aa4

The response contains the following link to another domain:

http://imp.fetchback.com/serve/fb/adtag.js?tid=6436&type=lead&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253Bde8e87e7c08dcb01%253B12ed3430f73%2C0%253B%253B%253B3505910700%2CcLl%2DABt0GABXJh8AAAAAAArUCQAAAAAAAAAAAAYAAAAAAA0AAQABCHmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcw9D0y4BAAAAAAAAADdlMjQ0MmYyLTUyZWUtMTFlMC1iMzMwLTAwMzA0OGQ1NmFhNAA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Ftherugged%2Ecom%252F%2C

Request

GET /iframe3?cLl-ABt0GABXJh8AAAAAAArUCQAAAAAAAAAAAAYAAAAAAA0AAQABCHmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjY8vVKW5z8NAiuHFtnwP7-fGi.dJPI.7FG4HoXr-T8.CtejcD3-P5qZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvvAOl.djOCUuT1BsThjs22HOeFbFpkZ8FEdeFAAAAAA==,,http%3A%2F%2Ftherugged.com%2F,Z%3D728x90%26s%3D1602587%26_salt%3D4236502337%26B%3D10%26u%3Dhttp%253A%252F%252Ftherugged.com%252F%26r%3D0,7e2442f2-52ee-11e0-b330-003048d56aa4 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; ih="b!!!!N!%?RR!!!!#<pqk,!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!'cGC!!!!#<nQH-!'cKt!!!!$<nQH1!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,@lO!!!!#<nQHP!,@rl!!!!%<nQHf!,@s)!!!!#<nQHQ!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!104d!!!!#<qn]E"; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:35:10 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0824.2rm.ac4
Set-Cookie: ih="b!!!!I!%?RR!!!!#<pqk,!%?Rl!!!!$<rm6k!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!104d!!!!#<qn]E"; path=/; expires=Tue, 19-Mar-2013 12:35:10 GMT
Set-Cookie: vuday1=I7PHz!3w>8+87Sw; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=!!o(<!3w>8I+R0c; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 12:35:10 GMT
Pragma: no-cache
Content-Length: 749
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(2041431);}
</script><script language='javascript' type='text/javascript' src='http://imp.fetchback.com/serve/fb/adtag.js?tid=6436&type=lead&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253Bde8e87e7c08dcb01%253B12ed3430f73%2C0%253B%253B%253B3505910700%2CcLl%2DABt0GABXJh8AAAAAAArUCQAAAAAAAAAAAAYAAAAAAA0AAQABCHmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcw9D0y4BAAAAAAAAADdlMjQ0MmYyLTUyZWUtMTFlMC1iMzMwLTAwMzA0OGQ1NmFhNAA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Ftherugged%2Ecom%252F%2C'></script>
...[SNIP]...

1.76. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?cLl-ABt0GAA-Jh8AAAAAAArUCQAAAAAAAAAAAAIAAAAAABAAAQABCHmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjY8vVKW5z8NAiuHFtnwP7-fGi.dJPI.7FG4HoXr-T8.CtejcD3-P5qZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAByaQVT.djOCeig2-8jdUQ9vHVwhHXTwUaNnzTNAAAAAA==,,http%3A%2F%2Ftherugged.com%2F,Z%3D300x250%26s%3D1602587%26_salt%3D2466604242%26B%3D10%26u%3Dhttp%253A%252F%252Ftherugged.com%252F%26r%3D0,7e15f634-52ee-11e0-904f-003048d564ce

The response contains the following link to another domain:

http://imp.fetchback.com/serve/fb/adtag.js?tid=6438&type=mrect&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B8cf0969b0d70deb4%253B12ed34310c0%2C0%253B%253B%253B3725152111%2CcLl%2DABt0GAA%2DJh8AAAAAAArUCQAAAAAAAAAAAAIAAAAAABAAAQABCHmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAuRBD0y4BAAAAAAAAADdlMTVmNjM0LTUyZWUtMTFlMC05MDRmLTAwMzA0OGQ1NjRjZQBglCsAAAA%3D%2C%2Chttp%253A%252F%252Ftherugged%2Ecom%252F%2C

Request

GET /iframe3?cLl-ABt0GAA-Jh8AAAAAAArUCQAAAAAAAAAAAAIAAAAAABAAAQABCHmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjY8vVKW5z8NAiuHFtnwP7-fGi.dJPI.7FG4HoXr-T8.CtejcD3-P5qZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAByaQVT.djOCeig2-8jdUQ9vHVwhHXTwUaNnzTNAAAAAA==,,http%3A%2F%2Ftherugged.com%2F,Z%3D300x250%26s%3D1602587%26_salt%3D2466604242%26B%3D10%26u%3Dhttp%253A%252F%252Ftherugged.com%252F%26r%3D0,7e15f634-52ee-11e0-904f-003048d564ce HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; ih="b!!!!N!%?RR!!!!#<pqk,!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!'cGC!!!!#<nQH-!'cKt!!!!$<nQH1!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,@lO!!!!#<nQHP!,@rl!!!!%<nQHf!,@s)!!!!#<nQHQ!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!104d!!!!#<qn]E"; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:35:11 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0776.2rm.ac4
Set-Cookie: ih="b!!!!I!%?RR!!!!$<rm6l!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!104d!!!!#<qn]E"; path=/; expires=Tue, 19-Mar-2013 12:35:11 GMT
Set-Cookie: vuday1=I7PHz!3w>8+87Sw; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=!!o(<!3w>8I+R0c; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 12:35:11 GMT
Pragma: no-cache
Content-Length: 752
Content-Type: text/html
Age: 2
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(2041406);}
</script><script language='javascript' type='text/javascript' src='http://imp.fetchback.com/serve/fb/adtag.js?tid=6438&type=mrect&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B8cf0969b0d70deb4%253B12ed34310c0%2C0%253B%253B%253B3725152111%2CcLl%2DABt0GAA%2DJh8AAAAAAArUCQAAAAAAAAAAAAIAAAAAABAAAQABCHmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAuRBD0y4BAAAAAAAAADdlMTVmNjM0LTUyZWUtMTFlMC05MDRmLTAwMzA0OGQ1NjRjZQBglCsAAAA%3D%2C%2Chttp%253A%252F%252Ftherugged%2Ecom%252F%2C'></script>
...[SNIP]...

1.77. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?KnKABBt0GAA-Jh8AAAAAAArUCQAAAAAAAAAAAAIAAAAAAAoAAgABCXmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjY8vVKW5z8NAiuHFtnwP7-fGi.dJPI.7FG4HoXr-T8.CtejcD3-P5qZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHfRjwT-DOCXZVkMR3h8XN7fVBFkHuwZ70e0p-AAAAAA==,,http%3A%2F%2Fbuzzya.com%2F,Z%3D300x250%26s%3D1602587%26_salt%3D568724029%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252F%26r%3D0,db070fc8-52f2-11e0-9ed0-003048d56ba4

The response contains the following link to another domain:

http://imp.fetchback.com/serve/fb/adtag.js?tid=6438&type=mrect&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B0b4a8f1e26b5ba87%253B12ed35fa827%2C0%253B%253B%253B243984806%2CKnKABBt0GAA%2DJh8AAAAAAArUCQAAAAAAAAAAAAIAAAAAAAoAAgABCXmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAJ6hf0y4BAAAAAAAAAGRiMDcwZmM4LTUyZjItMTFlMC05ZWQwLTAwMzA0OGQ1NmJhNAA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252F%2C

Request

GET /iframe3?KnKABBt0GAA-Jh8AAAAAAArUCQAAAAAAAAAAAAIAAAAAAAoAAgABCXmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjY8vVKW5z8NAiuHFtnwP7-fGi.dJPI.7FG4HoXr-T8.CtejcD3-P5qZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHfRjwT-DOCXZVkMR3h8XN7fVBFkHuwZ70e0p-AAAAAA==,,http%3A%2F%2Fbuzzya.com%2F,Z%3D300x250%26s%3D1602587%26_salt%3D568724029%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252F%26r%3D0,db070fc8-52f2-11e0-9ed0-003048d56ba4 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; liday1=!!o(<!3w>8I+R0c; ih="b!!!!J!%?RR!!!!$<rm6l!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1/]r!!!!#<rm6l!104d!!!!#<qn]E"; vuday1=I7PHz4d=[k!3w>8kY/*b; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:06:24 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0771.2rm.ac4
Set-Cookie: ih="b!!!!J!%?RR!!!!%<rmMo!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1/]r!!!!#<rm6l!104d!!!!#<qn]E"; path=/; expires=Tue, 19-Mar-2013 13:06:24 GMT
Set-Cookie: vuday1=1[Y'GI7PHz4d=[k!3w>80s=F:; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=!!o(=!3w>8dJn]d; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:06:24 GMT
Pragma: no-cache
Content-Length: 746
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(2041406);}
</script><script language='javascript' type='text/javascript' src='http://imp.fetchback.com/serve/fb/adtag.js?tid=6438&type=mrect&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B0b4a8f1e26b5ba87%253B12ed35fa827%2C0%253B%253B%253B243984806%2CKnKABBt0GAA%2DJh8AAAAAAArUCQAAAAAAAAAAAAIAAAAAAAoAAgABCXmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAJ6hf0y4BAAAAAAAAAGRiMDcwZmM4LTUyZjItMTFlMC05ZWQwLTAwMzA0OGQ1NmJhNAA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252F%2C'></script>
...[SNIP]...

1.78. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAgAEAAYAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACuRBehYuDOCbD0Mw1JBIMJUujMVYQeaY37Y..rAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D3523619729%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,e67fc8ea-52f2-11e0-be41-003048d6697a

The response contains the following link to another domain:

http://ad.doubleclick.net/ad/oiq.rmx/;otp=11042;tile=1;sz=728x90;ord=123456789?

Request

GET /iframe3?NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAgAEAAYAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACuRBehYuDOCbD0Mw1JBIMJUujMVYQeaY37Y..rAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D3523619729%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,e67fc8ea-52f2-11e0-be41-003048d6697a HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; liday1=!!o(>9.<FK!3w>8!0fWe; ih="b!!!!L!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; vuday1=[cdPCI7PHz4d=[k1[Y'G!3w>8WsZ:e; lifb=8RJCHJ9E=%/(+W2; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:06:43 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0892.2rm.ac4
Set-Cookie: ih="b!!!!M!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!#<rmN+!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; path=/; expires=Tue, 19-Mar-2013 13:06:43 GMT
Set-Cookie: vuday1=[cdPCI7PHz4d=[l1[Y'G!3w>8Lq`:R; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:06:43 GMT
Pragma: no-cache
Content-Length: 1953
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(8688889);}
</script><!-- begin ad ta
...[SNIP]...
rmx/;otp=11042;tile=1;sz=728x90;u=rmxli_2904721|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;ord=123456789?" target="_blank" ><img src="http://ad.doubleclick.net/ad/oiq.rmx/;otp=11042;tile=1;sz=728x90;ord=123456789?" border="0" alt="" /></a>
...[SNIP]...

1.79. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?KnKABBt0GABXJh8AAAAAAMmOHwAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAtXkMAAAAAABAjCkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAaZHtfD812j9pke18PzXaPylcj8L1KOQ.KVyPwvUo5D.NzMzMzMzwP83MzMzMzPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsTZ2qjuDOCYS6t9FpNklpk0nYrT.L0KPdRhTnAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Ftech%2F,Z%3D728x90%26s%3D1602587%26_salt%3D44461933%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Ftech%252F%26r%3D0,00bac764-52f3-11e0-8956-003048d60b40

The response contains the following link to another domain:

http://imp.fetchback.com/serve/fb/adtag.js?tid=6436&type=lead&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B124dd0dd4e9449b3%253B12ed3609e37%2C0%253B%253B%253B4263463099%2CKnKABBt0GABXJh8AAAAAAMmOHwAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAtXkMAAAAAABAjCkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAANp5g0y4BAAAAAAAAADAwYmFjNzY0LTUyZjMtMTFlMC04OTU2LTAwMzA0OGQ2MGI0MAA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252Fcategory%252Ftech%252F%2C

Request

GET /iframe3?KnKABBt0GABXJh8AAAAAAMmOHwAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAtXkMAAAAAABAjCkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAaZHtfD812j9pke18PzXaPylcj8L1KOQ.KVyPwvUo5D.NzMzMzMzwP83MzMzMzPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsTZ2qjuDOCYS6t9FpNklpk0nYrT.L0KPdRhTnAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Ftech%2F,Z%3D728x90%26s%3D1602587%26_salt%3D44461933%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Ftech%252F%26r%3D0,00bac764-52f3-11e0-8956-003048d60b40 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; lifb=8RJCHJ9E=%/(+W2; bh="b!!!%#!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!-?2!!!!*<pN)4!!-L3~~!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!04Z!!!!#<qgdp!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; ih="b!!!!O!%?RR!!!!'<rmNX!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!'4A7!!!!%<rmNV!'4A9!!!!%<rmNV!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!#<rmN+!1/]r!!!!$<rmN1!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; vuday1=[cdPD1[Y'GI7PHz4d=[m1[Y'G!3w>8qxtPy; liday1=8eD/r!!o(>9.<FK!3w>8kHM^c; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:07:27 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0861.2rm.ac4
Set-Cookie: ih="b!!!!O!%?RR!!!!'<rmNX!%?Rl!!!!%<rmNX!%?m7!!!!#<p]i+!'4A7!!!!%<rmNV!'4A9!!!!%<rmNV!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!#<rmN+!1/]r!!!!$<rmN1!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; path=/; expires=Tue, 19-Mar-2013 13:07:27 GMT
Set-Cookie: vuday1=[cdPD1[Y'GI7PHz4d=[m1[Y'G!3w>8qxtPy; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=8eD/s!!o(>9.<FK!3w>8aFdf(; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:07:27 GMT
Pragma: no-cache
Content-Length: 766
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(2041431);}
</script><script language='javascript' type='text/javascript' src='http://imp.fetchback.com/serve/fb/adtag.js?tid=6436&type=lead&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B124dd0dd4e9449b3%253B12ed3609e37%2C0%253B%253B%253B4263463099%2CKnKABBt0GABXJh8AAAAAAMmOHwAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAtXkMAAAAAABAjCkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAANp5g0y4BAAAAAAAAADAwYmFjNzY0LTUyZjMtMTFlMC04OTU2LTAwMzA0OGQ2MGI0MAA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252Fcategory%252Ftech%252F%2C'></script>
...[SNIP]...

1.80. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/pixel?&id=1156121&id=956405&id=1094107&id=1127720&id=939987&id=950991&id=1049055&id=298361&id=939942&id=1028574&id=1212819&id=1210932&id=1224511&id=1198835&id=1080693&id=940005&id=612033&id=698998&id=1023063&id=915172&id=294012&id=1238288&id=1212821&id=940004&id=1085597&id=992290&id=956404&id=1216952&id=939893&id=940026&id=1212735&id=1095717&id=1050626&t=1

The response contains the following links to other domains:

http://ad.doubleclick.net/activity;src=1906576;dcnet=4591;boom=18926;sz=1x1;ord=
http://www.googleadservices.com/pagead/conversion/1033191019/?label=Dtp9CMW-4AEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1033191019/?label=muhJCP2z9wEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=0pAQCKDe0wEQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=3CLYCPCM3AEQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=SWqcCPC66QEQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=fmIuCPjA2wEQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=uk38CIiX0QEQjPe59AM&guid=ON&script=0

Request

GET /pixel?&id=1156121&id=956405&id=1094107&id=1127720&id=939987&id=950991&id=1049055&id=298361&id=939942&id=1028574&id=1212819&id=1210932&id=1224511&id=1198835&id=1080693&id=940005&id=612033&id=698998&id=1023063&id=915172&id=294012&id=1238288&id=1212821&id=940004&id=1085597&id=992290&id=956404&id=1216952&id=939893&id=940026&id=1212735&id=1095717&id=1050626&t=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; ih="b!!!!N!%?RR!!!!#<pqk,!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!'cGC!!!!#<nQH-!'cKt!!!!$<nQH1!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,@lO!!!!#<nQHP!,@rl!!!!%<nQHf!,@s)!!!!#<nQHQ!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!104d!!!!#<qn]E"; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:45:15 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%4!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!?VS!!<NC<qDX7!!L_w!!!!#<rm>u!!M=.!!!!*<rm>u!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yaE!!!!*<rm>u!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!*<rm>u!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!*<rm>u!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#Q*T!!!!*<rm>u!#Q+/!!!!#<rm>u!#Q+^!!!!#<rm>u!#Q+o!!!!#<rm>u!#Q+p!!!!*<rm>u!#Q,.!!!!$<rm>u!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#RY.!!!!#<rm>u!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!'<rm>u!#SCk!!!!#<rm>u!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#XA!!!!!#<rm>u!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]W%!!!!#<rm>u!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^Bo!!!!#<rm>u!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!*<rm>u!#a=#!!!!#<o`%d!#aG>!!!!*<rm>u!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#eU%!!!!#<rm>u!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f8c!!!!#<rm>u!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#gHm!!!!#<rm>u!#g[h!!!!#<rm>u!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#l#]!!!!#<pd+P!#l*=!!!!#<rm>u!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p#H!!!!#<rm>u!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!*<rm>u!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!*<rm>u!#wkr!!!!#<p2A7!#wmL!!!!#<rm>u!#wnK!!!!*<rm>u!#wnM!!!!*<rm>u!#x>u!!!!#<r:uS!#xI*!!!!*<rm>u!#xUM!!!!.<qd67!#yM#!!!!#<rm>u!$#2]!!!!#<r:uS!$#E+!!!!#<rm>u"; path=/; expires=Tue, 19-Mar-2013 12:45:15 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 12:45:15 GMT
Pragma: no-cache
Content-Length: 2018
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<img height="1" width="1" src="http://ad.yieldmanager.com/pixel?id=1231907&t=2" />');
document.write('<img height="1" width="1" src="http://ad.yieldmanager.com/pixel?id=1231614&t=2" />
...[SNIP]...
<img height="1" width="1" src="http://ad.yieldmanager.com/pixel?id=1231817&t=2" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=0pAQCKDe0wEQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://ad.yieldmanager.com/pixel?id=1231652&t=2" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=fmIuCPjA2wEQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=uk38CIiX0QEQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://ad.yieldmanager.com/pixel?id=1231766&t=2" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=Dtp9CMW-4AEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=SWqcCPC66QEQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=muhJCP2z9wEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://ad.yieldmanager.com/pixel?id=1231861&t=2" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=3CLYCPCM3AEQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://ad.doubleclick.net/activity;src=1906576;dcnet=4591;boom=18926;sz=1x1;ord=" />');
document.write('<img height="1" width="1" src="http://ad.yieldmanager.com/pixel?id=1231653&t=2" />
...[SNIP]...

1.81. http://ads.dotomi.com/ads_smokey.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.dotomi.com
Path:	/ads_smokey.php

Issue detail

The page was loaded from a URL containing a query string:

http://ads.dotomi.com/ads_smokey.php?ms=11

The response contains the following link to another domain:

http://www.stjude.org/stjude/v/index.jsp?vgnextoid=0c7ae4288633c210VgnVCM1000001e0215acRCRD&vgnextchannel=d6e9e4288633c210VgnVCM1000001e0215acRCRD&plt=STJGENBAALSAC1000005

Request

GET /ads_smokey.php?ms=11 HTTP/1.1
Host: ads.dotomi.com
Proxy-Connection: keep-alive
Referer: http://ads.dotomi.com/ads.php?pid=13200&mtg=0&ms=11&btg=1&mp=1&dres=iframe&rwidth=300&rheight=250&pp=0&cg=2084&tz=300
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DotomiUser=330200604563575498$0$875515842; DotomiNet=2$DjQqblZ1RXVBDW1dBgd8WgBHKSpAJ25FCVxoWiwcJzNkew0OAQhAWwIPV0JcFAYDaWJPKSIjOHRGd0YJZV4DBnhUCVN4fgNxAVNVHzNaUEl0IyQ7BAkGCUNZAABSR0hNQFpwNgo4OwwCPgUeQAdiWQ4DeF0BVHt4DHMEQA5cdAQRDW1%2FcitYTFRmFhdCaVRGSUJMX2diWHtualV0TXRAA3AJUkYqMgJQe38JEFgEUBk%2FFUYcKD8JfQkJDQRCXAIGUE5KSkNWYWBcaD4yEycqJApEC18BAXlQAA%3D%3D; DotomiSession=1_330200604563575498$0$875515842$21677106$2736

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.9
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:57 GMT
Connection: close
Content-Length: 444

<html>
<head></head>
<body bottommargin="0" rightmargin="0" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"><a href="http://www.stjude.org/stjude/v/index.jsp?vgnextoid=0c7ae4288633c210VgnVCM1000001e0215acRCRD&vgnextchannel=d6e9e4288633c210VgnVCM1000001e0215acRCRD&plt=STJGENBAALSAC1000005" target="_blank"><IMG alt="www.stjude.org" border="0" src="http://ads.dotomi.com/banners/stjudes/dotomi-300x250.gif">
...[SNIP]...

1.82. http://ads.dotomi.com/ads_smokey.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.dotomi.com
Path:	/ads_smokey.php

Issue detail

The page was loaded from a URL containing a query string:

http://ads.dotomi.com/ads_smokey.php?ms=18

The response contains the following link to another domain:

http://www.stjude.org/stjude/v/index.jsp?vgnextoid=0c7ae4288633c210VgnVCM1000001e0215acRCRD&vgnextchannel=d6e9e4288633c210VgnVCM1000001e0215acRCRD&plt=STJGENBAALSAC1000006

Request

GET /ads_smokey.php?ms=18 HTTP/1.1
Host: ads.dotomi.com
Proxy-Connection: keep-alive
Referer: http://ads.dotomi.com/ads.php?pid=13200&mtg=0&ms=18&btg=1&mp=1&dres=iframe&rwidth=728&rheight=90&pp=0&cg=2084&tz=300
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DotomiUser=330200604563575498$0$875515842; rt_1982=2; rt_12783=2; rt_14000=2; rt_15900=2; rt_17100=2; rt_19000=2; DotomiNet=2$DjQqblZ1RXVBDW1dBgd8WgBHKSpAJ25FCVxoWiwcJzNkew0OAQhAWwIPV0JcFAYDaWJPKSIjOHRGd0YJZV4DBnhUCVN4fgNxAVNVHzNaUEl0IyQ7BAkGCUNZAABSQkpJSFtwNgo4OwwCPgUeQAdiWQ4DeF0BVHt4DHMEQA5cdAQRDW1%2FcitYTFRmFhdCaVRGSUJMX2diWHtualV0TXRAA3AJUkYqMgJQe38JEFgEUBk%2FFUYcKD8JfQkJDQRCXAIGUE5KSkNWYWBcaD4yEycqJApEC18BAXlQAA%3D%3D; DotomiSession=1_330200604563575498$0$875515842$21677107$2736

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.9
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Sun, 20 Mar 2011 13:07:23 GMT
Connection: close
Content-Length: 443

<html>
<head></head>
<body bottommargin="0" rightmargin="0" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"><a href="http://www.stjude.org/stjude/v/index.jsp?vgnextoid=0c7ae4288633c210VgnVCM1000001e0215acRCRD&vgnextchannel=d6e9e4288633c210VgnVCM1000001e0215acRCRD&plt=STJGENBAALSAC1000006" target="_blank"><IMG alt="www.stjude.org" border="0" src="http://ads.dotomi.com/banners/stjudes/dotomi-728x90.gif">
...[SNIP]...

1.83. http://ads.pointroll.com/PortalServe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.pointroll.com
Path:	/PortalServe/

Issue detail

The page was loaded from a URL containing a query string:

http://ads.pointroll.com/PortalServe/?pid=1203631H30720110201170639&flash=10&time=0|9:5|-5&redir=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/3/0/%2a/p%3B235836628%3B0-0%3B3%3B52877536%3B4307-300/250%3B40571478/40589265/1%3Bu%3Dpos-atf|cat-2|%21category-hs_the_nightlife|show-hs_the_nightlife|demo-D|tag-adj|mtype-standard|sz-300x250|tile-3%3B%7Eaopt%3D2/0/d7/0%3B%7Esscs%3D%3f$CTURL$&r=0.1189111452549696

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /PortalServe/?pid=1203631H30720110201170639&flash=10&time=0|9:5|-5&redir=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/3/0/%2a/p%3B235836628%3B0-0%3B3%3B52877536%3B4307-300/250%3B40571478/40589265/1%3Bu%3Dpos-atf|cat-2|%21category-hs_the_nightlife|show-hs_the_nightlife|demo-D|tag-adj|mtype-standard|sz-300x250|tile-3%3B%7Eaopt%3D2/0/d7/0%3B%7Esscs%3D%3f$CTURL$&r=0.1189111452549696 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.teennick.com/shows/the-nightlife
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=D00A51F3-34D8-48E5-A65B-AEA8240476C5; PRbu=EnLjDMH8P; PRsl=11022007583617319321424330414S; S5HitachiSeq=1*1330995589; PRvt=CIJVpEnbEvypYtAK4BBeJDmEnbE3X1F4ACjBAeJcgEnehzmXD9AAVBCeIyeEndpCn0aKAPQBAeIrUEndpEM2mD!G5BAeJHsEnfjOwXZa!cxBCeIJfEnjeJXBN5!RfBCeJhKEnpgtxXiZABzBAe; PRgo=BBBAAsJvCBC_!B!BCVBF4FR; PRimp=989E0400-C52D-9978-0309-84A000730100; PRca=|AKIo*5:1|AJsP*1892:1|AKIk*492:1|AJx5*48:1|AJrW*9395:1|AJor*856:1|AIgT*1774:4|AJi6*1774:2|AJPO*396:1|AJWc*130:1|AJla*1499:2|AJ2e*1153:2|AKEA*263:3|AJeS*12722:1|AJwv*1153:3|AKEU*852:1|AJtd*1329:3|#; PRcp=|AKIoAAAF:1|AJsPAA46:1|AKIkAAHw:1|AJx5AAAm:1|AJrWAC17:1|AJorAANo:1|AIgTAA2c:4|AJi6AA2c:2|AJPOAAGY:1|AJWcAACG:1|AJ2eAC0U:1|AJlaAAYL:2|AJ2eAASb:1|AKEAAAEP:3|AJeSADTM:1|AJwvAASb:3|AKEUAANk:1|AJtdAAV1:3|#; PRpl=|FKgU:1|FBju:1|FIiy:1|ExE4:1|FHwz:1|Etmg:1|EBro:4|EwWo:2|FFCp:1|FFCm:1|E1AQ:1|Eib5:1|Ef30:1|Erny:1|Ernx:1|Ef3M:1|FFCn:1|FFI2:1|FDTA:3|FEo9:1|Es48:1|Es49:1|Es4a:1|#; PRcr=|GHNR:1|GBuk:1|GGJs:1|GAV8:1|GFdm:1|FyK3:1|F8uJ:4|FudI:1|Fvl7:1|GEH2:1|GEHe:1|FiUb:1|FwsR:1|Fq6d:1|Fx3k:1|FyJY:1|FujS:1|GEH7:1|Ft0s:1|GCq8:3|GDle:1|Fxpv:2|Fxpu:1|#; PRpc=|FKgUGHNR:1|FBjuGBuk:1|FIiyGGJs:1|ExE4GAV8:1|FHwzGFdm:1|EtmgFyK3:1|EBroF8uJ:4|EwWoFudI:1|EwWoFvl7:1|FFCpGEH2:1|FFCmGEHe:1|E1AQFiUb:1|Eib5FwsR:1|Ef30Fq6d:1|ErnyFx3k:1|ErnxFyJY:1|Ef3MFujS:1|FFCnGEH7:1|FFI2Ft0s:1|FDTAGCq8:3|FEo9GDle:1|Es48Fxpv:1|Es49Fxpv:1|Es4aFxpu:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 20 Mar 2011 14:05:05 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 9297
Set-Cookie:PRvt=CJJVpEnbEvypYtAK4BBeJDmEnbE3X1F4ACjBAeJcgEnehzmXD9AAVBCeIyeEndpCn0aKAPQBAeIrUEndpEM2mD!G5BAeJHsEnfjOwXZa!cxBCeIJfEnjeJXBN5!RfBCeJhKEnpgtxXiZABzBAeJUREnup-fJ66AABBAe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BBBAAsJvCBC_!B!BCVBF4FR;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=EA9E0400-7C7F-BA9E-0309-511000010100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AJv5*214:1|AKIo*5:1|AJsP*1892:1|AKIk*492:1|AJx5*48:1|AJrW*9395:1|AJor*856:1|AIgT*1774:4|AJi6*1774:2|AJPO*396:1|AJWc*130:1|AJla*1499:2|AJ2e*1153:2|AKEA*263:3|AJeS*12722:1|AJwv*1153:3|AKEU*852:1|AJtd*1329:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AJv5AAD2:1|AKIoAAAF:1|AJsPAA46:1|AKIkAAHw:1|AJx5AAAm:1|AJrWAC17:1|AJorAANo:1|AIgTAA2c:4|AJi6AA2c:2|AJPOAAGY:1|AJWcAACG:1|AJ2eAC0U:1|AJlaAAYL:2|AJ2eAASb:1|AKEAAAEP:3|AJeSADTM:1|AJwvAASb:3|AKEUAANk:1|AJtdAAV1:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FDHZ:1|FKgU:1|FBju:1|FIiy:1|ExE4:1|FHwz:1|Etmg:1|EBro:4|EwWo:2|FFCp:1|FFCm:1|E1AQ:1|Eib5:1|Ef30:1|Erny:1|Ernx:1|Ef3M:1|FFCn:1|FFI2:1|FDTA:3|FEo9:1|Es48:1|Es49:1|Es4a:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GDV7:1|GHNR:1|GBuk:1|GGJs:1|GAV8:1|GFdm:1|FyK3:1|F8uJ:4|FudI:1|Fvl7:1|GEH2:1|GEHe:1|FiUb:1|FwsR:1|Fq6d:1|Fx3k:1|FyJY:1|FujS:1|GEH7:1|Ft0s:1|GCq8:3|GDle:1|Fxpv:2|Fxpu:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FDHZGDV7:1|FKgUGHNR:1|FBjuGBuk:1|FIiyGGJs:1|ExE4GAV8:1|FHwzGFdm:1|EtmgFyK3:1|EBroF8uJ:4|EwWoFudI:1|EwWoFvl7:1|FFCpGEH2:1|FFCmGEHe:1|E1AQFiUb:1|Eib5FwsR:1|Ef30Fq6d:1|ErnyFx3k:1|ErnxFyJY:1|Ef3MFujS:1|FFCnGEH7:1|FFI2Ft0s:1|FDTAGCq8:3|FEo9GDle:1|Es48Fxpv:1|Es49Fxpv:1|Es4aFxpu:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
511000010100' onMouseOver=\"if(typeof(prRoll)=='function')prBOver('EA9E04007C7FBA9E0309511000010100');\" onMouseOut=\"if(typeof(prRoll)=='function')prBOut(event);\" style='position:absolute;z-index:1'><object id='prflsEA9E04007C7FBA9E0309511000010100' name='prflsEA9E04007C7FBA9E0309511000010100' classid=clsid:D27CDB6E-AE6D-11cf-96B8-444553540000 codebase=http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0 width='300' height='250' style='width:300px;height:250px'><param name='movie' value='http://speed.pointroll.com/PointRoll/Media/Banners/Nintendo/841577/ntdoDS_Training_300x250_Bnr_020211_Pr01_FH.swf?PRCampID=38161&PRPubID=nick&PRAdSize=300x250&PRFormat=EX&PRA
...[SNIP]...

1.84. http://altfarm.mediaplex.com/ad/js/10433-118675-1629-11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/10433-118675-1629-11

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/10433-118675-1629-11?mpt=1540631604&mpvc=http://r1-ads.ace.advertising.com/click/site=0000787694/mnum=0000985691/cstr=69689444=_4d85f5b3,1540631604,787694^985691^1183^0,1_/xsxdata=$XSXDATA/bnum=69689444/optn=64?trg=

The response contains the following link to another domain:

http://r1-ads.ace.advertising.com/click/site=0000787694/mnum=0000985691/cstr=69689444=_4d85f5b3,1540631604,787694^985691^1183^0,1_/xsxdata=$XSXDATA/bnum=69689444/optn=64?trg=http://altfarm.mediaplex.com/ad/ck/10433-118675-1629-11?mpt=1540631604

Request

GET /ad/js/10433-118675-1629-11?mpt=1540631604&mpvc=http://r1-ads.ace.advertising.com/click/site=0000787694/mnum=0000985691/cstr=69689444=_4d85f5b3,1540631604,787694^985691^1183^0,1_/xsxdata=$XSXDATA/bnum=69689444/optn=64?trg= HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

1.85. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-1

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1?mpt=3952788&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/177/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//buzzya.com/category/sports/|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B6db7f3ad8100ff53%3B12ed360bbcb,0%3B%3B%3B2273949687,KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAyrtg0y4BAAAAAAAAADA1YjY2ZTYyLTUyZjMtMTFlMC1iYTA0LTAwMzA0OGQ2ZDA2NgA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fsports%2F,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/177/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://buzzya.com/category/sports/|pr_0.3563|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;6db7f3ad8100ff53;12ed360bbcb,0;;;2273949687,KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAyrtg0y4BAAAAAAAAADA1YjY2ZTYyLTUyZjMtMTFlMC1iYTA0LTAwMzA0OGQ2ZDA2NgA4nyoAAAA=,,http://buzzya.com/category/sports/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-1?mpt=3952788

Request

GET /ad/js/1551-47634-23636-1?mpt=3952788&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/177/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//buzzya.com/category/sports/|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B6db7f3ad8100ff53%3B12ed360bbcb,0%3B%3B%3B2273949687,KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAyrtg0y4BAAAAAAAAADA1YjY2ZTYyLTUyZjMtMTFlMC1iYTA0LTAwMzA0OGQ2ZDA2NgA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fsports%2F, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAUW9GzVfJwT.2KFyPwvXYPwb6RJ4kXcs.MzMzMzMz4z-wJeSDns3WPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwVkO2l-DOCTGCXHbDfz0sufUj6vM0J-hwZAb8AAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fsports%2F,Z%3D300x250%26s%3D1602587%26_salt%3D796290819%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fsports%252F%26r%3D0,05b66e62-52f3-11e0-ba04-003048d6d066
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 748
Date: Sun, 20 Mar 2011 13:29:54 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/177/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://buzzya.com/category/sports/|pr_0.3563|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;6db7f3ad8100ff53;12ed360bbcb,0;;;2273949687,KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAyrtg0y4BAAAAAAAAADA1YjY2ZTYyLTUyZjMtMTFlMC1iYTA0LTAwMzA0OGQ2ZDA2NgA4nyoAAAA=,,http://buzzya.com/category/sports/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-1?mpt=3952788"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root300X250.jpg" >
...[SNIP]...

1.86. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-1

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1?mpt=5489882&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1c7/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/%3F5416e%22__________script_____alert%28document.cookie%29_____/script_____426ea6897eb%3D1|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Bd979d99524c44149%3B12ed3782fa5,0%3B%3B%3B370855845,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAUAAIAAAAAAAkAAwABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAApC940y4BAAAAAAAAADk5ZDYxZWFhLTUyZjYtMTFlMC1hMzk2LTAwMWIyNDc4M2JhZQA4nyoAAAA=,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%28document.cookie%29_____%2Fscript_____426ea6897eb%3D1,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1c7/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://www.therugged.com/?5416e

Request

GET /ad/js/1551-47634-23636-1?mpt=5489882&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1c7/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/%3F5416e%22__________script_____alert%28document.cookie%29_____/script_____426ea6897eb%3D1|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Bd979d99524c44149%3B12ed3782fa5,0%3B%3B%3B370855845,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAUAAIAAAAAAAkAAwABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAApC940y4BAAAAAAAAADk5ZDYxZWFhLTUyZjYtMTFlMC1hMzk2LTAwMWIyNDc4M2JhZQA4nyoAAAA=,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%28document.cookie%29_____%2Fscript_____426ea6897eb%3D1, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAUAAIAAAAAAAkAAwABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAUW9GzVfJwT.2KFyPwvXYPwb6RJ4kXcs.MzMzMzMz4z-wJeSDns3WPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC.N5g0mObOCR42D31ieGgp-uRJfKZXmqBC5LmIAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%28document.cookie%29_____%2Fscript_____426ea6897eb%3D1,Z%3D300x250%26s%3D1602587%26_salt%3D4256994081%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252F%253F5416e%252522__________script_____alert%28document.cookie%29_____%252Fscript_____426ea6897eb%253D1%26r%3D0,99d61eaa-52f6-11e0-a396-001b24783bae
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 891
Date: Sun, 20 Mar 2011 13:33:13 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1c7/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://www.therugged.com/?5416e"__________script_____alert(document.cookie)_____/script_____426ea6897eb=1|pr_0.3563|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;d979d99524c44149;12ed3782fa5,0;;;370855845,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAUAAIAAAAAAAkAAwABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAApC940y4BAAAAAAAAADk5ZDYxZWFhLTUyZjYtMTFlMC1hMzk2LTAwMWIyNDc4M2JhZQA4nyoAAAA=,,http://www.therugged.com/?5416e%22__________script_____alert(document.cookie)_____/script_____426ea6897eb=1,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-1?mpt=5489882"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root300X250.jpg" >
...[SNIP]...

1.87. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-1

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1?mpt=4489928&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1f3/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%19%2Bs-day/|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B8e07972affa36926%3B12ed368ee0d,0%3B%3B%3B2278561921,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAQAAIAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAADO5o0y4BAAAAAAAAADQ1ODhiMTg0LTUyZjQtMTFlMC04NTBhLTAwMzA0OGQ2ZDU4MgA4nyoAAAA=,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Fart-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%25e2%2580%2599s-day%2F,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1f3/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy.+s-day/|pr_0.3563|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;8e07972affa36926;12ed368ee0d,0;;;2278561921,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAQAAIAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAADO5o0y4BAAAAAAAAADQ1ODhiMTg0LTUyZjQtMTFlMC04NTBhLTAwMzA0OGQ2ZDU4MgA4nyoAAAA=,,http://www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%e2%80%99s-day/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-1?mpt=4489928

Request

GET /ad/js/1551-47634-23636-1?mpt=4489928&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1f3/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%19%2Bs-day/|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B8e07972affa36926%3B12ed368ee0d,0%3B%3B%3B2278561921,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAQAAIAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAADO5o0y4BAAAAAAAAADQ1ODhiMTg0LTUyZjQtMTFlMC04NTBhLTAwMzA0OGQ2ZDU4MgA4nyoAAAA=,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Fart-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%25e2%2580%2599s-day%2F, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAQAAIAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAUW9GzVfJwT.2KFyPwvXYPwb6RJ4kXcs.MzMzMzMz4z-wJeSDns3WPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHXmEhr-LOCR11i-2kw7nSXvlMDkksjh7J.so0AAAAAA==,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Fart-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%25e2%2580%2599s-day%2F,Z%3D300x250%26s%3D1602587%26_salt%3D2010477497%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252Ffeatured%252Fart-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%2525e2%252580%252599s-day%252F%26r%3D0,4588b184-52f4-11e0-850a-003048d6d582
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 977
Date: Sun, 20 Mar 2011 13:16:32 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1f3/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy.+s-day/|pr_0.3563|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;8e07972affa36926;12ed368ee0d,0;;;2278561921,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAQAAIAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAADO5o0y4BAAAAAAAAADQ1ODhiMTg0LTUyZjQtMTFlMC04NTBhLTAwMzA0OGQ2ZDU4MgA4nyoAAAA=,,http://www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%e2%80%99s-day/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-1?mpt=4489928"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root300X250.jpg" >
...[SNIP]...

1.88. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-1

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1?mpt=5523553&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1bf/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/%3F5416e%22__________script_____alert%280x0024%29_____/script_____426ea6897eb%3D1|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Bf3b74d4940bafbec%3B12ed378b3a2,0%3B%3B%3B2109358943,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAcAAIAAAAAAAIABAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAorN40y4BAAAAAAAAAGFkYmFhMzQ2LTUyZjYtMTFlMC1hZTc2LTAwMzA0ODYzMjg2NAA4nyoAAAA=,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%280x0024%29_____%2Fscript_____426ea6897eb%3D1,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1bf/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://www.therugged.com/?5416e

Request

GET /ad/js/1551-47634-23636-1?mpt=5523553&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1bf/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/%3F5416e%22__________script_____alert%280x0024%29_____/script_____426ea6897eb%3D1|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Bf3b74d4940bafbec%3B12ed378b3a2,0%3B%3B%3B2109358943,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAcAAIAAAAAAAIABAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAorN40y4BAAAAAAAAAGFkYmFhMzQ2LTUyZjYtMTFlMC1hZTc2LTAwMzA0ODYzMjg2NAA4nyoAAAA=,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%280x0024%29_____%2Fscript_____426ea6897eb%3D1, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAcAAIAAAAAAAIABAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAUW9GzVfJwT.2KFyPwvXYPwb6RJ4kXcs.MzMzMzMz4z-wJeSDns3WPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACiBmwPuebOCdbzitf3X69it4EgHZV8zGv.rzQBAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%280x0024%29_____%2Fscript_____426ea6897eb%3D1,Z%3D300x250%26s%3D1602587%26_salt%3D3609977906%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252F%253F5416e%252522__________script_____alert%280x0024%29_____%252Fscript_____426ea6897eb%253D1%26r%3D0,adbaa346-52f6-11e0-ae76-003048632864
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 874
Date: Sun, 20 Mar 2011 13:33:47 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1bf/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://www.therugged.com/?5416e"__________script_____alert(0x0024)_____/script_____426ea6897eb=1|pr_0.3563|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;f3b74d4940bafbec;12ed378b3a2,0;;;2109358943,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAcAAIAAAAAAAIABAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAorN40y4BAAAAAAAAAGFkYmFhMzQ2LTUyZjYtMTFlMC1hZTc2LTAwMzA0ODYzMjg2NAA4nyoAAAA=,,http://www.therugged.com/?5416e%22__________script_____alert(0x0024)_____/script_____426ea6897eb=1,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-1?mpt=5523553"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root300X250.jpg" >
...[SNIP]...

1.89. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-1

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1?mpt=3954428&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/177/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//buzzya.com/category/gaming/|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Bf697ae1ea4f15758%3B12ed360c172,0%3B%3B%3B1235090291,KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcsFg0y4BAAAAAAAAADA2Mjc0NzVlLTUyZjMtMTFlMC04MzEwLTAwMzA0OGQ3MDM2YwA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fgaming%2F,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/177/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://buzzya.com/category/gaming/|pr_0.3563|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;f697ae1ea4f15758;12ed360c172,0;;;1235090291,KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcsFg0y4BAAAAAAAAADA2Mjc0NzVlLTUyZjMtMTFlMC04MzEwLTAwMzA0OGQ3MDM2YwA4nyoAAAA=,,http://buzzya.com/category/gaming/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-1?mpt=3954428

Request

GET /ad/js/1551-47634-23636-1?mpt=3954428&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/177/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//buzzya.com/category/gaming/|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Bf697ae1ea4f15758%3B12ed360c172,0%3B%3B%3B1235090291,KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcsFg0y4BAAAAAAAAADA2Mjc0NzVlLTUyZjMtMTFlMC04MzEwLTAwMzA0OGQ3MDM2YwA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fgaming%2F, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAUW9GzVfJwT.2KFyPwvXYPwb6RJ4kXcs.MzMzMzMz4z-wJeSDns3WPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMjXll-DOCZTwLr35lTZTcNHeyRCw3ujSUisIAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fgaming%2F,Z%3D300x250%26s%3D1602587%26_salt%3D409150463%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fgaming%252F%26r%3D0,0627475e-52f3-11e0-8310-003048d7036c
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 748
Date: Sun, 20 Mar 2011 13:07:38 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/177/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://buzzya.com/category/gaming/|pr_0.3563|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;f697ae1ea4f15758;12ed360c172,0;;;1235090291,KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcsFg0y4BAAAAAAAAADA2Mjc0NzVlLTUyZjMtMTFlMC04MzEwLTAwMzA0OGQ3MDM2YwA4nyoAAAA=,,http://buzzya.com/category/gaming/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-1?mpt=3954428"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root300X250.jpg" >
...[SNIP]...

1.90. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=5523194&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1bf/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/%3F5416e%22__________script_____alert%280x0024%29_____/script_____426ea6897eb%3D1|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B79a1bb441738f1a4%3B12ed378b146,0%3B%3B%3B3747464764,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAcAAYAAAAAAAIABQABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAARrF40y4BAAAAAAAAAGFkNzYyNDBhLTUyZjYtMTFlMC04ODNhLTAwMWU2ODM3ZTFkOQBmlSoAAAA=,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%280x0024%29_____%2Fscript_____426ea6897eb%3D1,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1bf/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://www.therugged.com/?5416e

Request

GET /ad/js/1551-47634-23636-2?mpt=5523194&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1bf/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/%3F5416e%22__________script_____alert%280x0024%29_____/script_____426ea6897eb%3D1|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B79a1bb441738f1a4%3B12ed378b146,0%3B%3B%3B3747464764,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAcAAYAAAAAAAIABQABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAARrF40y4BAAAAAAAAAGFkNzYyNDBhLTUyZjYtMTFlMC04ODNhLTAwMWU2ODM3ZTFkOQBmlSoAAAA=,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%280x0024%29_____%2Fscript_____426ea6897eb%3D1, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAcAAYAAAAAAAIABQABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABM4jKluebOCQCQotYdNVDfHpXrN0sIEBdtsSnpAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%280x0024%29_____%2Fscript_____426ea6897eb%3D1,Z%3D728x90%26s%3D1602587%26_salt%3D3134846924%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252F%253F5416e%252522__________script_____alert%280x0024%29_____%252Fscript_____426ea6897eb%253D1%26r%3D0,ad76240a-52f6-11e0-883a-001e6837e1d9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 872
Date: Sun, 20 Mar 2011 13:33:46 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1bf/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://www.therugged.com/?5416e"__________script_____alert(0x0024)_____/script_____426ea6897eb=1|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;79a1bb441738f1a4;12ed378b146,0;;;3747464764,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAcAAYAAAAAAAIABQABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAARrF40y4BAAAAAAAAAGFkNzYyNDBhLTUyZjYtMTFlMC04ODNhLTAwMWU2ODM3ZTFkOQBmlSoAAAA=,,http://www.therugged.com/?5416e%22__________script_____alert(0x0024)_____/script_____426ea6897eb=1,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=5523194"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.91. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=5490538&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1c8/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/%3F5416e%22__________script_____alert%28document.cookie%29_____/script_____426ea6897eb%3D1|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B067098bc1524b3a9%3B12ed3783175,0%3B%3B%3B1764904902,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAUAAYAAAAAAAkABAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAdDF40y4BAAAAAAAAADk5YjA5NWNjLTUyZjYtMTFlMC05YWIxLTAwMWU2ODQ5ZjBmNQA4nyoAAAA=,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%28document.cookie%29_____%2Fscript_____426ea6897eb%3D1,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1c8/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://www.therugged.com/?5416e

Request

GET /ad/js/1551-47634-23636-2?mpt=5490538&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1c8/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/%3F5416e%22__________script_____alert%28document.cookie%29_____/script_____426ea6897eb%3D1|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B067098bc1524b3a9%3B12ed3783175,0%3B%3B%3B1764904902,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAUAAYAAAAAAAkABAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAdDF40y4BAAAAAAAAADk5YjA5NWNjLTUyZjYtMTFlMC05YWIxLTAwMWU2ODQ5ZjBmNQA4nyoAAAA=,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%28document.cookie%29_____%2Fscript_____426ea6897eb%3D1, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAUAAYAAAAAAAkABAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACMl2Dul-bOCV4PVfVuIRGYnlIo0BfuD0en4L-KAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%28document.cookie%29_____%2Fscript_____426ea6897eb%3D1,Z%3D728x90%26s%3D1602587%26_salt%3D1658944558%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252F%253F5416e%252522__________script_____alert%28document.cookie%29_____%252Fscript_____426ea6897eb%253D1%26r%3D0,99b095cc-52f6-11e0-9ab1-001e6849f0f5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 890
Date: Sun, 20 Mar 2011 13:33:14 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1c8/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://www.therugged.com/?5416e"__________script_____alert(document.cookie)_____/script_____426ea6897eb=1|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;067098bc1524b3a9;12ed3783175,0;;;1764904902,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAUAAYAAAAAAAkABAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAdDF40y4BAAAAAAAAADk5YjA5NWNjLTUyZjYtMTFlMC05YWIxLTAwMWU2ODQ5ZjBmNQA4nyoAAAA=,,http://www.therugged.com/?5416e%22__________script_____alert(document.cookie)_____/script_____426ea6897eb=1,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=5490538"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.92. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=3907803&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1c9/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B1088d642802964e9%3B12ed36009b3,0%3B%3B%3B430966145,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAIAAYAAAAAAAoAAQABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAsglg0y4BAAAAAAAAAGVhODJlYjUyLTUyZjItMTFlMC1iNGJmLTAwMzA0OGQ3MDY2YQA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1c9/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;1088d642802964e9;12ed36009b3,0;;;430966145,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAIAAYAAAAAAAoAAQABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAsglg0y4BAAAAAAAAAGVhODJlYjUyLTUyZjItMTFlMC1iNGJmLTAwMzA0OGQ3MDY2YQA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3907803

Request

GET /ad/js/1551-47634-23636-2?mpt=3907803&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1c9/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B1088d642802964e9%3B12ed36009b3,0%3B%3B%3B430966145,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAIAAYAAAAAAAoAAQABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAsglg0y4BAAAAAAAAAGVhODJlYjUyLTUyZjItMTFlMC1iNGJmLTAwMzA0OGQ3MDY2YQA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAIAAYAAAAAAAoAAQABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5eIeFaeDOCT1h7.pWgJGKbKudBMyaMHyG8lPKAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D2621817419%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,ea82eb52-52f2-11e0-b4bf-003048d7066a
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 863
Date: Sun, 20 Mar 2011 13:06:50 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1c9/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;1088d642802964e9;12ed36009b3,0;;;430966145,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAIAAYAAAAAAAoAAQABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAsglg0y4BAAAAAAAAAGVhODJlYjUyLTUyZjItMTFlMC1iNGJmLTAwMzA0OGQ3MDY2YQA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3907803"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.93. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=3952710&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/179/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//buzzya.com/category/plus-five/|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B797e15b0b85c29fd%3B12ed360ba97,0%3B%3B%3B694141131,KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAlrpg0y4BAAAAAAAAADA1M2RjM2E0LTUyZjMtMTFlMC1hNDIzLTAwMzA0OGQ2ZDE4OAA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fplus-five%2F,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/179/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://buzzya.com/category/plus-five/|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;797e15b0b85c29fd;12ed360ba97,0;;;694141131,KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAlrpg0y4BAAAAAAAAADA1M2RjM2E0LTUyZjMtMTFlMC1hNDIzLTAwMzA0OGQ2ZDE4OAA4nyoAAAA=,,http://buzzya.com/category/plus-five/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3952710

Request

GET /ad/js/1551-47634-23636-2?mpt=3952710&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/179/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//buzzya.com/category/plus-five/|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B797e15b0b85c29fd%3B12ed360ba97,0%3B%3B%3B694141131,KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAlrpg0y4BAAAAAAAAADA1M2RjM2E0LTUyZjMtMTFlMC1hNDIzLTAwMzA0OGQ2ZDE4OAA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fplus-five%2F, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAPFUYluDOCW.jHLxg052BGKUFHu2dz6xg2DpzAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fplus-five%2F,Z%3D728x90%26s%3D1602587%26_salt%3D2371249129%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%26r%3D0,053dc3a4-52f3-11e0-a423-003048d6d188
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 751
Date: Sun, 20 Mar 2011 13:07:35 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/179/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://buzzya.com/category/plus-five/|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;797e15b0b85c29fd;12ed360ba97,0;;;694141131,KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAlrpg0y4BAAAAAAAAADA1M2RjM2E0LTUyZjMtMTFlMC1hNDIzLTAwMzA0OGQ2ZDE4OAA4nyoAAAA=,,http://buzzya.com/category/plus-five/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3952710"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.94. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=2008632&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1ca/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B2e75bab3029d4c42%3B12ed3431171,0%3B%3B%3B2825860846,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAgAAAAYAAAAAAP8AAAABCHmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcBFD0y4BAAAAAAAAADdlNzFjN2Q0LTUyZWUtMTFlMC1hZTRjLTAwMzA0OGQ2ZDNhYwA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1ca/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;2e75bab3029d4c42;12ed3431171,0;;;2825860846,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAgAAAAYAAAAAAP8AAAABCHmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcBFD0y4BAAAAAAAAADdlNzFjN2Q0LTUyZWUtMTFlMC1hZTRjLTAwMzA0OGQ2ZDNhYwA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=2008632

Request

GET /ad/js/1551-47634-23636-2?mpt=2008632&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1ca/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B2e75bab3029d4c42%3B12ed3431171,0%3B%3B%3B2825860846,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAgAAAAYAAAAAAP8AAAABCHmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcBFD0y4BAAAAAAAAADdlNzFjN2Q0LTUyZWUtMTFlMC1hZTRjLTAwMzA0OGQ2ZDNhYwA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAgAAAAYAAAAAAP8AAAABCHmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfI8Gb.tjOCUrprrxPD33NNXpvaMrAs.Da0NhMAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D225907243%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,7e71c7d4-52ee-11e0-ae4c-003048d6d3ac
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:9866/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=1551:23636/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534; expires=Wed, 20-Mar-2013 5:23:59 GMT; path=/; domain=.mediaplex.com;
Content-Type: text/html
Content-Length: 864
Date: Sun, 20 Mar 2011 13:02:27 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1ca/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;2e75bab3029d4c42;12ed3431171,0;;;2825860846,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAgAAAAYAAAAAAP8AAAABCHmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcBFD0y4BAAAAAAAAADdlNzFjN2Q0LTUyZWUtMTFlMC1hZTRjLTAwMzA0OGQ2ZDNhYwA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=2008632"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.95. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=3952710&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/177/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//buzzya.com/category/sports/|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Bc3b9aa312f45a93b%3B12ed360bac5,0%3B%3B%3B1642188255,KnKABBt0GAD5lIQAAAAAAMnCIQAAAAAAAAAAAAYAAAAAAAIAAQABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAxbpg0y4BAAAAAAAAADA1NmViMDA0LTUyZjMtMTFlMC1iYTgyLTAwMzA0OGQ2NjliMAA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fsports%2F,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/177/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://buzzya.com/category/sports/|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;c3b9aa312f45a93b;12ed360bac5,0;;;1642188255,KnKABBt0GAD5lIQAAAAAAMnCIQAAAAAAAAAAAAYAAAAAAAIAAQABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAxbpg0y4BAAAAAAAAADA1NmViMDA0LTUyZjMtMTFlMC1iYTgyLTAwMzA0OGQ2NjliMAA4nyoAAAA=,,http://buzzya.com/category/sports/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3952710

Request

GET /ad/js/1551-47634-23636-2?mpt=3952710&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/177/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//buzzya.com/category/sports/|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Bc3b9aa312f45a93b%3B12ed360bac5,0%3B%3B%3B1642188255,KnKABBt0GAD5lIQAAAAAAMnCIQAAAAAAAAAAAAYAAAAAAAIAAQABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAxbpg0y4BAAAAAAAAADA1NmViMDA0LTUyZjMtMTFlMC1iYTgyLTAwMzA0OGQ2NjliMAA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fsports%2F, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?KnKABBt0GAD5lIQAAAAAAMnCIQAAAAAAAAAAAAYAAAAAAAIAAQABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC6uT-uluDOCXkWcpWCFKwWI-UCJ45u86PggoVhAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fsports%2F,Z%3D728x90%26s%3D1602587%26_salt%3D983079894%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fsports%252F%26r%3D0,056eb004-52f3-11e0-ba82-003048d669b0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 746
Date: Sun, 20 Mar 2011 13:07:36 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/177/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://buzzya.com/category/sports/|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;c3b9aa312f45a93b;12ed360bac5,0;;;1642188255,KnKABBt0GAD5lIQAAAAAAMnCIQAAAAAAAAAAAAYAAAAAAAIAAQABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAxbpg0y4BAAAAAAAAADA1NmViMDA0LTUyZjMtMTFlMC1iYTgyLTAwMzA0OGQ2NjliMAA4nyoAAAA=,,http://buzzya.com/category/sports/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3952710"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.96. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=3954585&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/177/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//buzzya.com/category/gaming/|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B5a0f68858e1af085%3B12ed360c280,0%3B%3B%3B1101847734,KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAf8Jg0y4BAAAAAAAAADA2NTg1YTkyLTUyZjMtMTFlMC1iYTNkLTAwMzA0OGQ2ZDJkMgA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fgaming%2F,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/177/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://buzzya.com/category/gaming/|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;5a0f68858e1af085;12ed360c280,0;;;1101847734,KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAf8Jg0y4BAAAAAAAAADA2NTg1YTkyLTUyZjMtMTFlMC1iYTNkLTAwMzA0OGQ2ZDJkMgA4nyoAAAA=,,http://buzzya.com/category/gaming/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3954585

Request

GET /ad/js/1551-47634-23636-2?mpt=3954585&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/177/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//buzzya.com/category/gaming/|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B5a0f68858e1af085%3B12ed360c280,0%3B%3B%3B1101847734,KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAf8Jg0y4BAAAAAAAAADA2NTg1YTkyLTUyZjMtMTFlMC1iYTNkLTAwMzA0OGQ2ZDJkMgA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fgaming%2F, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRVZDSmODOCYaU7sQq4jwyYHEpBPy17h7iW0SeAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fgaming%2F,Z%3D728x90%26s%3D1602587%26_salt%3D1428182412%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fgaming%252F%26r%3D0,06585a92-52f3-11e0-ba3d-003048d6d2d2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 746
Date: Sun, 20 Mar 2011 13:07:37 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/177/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://buzzya.com/category/gaming/|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;5a0f68858e1af085;12ed360c280,0;;;1101847734,KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAf8Jg0y4BAAAAAAAAADA2NTg1YTkyLTUyZjMtMTFlMC1iYTNkLTAwMzA0OGQ2ZDJkMgA4nyoAAAA=,,http://buzzya.com/category/gaming/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3954585"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.97. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=5524053&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1ca/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Ba039da8adc818620%3B12ed378b580,0%3B%3B%3B3331667696,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAUAAYAAAAAAAIABAABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAf7V40y4BAAAAAAAAAGFlMGU1YzhlLTUyZjYtMTFlMC05Zjc1LTAwMWIyNDkzNWYyZQA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1ca/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;a039da8adc818620;12ed378b580,0;;;3331667696,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAUAAYAAAAAAAIABAABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAf7V40y4BAAAAAAAAAGFlMGU1YzhlLTUyZjYtMTFlMC05Zjc1LTAwMWIyNDkzNWYyZQA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=5524053

Request

GET /ad/js/1551-47634-23636-2?mpt=5524053&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1ca/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Ba039da8adc818620%3B12ed378b580,0%3B%3B%3B3331667696,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAUAAYAAAAAAAIABAABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAf7V40y4BAAAAAAAAAGFlMGU1YzhlLTUyZjYtMTFlMC05Zjc1LTAwMWIyNDkzNWYyZQA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAUAAYAAAAAAAIABAABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJHWVNuebOCTWwzfCWq39H.RqCgLRr4X3gG9ZfAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D4001528636%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,ae0e5c8e-52f6-11e0-9f75-001b24935f2e
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 864
Date: Sun, 20 Mar 2011 13:33:47 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1ca/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;a039da8adc818620;12ed378b580,0;;;3331667696,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAUAAYAAAAAAAIABAABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAf7V40y4BAAAAAAAAAGFlMGU1YzhlLTUyZjYtMTFlMC05Zjc1LTAwMWIyNDkzNWYyZQA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=5524053"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.98. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=3900928&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1ca/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B3f6bd041223d37c3%3B12ed35ff119,0%3B%3B%3B3959689361,NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAgAEAAYAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAGPFf0y4BAAAAAAAAAGU2N2ZjOGVhLTUyZjItMTFlMC1iZTQxLTAwMzA0OGQ2Njk3YQA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1ca/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;3f6bd041223d37c3;12ed35ff119,0;;;3959689361,NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAgAEAAYAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAGPFf0y4BAAAAAAAAAGU2N2ZjOGVhLTUyZjItMTFlMC1iZTQxLTAwMzA0OGQ2Njk3YQA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3900928

Request

GET /ad/js/1551-47634-23636-2?mpt=3900928&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1ca/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B3f6bd041223d37c3%3B12ed35ff119,0%3B%3B%3B3959689361,NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAgAEAAYAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAGPFf0y4BAAAAAAAAAGU2N2ZjOGVhLTUyZjItMTFlMC1iZTQxLTAwMzA0OGQ2Njk3YQA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAgAEAAYAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACuRBehYuDOCbD0Mw1JBIMJUujMVYQeaY37Y..rAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D3523619729%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,e67fc8ea-52f2-11e0-be41-003048d6697a
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=10433:1629/1551:23636/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534; expires=Wed, 20-Mar-2013 4:53:35 GMT; path=/; domain=.mediaplex.com;
Content-Type: text/html
Content-Length: 864
Date: Sun, 20 Mar 2011 13:06:44 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1ca/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;3f6bd041223d37c3;12ed35ff119,0;;;3959689361,NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAgAEAAYAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAGPFf0y4BAAAAAAAAAGU2N2ZjOGVhLTUyZjItMTFlMC1iZTQxLTAwMzA0OGQ2Njk3YQA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3900928"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.99. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=4489569&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1c9/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B05f6f4cf250dacc6%3B12ed368ec98,0%3B%3B%3B601193790,NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAAAAwABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAl-xo0y4BAAAAAAAAADQ1NmViZTUwLTUyZjQtMTFlMC04NmQ0LTAwMzA0OGQ1NjQ5MgAQrSsAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1c9/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;05f6f4cf250dacc6;12ed368ec98,0;;;601193790,NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAAAAwABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAl-xo0y4BAAAAAAAAADQ1NmViZTUwLTUyZjQtMTFlMC04NmQ0LTAwMzA0OGQ1NjQ5MgAQrSsAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=4489569

Request

GET /ad/js/1551-47634-23636-2?mpt=4489569&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1c9/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B05f6f4cf250dacc6%3B12ed368ec98,0%3B%3B%3B601193790,NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAAAAwABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAl-xo0y4BAAAAAAAAADQ1NmViZTUwLTUyZjQtMTFlMC04NmQ0LTAwMzA0OGQ1NjQ5MgAQrSsAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAAAAwABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACy418Lr-LOCddQp-f9q3WX68ux.bG78coIp1UmAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D3100501521%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,456ebe50-52f4-11e0-86d4-003048d56492
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 863
Date: Sun, 20 Mar 2011 13:16:32 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1c9/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;05f6f4cf250dacc6;12ed368ec98,0;;;601193790,NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAAAAwABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAl-xo0y4BAAAAAAAAADQ1NmViZTUwLTUyZjQtMTFlMC04NmQ0LTAwMzA0OGQ1NjQ5MgAQrSsAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=4489569"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.100. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=5490897&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1ca/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Ba3d32bf33b4dfc61%3B12ed3783413,0%3B%3B%3B1658787106,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAQAAYAAAAAAAkAAwABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjR40y4BAAAAAAAAADlhMDI4OWE0LTUyZjYtMTFlMC1hZmY4LTAwMzA0ODYzMmFmNgA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1ca/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;a3d32bf33b4dfc61;12ed3783413,0;;;1658787106,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAQAAYAAAAAAAkAAwABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjR40y4BAAAAAAAAADlhMDI4OWE0LTUyZjYtMTFlMC1hZmY4LTAwMzA0ODYzMmFmNgA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=5490897

Request

GET /ad/js/1551-47634-23636-2?mpt=5490897&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1ca/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Ba3d32bf33b4dfc61%3B12ed3783413,0%3B%3B%3B1658787106,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAQAAYAAAAAAAkAAwABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjR40y4BAAAAAAAAADlhMDI4OWE0LTUyZjYtMTFlMC1hZmY4LTAwMzA0ODYzMmFmNgA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAQAAYAAAAAAAkAAwABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABSTGkWmObOCRboNuvJw6cpg6hPukUEUWP-MQExAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D3246105502%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,9a0289a4-52f6-11e0-aff8-003048632af6
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 864
Date: Sun, 20 Mar 2011 13:33:14 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1ca/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;a3d32bf33b4dfc61;12ed3783413,0;;;1658787106,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAQAAYAAAAAAAkAAwABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjR40y4BAAAAAAAAADlhMDI4OWE0LTUyZjYtMTFlMC1hZmY4LTAwMzA0ODYzMmFmNgA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=5490897"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.101. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=4487444&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1f2/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%19%2Bs-day/|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Be26631a9e4bf7c8b%3B12ed368e432,0%3B%3B%3B440975709,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMeRo0y4BAAAAAAAAADQ0NjkzNGFlLTUyZjQtMTFlMC1hMzMwLTAwMzA0OGQ2ZDYzMABmlSoAAAA=,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Fart-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%25e2%2580%2599s-day%2F,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1f2/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy.+s-day/|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;e26631a9e4bf7c8b;12ed368e432,0;;;440975709,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMeRo0y4BAAAAAAAAADQ0NjkzNGFlLTUyZjQtMTFlMC1hMzMwLTAwMzA0OGQ2ZDYzMABmlSoAAAA=,,http://www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%e2%80%99s-day/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=4487444

Request

GET /ad/js/1551-47634-23636-2?mpt=4487444&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1f2/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%19%2Bs-day/|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Be26631a9e4bf7c8b%3B12ed368e432,0%3B%3B%3B440975709,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMeRo0y4BAAAAAAAAADQ0NjkzNGFlLTUyZjQtMTFlMC1hMzMwLTAwMzA0OGQ2ZDYzMABmlSoAAAA=,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Fart-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%25e2%2580%2599s-day%2F, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACydZlOreLOCUCegxsWkKNBD3qTKv.sqDdpKJcgAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Fart-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%25e2%2580%2599s-day%2F,Z%3D728x90%26s%3D1602587%26_salt%3D1054132058%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252Ffeatured%252Fart-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%2525e2%252580%252599s-day%252F%26r%3D0,446934ae-52f4-11e0-a330-003048d6d630
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 974
Date: Sun, 20 Mar 2011 13:16:30 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1f2/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy.+s-day/|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;e26631a9e4bf7c8b;12ed368e432,0;;;440975709,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMeRo0y4BAAAAAAAAADQ0NjkzNGFlLTUyZjQtMTFlMC1hMzMwLTAwMzA0OGQ2ZDYzMABmlSoAAAA=,,http://www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%e2%80%99s-day/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=4487444"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.102. http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.0.mybcdna.com
Path:	/JavaScript/apps/HomeBeforeLogin/hblv2.js

Issue detail

The page was loaded from a URL containing a query string:

http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js?64244

The response contains the following links to other domains:

http://api.recaptcha.net/img/clean/audio.png
http://api.recaptcha.net/img/clean/help.png
http://api.recaptcha.net/img/clean/refresh.png
http://api.recaptcha.net/img/clean/text.png
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://games.myyearbook.com/landing/'+feedData.gamesFeedItems[y].game_name+'
http://recaptcha.net/popuphelp/
http://tv.myyearbook.com/series/'+feedData.tvFeedItems[y].series_id+'
http://tv.myyearbook.com/view/'+feedData.tvFeedItems[y].episode_id+'
https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
https://h.online-metrix.net/fp/check.js?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '
https://h.online-metrix.net/fp/clear.png?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '&m=2
https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '

Request

GET /JavaScript/apps/HomeBeforeLogin/hblv2.js?64244 HTTP/1.1
Host: assets.0.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Tue, 15 Mar 2011 14:01:23 GMT
ETag: "3975857351"
Content-Type: text/javascript
Accept-Ranges: bytes
Date: Sun, 20 Mar 2011 12:44:13 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 13:14:13 GMT
X-CDN: Cotendo
Connection: Keep-Alive
Content-Length: 273014

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...
</div><object id="giftFlash" height="360" width="640" name="giftFlash" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"><param value="'+swfPath+'" name="movie"/>
...[SNIP]...
</p><img src="https://h.online-metrix.net/fp/clear.png?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '&m=2"alt=""><script src="https://h.online-metrix.net/fp/check.js?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '"type="text/javascript"></script><object type="application/x-shockwave-flash"data="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '"width="1"height="1"id="obj_id"><param name="movie"value="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '"/>
...[SNIP]...
</strong>'}h+=' in <a href="http://games.myyearbook.com/landing/'+feedData.gamesFeedItems[y].game_name+'">';h+=feedData.gamesFeedItems[y].game_display_name;h+='</a>
...[SNIP]...
</div>';h+='<a href="http://games.myyearbook.com/landing/'+feedData.gamesFeedItems[y].game_name+'">';h+='<img src="'+imageURL('images/games/tiles/'+feedData.gamesFeedItems[y].game_id+'_'+'medium.gif')+'" ';h+='class="game_thumb" alt="'+feedData.gamesFeedItems[y].game_display_name+'" />
...[SNIP]...
</a>';h+=' watched ';h+='<a href="http://tv.myyearbook.com/series/'+feedData.tvFeedItems[y].series_id+'">';h+=feedData.tvFeedItems[y].series_title;h+='</a>';h+=' - ';h+='<a href="http://tv.myyearbook.com/view/'+feedData.tvFeedItems[y].episode_id+'">';h+=feedData.tvFeedItems[y].episode_title;h+='</a>
...[SNIP]...
<br />';h+='<a href="http://tv.myyearbook.com/view/'+feedData.tvFeedItems[y].episode_id+'">';h+='<img src="'+feedData.tvFeedItems[y].thumb_url;h+='" class="tv_thumb" alt="'+feedData.tvFeedItems[y].episode_title+'" />
...[SNIP]...
<a tabindex="-1" id="recaptcha_reload_btn" href="javascript:Recaptcha.reload ();" title="Get a new challenge"><img width="25" height="18" alt="Get a new challenge" id="recaptcha_reload" src="http://api.recaptcha.net/img/clean/refresh.png"/></a><a class="recaptcha_only_if_image" tabindex="-1" id="recaptcha_switch_audio_btn" href="javascript:Recaptcha.switch_type(\'audio\');" title="Get an audio challenge"><img width="25" height="15" alt="Get an audio challenge" id="recaptcha_switch_audio" src="http://api.recaptcha.net/img/clean/audio.png"/></a><a class="recaptcha_only_if_audio" tabindex="-1" id="recaptcha_switch_img_btn" href="javascript:Recaptcha.switch_type(\'image\');" title="Get a visual challenge"><img width="25" height="15" alt="Get a visual challenge" id="recaptcha_switch_img" src="http://api.recaptcha.net/img/clean/text.png"/></a><a tabindex="-1" id="recaptcha_whatsthis_btn" href="http://recaptcha.net/popuphelp/" target="_1" title="Help"><img width="25" height="16" id="recaptcha_whatsthis" src="http://api.recaptcha.net/img/clean/help.png" alt="Help"/></a>
...[SNIP]...
rl=S.server+"image?c="+S.challenge;if(httpwavurl.indexOf("https://")==0){httpwavurl="http://"+httpwavurl.substring(8)}var swfUrl=S.server+"/img/audiocaptcha.swf?v2";var embedCode;if(C._2()){embedCode='<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="audiocaptcha" width="0" height="0" codebase="https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab"><param name="movie" value="'+swfUrl+'" />
...[SNIP]...

1.103. http://assets.mybcdna.com/JavaScript//apps/RecaptchaAjax.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.mybcdna.com
Path:	/JavaScript//apps/RecaptchaAjax.js

Issue detail

The page was loaded from a URL containing a query string:

http://assets.mybcdna.com/JavaScript//apps/RecaptchaAjax.js?64244

The response contains the following links to other domains:

http://api.recaptcha.net/img/clean/audio.png
http://api.recaptcha.net/img/clean/help.png
http://api.recaptcha.net/img/clean/refresh.png
http://api.recaptcha.net/img/clean/text.png
http://recaptcha.net/popuphelp/
https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

Request

GET /JavaScript//apps/RecaptchaAjax.js?64244 HTTP/1.1
Host: assets.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0wJm9sZD0xJmxvZ2luX2ZhaWx1cmU9dHJ1ZSZlbWFpbElkPWVtYWls
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jan 2010 19:25:07 GMT
ETag: "4191081985"
Content-Type: text/javascript
Accept-Ranges: bytes
Date: Sun, 20 Mar 2011 13:36:41 GMT
Server: lighttpd/1.4.19
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 14:06:41 GMT
X-CDN: Cotendo
Connection: Keep-Alive
Content-Length: 30859

if ( typeof captchaBox == "undefined" )
{
var captchaBox = 'Enter this code: <div id="dynamicRecaptcha"><div id="recaptcha_image" class="recaptcha"></div><div id="recaptcha_buttons"><a tabindex="-1" id="recaptcha_reload_btn" href="javascript:Recaptcha.reload ();" title="Get a new challenge"><img width="25" height="18" alt="Get a new challenge" id="recaptcha_reload" src="http://api.recaptcha.net/img/clean/refresh.png"/></a><a class="recaptcha_only_if_image" tabindex="-1" id="recaptcha_switch_audio_btn" href="javascript:Recaptcha.switch_type(\'audio\');" title="Get an audio challenge"><img width="25" height="15" alt="Get an audio challenge" id="recaptcha_switch_audio" src="http://api.recaptcha.net/img/clean/audio.png"/></a><a class="recaptcha_only_if_audio" tabindex="-1" id="recaptcha_switch_img_btn" href="javascript:Recaptcha.switch_type(\'image\');" title="Get a visual challenge"><img width="25" height="15" alt="Get a visual challenge" id="recaptcha_switch_img" src="http://api.recaptcha.net/img/clean/text.png"/></a><a tabindex="-1" id="recaptcha_whatsthis_btn" href="http://recaptcha.net/popuphelp/" target="_blank" title="Help"><img width="25" height="16" id="recaptcha_whatsthis" src="http://api.recaptcha.net/img/clean/help.png" alt="Help"/></a>
...[SNIP]...
nge;
if (httpwavurl.indexOf("https://") == 0) {
httpwavurl = "http://" + httpwavurl.substring(8);
}
var swfUrl = $ST.server + "/img/audiocaptcha.swf?v2";
var embedCode;
if ($C._is_ie()) {
embedCode = '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="audiocaptcha" width="0" height="0" codebase="https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab"><param name="movie" value="' + swfUrl + '" />
...[SNIP]...

1.104. http://assets.mybcdna.com/JavaScript//registration/new/registration.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.mybcdna.com
Path:	/JavaScript//registration/new/registration.js

Issue detail

The page was loaded from a URL containing a query string:

http://assets.mybcdna.com/JavaScript//registration/new/registration.js?64244

The response contains the following links to other domains:

https://h.online-metrix.net/fp/check.js?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'
https://h.online-metrix.net/fp/clear.png?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'&m=2
https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'

Request

GET /JavaScript//registration/new/registration.js?64244 HTTP/1.1
Host: assets.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0wJm9sZD0xJmxvZ2luX2ZhaWx1cmU9dHJ1ZSZlbWFpbElkPWVtYWls
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Fri, 16 Apr 2010 15:59:01 GMT
ETag: "2697475991"
Content-Type: text/javascript
Accept-Ranges: bytes
Date: Sun, 20 Mar 2011 13:36:33 GMT
Server: lighttpd/1.4.19
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 14:06:33 GMT
X-CDN: Cotendo
Connection: Keep-Alive
Content-Length: 5052

$(function(){$('#display_remember_information').click(function(){$('#remember_information, #remember_information_login_failure').show();return false});$('#remember_information p.close a, #remember_inf
...[SNIP]...
</p><img src="https://h.online-metrix.net/fp/clear.png?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'&m=2" alt="" ><script src="https://h.online-metrix.net/fp/check.js?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'"type="text/javascript"></script><object type="application/x-shockwave-flash" data="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'" width="1" height="1" id="obj_id"><param name="movie" value="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'" />
...[SNIP]...
</p><img src="https://h.online-metrix.net/fp/clear.png?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'&m=2" alt="" ><script src="https://h.online-metrix.net/fp/check.js?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'"type="text/javascript"></script><object type="application/x-shockwave-flash" data="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'" width="1" height="1" id="obj_id"><param name="movie" value="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'" />
...[SNIP]...

1.105. http://assets.mybcdna.com/JavaScript/apps/site.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.mybcdna.com
Path:	/JavaScript/apps/site.js

Issue detail

The page was loaded from a URL containing a query string:

http://assets.mybcdna.com/JavaScript/apps/site.js?64244

The response contains the following link to another domain:

http://pixel.33across.com/ps/'+Math.ceil(1e6*Math.random())+'/?pid=112&uid='+obj.data.sender+'&gnd='+obj.data.senderGender+'&age='+obj.data.senderAge+'&zp='+obj.data.senderZipCode+'&f='+obj.data.receiver+'&gnd2='+obj.data.receiverGender+'&age2='+obj.data.receiverAge+'&zp2='+obj.data.receiverZipCode+'&tt=iframe

Request

GET /JavaScript/apps/site.js?64244 HTTP/1.1
Host: assets.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://live.myyearbook.com/?2e77d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eadfd64910ba=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Thu, 18 Nov 2010 19:54:51 GMT
ETag: "3447361013"
Content-Type: text/javascript
Accept-Ranges: bytes
Date: Sun, 20 Mar 2011 14:10:55 GMT
Server: lighttpd/1.4.19
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 14:40:55 GMT
X-CDN: Cotendo
Connection: Keep-Alive
Content-Length: 5001

$(document).ready(function(){var qsText=$('#quickSearchBox').val();var qsColor=$('#quickSearchBox').css('color');$('#quickSearchBox').click(function(){var val=$.trim($(this).val());if(val==qsText){$(t
...[SNIP]...
st:function(receiverUserId){$.ajax({url:SITE_URL+'apps/ads/thirdparty/thirtyThreeAcross/'+receiverUserId+'/',type:'get',dataType:'jsonp'})},sendData:function(obj){if(obj&&!obj.error){$('body').append('<iframe style="display:none;width:1px;height:1px;" src="http://pixel.33across.com/ps/'+Math.ceil(1e6*Math.random())+'/?pid=112&uid='+obj.data.sender+'&gnd='+obj.data.senderGender+'&age='+obj.data.senderAge+'&zp='+obj.data.senderZipCode+'&f='+obj.data.receiver+'&gnd2='+obj.data.receiverGender+'&age2='+obj.data.receiverAge+'&zp2='+obj.data.receiverZipCode+'&tt=iframe"</iframe>')}}}};if(top.location!=self.location){top.location=self.location.href}

1.106. http://assets.mybcdna.com/JavaScript/common.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.mybcdna.com
Path:	/JavaScript/common.js

Issue detail

The page was loaded from a URL containing a query string:

http://assets.mybcdna.com/JavaScript/common.js?64244

The response contains the following link to another domain:

http://pixel.33across.com/ps/'%20+%20Math.ceil(%201e6%20*%20Math.random(%20)%20)%20+%20'/?pid=112&uid=' + obj.data.sender + '&gnd=' + obj.data.senderGender + '&age=' + obj.data.senderAge + '&zp=' + obj.data.senderZipCode + '&f=' + obj.data.receiver + '&gnd2=' + obj.data.receiverGender + '&age2=' + obj.data.receiverAge + '&zp2=' + obj.data.receiverZipCode + '&tt=iframe

Request

GET /JavaScript/common.js?64244 HTTP/1.1
Host: assets.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0wJm9sZD0xJmxvZ2luX2ZhaWx1cmU9dHJ1ZSZlbWFpbElkPWVtYWls
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Wed, 10 Mar 2010 15:52:15 GMT
ETag: "457023075"
Content-Type: text/javascript
Accept-Ranges: bytes
Date: Sun, 20 Mar 2011 13:36:37 GMT
Server: lighttpd/1.4.19
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 14:06:37 GMT
X-CDN: Cotendo
Connection: Keep-Alive
Content-Length: 19803

//Jeremy Wischusen - global variables for use in other scripts 6-2-2007
var site_url = "http://"+window.location.host

function tryToHide(el,event){
var toEl=event.target||event.toElement;
va
...[SNIP]...
: 'jsonp'
});

},

sendData : function ( obj )
{

// ensure we have data
if ( obj && ! obj.error )
{

$('body').append( '<iframe style="display:none;width:1px;height:1px;" src="http://pixel.33across.com/ps/' + Math.ceil( 1e6 * Math.random( ) ) + '/?pid=112&uid=' + obj.data.sender + '&gnd=' + obj.data.senderGender + '&age=' + obj.data.senderAge + '&zp=' + obj.data.senderZipCode + '&f=' + obj.data.receiver + '&gnd2=' + obj.data.receiverGender + '&age2=' + obj.data.receiverAge + '&zp2=' + obj.data.receiverZipCode + '&tt=iframe"</iframe>' );

}

}

}

};

1.107. http://bidder.mathtag.com/iframe/notify previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bidder.mathtag.com
Path:	/iframe/notify

Issue detail

The page was loaded from a URL containing a query string:

http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MjE0MzI3MzgzNzgzNjYzNy8xMTEwNDAvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pd3Nzb1g4SlNGczg1RjlCN293LWNUay8/InA55NeIGGV4hzZENaajIegtkxo&price=3.757000

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N553.mediamath/B5123370.3945;sz=300x250;pc=;ord=62143273837836637?
http://ad.doubleclick.net/adj/N553.mediamath/B5123370.39;sz=300x250;pc=;click1=http://pixel.mathtag.com/click/img?mt_aid=62143273837836637&mt_id=111040&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=62143273837836637?
http://r.openx.net/set?pid=0b83a084-dd0b-4bfe-9e2e-ab3706fc9955&rtb=uuid%3D4d5b2371-3928-7a83-24fb-d52328f5624b

Request

GET /iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MjE0MzI3MzgzNzgzNjYzNy8xMTEwNDAvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pd3Nzb1g4SlNGczg1RjlCN293LWNUay8/InA55NeIGGV4hzZENaajIegtkxo&price=3.757000 HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mt_mop=10004:1299934992|1:1297862934|10001:1297818481|11:1299460723|2:1299285586|3:1299090747|4:1299460679|5:1297863542|9:1297862322; ts=1300283399; uuid=4d5b2371-3928-7a83-24fb-d52328f5624b

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:34:37 GMT
Set-Cookie: mt_mop=10004:1299934992|1:1297862934|10001:1297818481|11:1299460723|2:1299285586|3:1299090747|4:1299460679|5:1300624477|9:1297862322; domain=.mathtag.com; path=/; expires=Wed, 19 Mar 2014 12:34:37 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Sun, 20 Mar 2011 12:34:37 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x4, ewr-bidder-x2
Server: MMBD/3.4.6
Content-Length: 1582
Content-Type: text/html
Connection: keep-alive

<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://pixel.mathtag.com/creative/img?mt_adid=70&mt_aid=62143273837836637&mt_e
...[SNIP]...
</div><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.mediamath/B5123370.39;sz=300x250;pc=;click1=http://pixel.mathtag.com/click/img?mt_aid=62143273837836637&mt_id=111040&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=62143273837836637?">
</SCRIPT>
...[SNIP]...
836637&mt_id=111040&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=http://ad.doubleclick.net/jump/N553.mediamath/B5123370.3945;sz=300x250;pc=;ord=62143273837836637?" target="_blank">
<IMG SRC="http://ad.doubleclick.net/ad/N553.mediamath/B5123370.3945;sz=300x250;pc=;ord=62143273837836637?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://r.openx.net/set?pid=0b83a084-dd0b-4bfe-9e2e-ab3706fc9955&rtb=uuid%3D4d5b2371-3928-7a83-24fb-d52328f5624b' height='1' width='1'></div>
...[SNIP]...

1.108. http://bidder.mathtag.com/iframe/notify previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bidder.mathtag.com
Path:	/iframe/notify

Issue detail

The page was loaded from a URL containing a query string:

http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82NjQ5MDU0NzkyOTkyMTg5Mi8xMDk2NzUvMTAyMTc0LzMvcUNrUlV0a2tSODZTZllSNWtDMUZwb3dud0hreW5rUUl0bkxKeWNpUWlUcy8/65jF72MGHLbwsG7rxNVZ3X0o4uc&price=3.050000

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N553.mediamath/B5123370.4;sz=300x250;ord=66490547929921892?
http://ad.doubleclick.net/adj/N553.mediamath/B5123370.4;sz=300x250;click1=http://pixel.mathtag.com/click/img?mt_aid=66490547929921892&mt_id=109675&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=66490547929921892?
http://cdn.doubleverify.com/ncript22.js?agnc=525744&cmp=579441&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=3&plc= &advid=579437&sid=12345&adid=
http://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=4d5b2371-3928-7a83-24fb-d52328f5624b&expires=28]

Request

GET /iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82NjQ5MDU0NzkyOTkyMTg5Mi8xMDk2NzUvMTAyMTc0LzMvcUNrUlV0a2tSODZTZllSNWtDMUZwb3dud0hreW5rUUl0bkxKeWNpUWlUcy8/65jF72MGHLbwsG7rxNVZ3X0o4uc&price=3.050000 HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mt_mop=10004:1299934992|1:1297862934|10001:1297818481|11:1299460723|2:1299285586|3:1299090747|4:1299460679|5:1300624477|9:1297862322; ts=1300624479; uuid=4d5b2371-3928-7a83-24fb-d52328f5624b

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:34:44 GMT
Set-Cookie: mt_mop=10004:1299934992|1:1297862934|10001:1297818481|11:1299460723|2:1299285586|3:1299090747|4:1299460679|5:1300624477|9:1300624484; domain=.mathtag.com; path=/; expires=Wed, 19 Mar 2014 12:34:44 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Sun, 20 Mar 2011 12:34:44 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x4, ewr-bidder-x2
Server: MMBD/3.4.6
Content-Length: 1825
Content-Type: text/html
Connection: keep-alive

<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://pixel.mathtag.com/creative/img?mt_adid=70&mt_aid=66490547929921892&mt_e
...[SNIP]...
</div><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.mediamath/B5123370.4;sz=300x250;click1=http://pixel.mathtag.com/click/img?mt_aid=66490547929921892&mt_id=109675&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=66490547929921892?">
</SCRIPT>
...[SNIP]...
0547929921892&mt_id=109675&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=http://ad.doubleclick.net/jump/N553.mediamath/B5123370.4;sz=300x250;ord=66490547929921892?" target="_blank">
<IMG SRC="http://ad.doubleclick.net/ad/N553.mediamath/B5123370.4;sz=300x250;ord=66490547929921892?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<img style='margin-left:-10px; margin-top:-10px' src='http://action.mathtag.com/mm/rtb/AXPG/1102A0/imp?ci=&li=&pe=&pt=&pi=&sc=&ct=&vi=&px=&su=' height='1' width='1'><script type='text/javascript' language='javascript' style='position:absolute; left:-10px; top:-10px' src='http://cdn.doubleverify.com/ncript22.js?agnc=525744&cmp=579441&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=3&plc= &advid=579437&sid=12345&adid='></script></div><div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=4d5b2371-3928-7a83-24fb-d52328f5624b&expires=28]' height='1' width='1'></div>
...[SNIP]...

1.109. http://bidder.mathtag.com/iframe/notify previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bidder.mathtag.com
Path:	/iframe/notify

Issue detail

The page was loaded from a URL containing a query string:

http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82NTI1NTM0NzU0Nzg1MDI2Mi8xMDkxMzYvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pNV9uZzhjR2tYX2V2RFRVQkhKMDc2by8/kLZ4JSxx1rdBz3lzg4AXpbtWcHs&price=3.757000

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N553.mediamath/B5123370.34;sz=300x250;ord=65255347547850262?
http://ad.doubleclick.net/adj/N553.mediamath/B5123370.34;sz=300x250;click1=http://pixel.mathtag.com/click/img?mt_aid=65255347547850262&mt_id=109136&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=65255347547850262?
http://ads.adbrite.com/adserver/vdi/684339?d=uuid%3D4d5b2371-3928-7a83-24fb-d52328f5624b

Request

GET /iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82NTI1NTM0NzU0Nzg1MDI2Mi8xMDkxMzYvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pNV9uZzhjR2tYX2V2RFRVQkhKMDc2by8/kLZ4JSxx1rdBz3lzg4AXpbtWcHs&price=3.757000 HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mt_mop=10004:1299934992|1:1297862934|10001:1297818481|11:1299460723|2:1299285586|3:1299090747|4:1299460679|5:1300624477|9:1300624484; ts=1300624485; uuid=4d5b2371-3928-7a83-24fb-d52328f5624b

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:28:54 GMT
Set-Cookie: mt_mop=10004:1299934992|1:1300627734|10001:1297818481|11:1299460723|2:1299285586|3:1299090747|4:1299460679|5:1300624477|9:1300624484; domain=.mathtag.com; path=/; expires=Wed, 19 Mar 2014 13:28:54 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Sun, 20 Mar 2011 13:28:54 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x1, ewr-bidder-x2
Server: MMBD/3.4.6
Content-Length: 1532
Content-Type: text/html
Connection: keep-alive

<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://pixel.mathtag.com/creative/img?mt_adid=70&mt_aid=65255347547850262&mt_e
...[SNIP]...
</div><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.mediamath/B5123370.34;sz=300x250;click1=http://pixel.mathtag.com/click/img?mt_aid=65255347547850262&mt_id=109136&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=65255347547850262?"></SCRIPT>
...[SNIP]...
5347547850262&mt_id=109136&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=http://ad.doubleclick.net/jump/N553.mediamath/B5123370.34;sz=300x250;ord=65255347547850262?" target="_blank"><IMG SRC="http://ad.doubleclick.net/ad/N553.mediamath/B5123370.34;sz=300x250;ord=65255347547850262?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://ads.adbrite.com/adserver/vdi/684339?d=uuid%3D4d5b2371-3928-7a83-24fb-d52328f5624b' height='1' width='1'></div>
...[SNIP]...

1.110. http://bidder.mathtag.com/iframe/notify previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bidder.mathtag.com
Path:	/iframe/notify

Issue detail

The page was loaded from a URL containing a query string:

http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82ODE2MTkxMTA5OTI3ODg5Ny8xMTEwMjgvMTAyMDY1LzQvUWk0TlZFWk5SbHYyNzBhYklEZU9pNnVVc3gxWkxKNTF1eUliTF9ENTVvRS8/-9XGQbHIEhvOILhUzhCdoUfCrpo&price=TYYBMAAPDO4K5V1O5uwWh8i6E5fg5lHTaGL8tg&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBGjVqMAGGTe6ZPM66lQeHrbC3Dtzvj_EB-PbyvBGMmoSTEgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi0yMzMyODU2MDcyODM4MDY4oAHg6pnsA7IBDHd3dy53b290LmNvbboBCjMwMHgyNTBfYXPIAQnaATBodHRwOi8vd3d3Lndvb3QuY29tL0Jsb2cvVmlld0VudHJ5LmFzcHg_SWQ9MTY4NDGYAsgfwAIEyALWwYwO4AIA6gISd29vdC1ibG9nMS0zMDB4MjUwqAMB6AMp6APtAvUDDAQAxOAEAYAGhtS_14-5g4fmAQ%26num%3D1%26sig%3DAGiWqtwcOCUfqI_Ad5EH8p7xJXIzJMxpFA%26client%3Dca-pub-2332856072838068%26adurl%3D

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N553.mediamath/B5123370.1445;sz=300x250;pc=;ord=68161911099278897?
http://ad.doubleclick.net/adj/N553.mediamath/B5123370.14;sz=300x250;pc=;click1=http://pixel.mathtag.com/click/img?mt_aid=68161911099278897&mt_id=111028&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=68161911099278897?

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82ODE2MTkxMTA5OTI3ODg5Ny8xMTEwMjgvMTAyMDY1LzQvUWk0TlZFWk5SbHYyNzBhYklEZU9pNnVVc3gxWkxKNTF1eUliTF9ENTVvRS8/-9XGQbHIEhvOILhUzhCdoUfCrpo&price=TYYBMAAPDO4K5V1O5uwWh8i6E5fg5lHTaGL8tg&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBGjVqMAGGTe6ZPM66lQeHrbC3Dtzvj_EB-PbyvBGMmoSTEgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi0yMzMyODU2MDcyODM4MDY4oAHg6pnsA7IBDHd3dy53b290LmNvbboBCjMwMHgyNTBfYXPIAQnaATBodHRwOi8vd3d3Lndvb3QuY29tL0Jsb2cvVmlld0VudHJ5LmFzcHg_SWQ9MTY4NDGYAsgfwAIEyALWwYwO4AIA6gISd29vdC1ibG9nMS0zMDB4MjUwqAMB6AMp6APtAvUDDAQAxOAEAYAGhtS_14-5g4fmAQ%26num%3D1%26sig%3DAGiWqtwcOCUfqI_Ad5EH8p7xJXIzJMxpFA%26client%3Dca-pub-2332856072838068%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mt_mop=10004:1299934992|1:1297862934|10001:1297818481|11:1299460723|2:1299285586|3:1299090747|4:1299460679|5:1300624477|9:1300624484; ts=1300624485; uuid=4d5b2371-3928-7a83-24fb-d52328f5624b

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:42:47 GMT
Server: MMBD/3.4.6
Content-Type: text/html
Content-Length: 1308
x-mm-dbg: bid not found
Last-Modified: Sun, 20 Mar 2011 13:42:47 GMT
x-mm-host: ewr-bidder-x2
Connection: keep-alive

<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://pixel.mathtag.com/creative/img?mt_adid=70&mt_aid=68161911099278897&mt_e
...[SNIP]...
</div><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.mediamath/B5123370.14;sz=300x250;pc=;click1=http://pixel.mathtag.com/click/img?mt_aid=68161911099278897&mt_id=111028&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=68161911099278897?">
</SCRIPT>
...[SNIP]...
278897&mt_id=111028&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=http://ad.doubleclick.net/jump/N553.mediamath/B5123370.1445;sz=300x250;pc=;ord=68161911099278897?" target="_blank">
<IMG SRC="http://ad.doubleclick.net/ad/N553.mediamath/B5123370.1445;sz=300x250;pc=;ord=68161911099278897?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

1.111. http://bidder.mathtag.com/iframe/notify previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bidder.mathtag.com
Path:	/iframe/notify

Issue detail

The page was loaded from a URL containing a query string:

http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MjE0MzI3MzgzNzgzNjYzNy8xMTEwNDAvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pd3Nzb1g4SlNGczg1RjlCN293LWNUay8/InA55NeIGGV4hzZENaajIegtkxo&price=3.757000

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N553.mediamath/B5123370.3945;sz=300x250;pc=;ord=62143273837836637?
http://ad.doubleclick.net/adj/N553.mediamath/B5123370.39;sz=300x250;pc=;click1=http://pixel.mathtag.com/click/img?mt_aid=62143273837836637&mt_id=111040&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=62143273837836637?
http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:4d5b2371-3928-7a83-24fb-d52328f5624b

Request

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:36:11 GMT
Last-Modified: Sun, 20 Mar 2011 12:36:11 GMT
x-mm-dbg: bid not found
x-mm-host: ewr-bidder-x4, ewr-bidder-x2
Server: MMBD/3.4.6
Content-Length: 1614
Content-Type: text/html
Connection: keep-alive

<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://pixel.mathtag.com/creative/img?mt_adid=70&mt_aid=62143273837836637&mt_e
...[SNIP]...
</div><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.mediamath/B5123370.39;sz=300x250;pc=;click1=http://pixel.mathtag.com/click/img?mt_aid=62143273837836637&mt_id=111040&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=62143273837836637?">
</SCRIPT>
...[SNIP]...
836637&mt_id=111040&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=http://ad.doubleclick.net/jump/N553.mediamath/B5123370.3945;sz=300x250;pc=;ord=62143273837836637?" target="_blank">
<IMG SRC="http://ad.doubleclick.net/ad/N553.mediamath/B5123370.3945;sz=300x250;pc=;ord=62143273837836637?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:4d5b2371-3928-7a83-24fb-d52328f5624b' height='1' width='1'></div>
...[SNIP]...

1.112. http://cache.galaxy-s.t-mobile.com/resources.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cache.galaxy-s.t-mobile.com
Path:	/resources.js

Issue detail

The page was loaded from a URL containing a query string:

http://cache.galaxy-s.t-mobile.com/resources.js?22aa341b67760bf2985de8e54b7f0dee

The response contains the following links to other domains:

http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax309;ord=' + a + '?
http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax309;ord=1?
http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax448;ord=' + a + '?
http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax448;ord=1?
http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax836;ord=' + a + '?
http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax836;ord=1?
http://libs.coremetrics.com/configs/'%20+%20cm_ClientID.split(

Request

GET /resources.js?22aa341b67760bf2985de8e54b7f0dee HTTP/1.1
Host: cache.galaxy-s.t-mobile.com
Proxy-Connection: keep-alive
Referer: http://galaxy-s.t-mobile.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TMobileCommon=TeaId=d676b058-7b88-48e0-a1a7-a54f7fb0806d; TMobileGeo=UserCurrentLocation=75207&UserCurrentCity=Dallas&UserCurrentCountry=United+States&GeoMarketId=8eb5dca0-f21b-4b24-8dc8-49933c6ff5d3&NeighborhoodName=Dallas&StateAbbreviation=TX&GeoMarketCode=DAT; TMobileUSStore=MarketUniqueID=8eb5dca0-f21b-4b24-8dc8-49933c6ff5d3&MarketCode=DAT&NeighborhoodName=Dallas&StateAbbreviation=TX&CityName=Dallas&StateName=Texas&ZIP=75207; TMobileSession=WT=&DCS=; mbox=PC#1300624507874-511379.17#1301836707|check#true#1300627167|session#1300627094627-816279#1300628967; TMobileSpanish=IsSpanishUser=false

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, max-age=604800
Content-Type: application/x-javascript; charset=utf-8
Date: Sun, 20 Mar 2011 13:34:57 GMT
Expires: Sun, 27 Mar 2011 13:34:58 GMT
Last-Modified: Wed, 16 Mar 2011 22:43:36 GMT
Server: ECS (dca/53F3)
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Cache: HIT
X-Powered-By: ASP.NET
X-Tmo-Framework-Version: 0.5.1101.836
Content-Length: 546448

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date:
...[SNIP]...
=== "testdata.coremetrics.com")) {
           cm_Production_HOST = "data.coremetrics.com";
       }
       cm_HOST += "/cm?";
   }

   if (cookieDomain) {
       cm_JSFPCookieDomain=cookieDomain;
   }

   document.write('<script language="javascript1.2" src="//libs.coremetrics.com/configs/' + cm_ClientID.split(";",1) + '.js"></script>
...[SNIP]...
= $(this).attr("floodlight");

switch (trackedEvent) {

case 'topiwantone': // Top Nav IWantOne button
$('body').append('<iframe src="http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax448;ord=' + a + '?" width="1" height="1" frameborder="0"></iframe>');
$('body').append('<iframe src="http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax448;ord=1?" width="1" height="1" frameborder="0"></iframe>');
break;

case 'defaultiwantone': // Default Page IWantOne button
$('body').append('<iframe src="http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax836;ord=' + a + '?" width="1" height="1" frameborder="0"></iframe>');
$('body').append('<iframe src="http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax836;ord=1?" width="1" height="1" frameborder="0"></iframe>');
break;

case 'featureslink': // See all features link
$('body').append('<iframe src="http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax309;ord=' + a + '?" width="1" height="1" frameborder="0"></iframe>');
$('body').append('<iframe src="http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax309;ord=1?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...

1.113. http://cache.t-mobile-coverage.t-mobile.com/resources.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cache.t-mobile-coverage.t-mobile.com
Path:	/resources.js

Issue detail

The page was loaded from a URL containing a query string:

http://cache.t-mobile-coverage.t-mobile.com/resources.js?e19a35599d12e0ddef70919eaa13c0db

The response contains the following link to another domain:

http://libs.coremetrics.com/configs/'%20+%20cm_ClientID.split(

Request

GET /resources.js?e19a35599d12e0ddef70919eaa13c0db HTTP/1.1
Host: cache.t-mobile-coverage.t-mobile.com
Proxy-Connection: keep-alive
Referer: http://t-mobile-coverage.t-mobile.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TMobileCommon=TeaId=d676b058-7b88-48e0-a1a7-a54f7fb0806d; TMobileGeo=UserCurrentLocation=75207&UserCurrentCity=Dallas&UserCurrentCountry=United+States&GeoMarketId=8eb5dca0-f21b-4b24-8dc8-49933c6ff5d3&NeighborhoodName=Dallas&StateAbbreviation=TX&GeoMarketCode=DAT; TMobileUSStore=MarketUniqueID=8eb5dca0-f21b-4b24-8dc8-49933c6ff5d3&MarketCode=DAT&NeighborhoodName=Dallas&StateAbbreviation=TX&CityName=Dallas&StateName=Texas&ZIP=75207; mbox=PC#1300624507874-511379.17#1301836695|check#true#1300627155|session#1300627094627-816279#1300628955; TMobileSpanish=IsSpanishUser=false; TMobileSession=WT=&DCS=

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, max-age=604800
Content-Type: application/x-javascript; charset=utf-8
Date: Sun, 20 Mar 2011 13:32:51 GMT
Expires: Sun, 27 Mar 2011 13:32:52 GMT
Last-Modified: Thu, 17 Mar 2011 23:20:24 GMT
Server: ECS (dca/53F3)
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Cache: HIT
X-Powered-By: ASP.NET
X-Tmo-Framework-Version: 0.5.1101.836
Content-Length: 793389

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date:
...[SNIP]...
=== "testdata.coremetrics.com")) {
           cm_Production_HOST = "data.coremetrics.com";
       }
       cm_HOST += "/cm?";
   }

   if (cookieDomain) {
       cm_JSFPCookieDomain=cookieDomain;
   }

   document.write('<script language="javascript1.2" src="//libs.coremetrics.com/configs/' + cm_ClientID.split(";",1) + '.js"></script>
...[SNIP]...

1.114. http://canvas.myyearbook.com/canvas previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://canvas.myyearbook.com
Path:	/canvas

Issue detail

The page was loaded from a URL containing a query string:

http://canvas.myyearbook.com/canvas?2e77d

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js
http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject_src.js
http://assets.mybcdna.com/JavaScript/apps/SuggestionBox.js?64244
http://assets.mybcdna.com/JavaScript/apps/Tools/JUMP.js?64244
http://assets.mybcdna.com/JavaScript/apps/VIP/VIP.js?64244
http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/Plugins/myYearbook.ActionIcons/myYearbook.ActionIcons.js?64244
http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/Plugins/myYearbook.DragonDrop/myYearbook.DragonDrop.js?64244
http://assets.mybcdna.com/css/apps/ActionIcons.css?64244
http://assets.mybcdna.com/css/apps/DragonDrop.css?64244
http://assets.mybcdna.com/css/apps/SuggestionBox.css?64244
http://assets.mybcdna.com/css/apps/VIP/VIP.css?64244
http://assets.mybcdna.com/css/apps/iframe.css?64244
http://assets.mybcdna.com/css/apps/reset.css?64244

Request

GET /canvas?2e77d HTTP/1.1
Host: canvas.myyearbook.com
Proxy-Connection: keep-alive
Referer: http://live.myyearbook.com/?2e77d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eadfd64910ba=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=f3640abbd1b1cdb3:T=1300624489:S=ALNI_MbrX_Emgz4sKka8nHjyRqG1O3ly8w; __utmz=138725551.1300624490.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-193244728-1300624490343; __utma=138725551.528389796.1300624489.1300624489.1300627604.2; __utmv=138725551.|1=gender=unknown=1,; PHPSESSID=52f776710184304877da085942e36b39; mybRegTheme=Live; mybRegData=%5B%5D; POSTAff2Cookie=Live; MYB_TARGET=_unknown_1000_____

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 14:11:01 GMT
Server: Apache
Set-Cookie: PHPSESSID=52f776710184304877da085942e36b39; path=/; domain=.myyearbook.com
P3P: policyref="/w3c/p3p.xml",CP="NOI DSP COR CURa OUR STP UNI"
Cache-control: no-cache
Pragma: no-cache
Content-Length: 34456
Connection: close
Content-Type: text/html; charset=UTF-8;

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="UTF-8" xml:lang="UTF-8">
<head>
<link rel="stylesheet" href="http://assets.mybcdna.com/css/apps/reset.css?64244" />
<link rel="stylesheet" href="http://assets.mybcdna.com/css/apps/iframe.css?64244" />
<link rel="stylesheet" href="http://assets.myyearbook.com/nerve/css/nerve.css?64244" />
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject_src.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript/apps/VIP/VIP.js?64244"></script>
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript/apps/Tools/JUMP.js?64244"></script>
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript/apps/SuggestionBox.js?64244"></script>

<link rel="stylesheet" href="http://assets.mybcdna.com/css/apps/DragonDrop.css?64244" media="screen, print" />
<link rel="stylesheet" href="http://assets.mybcdna.com/css/apps/ActionIcons.css?64244" media="screen, print" />
<link rel="stylesheet" href="http://assets.mybcdna.com/css/apps/VIP/VIP.css?64244" media="screen, print" />
<link rel="stylesheet" href="http://assets.mybcdna.com/css/apps/SuggestionBox.css?64244" media="screen, print" />

<script type="text/javascript">
...[SNIP]...
<link rel="stylesheet" href="http://canvas.myyearbook.com/static/CSS/Platform/platform.css?64244" type="text/css" />
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/Plugins/myYearbook.ActionIcons/myYearbook.ActionIcons.js?64244"></script>
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/Plugins/myYearbook.DragonDrop/myYearbook.DragonDrop.js?64244"></script>
...[SNIP]...

1.115. http://canvas.myyearbook.com/static/JavaScript/Platform/platform.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://canvas.myyearbook.com
Path:	/static/JavaScript/Platform/platform.js

Issue detail

The page was loaded from a URL containing a query string:

http://canvas.myyearbook.com/static/JavaScript/Platform/platform.js?64244

The response contains the following link to another domain:

http://www.adobe.com/go/getflashplayer

Request

GET /static/JavaScript/Platform/platform.js?64244 HTTP/1.1
Host: canvas.myyearbook.com
Proxy-Connection: keep-alive
Referer: http://canvas.myyearbook.com/canvas?2e77d
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=f3640abbd1b1cdb3:T=1300624489:S=ALNI_MbrX_Emgz4sKka8nHjyRqG1O3ly8w; __utmz=138725551.1300624490.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-193244728-1300624490343; mybRegTheme=Live; mybRegData=%5B%5D; POSTAff2Cookie=Live; MYB_TARGET=_unknown_1000_____; __utma=138725551.528389796.1300624489.1300627604.1300630269.3; __utmc=138725551; __utmv=138725551.|1=gender=unknown=1,; __utmb=138725551.1.10.1300630269; PHPSESSID=52f776710184304877da085942e36b39

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 14:11:05 GMT
Server: Apache
Last-Modified: Thu, 17 Mar 2011 15:58:36 GMT
ETag: "928288-289fe-49eafbbea4300"
Accept-Ranges: bytes
Content-Length: 166398
Connection: close
Content-Type: application/x-javascript
X-Pad: avoid browser bug

var Platform={instance:null,registeredComponents:[],data:{},registerComponent:function(f,m,g){if(typeof f!=="function")throw Error('Platform.registerComponent tried to register a component for "'+g+"\
...[SNIP]...
</h3><a href="http://www.adobe.com/go/getflashplayer" target="_blank"><img src="/static/Images/Platform/160x41_Get_Flash_Player.jpg" />
...[SNIP]...

1.116. http://citi.bridgetrack.com/a/s/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://citi.bridgetrack.com
Path:	/a/s/

Issue detail

The page was loaded from a URL containing a query string:

http://citi.bridgetrack.com/a/s/?BT_PID=232720&BT_CON=1&BT_PM=1&r=0.03269890369847417&_u=visitor&_d=http://www.citibank.com

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /a/s/?BT_PID=232720&BT_CON=1&BT_PM=1&r=0.03269890369847417&_u=visitor&_d=http://www.citibank.com HTTP/1.1
Host: citi.bridgetrack.com
Proxy-Connection: keep-alive
Referer: http://www.citibank.com/us/home.htm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AdData=S1C=1&S1T=201103200834330840&S1=98866z232719; ASB9=TX=1300624474&Pb=3&A=8&SID=C2E8E8D7F02C4526A3D003F851FC1370&Vn=271&Ct=0&Pc=0&S=&Cn=1&Pd=0&T=86408&Cr=98866&W=42840&Tr=42840&Cp=4112&P=232719&B=9; CitiBT=GUID=D6034485299F45568B293696E8A5B4AE; ATV9=14114d11V54Ac1c40Gc738Fc3c8Fc30HIc2KC8cc19QOc8ccc19QOccccc; CitiBTSES=SID=AAF5C5BACDB749E3BE014D9E94D40670

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/x-javascript
Expires: Sat, 19 Mar 2011 12:34:46 GMT
Vary: Accept-Encoding
Server:
P3P: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
Set-Cookie: CitiBT=GUID=D6034485299F45568B293696E8A5B4AE; expires=Wed, 14-Mar-2012 04:00:00 GMT; path=/
Set-Cookie: AdData=S2C=1&S1=98866z232719&S1T=201103200834330840&S2T=201103200834460757&S2=95350z232720&S1C=1; expires=Thu, 19-May-2011 04:00:00 GMT; path=/
Set-Cookie: CitiBTSES=SID=AAF5C5BACDB749E3BE014D9E94D40670; path=/
Date: Sun, 20 Mar 2011 12:34:46 GMT
Connection: close
Content-Length: 2661

var bt_ad_content232720=true;
function BTWrite(s) { document.write(s); }
function BTAdClick(szURL){window.open(szURL);};var n=navigator;var h="";var fmnv=5;var fmav=10;var btf="http://citi.bridgetrack
...[SNIP]...
ash"].description.replace(/\D*(\d+)\..*/,"$1"),10);}catch(e){}for(var i=fmav;i>=0;i--){try{if(new ActiveXObject("ShockwaveFlash.ShockwaveFlash."+i)){return i;}}catch(e){}}return 0;}if(fc()>=fmnv){h+=('<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=3,0,0,0" ID=FLASH_AD WIDTH=218 HEIGHT=88>' );h+=('<PARAM NAME=movie VALUE="'+btf+'">
...[SNIP]...

1.117. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=xplusone1&_r=1

The response contains the following link to another domain:

http://d.xp1.ru4.com/um?_r=1&_o=62795&_i=52786&_u=CAESEI5EsSknUMLanxORiFU2zbg&cver=1&_r=1

Request

GET /pixel?nid=xplusone1&_r=1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://d.xp1.ru4.com/meta?_o=179638&_t=cmcont&ssv_ptnr=pm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

HTTP/1.1 302 Found
Location: http://d.xp1.ru4.com/um?_r=1&_o=62795&_i=52786&_u=CAESEI5EsSknUMLanxORiFU2zbg&cver=1&_r=1
Date: Sun, 20 Mar 2011 12:38:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 306
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://d.xp1.ru4.com/um?_r=1&_o=62795&_i=52786&_u=CAESEI5EsSknUMLanxORiFU2zbg&cver=1&_r=1">here</A>
...[SNIP]...

1.118. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=turn1

The response contains the following link to another domain:

http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEH-HQ_x4I2dNiNCm8_bY604&cver=1

Request

GET /pixel?nid=turn1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=8392341830659049202&rnd=7699189076381337126&fpid=1&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

HTTP/1.1 302 Found
Location: http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEH-HQ_x4I2dNiNCm8_bY604&cver=1
Date: Sun, 20 Mar 2011 12:38:45 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEH-HQ_x4I2dNiNCm8_bY604&cver=1">here</A>
...[SNIP]...

1.119. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=dotomi&_cbust=WH9qYVd2Q3FGAWJeBgV%2BWQlbaXsQfgZCDFxlX1ZL

The response contains the following links to other domains:

http://www.google.com/
http://www.google.com/support/bin/answer.py?answer=86640

Request

GET /pixel?nid=dotomi&_cbust=WH9qYVd2Q3FGAWJeBgV%2BWQlbaXsQfgZCDFxlX1ZL HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://usweb.dotomi.com/renderer/delPublishersCookies.html?pid=13200&rurl=http%3A%2F%2Fads.dotomi.com%2Fads.php%3Fpid%3D13200%26mtg%3D0%26ms%3D11%26btg%3D1%26mp%3D1%26dres%3Diframe%26rwidth%3D300%26rheight%3D250%26pp%3D0%26cg%3D2084%26tz%3D300&u=WH9qYVd2Q3FGAWJeBgV%2BWQlbaXsQfgZCDFxlX1ZL&mpc=0&p=13200&pcg=2084&cg=2084&o=2084
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 403 Forbidden
Content-Length: 1207
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:21:33 GMT
Server: GFE/2.0

<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"/><title>Sorry...</title><style> body { font-family: verdana, arial, sans-serif; background-color: #fff; color: #000; }</s
...[SNIP]...
<div style="margin-left: 4em;">See <a href="http://www.google.com/support/bin/answer.py?answer=86640">Google Help</a>
...[SNIP]...
<div style="text-align: center; border-top: 1px solid #dfdfdf;">© 2009 Google - <a href="http://www.google.com">Google Home</a>
...[SNIP]...

1.120. http://cms.ad.yieldmanager.net/v1/cms previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cms.ad.yieldmanager.net
Path:	/v1/cms

Issue detail

The page was loaded from a URL containing a query string:

http://cms.ad.yieldmanager.net/v1/cms?esig=1~6451b4a684f76cdc256978b3b9011cd5f8ab2361&nwid=10000358902&sigv=1

The response contains the following link to another domain:

http://cookex.amp.yahoo.com/v2/cexposer/SIG=13hpsifc8/*http:/cms.ad.yieldmanager.net/v1/cms?esig=1~6451b4a684f76cdc256978b3b9011cd5f8ab2361&nwid=10000358902&sigv=1

Request

GET /v1/cms?esig=1~6451b4a684f76cdc256978b3b9011cd5f8ab2361&nwid=10000358902&sigv=1 HTTP/1.1
Host: cms.ad.yieldmanager.net
Proxy-Connection: keep-alive
Referer: http://www.lanebryant.com/user/login.jsp?dest=%2Fuser%2Fmain.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=61

Response

HTTP/1.1 302 Found
Date: Sun, 20 Mar 2011 13:35:18 GMT
Location: http://cookex.amp.yahoo.com/v2/cexposer/SIG=13hpsifc8/*http%3A//cms.ad.yieldmanager.net/v1/cms?esig=1~6451b4a684f76cdc256978b3b9011cd5f8ab2361&nwid=10000358902&sigv=1
Cache-Control: private
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 422

The document has moved <A HREF="http://cookex.amp.yahoo.com/v2/cexposer/SIG=13hpsifc8/*http%3A//cms.ad.yieldmanager.net/v1/cms?esig=1~6451b4a684f76cdc256978b3b9011cd5f8ab2361&nwid=10000358902&sigv=1">here</A>
...[SNIP]...

1.121. http://cms.ad.yieldmanager.net/v1/cms previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cms.ad.yieldmanager.net
Path:	/v1/cms

Issue detail

The page was loaded from a URL containing a query string:

http://cms.ad.yieldmanager.net/v1/cms?esig=1~6451b4a684f76cdc256978b3b9011cd5f8ab2361&nwid=10000358902&sigv=1&SIG=10vccidpm;x-cookie=6y13i316yau2y&o=4&f=8v

The response contains the following link to another domain:

http://admonkey.dapper.net/RMXCookieMonster?xid=UxCi9UcoAkFL11OKlcXS1.7k

Request

GET /v1/cms?esig=1~6451b4a684f76cdc256978b3b9011cd5f8ab2361&nwid=10000358902&sigv=1&SIG=10vccidpm;x-cookie=6y13i316yau2y&o=4&f=8v HTTP/1.1
Host: cms.ad.yieldmanager.net
Proxy-Connection: keep-alive
Referer: http://www.lanebryant.com/user/login.jsp?dest=%2Fuser%2Fmain.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=61

Response

HTTP/1.1 302 Found
Date: Sun, 20 Mar 2011 13:35:22 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=78;path=/; expires=Tue, 02-Jun-2037 20:00:00 GMT;domain=.yieldmanager.net
Set-Cookie: S=s=729j1dp6oc0kq&t=1300628122;path=/; expires=
Location: http://admonkey.dapper.net/RMXCookieMonster?xid=UxCi9UcoAkFL11OKlcXS1.7k
Cache-Control: private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 790

HTTP/1.1 302 Found
Date: Sun, 20 Mar 2011 13:35:22 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PU
...[SNIP]...
monkey.dapper.net/RMXCookieMonster?xid=UxCi9UcoAkFL11OKlcXS1.7k
Cache-Control: private
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

The document has moved <A HREF="http://admonkey.dapper.net/RMXCookieMonster?xid=UxCi9UcoAkFL11OKlcXS1.7k">here</A>
...[SNIP]...

1.122. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1700

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1700\x26title\x3dEmployee+Free+Choice+Act+or+100%25+Unionization+Act
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1700\x26title\x3dEmployee Free Choice Act or 100% Unionization Act

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1700 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:23 GMT
Expires: Sun, 20 Mar 2011 13:06:23 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1222

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1700\x26title\x3dEmployee+Free+Choice+Act+or+100%25+Unionization+Act" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1700\x26title\x3dEmployee Free Choice Act or 100% Unionization Act">Stumble It!</a>
...[SNIP]...

1.123. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1686

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1686\x26title\x3dWhy+Hollywood+Cooling+on+Obama+Is+Good+for+the+President
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1686\x26title\x3dWhy Hollywood Cooling on Obama Is Good for the President

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1686 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:22 GMT
Expires: Sun, 20 Mar 2011 13:06:22 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1234

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1686\x26title\x3dWhy+Hollywood+Cooling+on+Obama+Is+Good+for+the+President" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1686\x26title\x3dWhy Hollywood Cooling on Obama Is Good for the President">Stumble It!</a>
...[SNIP]...

1.124. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1672

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1672\x26title\x3dMiddle+Class+Is+Shrinking%3A+Who+Is+to+Blame%3F
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1672\x26title\x3dMiddle Class Is Shrinking: Who Is to Blame?

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1672 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:24 GMT
Expires: Sun, 20 Mar 2011 13:06:24 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1212

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1672\x26title\x3dMiddle+Class+Is+Shrinking%3A+Who+Is+to+Blame%3F" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1672\x26title\x3dMiddle Class Is Shrinking: Who Is to Blame?">Stumble It!</a>
...[SNIP]...

1.125. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1689

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1689\x26title\x3dWhy+GOP+Is+Right+%28and+Stupid%29+on+the+Youth+Vote
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1689\x26title\x3dWhy GOP Is Right (and Stupid) on the Youth Vote

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1689 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:22 GMT
Expires: Sun, 20 Mar 2011 13:06:22 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1220

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1689\x26title\x3dWhy+GOP+Is+Right+%28and+Stupid%29+on+the+Youth+Vote" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1689\x26title\x3dWhy GOP Is Right (and Stupid) on the Youth Vote">Stumble It!</a>
...[SNIP]...

1.126. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1693

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1693\x26title\x3d3+Recent+Taxation+Drawbacks%2C+or+Why+Politicians+Are+the+Dumbest+People+on+Earth
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1693\x26title\x3d3 Recent Taxation Drawbacks, or Why Politicians Are the Dumbest People on Earth

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1693 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:22 GMT
Expires: Sun, 20 Mar 2011 13:06:22 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1282

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1693\x26title\x3d3+Recent+Taxation+Drawbacks%2C+or+Why+Politicians+Are+the+Dumbest+People+on+Earth" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1693\x26title\x3d3 Recent Taxation Drawbacks, or Why Politicians Are the Dumbest People on Earth">Stumble It!</a>
...[SNIP]...

1.127. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1679

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1679\x26title\x3dMuammer+Gaddafi%3A+What+to+Do%2C+What+to+Do%3F
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1679\x26title\x3dMuammer Gaddafi: What to Do, What to Do?

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1679 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:24 GMT
Expires: Sun, 20 Mar 2011 13:06:24 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1208

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1679\x26title\x3dMuammer+Gaddafi%3A+What+to+Do%2C+What+to+Do%3F" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1679\x26title\x3dMuammer Gaddafi: What to Do, What to Do?">Stumble It!</a>
...[SNIP]...

1.128. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1669

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1669\x26title\x3dObama+Proposes+%2489+Billion+Cuts+in+Education+Spending
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1669\x26title\x3dObama Proposes $89 Billion Cuts in Education Spending

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1669 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:24 GMT
Expires: Sun, 20 Mar 2011 13:06:24 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1230

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1669\x26title\x3dObama+Proposes+%2489+Billion+Cuts+in+Education+Spending" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1669\x26title\x3dObama Proposes $89 Billion Cuts in Education Spending">Stumble It!</a>
...[SNIP]...

1.129. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1683

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1683\x26title\x3dClean+Water+Cuts%3A+Didn%E2%80%99t+Really+Need+That+Anyway
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1683\x26title\x3dClean Water Cuts: Didn\u2019t Really Need That Anyway

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1683 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:13:11 GMT
Expires: Sun, 20 Mar 2011 13:13:11 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1233

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1683\x26title\x3dClean+Water+Cuts%3A+Didn%E2%80%99t+Really+Need+That+Anyway" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1683\x26title\x3dClean Water Cuts: Didn\u2019t Really Need That Anyway">Stumble It!</a>
...[SNIP]...

1.130. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1676

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1676\x26title\x3dGallup+Shows+Democrat+States+Cut+in+Half+Over+2+Years%3A+Why%3F
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1676\x26title\x3dGallup Shows Democrat States Cut in Half Over 2 Years: Why?

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1676 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:24 GMT
Expires: Sun, 20 Mar 2011 13:06:24 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1244

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1676\x26title\x3dGallup+Shows+Democrat+States+Cut+in+Half+Over+2+Years%3A+Why%3F" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1676\x26title\x3dGallup Shows Democrat States Cut in Half Over 2 Years: Why?">Stumble It!</a>
...[SNIP]...

1.131. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1697

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1697\x26title\x3dWhy+the+Country+Is+Softening+on+Gay+Marriage
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1697\x26title\x3dWhy the Country Is Softening on Gay Marriage

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1697 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:22 GMT
Expires: Sun, 20 Mar 2011 13:06:22 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1210

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1697\x26title\x3dWhy+the+Country+Is+Softening+on+Gay+Marriage" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1697\x26title\x3dWhy the Country Is Softening on Gay Marriage">Stumble It!</a>
...[SNIP]...

1.132. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityi;src=998766;type=tmobi838;cat=tmobi392;ord=4678929757792.503?

The response contains the following links to other domains:

http://a.tribalfusion.com/i.cid?c=191233&d=30&page=landingPage
http://action.media6degrees.com/orbserv/hbpix?pixId=5841&pcv=53
http://ad.trafficmp.com/a/bpix?adv=100&id=10&format=image&r=
http://ad.trafficmp.com/a/bpix?adv=100&id=2&format=image&r=
http://ads.bluelithium.com/pixel?id=1146583&t=2
http://ads.bluelithium.com/pixel?id=1195402&t=2
http://bp.specificclick.net/?pixid=99010384
http://conv.opt.fimserve.com/conv/1345/?
http://leadback.advertising.com/adcedge/lb?site=695501&betr=tmobilex_cs=[+]1[720],3[8760],4[168]
http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=tmowinterwindow_cs=1&betq=13027=434822
http://media.fastclick.net/w/tre?ad_id=24328;evt=17076;cat1=21132;cat2=21133;rand=[CACHEBUSTER]
http://mnis.secure-adserver.com/Segment.aspx?sid=61362ed2-6fb8-4041-a343-55e9bd1a1600
http://pixel.quantserve.com/pixel/p-e5k6DM2VGVzao.gif?labels=_fp.event.T-Mobile+Homepage
http://segment-pixel.invitemedia.com/pixel?pixelID=18848&partnerID=77&clientID=1969&key=segment
http://redcated/action/MMN_DR_TMobile_Shop_Unsecure
http://redcated/action/MMN_TMobile_Affordability_Landing_Unsecure

Request

GET /activityi;src=998766;type=tmobi838;cat=tmobi392;ord=4678929757792.503? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.t-mobile.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Sun, 20 Mar 2011 12:35:18 GMT
Expires: Sun, 20 Mar 2011 12:35:18 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 4054

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="http://ad.doubleclick.net/activity;src=1379696;dcnet=4155;boom=40089;sz=1x1;ord=1?"width=1 height=1 border=0><img src="http://segment-pixel.invitemedia.com/pixel?pixelID=18848&partnerID=77&clientID=1969&key=segment" width="1" height="1" /><img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=tmowinterwindow_cs=1&betq=13027=434822" width = "1" height = "1" border = "0"><img width="1" height="1" src="http://action.media6degrees.com/orbserv/hbpix?pixId=5841&pcv=53" />
...[SNIP]...
</script> <img src="http://leadback.advertising.com/adcedge/lb?site=695501&betr=tmobilex_cs=[+]1[720],3[8760],4[168]" width="1" height="1" /><img src="http://mnis.secure-adserver.com/Segment.aspx?sid=61362ed2-6fb8-4041-a343-55e9bd1a1600" width="1" height="1" /><img width=1 height=1 border=0 src="http://ad.trafficmp.com/a/bpix?adv=100&id=10&format=image&r="><img height="1" width="1" src="http://view.atdmt.com/action/MMN_TMobile_Affordability_Landing_Unsecure"/><img src="http://ads.bluelithium.com/pixel?id=1146583&t=2" width="1" height="1" /><img src='http://a.tribalfusion.com/i.cid?c=191233&d=30&page=landingPage' width='1' height='1' border='0'><noscript>
<img src="http://pixel.quantserve.com/pixel/p-e5k6DM2VGVzao.gif?labels=_fp.event.T-Mobile+Homepage" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript><img width=1 height=1 border=0 src="http://ad.trafficmp.com/a/bpix?adv=100&id=2&format=image&r="><IMG SRC="http://bp.specificclick.net?pixid=99010384" width=0 height=0 border=0><img height="1" width="1" src="http://view.atdmt.com/action/MMN_DR_TMobile_Shop_Unsecure"/><img src="http://media.fastclick.net/w/tre?ad_id=24328;evt=17076;cat1=21132;cat2=21133;rand=[CACHEBUSTER]" width="1" height="1" border="0"><img src="http://ads.bluelithium.com/pixel?id=1195402&t=2"; width="1" height="1" /><script language='javascript'>
...[SNIP]...
<noscript> <img src="http://conv.opt.fimserve.com/conv/1345/?"; width="1" height="1" border="0"> </noscript>
...[SNIP]...

1.133. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityi;src=1803375;type=t-mob207;cat=t-moc188;ord=5131071771029.383?

The response contains the following links to other domains:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=2452&token=TMHS1
http://redcated/action/Tmobile_Espanol_Homepage

Request

GET /activityi;src=1803375;type=t-mob207;cat=t-moc188;ord=5131071771029.383? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.t-mobile.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Sun, 20 Mar 2011 13:03:11 GMT
Expires: Sun, 20 Mar 2011 13:03:11 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 643

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=2452&token=TMHS1" width="1" height="1" border="0">
...[SNIP]...
<img height="1" width="1" src="http://view.atdmt.com/action/Tmobile_Espanol_Homepage"/></body>
...[SNIP]...

1.134. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2332856072838068&format=728x90_as&output=html&h=90&w=728&lmt=1300645740&channel=Blog728Image&ad_type=text_image&color_bg=FFFFFF&color_border=FFFFFF&color_link=4A6751&color_text=000000&color_url=B35A1E&flash=10.2.154&url=http%3A%2F%2Fwww.woot.com%2FForums%2F&dt=1300627740399&bpp=3&shv=r20110315&jsv=r20110317&correlator=1300627740639&frm=0&adk=453380111&ga_vid=473007276.1300627741&ga_sid=1300627741&ga_hid=602886886&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1096&bih=916&fu=0&ifi=1&dtd=506&xpc=A6InmP8TQy&p=http%3A//www.woot.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.woot.com/Forums/%26hl%3Den%26client%3Dca-pub-2332856072838068%26adU%3Dwww.networksolutions.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNGK6je6BfIIlJV19KGGKez0Ftw0Ag

Request

GET /pagead/ads?client=ca-pub-2332856072838068&format=728x90_as&output=html&h=90&w=728&lmt=1300645740&channel=Blog728Image&ad_type=text_image&color_bg=FFFFFF&color_border=FFFFFF&color_link=4A6751&color_text=000000&color_url=B35A1E&flash=10.2.154&url=http%3A%2F%2Fwww.woot.com%2FForums%2F&dt=1300627740399&bpp=3&shv=r20110315&jsv=r20110317&correlator=1300627740639&frm=0&adk=453380111&ga_vid=473007276.1300627741&ga_sid=1300627741&ga_hid=602886886&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1096&bih=916&fu=0&ifi=1&dtd=506&xpc=A6InmP8TQy&p=http%3A//www.woot.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 20 Mar 2011 13:41:40 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block
Content-Length: 2742

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><IFRAME SRC="http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googlead
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.woot.com/Forums/%26hl%3Den%26client%3Dca-pub-2332856072838068%26adU%3Dwww.networksolutions.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNGK6je6BfIIlJV19KGGKez0Ftw0Ag" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

1.135. http://ib.adnxs.com/acb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/acb

Issue detail

The page was loaded from a URL containing a query string:

http://ib.adnxs.com/acb?member=311&width=728&height=90&pb=300&cb=1958835&referrer=

The response contains the following link to another domain:

http://redcated/ADO/view/278612728/direct;wi.1;hi.1/01

Request

GET /acb?member=311&width=728&height=90&pb=300&cb=1958835&referrer= HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/hserver/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: acb217693=5_[r^kI/7ZsKwYn20/dRQ#LFv?enc=q6qqqqqqCkAAAAAAAAAIQAAAAAAAAAhAUbgehetRD0BmZmZmZmYRQGhgmDM5kQxGvNv2i6g_Cj5M9IVNAAAAAPA7AwA3AQAANQEAAAIAAAAK6wEAy10AAAEAAABVU0QAVVNEANgCWgCfGAAAAgkBAgUCAAUAAAAAZhuLjQAAAAA.&tt_code=cm.mtv&udj=uf%28%27a%27%2C+436%2C+1300624460%29%3Buf%28%27c%27%2C+1495%2C+1300624460%29%3Buf%28%27r%27%2C+125706%2C+1300624460%29%3Bppv%28658%2C+%275047568957240270952%27%2C+1300624460%2C+1301920460%2C+1495%2C+24011%29%3B&cnd=!MxRwEwjXCxCK1gcYACDLuwEoADFmZmZmZmYRQEITCAAQABgAIAEo_v__________AUgAUABYnzFgAGi1Ag..; sess=1; icu=ChEIs34QChgBIAEoATDM6JfsBBDM6JfsBBgA; acb697950=5_[r^208WMsKwYn20/dRQ#LFv?enc=q6qqqqqqCkAAAAAAAAAIQAAAAAAAAAhAUbgehetRD0BmZmZmZmYRQBD_V-7IrodtvNv2i6g_Cj5M9IVNAAAAAPA7AwA3AQAANQEAAAIAAAAP6wEAy10AAAEAAABVU0QAVVNEACwB-gCqFAAANAYBAgUCAAUAAAAAox1UPAAAAAA.&tt_code=cm.mtv&udj=uf%28%27a%27%2C+436%2C+1300624460%29%3Buf%28%27c%27%2C+1495%2C+1300624460%29%3Buf%28%27r%27%2C+125711%2C+1300624460%29%3Bppv%28658%2C+%277892469050005520144%27%2C+1300624460%2C+1301920460%2C+1495%2C+24011%29%3B&cnd=!OxSWFAjXCxCP1gcYACDLuwEoADFmZmZmZmYRQEITCAAQABgAIAEo_v__________AUgAUABYqilgAGi1Ag..; uuid2=4470455573253905340; anj=Kfw)m=m<8a)J7/OYr/'s=IwLU:$!UVASc>b?VIGE-N>UxOFRGr+YZ/FWNPLa6Bh9N?dv<eGA^d20uuJH/WLU-8t]Rv8(d4JJF/w:>DGr6rk41RgoZ*smVn:65s/UfZ1@>PiKfNerAIUr'2H4t8[M)4d2dvvPF$9o9++d4dySu*UHq3J8D]72n7FWvwRm7ymPwWuOn>Gj*L-CQ(0*kBs`m+(J0h%d7I*'nCR<y*iNU^Xb3G$W[g1zyDyqD/G7:gIb_'<mbJO@]Lred+Khf#0rO%^zuSU=%+y>PISEGOgn'7]jKU=n6-[hp+.._vyS57[0>ZkT5rjcqt=B=*z::$Ttv_G1*ohEc.?86_5dh>z+qG'TN-MGTl3M0:xto340:@KROI9[%y+=[bX>^BPQs3I8h7>XWjFBJ!!Bp>+-vHV^]nna`E?J3pkqePGS@IeL[=)n#WHcEB[meAr+vGF*agbW>PiuHpQ)X5n2k^hWH%9.*Q-jLf(uB14rBS/[@Iv?>J+s4<i-I1MCsIUb%5gkSeU`9/n1L6F0Jc@pmLC909x!rPw[<DsJ'NB15>SyA`)hq$W]n><h32LYK`2Nm2dvyF[V).u9QB+pj:HN/!%C^(!sUyI76!_Xb_Iu5(aFf3!a[#oOr*hBAc>5r:uaS?XC5s=RwE/Zwb:7I5j>1Mz(m3JU

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 21-Mar-2011 12:35:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4470455573253905340; path=/; expires=Sat, 18-Jun-2011 12:35:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb217693=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: uuid2=4470455573253905340; path=/; expires=Sat, 18-Jun-2011 12:35:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)mCZ#-r-!gzo>[kYTDmttkPca(V@/-5')OxxeV9l(T.NP!VQ*WxW8/AFd*uhL02T<DWLF=BsI%D@!OdH1zQs$UMud-Eh?sa'dqck(st3''KvohV@mP#_RKKm7@Z0r]ViD'sGrGuqI5$2LF<*fzhd2g8/Q_@CuwFz7dQT'!<c2TTAvhUnB#bx:l*%C=Hp(kQD(GLB?eA<KpRnzj9%KWGr^c$7s5n8=]+*UXW1A*u7'AW5q@QMN/QR@8>VM29jc[1)gCMa^An4d#E-hRp2UQA@asZ'sO*v>F3+w*x!NJGBK-cHou>7crTZw3q4(=t%W!j*1p#my5X!q#w6QvMP45d#I6eSpajwM0w_qgFc$7^XCMh+aC-Zp()FMzniQ)!=EOMc`TiQgJeA]EI3/]BEqxY3TGVFBFdm1Mb2V%dDGJhj:KPYB=a.8O+Dno3hTPTO+I2I`nv!Cc<Bjem)?.RJ%.IY%dA/egn2_@H>x9x5msI6M%PVse@J=L=?I?!urUvLxTt#X!rwk3Mt8:YrBc?[0LD'SMN!2t[CIf^H%jodr^N/HA?HRruC<d#Wp`_Eb]Y87XW@2`wlo37Uy)ybWng5S1#q0c%T+b_3BJX87R[7jJjWa0A?mY>a?P%O!]H.6-_>K^MiMP+=`bJcVn-fk*^N^FSF]UZYyo2b::nAN.v<lOH%]./>xn:; path=/; expires=Sat, 18-Jun-2011 12:35:12 GMT; domain=.adnxs.com; HttpOnly
Date: Sun, 20 Mar 2011 12:35:12 GMT
Content-Length: 646

<a href="http://ib.adnxs.com/click/q6qqqqqqCkAAAAAAAAAIQAAAAAAAAAhAUbgehetRD0BmZmZmZmYRQGhgmDM5kQxGvNv2i6g_Cj5M9IVNAAAAAPA7AwA3AQAANQEAAAIAAAAK6wEAy10AAAEAAABVU0QAVVNEANgCWgCfGAAAAgkBAQUCAAUAAAAAZRt6j
...[SNIP]...
</a><img src="http://view.atdmt.com/ADO/view/278612728/direct;wi.1;hi.1/01" width="1" height="1"/>

1.136. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The page was loaded from a URL containing a query string:

http://ib.adnxs.com/ptj?member=311&inv_code=cm.mtv&size=300x250&referrer=http%3A%2F%2Fredcated%2FPTR%2Fiview%2F240321409%2Fdirect%3Bwi.1%3Bhi.1%2F01%3Frelocate%3Dhttp%3A%2F%2Fviacom.adbureau.net%2FAFTRSERVER%2Fhserver%2Fheight%3D250%2Fwidth%3D300%2Fsite%3DSW.NOL%2Faamsz%3D300X250%2FNCP%3D1%2F&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.mtv%2Fgames_010111%3Bnet%3Dcm%3Bu%3D%2Ccm-81541724_1300624460%2C11e4f07c0988ac7%2Cmusic%2Cax.{PRICEBUCKET}-am.bk-cm.sportsreg-cm.sports_m-cm.ent_m-qc.ac-ex.6-bz.30-bz.51-bz.25-bz.ab-bz.ae-wfm.difi_h-iblocal.sports_h%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D928696%3Bcontx%3Dmusic%3Ban%3D{PRICEBUCKET}%3Bdc%3Dd%3Bbtg%3Dam.bk%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sports_m%3Bbtg%3Dcm.ent_m%3Bbtg%3Dqc.ac%3Bbtg%3Dex.6%3Bbtg%3Dbz.30%3Bbtg%3Dbz.51%3Bbtg%3Dbz.25%3Bbtg%3Dbz.ab%3Bbtg%3Dbz.ae%3Bbtg%3Dwfm.difi_h%3Bbtg%3Diblocal.sports_h%3Bord%3D%5Btimestamp%5D%3F

The response contains the following link to another domain:

http://redcated/iaction/adoapn_AppNexusDemoActionTag_1

Request

GET /ptj?member=311&inv_code=cm.mtv&size=300x250&referrer=http%3A%2F%2Fredcated%2FPTR%2Fiview%2F240321409%2Fdirect%3Bwi.1%3Bhi.1%2F01%3Frelocate%3Dhttp%3A%2F%2Fviacom.adbureau.net%2FAFTRSERVER%2Fhserver%2Fheight%3D250%2Fwidth%3D300%2Fsite%3DSW.NOL%2Faamsz%3D300X250%2FNCP%3D1%2F&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.mtv%2Fgames_010111%3Bnet%3Dcm%3Bu%3D%2Ccm-81541724_1300624460%2C11e4f07c0988ac7%2Cmusic%2Cax.{PRICEBUCKET}-am.bk-cm.sportsreg-cm.sports_m-cm.ent_m-qc.ac-ex.6-bz.30-bz.51-bz.25-bz.ab-bz.ae-wfm.difi_h-iblocal.sports_h%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D928696%3Bcontx%3Dmusic%3Ban%3D{PRICEBUCKET}%3Bdc%3Dd%3Bbtg%3Dam.bk%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sports_m%3Bbtg%3Dcm.ent_m%3Bbtg%3Dqc.ac%3Bbtg%3Dex.6%3Bbtg%3Dbz.30%3Bbtg%3Dbz.51%3Bbtg%3Dbz.25%3Bbtg%3Dbz.ab%3Bbtg%3Dbz.ae%3Bbtg%3Dwfm.difi_h%3Bbtg%3Diblocal.sports_h%3Bord%3D%5Btimestamp%5D%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/AFTRSERVER/hserver//height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1//ATCI=1297806090-11017856
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIItpsBEAoYASABKAEw3ufQ6wQQ3ufQ6wQYAA..; sess=1; uuid2=4470455573253905340; anj=Kfw)m=m<8a)J7/OYqA#I@e#eDE9=Py:WS'3:BpJ.3fNiVPfcBe9rn1aB/6H+D$XQ0gx^1'AYU`UR#oFwfHf%DH8<[[cjKwVBm*M(iqWjevsQZEt2q0oL5%0EmxK8z2_PCO6pHErdvz5r0KUET%2<YsAO_Z^s7PsD.>Bm?LyU?iq#_wUDqCS^'gH:aWk1QkZr6:NkA2]h$E7O+bJO6RMsO?dwCP@fx7k2x+rZE:PcvYUUGK<b$=!46J5RBmG!KCMY3qw<0ZsO.7m1@@J]dT?uqgHUeujm#J[F3Ic)xI:0h.IrKwLp@!nRoTs9TR.KV0HC-[aN-S.NM-..^QiGWP:tHK@c>eYPr`^5Ez$b+OpujL=?PpFw%0J9dl#KGP_e=!l<xtx<iM2697EY!itEF@@(y(ew>uw@1C]7=d?aFBLGcu`?E^7SP%Pq^pjR[>f'usl[sr#mFs%A#Lz4QOW2zZJM5$Xa2uAI<vpl^wyj]osr1=p(^NeLkR>kk*LRe'P4Y8XBZmVMx(bWFBNIBvZETU#!TWNP0xe^?..iZm#rpSqZ/9B<]t%dHA:JoO9O^4*(3[<uLv.R>7qZoqCw#Ng`=CV?vZuNc^A.l71pRb`8uQE!LK7!*Sb!Z-fE_Q(-A`z#bqz'6L)GTEX1YmmjQR+Jf!Mdu<9X_F5%v[KR(M^QzXCCpr%kkr]%b$

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 21-Mar-2011 12:34:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4470455573253905340; path=/; expires=Sat, 18-Jun-2011 12:34:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChEIs34QChgBIAEoATDM6JfsBBDM6JfsBBgA; path=/; expires=Sat, 18-Jun-2011 12:34:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb697950=5_[r^208WMsKwYn20/dRQ#LFv?enc=q6qqqqqqCkAAAAAAAAAIQAAAAAAAAAhAUbgehetRD0BmZmZmZmYRQBD_V-7IrodtvNv2i6g_Cj5M9IVNAAAAAPA7AwA3AQAANQEAAAIAAAAP6wEAy10AAAEAAABVU0QAVVNEACwB-gCqFAAANAYBAgUCAAUAAAAAox1UPAAAAAA.&tt_code=cm.mtv&udj=uf%28%27a%27%2C+436%2C+1300624460%29%3Buf%28%27c%27%2C+1495%2C+1300624460%29%3Buf%28%27r%27%2C+125711%2C+1300624460%29%3Bppv%28658%2C+%277892469050005520144%27%2C+1300624460%2C+1301920460%2C+1495%2C+24011%29%3B&cnd=!OxSWFAjXCxCP1gcYACDLuwEoADFmZmZmZmYRQEITCAAQABgAIAEo_v__________AUgAUABYqilgAGi1Ag..; path=/; expires=Mon, 21-Mar-2011 12:34:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4470455573253905340; path=/; expires=Sat, 18-Jun-2011 12:34:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)m=m<8a)J7/OYr/'s=IwLU:$!UVASc>b?VIGE-N>UxOFRGr+YZ/FWNPLa6Bh9N?dv<eGA^d20uuJH/WLU-8t]Rv8(d4JJF/w:>DGr6rk41RgoZ*smVn:65s/UfZ1@>PiKfNerAIUr'2H4t8[M)4d2dvvPF$9o9++d4dySu*UHq3J8D]72n7FWvwRm7ymPwWuOn>Gj*L-CQ(0*kBs`m+(J0h%d7I*'nCR<y*iNU^Xb3G$W[g1zyDyqD/G7:gIb_'<mbJO@]Lred+Khf#0rO%^zuSU=%+y>PISEGOgn'7]jKU=n6-[hp+.._vyS57[0>ZkT5rjcqt=B=*z::$Ttv_G1*ohEc.?86_5dh>z+qG'TN-MGTl3M0:xto340:@KROI9[%y+=[bX>^BPQs3I8h7>XWjFBJ!!Bp>+-vHV^]nna`E?J3pkqePGS@IeL[=)n#WHcEB[meAr+vGF*agbW>PiuHpQ)X5n2k^hWH%9.*Q-jLf(uB14rBS/[@Iv?>J+s4<i-I1MCsIUb%5gkSeU`9/n1L6F0Jc@pmLC909x!rPw[<DsJ'NB15>SyA`)hq$W]n><h32LYK`2Nm2dvyF[V).u9QB+pj:HN/!%C^(!sUyI76!_Xb_Iu5(aFf3!a[#oOr*hBAc>5r:uaS?XC5s=RwE/Zwb:7I5j>1Mz(m3JU; path=/; expires=Sat, 18-Jun-2011 12:34:20 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Sun, 20 Mar 2011 12:34:20 GMT
Content-Length: 757

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.mtv/games_010111;net=cm;u=,cm-81541724_1300624460,11e4f07c0988ac7,music,ax.300-am.bk-cm.sportsreg-cm.sports_m-cm.
...[SNIP]...
</scr'+'ipt>');document.write('<iframe src="http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...

1.137. http://mnis.secure-adserver.com/Segment.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mnis.secure-adserver.com
Path:	/Segment.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://mnis.secure-adserver.com/Segment.aspx?sid=61362ed2-6fb8-4041-a343-55e9bd1a1600

The response contains the following link to another domain:

https://a1.interclick.com/Segment.aspx?sid=61362ed2-6fb8-4041-a343-55e9bd1a1600

Request

GET /Segment.aspx?sid=61362ed2-6fb8-4041-a343-55e9bd1a1600 HTTP/1.1
Host: mnis.secure-adserver.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=998766;type=tmobi838;cat=tmobi392;ord=4678929757792.503?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Redirect
Content-Type: text/html; charset=UTF-8
Location: https://a1.interclick.com/Segment.aspx?sid=61362ed2-6fb8-4041-a343-55e9bd1a1600
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 20 Mar 2011 13:06:58 GMT
Content-Length: 202

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="https://a1.interclick.com/Segment.aspx?sid=61362ed2-6fb8-4041-a343-55e9bd1a1600">here</a></bod
...[SNIP]...

1.138. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/404157670@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/404157670@Bottom3

Issue detail

The page was loaded from a URL containing a query string:

http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/404157670@Bottom3?_RM_HTML_MM_=150105055115150005515

The response contains the following link to another domain:

http://imagen01.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/404157670@Bottom3?_RM_HTML_MM_=150105055115150005515 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801i4doAAvyI; BCN2010110741=1; S247S=1; RMFL=011Pxp1fU10KeT; NXCLICK2=011Pxp1fNX_TRACK_Nationalgeographic/Retarget_Natgeorealhomepage_Nonsecure!y!B3!KeT!ppm3; RMFD=011Q1HsmO1016kC|O1016oi|O1016oj|O1016x1|O10170Y

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:10:04 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 355
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sun, 20-Mar-2011 13:11:04 GMT;path=/;httponly

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure/1759597933/Bottom3/default/empty.gif/726348573830316934646f4141767949?_RM_HTML_MM_=150105055115150005515" target="_top"><IMG SRC="http://imagen01.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>

1.139. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/766798645@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/766798645@Bottom3

Issue detail

The page was loaded from a URL containing a query string:

http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/766798645@Bottom3?_RM_HTML_MM_=150105055115150005515

The response contains the following link to another domain:

http://imagen01.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/766798645@Bottom3?_RM_HTML_MM_=150105055115150005515 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801i4doAAvyI; BCN2010110741=1; S247S=1; RMFL=011Pxp1fU10KeT; NXCLICK2=011Pxp1fNX_TRACK_Nationalgeographic/Retarget_Natgeorealhomepage_Nonsecure!y!B3!KeT!ppm3; RMFD=011Q1HsmO1016kC|O1016oi|O1016oj|O1016x1|O10170Y

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:10:06 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 355
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e3145525d5f4f58455e445a4a423660;expires=Sun, 20-Mar-2011 13:11:06 GMT;path=/;httponly

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure/1745878690/Bottom3/default/empty.gif/726348573830316934646f4141767949?_RM_HTML_MM_=150105055115150005515" target="_top"><IMG SRC="http://imagen01.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>

1.140. http://rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:

http://rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&PG=VUSSH3&AP=1089&accyyyrandom=3572382&aamst=swzzznol&aamsz=300x250&AXW=300&AXH=250

The response contains the following links to other domains:

http://clk.redcated/CNT/go/302593025/direct;pc.106141155;wi.300;hi.250/01/
http://redcated/CNT/iview/302593025/direct;pc.106141155;wi.300;hi.250/01?click=
http://redcated/CNT/view/302593025/direct;pc.106141155;wi.300;hi.250/01/

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&PG=VUSSH3&AP=1089&accyyyrandom=3572382&aamst=swzzznol&aamsz=300x250&AXW=300&AXH=250 HTTP/1.1
Host: rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC01=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC05=FB=; FC06=FB=; FC07=FB=; FC08=FB=; FC09=FB=; MC1=V=3&GUID=1593e55bc6bd4a6fa24e1aa0798f062a; mh=MSFT; CC=US; CULTURE=EN-US; expid=id=2f286e706b7d43c2be7bbf23323df6c5&bd=2011-01-01T01:18:30.906&v=2; Sample=86; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; SRCHHPGUSR=AS=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 2456
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: FC06=FB=AgEAkg7i5pAB; expires=Tue, 19-Mar-2013 12:00:00 GMT; domain=.rad.msn.com; path=/; HttpOnly
X-RADID: P8442883-T41833464-C54000000000033242
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sun, 20 Mar 2011 13:01:18 GMT
Content-Length: 2456

//<![CDATA[
function getRADIds() { return{"adid":"54000000000033242","pid":"8442883","targetid":"41833464"};} if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 300, 250);if(pare
...[SNIP]...
</html>';ifrm.src = "javascript:void(document.write('" + s + "'));";}function renderAd_1644906639() {var adCode_1644906639=new Array();adCode_1644906639.push('<iframe src="http://view.atdmt.com/CNT/iview/302593025/direct;pc.106141155;wi.300;hi.250/01?click=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">\n');adCode_1644906639.push('<scr'+'ipt language="JavaScript" type="text/javascript">\n');adCode_1644906639.push('document.write(\'<a href="http://clk.atdmt.com/CNT/go/302593025/direct;pc.106141155;wi.300;hi.250/01/" target="_blank"><img src="http://view.atdmt.com/CNT/view/302593025/direct;pc.106141155;wi.300;hi.250/01/"/></a>
...[SNIP]...

1.141. http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rotator.adjuggler.com
Path:	/servlet/ajrotator/1007517/0/vh

Issue detail

The page was loaded from a URL containing a query string:

http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=

The response contains the following link to another domain:

http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587

Request

GET /servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click= HTTP/1.1
Host: rotator.adjuggler.com
Proxy-Connection: keep-alive
Referer: http://therugged.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ajess1_ADC1D6F36B45B656C8BC8A09=a; ajcmp=2023xy_39lD003AOp

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache, no-store
Expires: Tue, 01 Jan 2000 00:00:00 GMT
P3P: policyref="http://rotator.adjuggler.com:80/p3p/RotatorPolicyRef.xml", CP="NOI DSP COR CURa DEVa TAIa OUR SAMa NOR STP NAV STA LOC"
Set-Cookie: ajcmp=2023xy_39lD36Jz003Ic0; Expires=Tue, 19-Mar-2013 12:59:12 GMT; Path=/
Content-Type: text/html
Content-Length: 275
Date: Sun, 20 Mar 2011 12:59:12 GMT
Connection: close


<IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=728 HEIGHT=90 SRC="http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587"></IFRAME>
...[SNIP]...

1.142. http://showads.pubmatic.com/AdServer/AdServerServlet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://showads.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The page was loaded from a URL containing a query string:

http://showads.pubmatic.com/AdServer/AdServerServlet?operId=2&pubId=26436&siteId=26437&adId=21306&kadwidth=300&kadheight=250&prevkadIds=21304&kbgColor=ffffff&ktextColor=000000&klinkColor=FFFFFF&pageURL=http://www.woot.com/&frameName=http_www_woot_comkomli_ads_frame22643626437&kltstamp=2011-2-20%207%3A34%3A44&ranreq=0.6170628282707185&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=458x450&adVisibility=1

The response contains the following links to other domains:

http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82NjQ5MDU0NzkyOTkyMTg5Mi8xMDk2NzUvMTAyMTc0LzMvcUNrUlV0a2tSODZTZllSNWtDMUZwb3dud0hreW5rUUl0bkxKeWNpUWlUcy8/65jF72MGHLbwsG7rxNVZ3X0o4uc&price=3.050000
http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?labels=Shopping

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26436&siteId=26437&adId=21306&kadwidth=300&kadheight=250&prevkadIds=21304&kbgColor=ffffff&ktextColor=000000&klinkColor=FFFFFF&pageURL=http://www.woot.com/&frameName=http_www_woot_comkomli_ads_frame22643626437&kltstamp=2011-2-20%207%3A34%3A44&ranreq=0.6170628282707185&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=458x450&adVisibility=1 HTTP/1.1
Host: showads.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:4470455573253905340; KRTBCOOKIE_133=1873-6pgp44i37uxw; KRTBCOOKIE_27=1216-uid:4d5b2371-3928-7a83-24fb-d52328f5624b; KRTBCOOKIE_32=1386-WH9qYVd2Q3FGAWJeBgV+WQlbaXsQfgZCDFxlX1ZL; KRTBCOOKIE_53=424-20108b4d-f8d0-4008-b157-1529097b61ab; KRTBCOOKIE_97=3385-uid:3c8eb88b-c9c1-47d0-9235-2d5e32a3350f; KADUSERCOOKIE=43A8ABFA-7497-471A-9AF6-2974D17EF335; pubfreq_26437=; pubtime_26437=TMC; _curtime=1300624477; pubfreq_26437_21304_990920136=243-1; PMDTSHR=; KTPCACOOKIE=YES; KRTBCOOKIE_80=1336-002d9af2-d1e0-46f3-a4d5-a4e3b437adec.11265.18531.24197.6790.30337.8.6551.39832.10011.10012.4387.39857.7472.1073.51806.24680.39233.13893.13896.1097.13899.13902.38627.15694.15579.9691.51808.3427.18407.17256.24809.39536.39793.39794.11262.51069.1150.9855.; KRTBCOOKIE_22=488-pcv:1|uid:8392341830659049202; KRTBCOOKIE_58=1344-KH-00000000549735899; PUBRETARGET=78_1392641239.461_1392901736.403_1393381248.401_1393381248.1039_1301416785.1340_1393698747.362_1301682747.1469_1393892161.70_1301922274.1928_1302874361.375_1302874358.1376_1302874361.445_1308400481

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:34:37 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: _curtime=1300624477; domain=pubmatic.com; expires=Sun, 20-Mar-2011 13:44:37 GMT; path=/
Set-Cookie: pubfreq_26437_21306_1985489030=243-1; domain=pubmatic.com; expires=Sun, 20-Mar-2011 13:14:37 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Mon, 21-Mar-2011 12:34:37 GMT; path=/
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 1804

document.write('<div id="http_www_woot_comkomli_ads_frame22643626437" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=RGcAAEVnAAA6UwAAwAQAAAAAAA
...[SNIP]...
<'+'script type="text/javascript"> document.writeln(\'<iframe width="300" scrolling="no" height="250" frameborder="0" name="iframe0" allowtransparency="true" marginheight="0" marginwidth="0" vspace="0" hspace="0" src="http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82NjQ5MDU0NzkyOTkyMTg5Mi8xMDk2NzUvMTAyMTc0LzMvcUNrUlV0a2tSODZTZllSNWtDMUZwb3dud0hreW5rUUl0bkxKeWNpUWlUcy8/65jF72MGHLbwsG7rxNVZ3X0o4uc&price=3.050000"></iframe>
...[SNIP]...
</iframe>');document.writeln('<img src="http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?labels=Shopping" style="display: none;position:absolute;top:-15000px;" border="0" height="1" width="1" alt="Quantcast"/>');

1.143. http://showads.pubmatic.com/AdServer/AdServerServlet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://showads.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The page was loaded from a URL containing a query string:

http://showads.pubmatic.com/AdServer/AdServerServlet?operId=2&pubId=26436&siteId=26437&adId=21304&kadwidth=300&kadheight=250&kbgColor=ffffff&ktextColor=000000&klinkColor=FFFFFF&pageURL=http://www.woot.com/&frameName=http_www_woot_comkomli_ads_frame12643626437&kltstamp=2011-2-20%207%3A34%3A37&ranreq=0.7504880619235337&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=458x450&adVisibility=1

The response contains the following links to other domains:

http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MjE0MzI3MzgzNzgzNjYzNy8xMTEwNDAvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pd3Nzb1g4SlNGczg1RjlCN293LWNUay8/InA55NeIGGV4hzZENaajIegtkxo&price=3.757000
http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?labels=Shopping

Request

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:34:37 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: KADUSERCOOKIE=43A8ABFA-7497-471A-9AF6-2974D17EF335; domain=pubmatic.com; expires=Mon, 19-Mar-2012 12:34:37 GMT; path=/
Set-Cookie: pubfreq_26437=; domain=pubmatic.com; expires=Tue, 22-Mar-2011 12:34:37 GMT; path=/
Set-Cookie: pubtime_26437=TMC; domain=pubmatic.com; expires=Mon, 21-Mar-2011 12:34:37 GMT; path=/
Set-Cookie: _curtime=1300624477; domain=pubmatic.com; expires=Sun, 20-Mar-2011 13:44:37 GMT; path=/
Set-Cookie: pubfreq_26437_21304_990920136=243-1; domain=pubmatic.com; expires=Sun, 20-Mar-2011 13:14:37 GMT; path=/
Set-Cookie: PMDTSHR=; domain=pubmatic.com; expires=Mon, 21-Mar-2011 12:34:37 GMT; path=/
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 1800

document.write('<div id="http_www_woot_comkomli_ads_frame12643626437" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=RGcAAEVnAAA4UwAAwAQAAAAAAA
...[SNIP]...
<'+'script type="text/javascript"> document.writeln(\'<iframe width="300" scrolling="no" height="250" frameborder="0" name="iframe0" allowtransparency="true" marginheight="0" marginwidth="0" vspace="0" hspace="0" src="http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MjE0MzI3MzgzNzgzNjYzNy8xMTEwNDAvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pd3Nzb1g4SlNGczg1RjlCN293LWNUay8/InA55NeIGGV4hzZENaajIegtkxo&price=3.757000"></iframe>
...[SNIP]...
</iframe>');document.writeln('<img src="http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?labels=Shopping" style="display: none;position:absolute;top:-15000px;" border="0" height="1" width="1" alt="Quantcast"/>');

1.144. http://showadsak.pubmatic.com/AdServer/AdServerServlet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://showadsak.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The page was loaded from a URL containing a query string:

http://showadsak.pubmatic.com/AdServer/AdServerServlet?operId=2&pubId=26436&siteId=26437&adId=21304&kadwidth=300&kadheight=250&kbgColor=ffffff&ktextColor=000000&klinkColor=FFFFFF&pageURL=http://www.woot.com/&frameName=http_www_woot_comkomli_ads_frame12643626437&kltstamp=2011-2-20%208%3A28%3A56&ranreq=0.209514970658347&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=458x458&adVisibility=1

The response contains the following links to other domains:

http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82NTI1NTM0NzU0Nzg1MDI2Mi8xMDkxMzYvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pNV9uZzhjR2tYX2V2RFRVQkhKMDc2by8/kLZ4JSxx1rdBz3lzg4AXpbtWcHs&price=3.757000
http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?labels=Shopping

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26436&siteId=26437&adId=21304&kadwidth=300&kadheight=250&kbgColor=ffffff&ktextColor=000000&klinkColor=FFFFFF&pageURL=http://www.woot.com/&frameName=http_www_woot_comkomli_ads_frame12643626437&kltstamp=2011-2-20%208%3A28%3A56&ranreq=0.209514970658347&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=458x458&adVisibility=1 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:4470455573253905340; KRTBCOOKIE_133=1873-6pgp44i37uxw; KRTBCOOKIE_27=1216-uid:4d5b2371-3928-7a83-24fb-d52328f5624b; KRTBCOOKIE_53=424-20108b4d-f8d0-4008-b157-1529097b61ab; KRTBCOOKIE_97=3385-uid:3c8eb88b-c9c1-47d0-9235-2d5e32a3350f; KADUSERCOOKIE=43A8ABFA-7497-471A-9AF6-2974D17EF335; pubtime_26437=TMC; KTPCACOOKIE=YES; KRTBCOOKIE_80=1336-002d9af2-d1e0-46f3-a4d5-a4e3b437adec.11265.18531.24197.6790.30337.8.6551.39832.10011.10012.4387.39857.7472.1073.51806.24680.39233.13893.13896.1097.13899.13902.38627.15694.15579.9691.51808.3427.18407.17256.24809.39536.39793.39794.11262.51069.1150.9855.; KRTBCOOKIE_22=488-pcv:1|uid:8392341830659049202; KRTBCOOKIE_58=1344-KH-00000000549735899; PMAT=3q_xFPysNRRq5P6VdKt7tDWS4UmVb8m-YrrvHMmRPMfrin7Yk44Nd-Q; _curtime=1300624482; PMDTSHR=cat:; KRTBCOOKIE_32=1386-WH9qYVd2Q3FGAWJeBgV%2BWQlbaXsQfgZCDFxlX1ZL; PUBRETARGET=78_1392641239.461_1392901736.403_1393381248.401_1393381248.1039_1301416785.1340_1393698747.362_1301682747.1469_1393892161.70_1301922274.1928_1302874361.375_1302874358.1376_1302874361.445_1308400481.79_1300710881

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:28:54 GMT
Connection: close
Set-Cookie: _curtime=1300627726; domain=pubmatic.com; expires=Sun, 20-Mar-2011 14:38:46 GMT; path=/
Set-Cookie: pubfreq_26437_21304_1705446939=243-1; domain=pubmatic.com; expires=Sun, 20-Mar-2011 14:08:46 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Mon, 21-Mar-2011 13:28:46 GMT; path=/
Content-Length: 1799

document.write('<div id="http_www_woot_comkomli_ads_frame12643626437" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=RGcAAEVnAAA4UwAAwAQAAAAAAA
...[SNIP]...
<'+'script type="text/javascript"> document.writeln(\'<iframe width="300" scrolling="no" height="250" frameborder="0" name="iframe0" allowtransparency="true" marginheight="0" marginwidth="0" vspace="0" hspace="0" src="http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82NTI1NTM0NzU0Nzg1MDI2Mi8xMDkxMzYvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pNV9uZzhjR2tYX2V2RFRVQkhKMDc2by8/kLZ4JSxx1rdBz3lzg4AXpbtWcHs&price=3.757000"></iframe>
...[SNIP]...
</iframe>');document.writeln('<img src="http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?labels=Shopping" style="display: none;position:absolute;top:-15000px;" border="0" height="1" width="1" alt="Quantcast"/>');

1.145. https://sites.fastspring.com/richardsonsoftware/order/customer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://sites.fastspring.com
Path:	/richardsonsoftware/order/customer

Issue detail

The page was loaded from a URL containing a query string:

https://sites.fastspring.com/richardsonsoftware/order/customer;jsessionid=814FD1DA84752AF7872A6197C210F629?csid=169019

The response contains the following links to other domains:

https://ajax.googleapis.com/ajax/libs/ext-core/3.1.0/ext-core.js
https://dcnz2rrcot657.cloudfront.net/_gz/country/fam/decorate.css

Request

GET /richardsonsoftware/order/customer;jsessionid=814FD1DA84752AF7872A6197C210F629?csid=169019 HTTP/1.1
Host: sites.fastspring.com
Connection: keep-alive
Referer: https://sites.fastspring.com/richardsonsoftware/instant/editrocket
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=814FD1DA84752AF7872A6197C210F629; SessionData=SUQJbWwzZktRUFlSb21qbUY2MFY3cU9UZwpHTG9jYWxlCWVuX1VTX1VTRAo0ZTkyM2MzYy1hMDg4LTRiYWEtYmZmZS01Mzg5OWM5ODNkYTU6U1NDdHhJZAkyN2UxN2EyYy0yNzczLTQ4OTEtYjA1OC1hMWUyNjAwZTRjMjI

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: JSF/1.2
Set-Cookie: JSESSIONID=814FD1DA84752AF7872A6197C210F629;Path=/richardsonsoftware;Version=1;
Set-Cookie: SessionData=SUQJbWwzZktRUFlSb21qbUY2MFY3cU9UZwpHTG9jYWxlCWVuX1VTX1VTRAo0ZTkyM2MzYy1hMDg4LTRiYWEtYmZmZS01Mzg5OWM5ODNkYTU6U1NDdHhJZAkyN2UxN2EyYy0yNzczLTQ4OTEtYjA1OC1hMWUyNjAwZTRjMjI;Path=/richardsonsoftware;Version=1;
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:58:12 GMT
Content-Length: 40337

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Richardson Softwa
...[SNIP]...
<link title="main" rel="stylesheet" href="//resource.fastspring.com/app/store/style/base.css?v=1300489828640&region=us" media="all" type="text/css" />


   <link title="main" rel="stylesheet" href="//dcnz2rrcot657.cloudfront.net/_gz/country/fam/decorate.css" media="all" type="text/css" />
   <link title="main" rel="stylesheet" href="//resource.fastspring.com/data/VGVtcGxhdGVTaXRlQ29uZmlndXJhdGlvbjphZDQ3NmNiYS03MmIyLTQwNTUtYjBkYi1iMTE4Mzk4NWYyYmQ%3D/70195431-28a0-47e0-9dc3-3fdd08398a63/ed
...[SNIP]...
</div>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/ext-core/3.1.0/ext-core.js"></script>
...[SNIP]...

1.146. http://tcla.mmismm.com/mmmss.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tcla.mmismm.com
Path:	/mmmss.php

Issue detail

The page was loaded from a URL containing a query string:

http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=msngames/ros/300x250/jx/ss/a/L28&mm_flag=

The response contains the following link to another domain:

http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/766798645@Bottom3?_RM_HTML_MM_=150105055115150005515

Request

GET /mmmss.php?mm_pub=87268797280&mm_pub_channel=msngames/ros/300x250/jx/ss/a/L28&mm_flag= HTTP/1.1
Host: tcla.mmismm.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: G=10104000001069486483

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:49:22 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR BUS COM NAV"
Content-Length: 261
Content-Type: text/html; charset=UTF-8

document.write('<IFRAME WIDTH=0 HEIGHT=0 FRAMEBORDER=0 MARGINHEIGHT=0 MARGINWIDTH=0 SCROLLING=NO SRC="HTTP://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/766798645@Bottom3?_RM_HTML_MM_=150105055115150005515"></IFRAME>
...[SNIP]...

1.147. http://tcla.mmismm.com/mmmss.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tcla.mmismm.com
Path:	/mmmss.php

Issue detail

The page was loaded from a URL containing a query string:

http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=msngames/ros/728x90/jx/ss/a/L27&mm_flag=

The response contains the following link to another domain:

http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/404157670@Bottom3?_RM_HTML_MM_=150105055115150005515

Request

GET /mmmss.php?mm_pub=87268797280&mm_pub_channel=msngames/ros/728x90/jx/ss/a/L27&mm_flag= HTTP/1.1
Host: tcla.mmismm.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: G=10104000001069486483

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:49:22 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR BUS COM NAV"
Content-Length: 261
Content-Type: text/html; charset=UTF-8

document.write('<IFRAME WIDTH=0 HEIGHT=0 FRAMEBORDER=0 MARGINHEIGHT=0 MARGINWIDTH=0 SCROLLING=NO SRC="HTTP://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/404157670@Bottom3?_RM_HTML_MM_=150105055115150005515"></IFRAME>
...[SNIP]...

1.148. http://tcla.mmismm.com/mmmss.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tcla.mmismm.com
Path:	/mmmss.php

Issue detail

The page was loaded from a URL containing a query string:

http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=msngames/ros/728x90/jx/ss/a/L27&mm_flag=

The response contains the following link to another domain:

http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/550901796@Bottom3?_RM_HTML_MM_=150105055115150005515

Request

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:09:46 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR BUS COM NAV"
Content-Length: 261
Content-Type: text/html; charset=UTF-8

document.write('<IFRAME WIDTH=0 HEIGHT=0 FRAMEBORDER=0 MARGINHEIGHT=0 MARGINWIDTH=0 SCROLLING=NO SRC="HTTP://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/550901796@Bottom3?_RM_HTML_MM_=150105055115150005515"></IFRAME>
...[SNIP]...

1.149. http://twitter.com/favorites/WootChatter.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/favorites/WootChatter.json

Issue detail

The page was loaded from a URL containing a query string:

http://twitter.com/favorites/WootChatter.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1300627740411=cachebust

The response contains the following links to other domains:

http://si0.twimg.com/sticky/error_pages/favicon.ico
http://si0.twimg.com/sticky/error_pages/twitter_logo_header.png
http://si0.twimg.com/sticky/error_pages/whale_error.gif

Request

GET /favorites/WootChatter.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1300627740411=cachebust HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1298770586.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=cloudscan.us; k=173.193.214.243.1300116881406694; __utma=43838368.1964851609.1298770586.1299808018.1300493696.7; __utmv=43838368.lang%3A%20en

Response

HTTP/1.1 503 Service Temporarily Unavailable
Date: Sun, 20 Mar 2011 13:28:58 GMT
Server: Apache
Last-Modified: Thu, 17 Mar 2011 00:18:27 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 7959

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
</title>
<link href="//si0.twimg.com/sticky/error_pages/favicon.ico" rel="shortcut icon" type="image/x-icon" />

<style type="text/css">
...[SNIP]...
<a href="//twitter.com"><img src="//si0.twimg.com/sticky/error_pages/twitter_logo_header.png" width="155" height="36" alt="Twitter.com" /></a>
...[SNIP]...
<div class="error"><img src="//si0.twimg.com/sticky/error_pages/whale_error.gif" alt="" width="755" height="397" /></div>
...[SNIP]...

1.150. http://redcated/APM/iview/142856443/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/APM/iview/142856443/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=

The response contains the following link to another domain:

http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=http:/clk.atdmt.com/go/142856443/direct;wi.300;hi.250;ai.204747814.206451833;ct.1/01

Request

GET /APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate= HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/hserver/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 12:52:19 GMT
Connection: close
Content-Length: 6871

<html><head><title>TGIF_MarchMaddness_300x250_3.17.11_JH</title>
<meta HTTP-EQUIV="expires" CONTENT="0"></meta>
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache"></meta>
</head><body style="border-width
...[SNIP]...
<noscript>
<a target="_blank" href="http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=http://clk.redcated/go/142856443/direct;wi.300;hi.250;ai.204747814.206451833;ct.1/01"><img border="0" src="HTTP://spe.redcated/ds/APAPMDRIVTFR/TGIF_MarchMaddness_300_Static.jpg?ver=1" width="300" height="250" />
...[SNIP]...

1.151. http://redcated/APM/iview/142856443/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/APM/iview/142856443/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=

The response contains the following link to another domain:

http://uac.advertising.com/wrapper/aceUAC.js

Request

GET /APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate= HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 12:46:21 GMT
Connection: close
Content-Length: 183

<script type='text/javascript'>
var ACE_AR = {site: '787693', size: '300250'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

1.152. http://redcated/APM/iview/142856445/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/APM/iview/142856445/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=

The response contains the following link to another domain:

http://uac.advertising.com/wrapper/aceUAC.js

Request

GET /APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate= HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/hserver/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 12:40:19 GMT
Connection: close
Content-Length: 183

<script type='text/javascript'>
var ACE_AR = {site: '787694', size: '728090'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

1.153. http://redcated/CNT/iview/302593025/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/CNT/iview/302593025/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/CNT/iview/302593025/direct;pc.106141155;wi.300;hi.250/01?click=

The response contains the following link to another domain:

http://cdn.doubleverify.com/script44.js?agnc=607671&cmp=CINGCIN14201CNT&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=2&plc=302593025&advid=607929&sid=302593025&adid=

Request

GET /CNT/iview/302593025/direct;pc.106141155;wi.300;hi.250/01?click= HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:11:40 GMT
Connection: close
Content-Length: 6582

<html><head><title>Freephone_March15_300x250_031511</title>
<meta HTTP-EQUIV="expires" CONTENT="0"></meta>
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache"></meta>
</head><body style="border-width:0px;
...[SNIP]...
</noscript>
<script type="text/javascript" language="javascript" src="http://cdn.doubleverify.com/script44.js?agnc=607671&cmp=CINGCIN14201CNT&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=2&plc=302593025&advid=607929&sid=302593025&adid="></script>
...[SNIP]...

1.154. http://redcated/M0N/jview/285781800/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/285781800/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/285781800/direct;wi.300;hi.250/01/2026858973?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/2026858973/x15/USNetwork/BCN2010110093_015_Sprint/Evo_GenCons_300.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/285781800/direct;wi.300;hi.250/01/2026858973?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/2026858973/x15/USNetwork/BCN2010110093_015_Sprint/Evo_GenCons_300.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:09:41 GMT
Connection: close
Content-Length: 6613

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...

if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSSC/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSSC1294354428098 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSSC1294354428098" width="300" height="250">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSSC/2011/20110109_EvoShift_Love_CrA_300x250.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/285781800/direct;wi.300;hi.250;ai.19
...[SNIP]...

1.155. http://redcated/M0N/jview/285781803/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/285781803/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/285781803/direct;wi.728;hi.90/01/716021695?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/716021695/Top1/USNetwork/BCN2010110093_015_Sprint/Evo_GenCons_728.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/285781803/direct;wi.728;hi.90/01/716021695?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/716021695/Top1/USNetwork/BCN2010110093_015_Sprint/Evo_GenCons_728.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:09:40 GMT
Connection: close
Content-Length: 6595

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...

if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSSC/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSSC1294416840466 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSSC1294416840466" width="728" height="90">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSSC/2011/20110109_EvoShift_Love_CrA_728x90.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/285781803/direct;wi.728;hi.90;ai.1983
...[SNIP]...

1.156. http://redcated/M0N/jview/285954644/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/285954644/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/285954644/direct;wi.300;hi.250/01/1719473945?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/1719473945/x15/USNetwork/BCN2010110206_007_SprintPCS/sprint_value_cc_300.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/285954644/direct;wi.300;hi.250/01/1719473945?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/1719473945/x15/USNetwork/BCN2010110206_007_SprintPCS/sprint_value_cc_300.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:30:56 GMT
Connection: close
Content-Length: 6462

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...
';
if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSSC/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSSC1298480365896 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSSC1298480365896" width="300" height="250">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSSC/2011/20110228_PortIn_numbers_300x250.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/285954644/direct;wi.300;hi.250;ai.20409
...[SNIP]...

1.157. http://redcated/M0N/jview/285954646/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/285954646/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/285954646/direct;wi.728;hi.90/01/1753683003?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/1753683003/Top1/USNetwork/BCN2010110206_007_SprintPCS/sprint_value_cc_728.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/285954646/direct;wi.728;hi.90/01/1753683003?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/1753683003/Top1/USNetwork/BCN2010110206_007_SprintPCS/sprint_value_cc_728.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:08:30 GMT
Connection: close
Content-Length: 6448

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...
';
if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSSC/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSSC1298480580420 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSSC1298480580420" width="728" height="90">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSSC/2011/20110228_PortIn_numbers_728x90.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/285954646/direct;wi.728;hi.90;ai.2040960
...[SNIP]...

1.158. http://redcated/M0N/jview/285954649/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/285954649/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/285954649/direct;wi.728;hi.90/01/69900028?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/69900028/Top1/USNetwork/BCN2010110206_008_SprintPCS/sprint_value_general_728.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/285954649/direct;wi.728;hi.90/01/69900028?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/69900028/Top1/USNetwork/BCN2010110206_008_SprintPCS/sprint_value_general_728.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:11:03 GMT
Connection: close
Content-Length: 6460

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...
';
if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSSC/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSSC1298480580420 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSSC1298480580420" width="728" height="90">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSSC/2011/20110228_PortIn_numbers_728x90.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/285954649/direct;wi.728;hi.90;ai.2040960
...[SNIP]...

1.159. http://redcated/M0N/jview/287619747/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/287619747/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/287619747/direct;wi.300;hi.250/01/1531065393?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/1531065393/x15/USNetwork/BCN2010110319_012_Sprint/Sprint_DDR_GC_300.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/287619747/direct;wi.300;hi.250/01/1531065393?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/1531065393/x15/USNetwork/BCN2010110319_012_Sprint/Sprint_DDR_GC_300.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:08:21 GMT
Connection: close
Content-Length: 6463

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...
'';
if(bIsRightVersion)
{
var strFQDN = "HTTP://ec.redcated/ds/0SM0NSPRTSSC/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSSC1299191003563 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSSC1299191003563" width="300" height="250">'
+ '<param name="movie" value="HTTP://ec.atdmt.com/ds/0SM0NSPRTSSC/2011/20110308_WE_lightswitch_zio_JAVA_300x250.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/287619747/direct;wi.300;hi.250;
...[SNIP]...

1.160. http://redcated/M0N/jview/289553602/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/289553602/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/289553602/direct;wi.728;hi.90/01?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/1357862638/Top1/USNetwork/BCN2010110157_008_Sprint/Sprint_Galaxy_adsafe_728.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/289553602/direct;wi.728;hi.90/01?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/1357862638/Top1/USNetwork/BCN2010110157_008_Sprint/Sprint_Galaxy_adsafe_728.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:07:50 GMT
Connection: close
Content-Length: 6620

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...

if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSSC/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSSC1295550081394 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSSC1295550081394" width="728" height="90">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSSC/2011/20110112_Tablet_Watch_728x90.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/289553602/direct;wi.728;hi.90;ai.200196023
...[SNIP]...

1.161. http://redcated/M0N/jview/289553603/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/289553603/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/289553603/direct;wi.300;hi.250/01/763487989?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/763487989/x15/USNetwork/BCN2010110157_008_Sprint/Sprint_Galaxy_adsafe_300x250.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/289553603/direct;wi.300;hi.250/01/763487989?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/763487989/x15/USNetwork/BCN2010110157_008_Sprint/Sprint_Galaxy_adsafe_300x250.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:07:49 GMT
Connection: close
Content-Length: 6658

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...

if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSSC/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSSC1295365725287 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSSC1295365725287" width="300" height="250">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSSC/2011/20110112_Tablet_Small_CrA_300x250.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/289553603/direct;wi.300;hi.250;ai.199
...[SNIP]...

1.162. http://redcated/M0N/jview/293182495/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/293182495/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/293182495/direct;wi.300;hi.250/01/574659390?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/574659390/x15/USNetwork/BCN2010110741_004_Sprint/sprint4g_cc_300.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/293182495/direct;wi.300;hi.250/01/574659390?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/574659390/x15/USNetwork/BCN2010110741_004_Sprint/sprint4g_cc_300.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:31:24 GMT
Connection: close
Content-Length: 6427

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...
';
if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSPR/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSPR1297094971938 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSPR1297094971938" width="300" height="250">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSPR/2011/20110211_SMB_unlimited_300x250.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/293182495/direct;wi.300;hi.250;ai.202419
...[SNIP]...

1.163. http://redcated/M0N/jview/293182496/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/293182496/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/293182496/direct;wi.728;hi.90/01/1379005222?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/1379005222/Top1/USNetwork/BCN2010110741_004_Sprint/sprint4g_cc_728.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/293182496/direct;wi.728;hi.90/01/1379005222?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/1379005222/Top1/USNetwork/BCN2010110741_004_Sprint/sprint4g_cc_728.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:31:23 GMT
Connection: close
Content-Length: 6417

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...
';
if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSPR/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSPR1297095144680 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSPR1297095144680" width="728" height="90">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSPR/2011/20110211_SMB_unlimited_728x90.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/293182496/direct;wi.728;hi.90;ai.20241986
...[SNIP]...

1.164. http://redcated/M0N/jview/304190340/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/304190340/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/304190340/direct;wi.300;hi.250/01/1244207516?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/1244207516/x15/USNetwork/BCN2011020809_016_Sprint/Sprint_GenConsumer_300.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/304190340/direct;wi.300;hi.250/01/1244207516?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/1244207516/x15/USNetwork/BCN2011020809_016_Sprint/Sprint_GenConsumer_300.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000ade90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:08:05 GMT
Connection: close
Content-Length: 6462

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...
';
if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSSC/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSSC1298480365896 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSSC1298480365896" width="300" height="250">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSSC/2011/20110228_PortIn_numbers_300x250.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/304190340/direct;wi.300;hi.250;ai.20409
...[SNIP]...

1.165. http://www.celebgossipnet.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.celebgossipnet.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.celebgossipnet.com/?c2c36scriptalert

The response contains the following links to other domains:

http://edge.quantserve.com/quant.js
http://getclicky.com/246506
http://in.getclicky.com/249587ns.gif
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-1a-IbjbjEC-9k.gif
http://static.getclicky.com/js
http://static.getclicky.com/media/links/badge.gif
http://www.mediaquantics.net/stats/piwik.php?idsite=790
http://www.quantcast.com/p-1a-IbjbjEC-9k

Request

GET /?c2c36scriptalert HTTP/1.1
Host: www.celebgossipnet.com
Proxy-Connection: keep-alive
Referer: http://burp/show/12
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-485061537-1300626391651; __utmz=205167490.1300626399.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _jsuid=7083869468851009847; __utma=205167490.381782026.1300626399.1300626399.1300626399.1; __utmc=205167490; __utmb=205167490.9.10.1300626399; PHPSESSID=q9ojc08mjjsm7hocfn6buqkh15

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:34:11 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://www.celebgossipnet.com/xmlrpc.php
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 110896

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xf
...[SNIP]...
<p><img src="http://www.mediaquantics.net/stats/piwik.php?idsite=790" style="border:0" alt="" /></p>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-1a-IbjbjEC-9k" target="_blank"><img src="http://pixel.quantserve.com/pixel/p-1a-IbjbjEC-9k.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</div>

<a title="Google Analytics Alternative" href="http://getclicky.com/246506"><img alt="Google Analytics Alternative" src="http://static.getclicky.com/media/links/badge.gif" border="0" /></a>
<script src="http://static.getclicky.com/js" type="text/javascript"></script>
...[SNIP]...
<p><img alt="Clicky" width="1" height="1" src="http://in.getclicky.com/249587ns.gif" /></p>
...[SNIP]...

1.166. http://www.connect.facebook.com/widgets/fan.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.connect.facebook.com
Path:	/widgets/fan.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.connect.facebook.com/widgets/fan.php?api_key=e33f0b90d70bcd4d017f6994cfc6dce5&channel_url=http%3A%2F%2Fwww.thedailystew.com%2F%3Ffbc_channel%3D1&id=338489537518&name=&width=300&connections=10&stream=0&logobar=1&css=

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/161258_1189440311_1053130_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/161771_1371109005_5938185_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/174430_100000919097198_1361323_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186649_100001958460467_7644386_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187468_100000281957046_6402348_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/27383_551057146_6814_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/41620_100001604035386_8163_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/48657_1652937592_5216_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/48816_1089146223_3795093_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/50280_338489537518_4114391_q.jpg
http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/MKFH5dsVGK3.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/1tCvb1OvuW2.js
http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/LHHwWC8LQzG.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml
http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico

Request

GET /widgets/fan.php?api_key=e33f0b90d70bcd4d017f6994cfc6dce5&channel_url=http%3A%2F%2Fwww.thedailystew.com%2F%3Ffbc_channel%3D1&id=338489537518&name=&width=300&connections=10&stream=0&logobar=1&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.thedailystew.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; gz=1; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Donline.wsj.com%26placement%3Drecommendations%26extra_1%3Dhttp%253A%252F%252Fonline.wsj.com%252Fhome-page%26extra_2%3DUS

Response

1.167. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?api_key=6c7cf65a3b49a7974b26a5d530aead6f&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df39b90e2c4%26origin%3Dhttp%253A%252F%252Fwww.shockwave.com%252Ff1d6defa0c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=288&href=http%3A%2F%2Fwww.facebook.com%2Fshockwave&locale=en_US&sdk=joey&show_faces=true&stream=false&width=314

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/161455_100000680532372_5052396_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/161505_100000374975098_4762070_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/161511_533644557_216940_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/161658_100000316208218_802677_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/173504_1381797621_7207686_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/174300_100001717799215_7865793_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/174506_100001548992857_3244228_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/174515_1838995088_3024638_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/174535_100001654909478_4457142_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186610_100000431480979_2076775_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186720_100001132193031_1504610_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186879_100001705124927_4542159_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187050_1762935939_4812108_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187496_100000685377871_618142_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187570_100000277046975_4050989_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187616_100000553918418_3349224_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187753_100000001408862_59675_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195338_100000510771009_20928_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195363_100001343198824_6433413_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195371_100002177178464_7713381_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195522_100000263032819_7292518_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195680_100002183582837_1432822_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/48892_100000063238052_1057477_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/49305_100001314725020_3668925_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/50253_56667156755_81570_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/70771_773181653_5877476_q.jpg
http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/MKFH5dsVGK3.css
http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/1tCvb1OvuW2.js
http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/LHHwWC8LQzG.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml
http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico

Request

GET /plugins/likebox.php?api_key=6c7cf65a3b49a7974b26a5d530aead6f&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df39b90e2c4%26origin%3Dhttp%253A%252F%252Fwww.shockwave.com%252Ff1d6defa0c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=288&href=http%3A%2F%2Fwww.facebook.com%2Fshockwave&locale=en_US&sdk=joey&show_faces=true&stream=false&width=314 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; gz=1; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Donline.wsj.com%26placement%3Drecommendations%26extra_1%3Dhttp%253A%252F%252Fonline.wsj.com%252Fhome-page%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.73.23
X-Cnection: close
Date: Sun, 20 Mar 2011 12:34:17 GMT
Content-Length: 17646

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>

<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/LHHwWC8LQzG.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/MKFH5dsVGK3.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/1tCvb1OvuW2.js"></script>
...[SNIP]...
</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a href="http://www.facebook.com/Shockwave" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/50253_56667156755_81570_q.jpg" alt="Shockwave" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1381797621" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/173504_1381797621_7207686_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000263032819" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195522_100000263032819_7292518_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001705124927" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186879_100001705124927_4542159_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001132193031" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186720_100001132193031_1504610_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000812740941" target="_blank"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000680532372" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161455_100000680532372_5052396_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1762935939" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187050_1762935939_4812108_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001548992857" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174506_100001548992857_3244228_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001717799215" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174300_100001717799215_7865793_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000374975098" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161505_100000374975098_4762070_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/jiratchaya.bell.al" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195338_100000510771009_20928_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000316208218" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161658_100000316208218_802677_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000553918418" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187616_100000553918418_3349224_q.jpg" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/70771_773181653_5877476_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000001408862" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187753_100000001408862_59675_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1838995088" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174515_1838995088_3024638_q.jpg" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161511_533644557_216940_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002177178464" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195371_100002177178464_7713381_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001654909478" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174535_100001654909478_4457142_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000277046975" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187570_100000277046975_4050989_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000431480979" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186610_100000431480979_2076775_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002183582837" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195680_100002183582837_1432822_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/yousef.r.batarseh" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187496_100000685377871_618142_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001314725020" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/49305_100001314725020_3668925_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000063238052" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/48892_100000063238052_1057477_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001343198824" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195363_100001343198824_6433413_q.jpg" /><div class="name">
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=1" tabindex="-1"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" width="14" height="14" /></a>
...[SNIP]...

1.168. http://www.lanebryant.com/user/login.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lanebryant.com
Path:	/user/login.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.lanebryant.com/user/login.jsp?dest=%2Fuser%2Fmain.jsp

The response contains the following links to other domains:

http://cts.channelintelligence.com/49058906_landing.js
http://stellaservice.com/index.php/top-retailers.html
http://twitter.com/LaneBryant
http://www.facebook.com/LaneBryant
http://www.giftcardpartners.com/csigiftcards/

Request

GET /user/login.jsp?dest=%2Fuser%2Fmain.jsp HTTP/1.1
Host: www.lanebryant.com
Proxy-Connection: keep-alive
Referer: http://www.lanebryant.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PIPELINE_SESSION_ID=d342b367c0a8bb684adf294095078605; __utmz=162580515.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162580515.1209933332.1300624488.1300624488.1300624488.1; __utmc=162580515; mbox=check#true#1300624549|session#1300624488082-862731#1300626349|PC#1300624488082-862731.17#1301834090; s_cc=true; c_m=undefinedDirect%20LoadDirect%20Load; s_evar32=Lane%20Bryant; s_cpm=%5B%5B%27Direct%20Load%27%2C%271300624489376%27%5D%5D; s_sq=%5B%5BB%5D%5D; LAST_PV=http%3A%2F%2Fwww.lanebryant.com%2Findex.jsp; JSESSIONID=3D67A259779AD3D9101A5768DE3D1ED1

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html;charset=ISO-8859-1
Date: Sun, 20 Mar 2011 13:34:53 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JSESSIONID=200A269C505509A3886FB407C2C9EFA1; Path=/
Content-Length: 63794

<!DOCTYPE html>
<html lang="en">
   <head>
        <link rel="shortcut icon" type="image/x-icon" href="http://www.lanebryant.com/assets/lb/assets/favicon.ico" />

<title>Member Login | Lane Bryant</
...[SNIP]...
<h5><a href="http://www.facebook.com/LaneBryant">find us on Facebook</a>
...[SNIP]...
<h5><a href="http://twitter.com/LaneBryant">follow us on twitter</a>
...[SNIP]...
<area shape="rect" coords="4,0,146,23" alt="join the Inside Curve" href="http://insidecurve.lanebryant.com" />
   <area shape="rect" coords="4,23,146,45" alt="find us on Facebook" href="http://www.facebook.com/LaneBryant" />
   <area shape="rect" coords="4,45,146,68" alt="follow us on twitter" href="http://twitter.com/LaneBryant" />
</map>
...[SNIP]...
</a>
   <a href="http://www.giftcardpartners.com/csigiftcards/">Corporate Gift Cards</a>
...[SNIP]...
<div align="center" id="forcustomerserviceonly" style="display:none;"><a href="http://stellaservice.com/index.php/top-retailers.html" target="_blank"><img src="/assets/ct/assets/images/cms/general/STELLAService-Excellent_1.png" border="0" />
...[SNIP]...
</script><script type="text/javascript" src="http://cts.channelintelligence.com/49058906_landing.js"></script>
...[SNIP]...

1.169. https://www.livejournal.com/login.bml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.livejournal.com
Path:	/login.bml

Issue detail

The page was loaded from a URL containing a query string:

https://www.livejournal.com/login.bml?ret=1

The response contains the following link to another domain:

https://www.zazzle.com/livejournal*

Request

POST /login.bml?ret=1 HTTP/1.1
Host: www.livejournal.com
Connection: keep-alive
Referer: http://www.livejournal.com/
Cache-Control: max-age=0
Origin: http://www.livejournal.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljuniq=GdoShltCUTBwAH3:1300624474:pgstats0:m0; show_sponsored_vgifts=1; __utmz=164322722.1300624490.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=164322722.1766814109.1300624490.1300624490.1300624490.1; __utmc=164322722
Content-Length: 26

mode=login&user=&password=

Response

HTTP/1.0 200 OK
Date: Sun, 20 Mar 2011 13:36:46 GMT
Server: Apache/2.2.3 (CentOS)
X-AWS-Id: ws13
Cache-Control: no-cache, no-cache
ETag: "dedb6bc234fd1e8808e862e0e3bda45c"
Content-length: 15293
Pragma: no-cache
Keep-Alive: timeout=30, max=100
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Language: en
Expires: Sun, 20 Mar 2011 13:36:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<li><a href="https://www.zazzle.com/livejournal*">Merchandise</a>
...[SNIP]...

1.170. http://www.myyearbook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0wJm9sZD0xJmxvZ2luX2ZhaWx1cmU9dHJ1ZSZlbWFpbElkPWVtYWls

The response contains the following links to other domains:

http://assets.mybcdna.com/JavaScript/apps/Connect/Connect.js?64244
http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/Plugins/jquery.validate-1.3.2/jquery.validate.js?64244
http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/jQuery.js?64244
http://assets.mybcdna.com/JavaScript/apps/jQuery-1.3.2/Plugins/myYearbook.DragonDrop/myYearbook.DragonDrop.js?64244
http://assets.mybcdna.com/JavaScript/common.js?64244
http://assets.mybcdna.com/JavaScript/registration/new/registration.js?64244
http://assets.mybcdna.com/css/apps/HomeBeforeLogin/hblv2.css?64244
http://assets.mybcdna.com/css/registration/new/registration.css?64244
http://assets.mybcdna.com/css/sitecss2.css?64244
http://assets.mybcdna.com/favicon.ico
http://assets.mybcdna.com/images/Connect/fb_login_xlg.png
http://assets.mybcdna.com/images/Connect/hbl_as_featured_in.png

Request

GET /?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0wJm9sZD0xJmxvZ2luX2ZhaWx1cmU9dHJ1ZSZlbWFpbElkPWVtYWls HTTP/1.1
Host: www.myyearbook.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; MYB_TARGET=_unknown_1000_____; __g_c=w%3A1%7Cb%3A2%7Cc%3A301947237237767%7Cd%3A1%7Ca%3A0%7Ce%3A0.01%7Cf%3A0; __g_u=301947237237767_1_0.01_0_5_1301056485872; __gads=ID=f3640abbd1b1cdb3:T=1300624489:S=ALNI_MbrX_Emgz4sKka8nHjyRqG1O3ly8w; __utmz=138725551.1300624490.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=138725551.528389796.1300624489.1300624489.1300624489.1; __utmc=138725551; __qca=P0-193244728-1300624490343; PHPSESSID=fdf70e60bc7204869a6429bf4a1984b3

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:36:21 GMT
Server: Apache
Set-Cookie: PHPSESSID=fdf70e60bc7204869a6429bf4a1984b3; path=/; domain=.myyearbook.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: mcim=deleted; expires=Sat, 20-Mar-2010 13:36:20 GMT; path=/; domain=.myyearbook.com
Set-Cookie: meeboCIM672=deleted; expires=Sat, 20-Mar-2010 13:36:20 GMT; path=/; domain=.myyearbook.com
Set-Cookie: _mybUtype=deleted; expires=Sat, 20-Mar-2010 13:36:20 GMT; path=/; domain=.myyearbook.com
P3P: policyref="/w3c/p3p.xml",CP="NOI DSP COR CURa OUR STP UNI"
X-Server-Name: web54
Connection: close
Content-Type: text/html; charset=UTF-8
X-MyPoolMember: 10.100.10.121
Content-Length: 11841

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>myYearbook </title>
<meta name="description" content="Mee
...[SNIP]...
<meta name="Googlebot" content="noarchive">
<link rel="stylesheet" href="http://assets.mybcdna.com/css/sitecss2.css?64244" type="text/css">
<link rel="stylesheet" href="http://assets.mybcdna.com//css/apps/HomeBeforeLogin/hblv2.css?64244" type="text/css">
<link rel="stylesheet" href="http://assets.mybcdna.com//css/registration/new/registration.css?64244" type="text/css">
<style type="text/css">
...[SNIP]...
</style>

<link rel="shortcut icon" href="http://assets.mybcdna.com//favicon.ico" type="image/ico">
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/jQuery.js?64244"></script>
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript/common.js?64244"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript//apps/jQuery-1.2.6/Plugins/jquery.validate-1.3.2/jquery.validate.js?64244"></script>
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript//registration/new/registration.js?64244"></script>
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript//apps/jQuery-1.3.2/Plugins/myYearbook.DragonDrop/myYearbook.DragonDrop.js?64244"></script>
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript//apps/Connect/Connect.js?64244"></script>
...[SNIP]...
( function() { FB.login( function( response ) {Connect.Facebook.connectLoginStatus( response ); }, {perms:Connect.config.Facebook.permissions_string} );}, 'Facebook' );">

<img id="fb_login_image" src="http://assets.mybcdna.com/images/Connect/fb_login_xlg.png" alt="Connect" />
</a>
...[SNIP]...
</h3>
<img src="http://assets.mybcdna.com/images/Connect/hbl_as_featured_in.png" />
</div>
...[SNIP]...

1.171. http://www.politicaldisgust.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.politicaldisgust.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.politicaldisgust.com/?cat=37

The response contains the following links to other domains:

http://44ca11ab-e665-4868-8ec3-ad41960012c9/EFCA_Rally_ALF-CIO_cropped.jpg
http://digg.com/api/diggthis.js
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://feeds.feedburner.com/politicaldisgust
http://feeds.feedburner.com/~fc/politicaldisgust?bg=000000&fg=ffffff&anim=0
http://finance.yahoo.com/news/How-the-middle-class-became-cnnm-2876148381.html
http://img1.cdn.adjuggler.com/banners/ajtg.js
http://izearanks.com/itk/show/politicaldisgust-com
http://player.jambovideonetwork.com/js/player.php?pubsite_id=12462&pr=12579
http://politicalirony.com/
http://socialspark.com/images/claimdot.gif
http://thefabempire.com/2010/01/26/state-of-the-union-viewing-reception-at-z-lounge/
http://tinyurl.com/2b5ojn
http://validator.w3.org/check?uri=referer
http://wordpress.org/
http://www.bestnewspolitics.com/
http://www.blogcatalog.com/directory/politics
http://www.blogcatalog.com/images/buttons/blogcatalog5.gif
http://www.blogged.com/
http://www.blogged.com/icons/vn_ja_1010896.gif
http://www.celebgossipnet.com/
http://www.dcsavvy.com/
http://www.descoop.com/
http://www.feedburner.com/
http://www.fhaloanprogram.com/
http://www.gamingahead.com/
http://www.level4collective.com/
http://www.newsmakers.co.uk/
http://www.solostream.com/
http://www.statcounter.com/counter/counter_xhtml.js
http://www.streetread.com/
http://www.theamericanvoters.com/forums
http://www.vr1online.com/
http://www.worldsitelist.com/
http://www.youtube.com/v/sxBl9BXLom4&hl=en&fs=1
https://www.e-junkie.com/ecom/gb.php?ii=59524&c=ib&aff=21117&ev=cfb9cd71a6

Request

GET /?cat=37 HTTP/1.1
Host: www.politicaldisgust.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=blu8eif9e3o7hld6vnv6ariv25

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:31:40 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.11
X-Pingback: http://www.politicaldisgust.com/xmlrpc.php
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 51924

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head profile="http://gmpg.org/x
...[SNIP]...
</script><script type="text/javascript" language="JavaScript" src="http://img1.cdn.adjuggler.com/banners/ajtg.js"></script>
...[SNIP]...
<div class="textwidget"><a target="_blank" href="http://www.streetread.com"><b>
...[SNIP]...
<br>
<a target="_blank" href="http://www.celebgossipnet.com"><b>
...[SNIP]...
<br>
<a target="_blank" href="http://www.gamingahead.com">
<b>
...[SNIP]...
<br>
<a target="_blank" href="http://www.theamericanvoters.com/forums">
<b>
...[SNIP]...
<br>
<a target="_blank" href="http://www.descoop.com">
<b>
...[SNIP]...
<br>
<a target="_blank" href="http://www.bestnewspolitics.com">
<b>
...[SNIP]...
<br>
<a target="_blank" href="http://politicalirony.com/">
<b>
...[SNIP]...
<br>
<a target="_blank" href="http://www.vr1online.com/">
<b>
...[SNIP]...
<br>
<a target="_blank" href="http://www.dcsavvy.com">
<b>
...[SNIP]...
<br>
<a target="_blank" href="http://www.newsmakers.co.uk">
<b>
...[SNIP]...
<div class="textwidget">
<a href="https://www.e-junkie.com/ecom/gb.php?ii=59524&c=ib&aff=21117&ev=cfb9cd71a6" target="ejejcsingle" ><b>
...[SNIP]...
<br><a href="http://www.worldsitelist.com/">World Site List</a><br>
<a href="http://www.blogged.com">
<img src="http://www.blogged.com/icons/vn_ja_1010896.gif" border="0" alt="Blog Directory - Blogged" title="Blog Directory - Blogged" /></a><a href="http://www.blogcatalog.com/directory/politics" title="Political Blogs - BlogCatalog Blog Directory"><img src="http://www.blogcatalog.com/images/buttons/blogcatalog5.gif" alt="Political Blogs - BlogCatalog Blog Directory" style="border: 0;" /></div>
...[SNIP]...
<li><a href="http://wordpress.org/" title="Powered by WordPress, state-of-the-art semantic personal publishing platform.">WordPress.org</a>
...[SNIP]...
<p style="text-align: center;"><img class="aligncenter" src="//44CA11AB-E665-4868-8EC3-AD41960012C9/EFCA_Rally_ALF-CIO_cropped.jpg" alt="EFCA_Rally_ALF-CIO_cropped.jpg" width="335" height="448" /></p>
...[SNIP]...
<p>CNN Money’s Annalyn Censky recently examined the decline of the middle class in a piece that ran on Yahoo Finance Wednesday. In the rather lengthy examination, which you can read <a href="http://finance.yahoo.com/news/How-the-middle-class-became-cnnm-2876148381.html" target="_blank">here</a>
...[SNIP]...
<p style="text-align: center;"><a href="http://thefabempire.com/2010/01/26/state-of-the-union-viewing-reception-at-z-lounge/"><img class="size-full wp-image-1651 aligncenter" src="http://www.politicaldisgust.com/wp-content/uploads/2011/01/25obama5_600.jpg" alt="25obama5_600" width="600" height="331" />
...[SNIP]...
</script><script type="text/javascript" src="http://digg.com/api/diggthis.js"></script>
...[SNIP]...
<p><object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width="325" height="244" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0"><param name="allowFullScreen" value="true" />
...[SNIP]...
<param name="src" value="http://www.youtube.com/v/sxBl9BXLom4&hl=en&fs=1" /><embed type="application/x-shockwave-flash" width="325" height="244" src="http://www.youtube.com/v/sxBl9BXLom4&hl=en&fs=1" allowscriptaccess="always" allowfullscreen="true"></embed>
...[SNIP]...
<br>
Delivered by <a href="http://www.feedburner.com" target="_blank">FeedBurner</a></p><p><a href="http://feeds.feedburner.com/politicaldisgust"><img src="http://feeds.feedburner.com/~fc/politicaldisgust?bg=000000&fg=ffffff&anim=0" height="26" width="88" style="border:0" alt="" /></a>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://player.jambovideonetwork.com/js/player.php?pubsite_id=12462&pr=12579"></script>
...[SNIP]...
<div class="textwidget">Learn about getting an <a target="_blank" href="http://www.fhaloanprogram.com"><b>
...[SNIP]...
<br>
<a target="_blank" href="http://www.level4collective.com">
<b>
...[SNIP]...
</script><script type="text/javascript" language="JavaScript" src="http://img1.cdn.adjuggler.com/banners/ajtg.js"></script>
...[SNIP]...
</script><script type="text/javascript" language="JavaScript" src="http://img1.cdn.adjuggler.com/banners/ajtg.js"></script>
...[SNIP]...
</script><script type="text/javascript" language="JavaScript" src="http://img1.cdn.adjuggler.com/banners/ajtg.js"></script>
...[SNIP]...
</a> 2008. All rights reserved. Powered by <a href="http://wordpress.org/">WordPress</a>. <a href="http://www.solostream.com">Wordpress Themes</a>. <a href="http://validator.w3.org/check?uri=referer">XHTML</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter_xhtml.js"></script>

<script type="text/javascript" src="http://tinyurl.com/2b5ojn"></script>
<img src="http://socialspark.com/images/claimdot.gif" alt="ss_blog_claim=f6da28c37539386f43e10ed620bcd1f0" /> <script type="text/javascript" src="http://izearanks.com/itk/show/politicaldisgust-com"></script>
<script type="text/javascript" src="http://izearanks.com/itk/show/politicaldisgust-com"></script>
<img src="http://socialspark.com/images/claimdot.gif" alt="ss_blog_claim=f6da28c37539386f43e10ed620bcd1f0" />
</body>
...[SNIP]...

1.172. http://www.quantcast.com/top-sites/US/2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.quantcast.com
Path:	/top-sites/US/2

Issue detail

The page was loaded from a URL containing a query string:

http://www.quantcast.com/top-sites/US/2;jsessionid=F8C72CDB444E881F86E48F2534922FBE

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js
http://pixel.quantserve.com/pixel/p-9fYuixa7g_Hm2.gif

Request

GET /top-sites/US/2;jsessionid=F8C72CDB444E881F86E48F2534922FBE HTTP/1.1
Host: www.quantcast.com
Proxy-Connection: keep-alive
Referer: http://www.quantcast.com/top-sites-1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1138661367-1297862290557; __utmz=14861494.1297862294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=14861494.1792645891.1297862294.1300542320.1300624433.14; __utmc=14861494; __utmb=14861494.3.8.1300624434708; qcPageID=0; qcVisitor=2|47|1297862270597|112|NOTSET; JSESSIONID=686CB50C4B2A374C14A6F4326B6BFF47

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=B94D2CC7C2AFAD1E9C82A692FB8A28C9; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 12:33:56 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html>

<head>

<meta http-equiv="Content-Type" content="text/
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js"></script>
...[SNIP]...
<div style="display: none;"><img src="http://pixel.quantserve.com/pixel/p-9fYuixa7g_Hm2.gif" height="1" width="1" alt="Quantcast"/></div>
...[SNIP]...

1.173. http://www.reliant.com/en_US/Page/Shop/Public/misc_LockedandLow_100_landingpage.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.reliant.com
Path:	/en_US/Page/Shop/Public/misc_LockedandLow_100_landingpage.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.reliant.com/en_US/Page/Shop/Public/misc_LockedandLow_100_landingpage.jsp?bc968'-alert(document.cookie)-'fdd40018f76=1&msg_code=|browser_support

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js
http://www.facebook.com/reliantenergy
http://www.flickr.com/ReliantEnergy
http://www.linkedin.com/company/157334
http://www.twitter.com/ReliantEnergy
http://www.youtube.com/ReliantEnergy

Request

GET /en_US/Page/Shop/Public/misc_LockedandLow_100_landingpage.jsp?bc968'-alert(document.cookie)-'fdd40018f76=1&msg_code=|browser_support HTTP/1.1
Host: www.reliant.com
Proxy-Connection: keep-alive
Referer: http://www.reliant.com/en_US/Page/Shop/Public/misc_LockedandLow_100_landingpage.jsp?bc968'-alert(document.cookie)-'fdd40018f76=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i_chronicle_id=090175228036e945; UserSessionFilterCookieID=730AC166-140D-01EA-2789-A816B0F33610; JSESSIONID=F3E703A189A9026310F9CC3DA2E5179F; language_code=en_US; site_location=Shop; CurrentAccountSegment=Generic; mbox=check#true#1300630048|session#1300629987035-862457#1300631848; s_cc=true; s_nr=1300629988527-New; s_evar17=9%3A00AM; s_evar18=Sunday; s_evar19=Weekend; c=undefinedburpburp; s_evar37cvp=%5B%5B'Other%20Referrers'%2C'1300629988532'%5D%5D; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Sun, 20 Mar 2011 14:06:26 GMT
Cache-control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-cookie: JSESSIONID=5127BF17E38795CB9418DF64FFBB9084; Path=/
Set-cookie: language_code=en_US; Domain=.reliant.com; Path=/
Set-cookie: i_chronicle_id=090175228036e945
Set-cookie: site_location=Shop; Domain=.reliant.com; Path=/
Set-cookie: CurrentAccountSegment=Generic; Domain=.reliant.com; Path=/
Pragma: no-cache
Content-type: text/html;charset=utf-8
Via: 1.1 https-www.reliant.com
Proxy-agent: Oracle-iPlanet-Web-Server/7.0
Content-Length: 81899

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd
...[SNIP]...
<li><a href="http://www.facebook.com/reliantenergy" target="_blank"><img src="/en_US/Images/Content_Images/Misc/soclnk_facebook_icon.png" title="Facebook" alt="Facebook"/>
...[SNIP]...
<li><a href="http://www.twitter.com/ReliantEnergy" target="_blank"><img src="/en_US/Images/Content_Images/Misc/soclnk_twitter_icon.png" title="Twitter" alt="Twitter"/>
...[SNIP]...
<li><a href="http://www.flickr.com/ReliantEnergy" target="_blank"><img src="/en_US/Images/Content_Images/Misc/soclnk_flickr_icon.png" title="Flickr" alt="Flickr"/>
...[SNIP]...
<li><a href="http://www.linkedin.com/company/157334" target="_blank"><img src="/en_US/Images/Content_Images/Misc/soclnk_linkedin_icon.png" title="LinkedIn" alt="LinkedIn"/>
...[SNIP]...
<li><a href="http://www.youtube.com/ReliantEnergy" target="_blank"><img src="/en_US/Images/Content_Images/Misc/soclnk_youtube_icon.png" title="YouTube" alt="YouTube"/>
...[SNIP]...
<div class="smartLeftCol">

<script language="javascript" type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js"></script>
...[SNIP]...

1.174. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=icur2yy4me&mid=241700943

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3422303&dw=50&dh=50&cs=093b352d5620a327efb2db9f7ea9af0c&rnd=567

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=icur2yy4me&mid=241700943 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA