Cross Domain Referer Leakage Example

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

1.1. https://account.woot.com/login next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://account.woot.com
Path:	/login

Issue detail

The page was loaded from a URL containing a query string:

https://account.woot.com/login?returnurl=http%3a%2f%2fwww.woot.com%2fdefault.aspx

The response contains the following links to other domains:

https://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js
https://ajax.googleapis.com/ajax/libs/jqueryui/1.7/jquery-ui.min.js
https://secure.quantserve.com/pixel/p-45WWkjSYwI3II.gif
https://www.facebook.com/login.php?api_key=96a4f6e52f4e4a332462297b89d043d7&extern=1&fbconnect=1&return_session=1&v=1.0&next=https://account.woot.com/facebook/authenticate&fb_connect=1&cancel_url=https://account.woot.com/login

Request

GET /login?returnurl=http%3a%2f%2fwww.woot.com%2fdefault.aspx HTTP/1.1
Host: account.woot.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; ASP.NET_SessionId=22t2jnvelpxe2wdtgccitn1b; __utmb=87498951.2.10.1300624488; __qca=P0-1285104554-1300624487224;

Response

HTTP/1.1 200 OK
Cache-Control: public, no-store, max-age=0
Content-Type: text/html; charset=utf-8
Expires: Sun, 20 Mar 2011 14:03:38 GMT
Last-Modified: Sun, 20 Mar 2011 14:03:38 GMT
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 20 Mar 2011 14:03:38 GMT
Connection: close
Content-Length: 13072

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml"
...[SNIP]...
<link href="/Styles/Account.css" rel="stylesheet" type="text/css" />
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js" type="text/javascript"></script>
<script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.7/jquery-ui.min.js" type="text/javascript"></script>
...[SNIP]...
<li><a href="https://www.facebook.com/login.php?api_key=96a4f6e52f4e4a332462297b89d043d7&extern=1&fbconnect=1&return_session=1&v=1.0&next=https://account.woot.com/facebook/authenticate&fb_connect=1&cancel_url=https://account.woot.com/login" target="_parent"><img src="/Images/Connections/facebook.png" alt="Facebook" />
...[SNIP]...
<noscript>
<img src="https://secure.quantserve.com/pixel/p-45WWkjSYwI3II.gif" style="display:none;" border="0" height="1" width="1" alt="Quantcast" />
</noscript>
...[SNIP]...

1.2. https://account.woot.com/signup previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://account.woot.com
Path:	/signup

Issue detail

The page was loaded from a URL containing a query string:

https://account.woot.com/signup?returnurl=http%3a%2f%2fwww.woot.com%2fdefault.aspx

The response contains the following links to other domains:

https://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js
https://ajax.googleapis.com/ajax/libs/jqueryui/1.7/jquery-ui.min.js
https://secure.quantserve.com/pixel/p-45WWkjSYwI3II.gif
https://www.facebook.com/login.php?api_key=96a4f6e52f4e4a332462297b89d043d7&extern=1&fbconnect=1&return_session=1&v=1.0&next=https://account.woot.com/facebook/authenticate&fb_connect=1&cancel_url=https://account.woot.com/login
https://www.google.com/recaptcha/api/challenge?k=6LfxmwQAAAAAAGh9lfv097LJ7e7mrVLv3mXmr6e0
https://www.google.com/recaptcha/api/noscript?k=6LfxmwQAAAAAAGh9lfv097LJ7e7mrVLv3mXmr6e0

Request

GET /signup?returnurl=http%3a%2f%2fwww.woot.com%2fdefault.aspx HTTP/1.1
Host: account.woot.com
Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488

Response

HTTP/1.1 200 OK
Cache-Control: public, no-store, max-age=0
Content-Type: text/html; charset=utf-8
Expires: Sun, 20 Mar 2011 13:39:23 GMT
Last-Modified: Sun, 20 Mar 2011 13:39:23 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=kj055u1p4rjlytavdwiqjuth; path=/; HttpOnly
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 20 Mar 2011 13:39:23 GMT
Content-Length: 14055

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml"
...[SNIP]...
<link href="/Styles/Account.css" rel="stylesheet" type="text/css" />
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js" type="text/javascript"></script>
<script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.7/jquery-ui.min.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.google.com/recaptcha/api/challenge?k=6LfxmwQAAAAAAGh9lfv097LJ7e7mrVLv3mXmr6e0">

</script><noscript>
<iframe src="https://www.google.com/recaptcha/api/noscript?k=6LfxmwQAAAAAAGh9lfv097LJ7e7mrVLv3mXmr6e0" width="500" height="300" frameborder="0">

</iframe>
...[SNIP]...
<li><a href="https://www.facebook.com/login.php?api_key=96a4f6e52f4e4a332462297b89d043d7&extern=1&fbconnect=1&return_session=1&v=1.0&next=https://account.woot.com/facebook/authenticate&fb_connect=1&cancel_url=https://account.woot.com/login" target="_parent"><img src="/Images/Connections/facebook.png" alt="Facebook" />
...[SNIP]...
<noscript>
<img src="https://secure.quantserve.com/pixel/p-45WWkjSYwI3II.gif" style="display:none;" border="0" height="1" width="1" alt="Quantcast" />
</noscript>
...[SNIP]...

1.3. http://ad.doubleclick.net/adi/N1558.advertising.com/B3897970.13 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N1558.advertising.com/B3897970.13

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N1558.advertising.com/B3897970.13;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000787694/mnum=0000759958/cstr=16369623=_4d85fc08,4560463311,787694%5E759958%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=16369623/optn=64?trg=;ord=4560463311?

The response contains the following links to other domains:

http://s0.2mdn.net/1774243/8million_728x90.gif
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N1558.advertising.com/B3897970.13;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000787694/mnum=0000759958/cstr=16369623=_4d85fc08,4560463311,787694%5E759958%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=16369623/optn=64?trg=;ord=4560463311? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:23:58 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:23:58 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6130

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
58/cstr=16369623=_4d85fc08,4560463311,787694%5E759958%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=16369623/optn=64?trg=http%3a%2f%2fwww.travelguard.com/vacations_can_fall_apart/%3Fcmpid%3Dbac-001-nov10-apart"><img src="http://s0.2mdn.net/1774243/8million_728x90.gif" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

1.4. http://ad.doubleclick.net/adi/N1558.advertising.com/B3897970.13 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N1558.advertising.com/B3897970.13

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N1558.advertising.com/B3897970.13;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000787694/mnum=0000759958/cstr=16369623=_4d85fc08,4560463311,787694%5E759958%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=16369623/optn=64?trg=;ord=4560463311?

The response contains the following links to other domains:

http://s0.2mdn.net/1774243/backup_728x90.gif
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:07:20 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:07:20 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6120

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
=0000759958/cstr=16369623=_4d85fc08,4560463311,787694%5E759958%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=16369623/optn=64?trg=http%3a%2f%2fwww.travelguard.com/cruise-coverage/%3Fcmpid%3Dbac-001-cruiseFeb11"><img src="http://s0.2mdn.net/1774243/backup_728x90.gif" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

1.5. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.44 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2524.134426.0710433834321/B4169763.44

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.44;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=BiQfiHAGGTfi-G8_zlAf68cThD5Wpie8BrYeJ8hLjqLazM_CL0wQQARgBIM-2sAM4AGDJBqABo67u9gOyAQx3d3cud29vdC5jb226AQozMDB4MjUwX2FzyAEJ2gEjaHR0cDovL3d3dy53b290LmNvbS9XaGF0SXNXb290LmFzcHi4AhjAAgXIAuXvxRjgAgDqAhJ3b290LWJsb2cxLTMwMHgyNTCQA6QDmAOkA6gDAdEDX7TNu-ilXeToA-0C6AOTBOgDqQb1AwQEAMTgBAE&num=1&sig=AGiWqtwPCfylAn4LjFnmamHhqeEpZGvhnw&client=ca-pub-2332856072838068&adurl=;ord=2113777662?

The response contains the following links to other domains:

http://s0.2mdn.net/578176/ns_0000_brand_300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N2524.134426.0710433834321/B4169763.44;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=BiQfiHAGGTfi-G8_zlAf68cThD5Wpie8BrYeJ8hLjqLazM_CL0wQQARgBIM-2sAM4AGDJBqABo67u9gOyAQx3d3cud29vdC5jb226AQozMDB4MjUwX2FzyAEJ2gEjaHR0cDovL3d3dy53b290LmNvbS9XaGF0SXNXb290LmFzcHi4AhjAAgXIAuXvxRjgAgDqAhJ3b290LWJsb2cxLTMwMHgyNTCQA6QDmAOkA6gDAdEDX7TNu-ilXeToA-0C6AOTBOgDqQb1AwQEAMTgBAE&num=1&sig=AGiWqtwPCfylAn4LjFnmamHhqeEpZGvhnw&client=ca-pub-2332856072838068&adurl=;ord=2113777662? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:29:01 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:29:01 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7053

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
lXeToA-0C6AOTBOgDqQb1AwQEAMTgBAE&num=1&sig=AGiWqtwPCfylAn4LjFnmamHhqeEpZGvhnw&client=ca-pub-2332856072838068&adurl=http%3a%2f%2fads.networksolutions.com/landing%3Fcode%3DP99C519S512N0B2A1D38E0000V109"><img src="http://s0.2mdn.net/578176/ns_0000_brand_300x250.jpg" width="300" height="250" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

1.6. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.44 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2524.134426.0710433834321/B4169763.44

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.44;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=BiQfiHAGGTfi-G8_zlAf68cThD5Wpie8BrYeJ8hLjqLazM_CL0wQQARgBIM-2sAM4AGDJBqABo67u9gOyAQx3d3cud29vdC5jb226AQozMDB4MjUwX2FzyAEJ2gEjaHR0cDovL3d3dy53b290LmNvbS9XaGF0SXNXb290LmFzcHi4AhjAAgXIAuXvxRjgAgDqAhJ3b290LWJsb2cxLTMwMHgyNTCQA6QDmAOkA6gDAdEDX7TNu-ilXeToA-0C6AOTBOgDqQb1AwQEAMTgBAE&num=1&sig=AGiWqtwPCfylAn4LjFnmamHhqeEpZGvhnw&client=ca-pub-2332856072838068&adurl=;ord=2113777662?

The response contains the following links to other domains:

http://s0.2mdn.net/578176/300x250-GREEN-499.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:42:25 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:42:25 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7089

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
QEAMTgBAE&num=1&sig=AGiWqtwPCfylAn4LjFnmamHhqeEpZGvhnw&client=ca-pub-2332856072838068&adurl=http%3a%2f%2fads.networksolutions.com/landing%3Fcode%3DP111C519S512N0B2A1D688E0000V101%26promo%3DBCXXX04226"><img src="http://s0.2mdn.net/578176/300x250-GREEN-499.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

1.7. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2524.134426.0710433834321/B4169763.45

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BDKyNGgGGTeW2G87tlQeXo9nTCpWpie8BnfOH8hLjqLazM7DgpQMQARgBIM-2sAM4AFDEwrTWBmDJBqABo67u9gOyAQx3d3cud29vdC5jb226AQk3Mjh4OTBfYXPIAQnaARtodHRwOi8vd3d3Lndvb3QuY29tL0ZvcnVtcy-4AhjAAgXIAuXvxRioAwHRA1-0zbvopV3k6AOzAugD7QL1AwQFAMQ&num=1&sig=AGiWqtwnk5CjmbYfnLHaK27gT0fU3IqnSA&client=ca-pub-2332856072838068&adurl=;ord=1414262516?

The response contains the following links to other domains:

http://s0.2mdn.net/578176/728X90-GREY-599.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BDKyNGgGGTeW2G87tlQeXo9nTCpWpie8BnfOH8hLjqLazM7DgpQMQARgBIM-2sAM4AFDEwrTWBmDJBqABo67u9gOyAQx3d3cud29vdC5jb226AQk3Mjh4OTBfYXPIAQnaARtodHRwOi8vd3d3Lndvb3QuY29tL0ZvcnVtcy-4AhjAAgXIAuXvxRioAwHRA1-0zbvopV3k6AOzAugD7QL1AwQFAMQ&num=1&sig=AGiWqtwnk5CjmbYfnLHaK27gT0fU3IqnSA&client=ca-pub-2332856072838068&adurl=;ord=1414262516? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2332856072838068&format=728x90_as&output=html&h=90&w=728&lmt=1300645740&channel=Blog728Image&ad_type=text_image&color_bg=FFFFFF&color_border=FFFFFF&color_link=4A6751&color_text=000000&color_url=B35A1E&flash=10.2.154&url=http%3A%2F%2Fwww.woot.com%2FForums%2F&dt=1300627740399&bpp=3&shv=r20110315&jsv=r20110317&correlator=1300627740639&frm=0&adk=453380111&ga_vid=473007276.1300627741&ga_sid=1300627741&ga_hid=602886886&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1096&bih=916&fu=0&ifi=1&dtd=506&xpc=A6InmP8TQy&p=http%3A//www.woot.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:41:57 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:41:57 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6859

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
QL1AwQFAMQ&num=1&sig=AGiWqtwnk5CjmbYfnLHaK27gT0fU3IqnSA&client=ca-pub-2332856072838068&adurl=http%3a%2f%2fads.networksolutions.com/landing%3Fcode%3DP61C519S512N0B2A1D573E0000V102%26promo%3DHOSTING599"><img src="http://s0.2mdn.net/578176/728X90-GREY-599.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

1.8. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N2524.134426.0710433834321/B4169763.45

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BDKyNGgGGTeW2G87tlQeXo9nTCpWpie8BnfOH8hLjqLazM7DgpQMQARgBIM-2sAM4AFDEwrTWBmDJBqABo67u9gOyAQx3d3cud29vdC5jb226AQk3Mjh4OTBfYXPIAQnaARtodHRwOi8vd3d3Lndvb3QuY29tL0ZvcnVtcy-4AhjAAgXIAuXvxRioAwHRA1-0zbvopV3k6AOzAugD7QL1AwQFAMQ&num=1&sig=AGiWqtwnk5CjmbYfnLHaK27gT0fU3IqnSA&client=ca-pub-2332856072838068&adurl=;ord=1414262516?

The response contains the following links to other domains:

http://s0.2mdn.net/578176/728x90-TEAL-idea.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:29:00 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:29:00 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6794

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
RA1-0zbvopV3k6AOzAugD7QL1AwQFAMQ&num=1&sig=AGiWqtwnk5CjmbYfnLHaK27gT0fU3IqnSA&client=ca-pub-2332856072838068&adurl=http%3a%2f%2fads.networksolutions.com/landing%3Fcode%3DP99C519S512N0B2A1D38E0000V109"><img src="http://s0.2mdn.net/578176/728x90-TEAL-idea.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

1.9. http://ad.doubleclick.net/adi/N4518.247RealMedia/B4955444.24 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4518.247RealMedia/B4955444.24

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N4518.247RealMedia/B4955444.24;sz=728x90;click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/2030005299/Top1/USNetwork/BCN2011030297_004_Trion/20144021.html/726348573830316934646f4141767949?;ord=2030005299?

The response contains the following links to other domains:

http://s0.2mdn.net/2941448/rift_gameplay_progressive_728x90_en_buy.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N4518.247RealMedia/B4955444.24;sz=728x90;click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/2030005299/Top1/USNetwork/BCN2011030297_004_Trion/20144021.html/726348573830316934646f4141767949?;ord=2030005299? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:30:58 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:30:58 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6417

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
05299/Top1/USNetwork/BCN2011030297_004_Trion/20144021.html/726348573830316934646f4141767949?http://www.riftgame.com/preorder?utm_source=247_Real_Media&utm_medium=banner&utm_campaign=Pre-Sale_Campaign"><img src="http://s0.2mdn.net/2941448/rift_gameplay_progressive_728x90_en_buy.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

1.10. http://ad.doubleclick.net/adi/N5552.152304.TRADINGDESK/B5035357.75 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5552.152304.TRADINGDESK/B5035357.75

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N5552.152304.TRADINGDESK/B5035357.75;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzxWTgUAeAABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/;

The response contains the following links to other domains:

http://s0.2mdn.net/2784033/127875_DTR_APR_B_300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N5552.152304.TRADINGDESK/B5035357.75;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzxWTgUAeAABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:45:46 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:45:46 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7263

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
3a%2f%2fdoubletree.hilton.com/en/dt/promotions/netdirectratesdt/index.jhtml%3FWT.mc_id%3DzkdCSAA0US1DT2DMH3Tradingdesk4AdvancePurchase5BTEST7BR840890%26cssiteid%3D976350%26csdartid%3D5778037941159829"><img src="http://s0.2mdn.net/2784033/127875_DTR_APR_B_300x250.jpg" width="300" height="250" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

1.11. http://ad.doubleclick.net/adi/N5853.3630.1790008898421/B5154579.5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5853.3630.1790008898421/B5154579.5

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N5853.3630.1790008898421/B5154579.5;sz=728x90;click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/151114612/Top1/USNetwork/BCN2011020957_001_Ditech/Ditech_BT_728_New.html/726348573830316934646f4141767949?;ord=151114612?

The response contains the following links to other domains:

http://edge.quantserve.com/quant.js
http://pixel.quantserve.com/pixel/p-2cw55LrunGBGg.gif?media=ad&labels=_imp.adserver.doubleclick,_imp.publisher.58612726,_imp.placement.234771512,_imp.creative.40123988
http://s0.2mdn.net/2330649/74-seamless728x90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N5853.3630.1790008898421/B5154579.5;sz=728x90;click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/151114612/Top1/USNetwork/BCN2011020957_001_Ditech/Ditech_BT_728_New.html/726348573830316934646f4141767949?;ord=151114612? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:28:24 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:28:24 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7119

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
.com/r;a=p-2cw55LrunGBGg;labels=_click.adserver.doubleclick*http://homeloans.ditech.com/seamless.html?source=BA_Nov_Disp_C5&utm_source=247&utm_medium=banner&utm_campaign=Seamless_Ratesk&CP=24_cpm_ola"><img src="http://s0.2mdn.net/2330649/74-seamless728x90.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-2cw55LrunGBGg.gif?media=ad&labels=_imp.adserver.doubleclick,_imp.publisher.58612726,_imp.placement.234771512,_imp.creative.40123988" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...

1.12. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=759080438432283600?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3392428/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=759080438432283600? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:58:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:58:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3392428/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.13. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=886979484860785300?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3572382/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=886979484860785300? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:01:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:01:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3572382/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.14. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=571848897449672200?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2312788/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=571848897449672200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:40:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:40:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2312788/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.15. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=882866093958728100?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3032757/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=882866093958728100? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:52:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:52:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3032757/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.16. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=790231410670094200?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3212569/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=790231410670094200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:55:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:55:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3212569/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.17. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=138879573740996420?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=4473163/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=138879573740996420? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:16:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:16:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=4473163/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.18. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=285595307569019500?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3752241/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=285595307569019500? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:04:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:04:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3752241/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.19. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=738131550140678900?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3032678/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=738131550140678900? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:52:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:52:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3032678/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.20. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=461906685912981600?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3572382/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=461906685912981600? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:01:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:01:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3572382/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.21. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=615730535355396600?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3932553/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=615730535355396600? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:07:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:07:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3932553/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.22. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3;ord=396664395998232060?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=1952100/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3;ord=396664395998232060? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

1.23. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=974754494288936300?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2132913/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=974754494288936300? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:37:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:37:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2132913/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.24. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=561495134164579200?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=4653772/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=561495134164579200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:19:16 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:19:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=4653772/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.25. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=917197569715790500?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2492678/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=917197569715790500? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:43:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:43:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2492678/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.26. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdcopt-ist;ord=396664395998232060?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=1953163/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdcopt-ist;ord=396664395998232060? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:34:16 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:34:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=1953163/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.27. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=209918674943037300?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2312803/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=209918674943037300? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:40:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:40:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2312803/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.28. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=726008668006397800?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2132882/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=726008668006397800? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:37:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:37:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2132882/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.29. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=179194777854718270?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=5194163/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=179194777854718270? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:28:16 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:28:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=5194163/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.30. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=857191196340136200?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=4293100/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=857191196340136200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

1.31. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=615411270130425600?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=4113116/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=615411270130425600? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:10:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:10:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=4113116/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.32. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=926074913563206800?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2852725/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=926074913563206800? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:49:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:49:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2852725/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.33. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=337868778686970500?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2852710/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=337868778686970500? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:49:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:49:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2852710/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.34. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=554560093116015170?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3752241/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=554560093116015170? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:04:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:04:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3752241/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.35. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=413947022031061400?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=4833632/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=413947022031061400? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:22:16 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:22:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=4833632/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.36. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=155311757628805950?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=4473178/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=155311757628805950? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:16:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:16:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=4473178/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.37. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdcopt-ist;ord=396664395998232060?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=1952100/site=sw.nol/aamsz=728x90

Request

Response

1.38. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x135;tile=2;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x135%7Ctile-2;ord=396664395998232060?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/3099467/KI_template_POTW_00.png

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x135;tile=2;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x135%7Ctile-2;ord=396664395998232060? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:34:14 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:34:14 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 478

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/0/0/%2a/v;237770143;0-0;1;30931370;15173-300/135;41053931/41071718/1;u=!category-_hp|!category-pop|pos-atf|tag-adi|mtype-standard|sz-300x135|tile-2;~aopt=2/0/d79c/0;~sscs=%3fhttp://www.shockwave.com/gamelanding/wizard101.jsp?"><img src="http://s0.2mdn.net/viewad/3099467/KI_template_POTW_00.png" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

1.39. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=664333091001026300?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3392428/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=664333091001026300? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:58:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:58:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3392428/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.40. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=730744091887027100?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3932569/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=730744091887027100? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:07:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:07:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3932569/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.41. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=701796494214795500?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=5194194/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=701796494214795500? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:28:16 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:28:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=5194194/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.42. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=641610817052424000?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2492694/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=641610817052424000? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:43:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:43:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2492694/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.43. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=726008668006397800?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3952897/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=726008668006397800? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:07:35 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:07:35 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3952897/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.44. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=933992477948777300?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=4653772/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=933992477948777300? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:19:16 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:19:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=4653772/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.45. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=601611527078785000?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=4113116/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=601611527078785000? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:10:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:10:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=4113116/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.46. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=153578644921071800?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=3212585/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=153578644921071800? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:55:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:55:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3212585/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.47. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=568318925355561100?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=5013678/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=568318925355561100? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:25:16 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:25:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=5013678/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.48. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=179906606371514500?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2672600/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=179906606371514500? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:46:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:46:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2672600/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.49. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=792457706178538500?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=4833663/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=792457706178538500? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:22:16 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:22:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=4833663/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.50. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=326381607120856640?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=2672585/site=sw.nol/aamsz=728x90

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=1;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=326381607120856640? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 12:46:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:46:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 169

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=2672585/site=sw.nol/aamsz=728x90"></SCRIPT></body>

1.51. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=899866640660911700?

The response contains the following links to other domains:

http://s0.2mdn.net/1807016/pottyRacers2011_box_static.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=899866640660911700? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:13:15 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:13:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 4192

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0>


<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
stat?id=Wfo4fN0GvkE&offerid=146261&type=3&subid=0&tmpid=1826&u1=Potty-BNR-SW&RD_PARM1=http%253A%252F%252Fitunes.apple.com%252Fus%252Fapp%252Fid376427546%253Fmt%253D8%2526uo%253D4%2526partnerId%253D40"><img src="http://s0.2mdn.net/1807016/pottyRacers2011_box_static.jpg" border="0" alt="" ></a>
...[SNIP]...

1.52. http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/sw.nol/atf_i_s/_hp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=770283972052857200?

The response contains the following link to another domain:

http://viacom.adbureau.net/jserver/acc_random=5013694/site=sw.nol/aamsz=300x250

Request

GET /adi/sw.nol/atf_i_s/_hp;sec0=_hp;!category=_hp;!category=pop;pos=atf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=2966;demo=2907;demo=2905;demo=1607;demo=1306;demo=1299;demo=850;demo=848;demo=847;demo=844;demo=792;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-pop%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-1607%7Cdemo-1306%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-847%7Cdemo-844%7Cdemo-792%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=770283972052857200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:25:16 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:25:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 170

<body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=5013694/site=sw.nol/aamsz=300x250"></SCRIPT></body>

1.53. http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3;sz=300x250;click=http://r1-ads.ace.advertising.com/click/site=0000787693/mnum=0000884204/cstr=20240822=_4d860041,3743237811,787693%5E884204%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=20240822/optn=64?trg=;ord=3743237811?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2769103/Surprise_300x250_Free2011Score.gif

Request

GET /adj/N3175.272756.AOL-ADVERTISING2/B4640114.3;sz=300x250;click=http://r1-ads.ace.advertising.com/click/site=0000787693/mnum=0000884204/cstr=20240822=_4d860041,3743237811,787693%5E884204%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=20240822/optn=64?trg=;ord=3743237811? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 20 Mar 2011 13:25:21 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:25:21 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 570

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/c/b4/%2a/v;226750510;1-0;0;50154167;4307-300/250;39961082/39978869/1;;~sscs=%3fhttp://r1-ads.ace.advertising.com/clic
...[SNIP]...
60041,3743237811,787693%5E884204%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=20240822/optn=64?trg=http%3a%2f%2fwww.truecredit.com/%3Fenurl%3Dtruecredit.com%26am%3D2063%26channel%3Dpaid%26cid%3Ddisplay%3A2063"><img src="http://s0.2mdn.net/viewad/2769103/Surprise_300x250_Free2011Score.gif" border=0 alt="Advertisement"></a>
...[SNIP]...

1.54. http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3;sz=300x250;click=http://r1-ads.ace.advertising.com/click/site=0000787693/mnum=0000884204/cstr=20240822=_4d860041,3743237811,787693%5E884204%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=20240822/optn=64?trg=;ord=3743237811?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2769103/Frame_Rev_300x250.gif

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 20 Mar 2011 13:35:32 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:35:32 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 557

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/c/b4/%2a/b;226750510;0-0;0;50154167;4307-300/250;39921274/39939061/1;;~sscs=%3fhttp://r1-ads.ace.advertising.com/clic
...[SNIP]...
60041,3743237811,787693%5E884204%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=20240822/optn=64?trg=http%3a%2f%2fwww.truecredit.com/%3Fenurl%3Dtruecredit.com%26am%3D2063%26channel%3Dpaid%26cid%3Ddisplay%3A2063"><img src="http://s0.2mdn.net/viewad/2769103/Frame_Rev_300x250.gif" border=0 alt="Advertisement"></a>
...[SNIP]...

1.55. http://ad.doubleclick.net/adj/N3340.247realmedia.com/B5245409.18 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3340.247realmedia.com/B5245409.18

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3340.247realmedia.com/B5245409.18;sz=300x250;pc=[TPAS_ID];click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/1000160035/x15/USNetwork/BCN2011020355_006_Nissan/Nissan2.17_300.html/726348573830316934646f4141767949?;ord=1000160035?

The response contains the following link to another domain:

http://s0.2mdn.net/1361550/PID_1540640_300.jpg

Request

GET /adj/N3340.247realmedia.com/B5245409.18;sz=300x250;pc=[TPAS_ID];click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/1000160035/x15/USNetwork/BCN2011020355_006_Nissan/Nissan2.17_300.html/726348573830316934646f4141767949?;ord=1000160035? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 20 Mar 2011 13:08:36 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:08:36 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 39123

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
949?http://pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=altima&dcp=zmm.60007922.&dcc=40678675.236689265"><IMG SRC="http://s0.2mdn.net/1361550/PID_1540640_300.jpg" width="300" height="250" BORDER=0 alt=""></A>
...[SNIP]...

1.56. http://ad.doubleclick.net/adj/N3340.247realmedia.com/B5245409.19 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3340.247realmedia.com/B5245409.19

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3340.247realmedia.com/B5245409.19;sz=728x90;pc=[TPAS_ID];click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/813909198/Top1/USNetwork/BCN2011020355_006_Nissan/Nissan2.17_728.html/726348573830316934646f4141767949?;ord=813909198?

The response contains the following link to another domain:

http://s0.2mdn.net/1361550/PID_1540650_728.jpg

Request

GET /adj/N3340.247realmedia.com/B5245409.19;sz=728x90;pc=[TPAS_ID];click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/813909198/Top1/USNetwork/BCN2011020355_006_Nissan/Nissan2.17_728.html/726348573830316934646f4141767949?;ord=813909198? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 20 Mar 2011 13:35:33 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:35:33 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 38755

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
949?http://pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=altima&dcp=zmm.60007923.&dcc=40678677.236689177"><IMG SRC="http://s0.2mdn.net/1361550/PID_1540650_728.jpg" width="728" height="90" BORDER=0 alt=""></A>
...[SNIP]...

1.57. http://ad.doubleclick.net/adj/N3880.adwords.google.com/B5109627.9 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3880.adwords.google.com/B5109627.9

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3880.adwords.google.com/B5109627.9;dcove=o;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BeUAfGgGGTenHFsfOlQeE-o3pDun1-pYCkd_lxR-5zZWPRAAQARgBIM-2sAM4AGDJBrIBDHd3dy53b290LmNvbboBCjMwMHgyNTBfYXPIAQnaARtodHRwOi8vd3d3Lndvb3QuY29tL0ZvcnVtcy-YAswhuAIYwAIByALp8KEa4AIA6gIXd29vdC1jb21tdW5pdHkxLTMwMHgyNTCQA6QDmAOkA6gDAdEDX7TNu-ilXeToA7MC6APtAvUDBAUAxOAEAQ&num=1&sig=AGiWqtxxObGMGdGDDOWnMdJXAptYdjLF1g&client=ca-pub-2332856072838068&adurl=;ord=1302051679?

The response contains the following link to another domain:

http://s0.2mdn.net/2393316/PID_1519912_CHV_2010_Volt2010Launch_QA_RM_300x250.jpg

Request

GET /adj/N3880.adwords.google.com/B5109627.9;dcove=o;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BeUAfGgGGTenHFsfOlQeE-o3pDun1-pYCkd_lxR-5zZWPRAAQARgBIM-2sAM4AGDJBrIBDHd3dy53b290LmNvbboBCjMwMHgyNTBfYXPIAQnaARtodHRwOi8vd3d3Lndvb3QuY29tL0ZvcnVtcy-YAswhuAIYwAIByALp8KEa4AIA6gIXd29vdC1jb21tdW5pdHkxLTMwMHgyNTCQA6QDmAOkA6gDAdEDX7TNu-ilXeToA7MC6APtAvUDBAUAxOAEAQ&num=1&sig=AGiWqtxxObGMGdGDDOWnMdJXAptYdjLF1g&client=ca-pub-2332856072838068&adurl=;ord=1302051679? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 20 Mar 2011 13:41:50 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:41:50 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 37241

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
6gIXd29vdC1jb21tdW5pdHkxLTMwMHgyNTCQA6QDmAOkA6gDAdEDX7TNu-ilXeToA7MC6APtAvUDBAUAxOAEAQ&num=1&sig=AGiWqtxxObGMGdGDDOWnMdJXAptYdjLF1g&client=ca-pub-2332856072838068&adurl=http://www.chevrolet.com/volt/"><IMG SRC="http://s0.2mdn.net/2393316/PID_1519912_CHV_2010_Volt2010Launch_QA_RM_300x250.jpg" width="300" height="250" BORDER=0 alt=""></A>
...[SNIP]...

1.58. http://ad.doubleclick.net/adj/N3880.adwords.google.com/B5109627.9 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3880.adwords.google.com/B5109627.9

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3880.adwords.google.com/B5109627.9;dcove=o;sz=300x250;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BeUAfGgGGTenHFsfOlQeE-o3pDun1-pYCkd_lxR-5zZWPRAAQARgBIM-2sAM4AGDJBrIBDHd3dy53b290LmNvbboBCjMwMHgyNTBfYXPIAQnaARtodHRwOi8vd3d3Lndvb3QuY29tL0ZvcnVtcy-YAswhuAIYwAIByALp8KEa4AIA6gIXd29vdC1jb21tdW5pdHkxLTMwMHgyNTCQA6QDmAOkA6gDAdEDX7TNu-ilXeToA7MC6APtAvUDBAUAxOAEAQ&num=1&sig=AGiWqtxxObGMGdGDDOWnMdJXAptYdjLF1g&client=ca-pub-2332856072838068&adurl=;ord=1302051679?

The response contains the following link to another domain:

http://s0.2mdn.net/2393316/PID_1519911_CHV_2010_Volt2010Launch_QA_RM_B_300x250.jpg

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 20 Mar 2011 13:28:59 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 13:28:59 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 37245

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
6gIXd29vdC1jb21tdW5pdHkxLTMwMHgyNTCQA6QDmAOkA6gDAdEDX7TNu-ilXeToA7MC6APtAvUDBAUAxOAEAQ&num=1&sig=AGiWqtxxObGMGdGDDOWnMdJXAptYdjLF1g&client=ca-pub-2332856072838068&adurl=http://www.chevrolet.com/volt/"><IMG SRC="http://s0.2mdn.net/2393316/PID_1519911_CHV_2010_Volt2010Launch_QA_RM_B_300x250.jpg" width="300" height="250" BORDER=0 alt=""></A>
...[SNIP]...

1.59. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.39 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N553.mediamath/B5123370.39

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N553.mediamath/B5123370.39;sz=300x250;pc=;click1=http://pixel.mathtag.com/click/img?mt_aid=62143273837836637&mt_id=111040&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=62143273837836637?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/1293907/bc_green_300x250.JPG

Request

GET /adj/N553.mediamath/B5123370.39;sz=300x250;pc=;click1=http://pixel.mathtag.com/click/img?mt_aid=62143273837836637&mt_id=111040&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=62143273837836637? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MjE0MzI3MzgzNzgzNjYzNy8xMTEwNDAvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pd3Nzb1g4SlNGczg1RjlCN293LWNUay8/InA55NeIGGV4hzZENaajIegtkxo&price=3.757000
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 20 Mar 2011 12:38:49 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:38:49 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 492

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/c/8a/%2a/y;235638469;0-0;0;59396963;4307-300/250;40463876/40481663/1;;~sscs=%3fhttp://pixel.mathtag.com/click/img?mt_aid=62143273837836637&mt_id=111040&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=https%3a%2f%2fwww.americanexpress.com/gift/giftcardslanding.shtml%3Fsource%3Ddisplay_mm"><img src="http://s0.2mdn.net/viewad/1293907/bc_green_300x250.JPG" border=0 alt="Advertisement"></a>
...[SNIP]...

1.60. http://ad.doubleclick.net/adj/lj.homepage/loggedout previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/lj.homepage/loggedout

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/lj.homepage/loggedout;a=1;r=0;w=0;c=se;pt=se;vert=_code;sz=236x90;pos=t;tile=2;ord=7173672060?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adj/lj.homepage/loggedout;a=1;r=0;w=0;c=se;pt=se;vert=_code;sz=236x90;pos=t;tile=2;ord=7173672060? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 20 Mar 2011 12:34:45 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 12:34:45 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 308

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ad0/0/0/%2a/z;44306;0-0;0;40107501;15133-236/90;0/0/0;;~okv=;a=1;r=0;w=0;c=se;pt=se;vert=_code;sz=236x90;pos=t;tile=2;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

1.61. http://ad.doubleclick.net/adj/teennick.nol/atf_j_s/shows/the_nightlife/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/teennick.nol/atf_j_s/shows/the_nightlife/index

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/teennick.nol/atf_j_s/shows/the_nightlife/index;sec0=shows;sec1=the_nightlife;sec2=index;pos=atf;cat=2;!category=hs_the_nightlife;show=hs_the_nightlife;demo=D;tag=adj;mtype=standard;sz=6x6;tile=1;u=pos-atf%7Ccat-2%7C!category-hs_the_nightlife%7Cshow-hs_the_nightlife%7Cdemo-D%7Ctag-adj%7Cmtype-standard%7Csz-6x6%7Ctile-1;ord=964462979417294200?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adj/teennick.nol/atf_j_s/shows/the_nightlife/index;sec0=shows;sec1=the_nightlife;sec2=index;pos=atf;cat=2;!category=hs_the_nightlife;show=hs_the_nightlife;demo=D;tag=adj;mtype=standard;sz=6x6;tile=1;u=pos-atf%7Ccat-2%7C!category-hs_the_nightlife%7Cshow-hs_the_nightlife%7Cdemo-D%7Ctag-adj%7Cmtype-standard%7Csz-6x6%7Ctile-1;ord=964462979417294200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.teennick.com/shows/the-nightlife
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 20 Mar 2011 14:05:01 GMT
Vary: Accept-Encoding
Expires: Sun, 20 Mar 2011 14:05:01 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 339

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/0/0/%2a/y;44306;0-0;0;52877536;490-6/6;0/0/0;u=pos-atf|cat-2|!category-hs_the_nightlife|show-hs_the_nightlife|demo-D|tag-adj|mtype-standard|sz-6x6|tile-1;~aopt=2/0/d7/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="AD"></a>
...[SNIP]...

1.62. http://ad.turn.com/server/ads.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.htm

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.htm?&pub=2701141&code=5711646&cch=5711644&l=300x250&nonjs=1&sli=1989695&bli=1320666&exPub=298720&city=Dallas&acp=0.6000&rnd=1300626455&3c=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B510576aa26d330cd%253B12ed360bc30%2C0%253B%253B%253B1101847734%2CKnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMLxg0y4BAAAAAAAAADA1NmVjYmI2LTUyZjMtMTFlMC04YWZhLTAwMzA0OGQ2ZDM4NgA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252Fcategory%252Fplus%2Dfive%252F%2C&url=http%3A%2F%2Fbuzzya%2Ecom%2Fcategory%2Fplus%2Dfive%2F

The response contains the following links to other domains:

http://bs.serving-sys.com/BurstingPipe/BannerSource.asp?FlightID=1321455&Page=&PluID=0&Pos=2287
http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=1321455&PluID=0&w=300&h=250&ord=&ord=4005530758592425654&ucm=true&ncu=http://r.turn.com/r/tpclick/id/tm7NsgCBljeFlAgAcwABAA/3c/http%3A%2F%2Fad.yieldmanager.com%2Fclk%3F2%2C13%253B510576aa26d330cd%253B12ed360bc30%2C0%253B%253B%253B1101847734%2CKnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMLxg0y4BAAAAAAAAADA1NmVjYmI2LTUyZjMtMTFlMC04YWZhLTAwMzA0OGQ2ZDM4NgA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%2C/url/

Request

GET /server/ads.htm?&pub=2701141&code=5711646&cch=5711644&l=300x250&nonjs=1&sli=1989695&bli=1320666&exPub=298720&city=Dallas&acp=0.6000&rnd=1300626455&3c=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B510576aa26d330cd%253B12ed360bc30%2C0%253B%253B%253B1101847734%2CKnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMLxg0y4BAAAAAAAAADA1NmVjYmI2LTUyZjMtMTFlMC04YWZhLTAwMzA0OGQ2ZDM4NgA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252Fcategory%252Fplus%2Dfive%252F%2C&url=http%3A%2F%2Fbuzzya%2Ecom%2Fcategory%2Fplus%2Dfive%2F HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?KnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAA9yhcj8L12D.3KFyPwvXYPzQzMzMzM-M.NDMzMzMz4z80MzMzMzPjPzQzMzMzM-M.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABesxCRluDOCViSxm-ZYl7hHK-ojY2ZD-xTzD1fAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fplus-five%2F,Z%3D300x250%26s%3D1602587%26_salt%3D2720804788%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%26r%3D0,056ecbb6-52f3-11e0-8afa-003048d6d386
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=aWm1M4LjK5VIpxyiby4XYxEDYW1PshQ3vpBZa8uxHEph-L3XcPmT4hHXOQgApIlYh1NXgtHFGzzHzNFmm-KzX_9FnfDLNktuAMS6JsTomdlVpY3HjWkw231zQDelLH8_7MDefgoTZqF-bd3v_Qfs6OEZRtFGqduPVkD_gkg8VfV0ExsZAquLx2WiGNWvrnUszuICt27wBWASQBET6OeAytEy0WeBXOvyGLo3g2RyRxPMuJkSor3PooeE5HOb8MagG3H1Yh6KJus8Al0Tyl-_P0B_pSthw6Osds3vCU1DTz-z4otjDK2ixFI9HIYofu_jbt-1znRWuv4f0NnBSjg_DEGifQpKlSlg2JPncxaZQ7rJS-D340zJ0KEew_mwtQGaH27SKaSCTrWZJYQAanRpUpKgERJUW1YdGsZik0-okt7FAHdoDG0wmwYyeCzPe0spi39LGtEsLYa2RHjeXVKaXwxjz621UnXRIPElrss_9Bf3D5kPD76YDvIMjmnYUSqxgxaji_-otMFqmG9mmaQliekdOq3dCdMpBBYB6oxrLl9pdFEKrE3dKUxNz_PPP_A0oljWnUH_uUv0DheX3sKsfdGakli0ckXet5HgWuGAxOwjSx4LjXgDbmHu6Eh19fbovGRasNivyUiC-5nZMh1vJZclJZpWuXGcTDMvl_OekRPjS2MhCKHwMNU_BYoLCyOP7MDefgoTZqF-bd3v_Qfs6KVd2oSKolIwwEiITDQU2Lx0ExsZAquLx2WiGNWvrnUsd_PYU2DwATVpcslEDyf8hqiet1AIT80-jJlBpoUU7boLVM3uUWyLgHu6saG6i5PsBUqFp4KiueJFiSLkI0xYhQXlpwfxpWQdK7j4LVji2FVRCmp-Ng4uMeq-zvqbvux36ic_sEQwn-Xt_ClqlX8t_6DGXbcfdjdN_4BNnqMpaZCNRQCl9OpEhGua7KdmVMA9H27SKaSCTrWZJYQAanRpUjDmKTcPQFqbSQ5GlElX4-OPXp3pozvJlBPwzvc_9CbX0Eax0_okMfml7XV2gTBl77zbnfMNJ_ejhUj1ijcB8BL3D5kPD76YDvIMjmnYUSqxVTm50zwheMZKXjYTELCaRTMB1dlAsjcT9rVrLvj2jmVUL-jDhuW_PG6kDXW49rX2tzfWChaLz8qHVMsj8mXTQ5X_BsIvcSN0BmMTK-BlFS19ozX7FlWqx06TTt3zJMoidpDfoquYgeQVRQJMAHbPNzKbdG5BDLNqFInvCReDtR22Ma4NnjcBIUkCx_bHhhCO7MDefgoTZqF-bd3v_Qfs6BrVkQpn3sMfisSjNFR6Lph0ExsZAquLx2WiGNWvrnUsxG4zdt6QMXamb0MlO9-6e1Et3epiS-kFwEUk3ma5DYQLVM3uUWyLgHu6saG6i5PsCif1zoSmfZSqcudOf2tI_AtUze5RbIuAe7qxobqLk-whOajgwxbhQ2etCzicpyVTBeWnB_GlZB0ruPgtWOLYVT4g_J2kF4TffMfKOos7tSGYqdD0JO4s0XymPmMJRJDcQaJ9CkqVKWDYk-dzFplDuqwCXV-t7S-pFZ84tfYt394fbtIppIJOtZklhABqdGlSk3kOykyDTiOMXrl_1hSXbVPgP28vTqELfpOybpGjlbL1u2jaCL-G-9iQxe-i1zj0qnIvgJ1Cs1GitaawX0kTqPcPmQ8PvpgO8gyOadhRKrGUhUdZl_uWemjmxoBkqtZPlC4l-GnLAeLfqIKDfL1UZBu13BiEoKhy1nfBN8OlmthGyJL9eBp3R0ktcXzadt6Dlf8Gwi9xI3QGYxMr4GUVLSGbq4jqoA2S5xXIqloiZ1rJnlvqvTZp82d7AV1or2dUFOEFVYJjQMgMb7lS0C-xbKEPGbIcW-yfL1eczIB0nv7swN5-ChNmoX5t3e_9B-zo4ADEFwcAd4j4QaxZfExMqHQTGxkCq4vHZaIY1a-udSxde4MjDw009tPzSo6eSSgxdwNGJND06t-bjtn5J7KDlQtUze5RbIuAe7qxobqLk-zD_xVADK1Q9dfnRiJgoiDiBeWnB_GlZB0ruPgtWOLYVWRtxKwDSHoQbxPxzfXop_PGqBSQ6KpYW-OwrvDg8i80oMZdtx92N03_gE2eoylpkOa03F8PGEVyWKeOTLdjQBsfbtIppIJOtZklhABqdGlSTAOVu8HAwVUaLipJ9sHGrk8xcWupMSKM_8JiETgP7y2Lf0sa0SwthrZEeN5dUppfBHqNpdRWaYXKfEufY1_jM_cPmQ8PvpgO8gyOadhRKrEH2jhGaC4HJh3Lvv-bHhjZXJrqY1uo21_GLL5pntP7d1Qv6MOG5b88bqQNdbj2tfZUQpq4yPuFsSVWlf6dSHtGLEWhr4abofxDhC7P6sGwew4euBkqrCOJYGXaH5f2No8_2RdAhJaMbFOWHdRsIhatZ3trG8hf0eQqY8g-UGnErVl0dXhBHCfFaURcg86EWtLlFbsvCmEPdz0GvB-V7jB5awi2yagXokGer-T3duHYImsItsmoF6JBnq_k93bh2CJrCLbJqBeiQZ6v5Pd24dgi0fy9yH3cJpXYWOo6nSGwttH8vch93CaV2FjqOp0hsLaOT-BQHXXH-uznhhEs9x_Sw0tfzF6HcwwheEdKac2B-sNLX8xeh3MMIXhHSmnNgfoM2KaPI-sR5WE58gV6S3h5xnv5U9q3RmUdEcfcdtut4fcJCZU_BttKMXTDyrBfshtsU5_j_mocn2P_zfZY4qmabFOf4_5qHJ9j_832WOKpmug_cxXaULqo5K_--uRzgNIR8R--H-SzG21IeFe3_WqV2oTj14ksQ27ZtJZzx1gXZNqE49eJLENu2bSWc8dYF2TahOPXiSxDbtm0lnPHWBdk9C_Pu3wPYr2A_3dDgXogwmd09iZDTMtxv05d2hJrzm1ndPYmQ0zLcb9OXdoSa85tfCWfACzyR22c78m9rm0opXwlnwAs8kdtnO_Jva5tKKWGDrBTI6MoEsB4IrTcND0RHO90Ba4DNelbdwYVufELDtX6BfAY2sgFWzSh0EbYcfTBpmpd9hwiXKZXJsWFQCQVBsjiFrNHSK-_Gebf3rUW-DiUdeTQauTko8JT6bU5H7U4lHXk0Grk5KPCU-m1OR-1OJR15NBq5OSjwlPptTkftTiUdeTQauTko8JT6bU5H7WBDZuAVb1fiTqGwbz13XI0gQ2bgFW9X4k6hsG89d1yNIENm4BVvV-JOobBvPXdcjQoc_EAqGm2Vr9TWaHYU9GddhjhUYi9yiSqjz4yirqEttGX0otsn1Eo9ASeAp22-RzCmJKLA4L8yqghdd3XRDx7qf1MrHd4wjjnlzZT7-OanKn9TKx3eMI455c2U-_jmpyp_Uysd3jCOOeXNlPv45qc4FfPONitGRcGxKttYjNpmYIlBZfRYA7Tno9giphEEaGCJQWX0WAO056PYIqYRBGhxo3TegpnNfA0YZyu_rcByep30ZvJV6vlji6z2sRrikTqd9GbyVer5Y4us9rEa4pE6nfRm8lXq-WOLrPaxGuKROp30ZvJV6vlji6z2sRrikRAeKyhQvuA1Am1Hf99RKswWh2QKPH2KLJ2oGR8lOZM1ANe8zLs_kHddS6hlrOxdDk; fc=k01_H3DQgin2gUWbqEfHVnEgVJOySuH7g303wn-3ThPBhSQ9y8oNWj2jHjllm2qL9SGC6KvWqijMODBe-PTw-vVibMqUG0iKKCPAs_vD_eA0A7iP8ARnu5R4osC1ayLKRfOX1MD02-o6SZ1b0c_HcdJnnDxsS-ubYBpridlzat8; uid=8392341830659049202; pf=QNmKTCt50B8Kpjg3isR9W_Ir3yoWOiSMkKJqMqoVPY2F1SOb8aRLeTLNl-G3fsUKhUysT6tP_1ec7xFTzmyTOvZhkC75wKwc88nuAokFvQ9ZYY2MlOzDLPTu4F-Uvdt_4YcdqwNhq09cj3lKBwXbCI3NqI2oQask0RxIcweDv6GMvGOoSAiXlEejBUI4bVTZiG0CD7SN4iQwbZFOht5_PcUKhyzjZJcScR_VHmzU_n_fhPhtP5eGOnqRNnt1-OV92xXlB7VgscrJbhGIf_JilPRDCeImrEZCGkpU4h_63CxWG5zEusESadpgYRYL2p5MG_RdoPtoKDEjrNYQG7__lKjDMABh_QQeaoDba2RSMKg6e-hV0PbjfU-R5RsfY_iXHHJjlc65ejsfGk_Bhi8TLHmektSTNGWFbueds9H23VJFfVN5kj-_puNaGveyJPzS0OWMGE9a6E0drdXZhYMeXsC4vcynPn9Dotf0EEwoLz7AbGDzP165MyHrx4tSx2B8O9qIPoIdnpPJQCQT3fsKxMAWYsdDJ5k_sdNi8uFJSCQ255k6vYnNOgM7sltoObfRe7Nfdm5bvla8XcCi8mpJcxR9SWcdexG9cU6HZV_VJhdn40SIet0iwwqKbdSj4CL2bkG8vxygw5PYjAzgbfXuQGcN6QW2n8XRLy7UoAmSdBRnwSKp2TDgd2Lcz_qJvz2UQIXGjoBZ78Wshqhm4tb0CSAVFfu30wLyYuo1y7aS82LTLnxA3ggK2gyTUssar2d0VZEEXq24P2id3ypkSYZxDaGrEW4mATCBJcdbUsS6U6WlB0V5Jnrj8cA_1KNYNCmayGOF0nn5E6TLc-A2frbzWLZ78bJLnb6L0KoAtnvLV2pP81X4ANdqArViOJeQtd_KBgfW6zrQLmaDIleZdb-lWXaspIKRhbM6EZgcd53-A29aOa0ye1UD40069XkSXwnuCh-RAXxtefbOimbdrtxWQwySgP2B497OTuJjk4h_xz7h1RsCnD2sD6SzTA6FS0L5qaDwuUB-gusjbKGTbdorNQKIus_NVuwacB_n_GJkCjDeRWnTTHOTAUzRX7jz2Dtha6IYgwK4KHy8_huNe8GKEihRoyUkOlvRlegTV48BDCOJkf60Zr6_RPbt9P03q9zqXbkMIiHhRyraLmWVTI7LPDO0V_cWY7-ccITIWG4cEAVOX3OaMNRzdBC4-0RsvFyXuRiJhp9j10eguQj26V8UKLkQP0cLS8-CaS_G0biaU-lkiE1m1Xn_hKe9NfZLnwyCK2ncrj6VabuuuFr6c_o5qaCQ6oN7sH1l3MIGQoK8X6stp0kTmdEXBwprTQawoH105HoGs1Q83lthTB7Fi-VTyyXy_vCtpJySQt4PX48ZzIpuwEShzbmTtAHP6iCkM-HhsMYZ7YWC2tZwu4Tb45eBwQ2XRr6BMB9fSsap5sDS6rpQ2bGi-sM44BgEdgBbOlmMluxfbyihgyJXJzx1jJXLpuPXHdjanaO2pJ8yqKNT5UMTIw2oYtTZbgmSLFmFfbvQzRfufLqyfgPcMtBAkmyxKq4X6cfi80nt471PDAY1h5rLy4hs1GeJifs51BsOk2bX; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7C8%7C9%7C1001%7C1002%7C1003%7Cundefined%7C1004%7C1005%7C12; rds=15054%7C15054%7C15054%7C15050%7Cundefined%7C15054%7C15054%7C15038%7C15054%7C15054%7C15054%7C15054%7Cundefined%7C15054%7C15050%7C15054; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=8392341830659049202; Domain=.turn.com; Expires=Fri, 16-Sep-2011 13:07:34 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=QYdf8pQ322SIyBI2iUoAU4RjEWhnHVjNlGGMhSRuUKth-L3XcPmT4hHXOQgApIlYHYX4_NcWdx3_ane6F4B-14GhJc02ow2AtUwL6WPia2FGaLnf0zlcY_NlRLgfVWu_p2dXRupylG3NYnZS5bXKYP96WiAgIoOXEFUWrzhKF5gCw-urpRf-_9YebSTVOgNrqPihsYENeO8sXA9lvbRdayfMZtqW06LRo26dh_6mdAGJGTELtL4GqGulFNiuT83_JW8PFWxYJ1q2_24dlRk_ah5icQ-UlIA9kPFGJHuyqaq5VL3rxbStQ7qJq0UYbCEIsUtODQcKNwexAxOYVwN1nK5X96dOre3quYO9Z-8ufvZDTyl_SWg8JF85Vro55plfoTgVQZo2IE3aGhkEGjHTkTFiBYl1Y5wme5TkSr2cG_wgfqVSXeBNVe3tcWgG-cKlb6X9zJjlpwSm9YUJH9a4gJTCk-tuxUia_8m_xGP0ng-vamqLuW_YXqfv_SJ_aE8WewT_9aYmy1_kglD2-j2O9xEN2WSuwULQaF3F5bjuxzhmEuJsfxP5f1y2CMVwcPBKjitRrpYhjNWTpkhfFGNz1pMs9g0Q0vhgJiFRvR8WD6y1byxKhk0zupa7mhXtOt59TSvsYEqhZ0OHSuNp70BrBPgFZPUXsLmq7zd2bgatqFEtgpfxqN_T7QEW7hJnuqjPvjaUahkeh2AIOXYNj81E2z9CvciRuIEJCv8yxQ13OGBfB4P3wQx6U2WiVVEP-_Y7EOaV0vIfQZsAGrAD9lknuVDiL3nhapvU0GeEL2HT-L8OVgkB2bwToPK0KdNC16-jTfAO5O3oP_bfifepQZJrTx5icQ-UlIA9kPFGJHuyqarB6alCNElibRNjAQJxQ3wScEcZhGdHz3dGIuUYDCisolLji3VTL1tjXfqm-esg2sewf4n0X2poBn_JF16R7_JpoTgVQZo2IE3aGhkEGjHTkeeFQfumNuZsM8qSWC1YO88e0aAoBCNnU0MrQhAnhIPCOUygdo-nXLnZpGMXrI7zLHABVz72fi9fhT0whWU6oVuvamqLuW_YXqfv_SJ_aE8WghrAn-Vi2vPEwMGFNlZbYxEN2WSuwULQaF3F5bjuxzh7HBG162ww7piqD1aguph5yjHL13DurDt14-jGkVE335Ms9g0Q0vhgJiFRvR8WD6ypA0SKEqBppDDJhLx8qKy9TSvsYEqhZ0OHSuNp70BrBFPAk0ENEI9AkFKrpbmzGs3jQ_DNJLeHeL0m2Znba1buvjaUahkeh2AIOXYNj81E2-JjZ5NuKJfCva75n_nDp_hfB4P3wQx6U2WiVVEP-_Y7anyk5GyGEYfAPBsxHQjGZSlxmSbeaAgfibEHTq6nsWGJGTELtL4GqGulFNiuT83_aWjrAVXVlG7OWMAFleaNmJbd5mJVeqDBeYockQCeOAxxDWE5tfMM7qZbrjn2eVJNHmJxD5SUgD2Q8UYke7KpqkQLRuw_4qwIZ0RgbwcKb_zPkrK-DNPDU2d6IfOlnKh298JoqNIrcIOFh27SKktj64bitenuXABFvYGLN_FjpjihOBVBmjYgTdoaGQQaMdORRSUpCyAfviw4AHYe3ZFe1j_H39CNFZoidFAH_Wwsr2KYkmu9Efz59RTTwRXe0-z-VzZOXR8fEEZYabQJ5OvIrK9qaou5b9hep-_9In9oTxYDFxyCqW2pHLJpyn6DipzREQ3ZZK7BQtBoXcXluO7HOHYn_JVSl2TRope3S5e7WdCOJuOFdBL4jJzlrGgOb4HBkyz2DRDS-GAmIVG9HxYPrCWrE7nz-KJuRo7xf7_4TaxNK-xgSqFnQ4dK42nvQGsE6ABEyeT6GgYO9T7bPr2uOIHF81yXCYglNgztjlxXYaK-NpRqGR6HYAg5dg2PzUTbalw8lqs5Yl_9jBwMs9Tj-V8Hg_fBDHpTZaJVUQ_79jtEExTCNts46MM726dOHk03EHP-IMF08vrzIT3Bb7Svo5bd5mJVeqDBeYockQCeOAxOo3HTnz6UEXwFhetL-lkMHmJxD5SUgD2Q8UYke7KpqjCzTD1GHFKXcyzidRcl9QVgKfB9VVbr4TUFv2p7bOInOewUt5gP_VlI1Ump9cof8bgUMqrglLkQZ2MmUdI_wRihOBVBmjYgTdoaGQQaMdORXsA1mfR2ULXMKrWuUdGM7RySCcjLsN_cxeO5d6Ll7ah1ym-8DGu-cUq_NzKN12epXgVQXjOJNmBQaMF-8bSNxK9qaou5b9hep-_9In9oTxbS-ghZdhmAasmF69aaImA6EQ3ZZK7BQtBoXcXluO7HOMQfuZ4AWvTJ-mwSNztcWshzAqXI_s6r0eNAoWe_e9VLkyz2DRDS-GAmIVG9HxYPrH5VjA_u5FxGvMqUnf9TQBxNK-xgSqFnQ4dK42nvQGsEmI9YI0NszyrnjSHCBrHOF7N0yDfDXTWmk3YZuned4J1zHpbFxYCHf8ECnS552zQGcx6WxcWAh3_BAp0ueds0BnMelsXFgId_wQKdLnnbNAZzHpbFxYCHf8ECnS552zQGcx6WxcWAh3_BAp0ueds0BitnssvNEea-CDLDeF-fwACvWXqvkkof0pdy12XNR71Ur1l6r5JKH9KXctdlzUe9VK9Zeq-SSh_Sl3LXZc1HvVSvWXqvkkof0pdy12XNR71UF-e0dAu4qNmsK2oR2A9RUQVMCl8aLbGecDd_fKt7NywFTApfGi2xnnA3f3yrezcsBUwKXxotsZ5wN398q3s3LAYbc69DjOHmwnxze8q4bqJPPYJ8usI-1hBBRr5uFxgFqfvBa32ACLSnDYXKF1oBeqn7wWt9gAi0pw2FyhdaAXqp-8FrfYAItKcNhcoXWgF6qfvBa32ACLSnDYXKF1oBeqn7wWt9gAi0pw2FyhdaAXryDt3w8cVNrM49PHXxiClIeDq2PHxBb0G93bZOUEV_B3g6tjx8QW9Bvd22TlBFfwd4OrY8fEFvQb3dtk5QRX8HeDq2PHxBb0G93bZOUEV_B34IJwkHmIrESNkEHZ8g1949RfOkpegw2OWd5Gq1X3SAPUXzpKXoMNjlneRqtV90gD1F86Sl6DDY5Z3karVfdIDVzbApqLD2dXriygnNopblFch-eoCuDk8x64052zPt2RXIfnqArg5PMeuNOdsz7dkVyH56gK4OTzHrjTnbM-3ZFch-eoCuDk8x64052zPt2RXIfnqArg5PMeuNOdsz7dkVyH56gK4OTzHrjTnbM-3ZE1zi3eUCecg106GXWo6ZhRNc4t3lAnnINdOhl1qOmYUTXOLd5QJ5yDXToZdajpmFE1zi3eUCecg106GXWo6ZhfPSjW7H5Jkol9-9LsOFip_z0o1ux-SZKJffvS7DhYqf89KNbsfkmSiX370uw4WKn5tSaxPmfiTgjAFYfvIlraaZa6cUR-KH2UMf-39oRIqSmWunFEfih9lDH_t_aESKkiaPGMMoWG79KMJG1_6B63rd33erOmBTEWjk8EHWq8r_3d93qzpgUxFo5PBB1qvK_33J5TXdC2nyuG8O3c9hqKb9UW1UfXUu5_t-s3mYQevC2GfmtRhuVY6zT1uCqUTs7wcwsdHQlOWV3VIdjcK2T9k; Domain=.turn.com; Expires=Fri, 16-Sep-2011 13:07:34 GMT; Path=/
Set-Cookie: fc=k01_H3DQgin2gUWbqEfHVnEgVJOySuH7g303wn-3ThPBhSQ9y8oNWj2jHjllm2qL9SGC6KvWqijMODBe-PTw-vVibMqUG0iKKCPAs_vD_eA0A7iP8ARnu5R4osC1ayLKRfOX1MD02-o6SZ1b0c_HcdJnnDxsS-ubYBpridlzat8; Domain=.turn.com; Expires=Fri, 16-Sep-2011 13:07:34 GMT; Path=/
Set-Cookie: pf=apt8nUS_8g-os2zTpNH9S8BraYD4coGoPe8ylFU_g3W6o4VUW939ncJz_M9dzB62UJVQP26K-ikS_X_6rlRWMAeFdbGCpLFrA0anDxbFGwk9LbrWX20-UrBjicbubJadUP_jXyHjnmjK3rrz51boI6CBxA1xPMI6FIxSqVGspWCSKqnEyrwCKenpGxRQV_T5jSa4oDXhxZzP0dJh6rPSnc3vKSZRPdlwmRVNzIEeWUEL0x8wFB4ST8OfQRd0AHkWNMyVJERjf-FGSRAtXD4Nhi-unhgxoADyHNLh6ZDzCvrf226xnTIQQQmq5EgT_iESfo-zyO2mzOd-Ch5JgiT1BrBRqZWHPzi54l3Mmy73qMYYephq_CTqNSwxH1pwvb85f0uXstituK4BLz5PJm_wP-PMU83diYb3Y7rpEHLNMQMpBOgDXF1T8wK6QnvAMocQ8c2fJyJeVO-VkDGuoHZoX961OccaC9LXa8TZbmhrtplN8Wv_lboyvPuVgkwWlyueoXrtnkQeCARtQrPGlAjjp_7TZje4YoYaVdxgHe70aWZO3jSbIiK-1ezhwhOSA__6Z9ex2ErzUPCDmXHPVip7liY2Qh6CaTHwP1FBJp6RrEmjFnmOhwYX94V3gbOTfK9JGJY4fF04_Xfkft25X76d7kpl4DxOQY91EWvajOdwUHJQQH5v8Tt-aYcpJ7mu3QSv0s7owuJGUDMkgd-lrYxlqsTw9Tyhs5-Lx2i-xccfpwakxyKbsTp7iwJkB5aBkvxQg3iTh7EJteIJxc3MMJpCWuKgQ8ZlmPUZsxOX4w-f66_WkEkcO9UmX4UESRvBPLCIQ8CnL0HqIS_oeQVIZx-kkk41zR9Dzd_LsvCsLyvPcxkHvsGBIlOL9YQyxjcczMLmBD5QuMG_P68KP296xTfSUKDZr1y42fW0Gp8hhYtibaTLP8yKitG5b79rtm0lM9hovySSItes1M7pqw_gT0NZbY-JRI28XUe3I_wibFgIfX0ItbUL2laTCY4uwlPM5yLhHirjZY2i8uALOlPJahZrAqIuNVsviQj2PAjAIIXz6eQ8eoEI4sgLSHGy6RAG-E-0ABI9WFjZ5jQ2afTPjHR41kxFdwO2AOmQl_ejbEhy-tzc8HFK-9DM5Ky9EwXdGW0BIpD6i7xs06BVFi02IieV5W0j1cd7tPYvwMWMM9bJJCpdUmvcXrd0BRBgx2si0fBNrAv7l31yA8hU0DTXIKvdCrqkXn-v_AtdloUzYpPUf3yKZF_Z_llO_BCN9M32kK_AqSds3f0y3LOnRAnfGQ9xW7Q-514KtnNO3DDfwJnVSi8RbzvYVg3rh0EbDIc8E_e2zLtY8hgIv7zj4dU-WZHIT5roxsjyE6sdhHHPvtgrBB5H9iBOvD7olsUnsrN1yGsn_lyVeHNxOykVE34Te4Roltn-QS63rrfi7qOR_2snq1yE9m-hEeKSnfaSKyWbi9FNJwChI073rWJlPatNx0dyP3UCik4VbEo1AKSAXIBNd1P2WP7zAmgNITc0E_1skmBGA9sOeQP4ljjECUChGrh3Bw; Domain=.turn.com; Expires=Fri, 16-Sep-2011 13:07:34 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:07:34 GMT
Content-Length: 2477

   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
   <html>
   <head>
   <title>Turn Ads</title>

                                                                                   </head>
       <body style="bac
...[SNIP]...
<div id="ad_24832903">
               <script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=1321455&PluID=0&w=300&h=250&ord=&ord=4005530758592425654&ucm=true&ncu=http://r.turn.com/r/tpclick/id/tm7NsgCBljeFlAgAcwABAA/3c/http%3A%2F%2Fad.yieldmanager.com%2Fclk%3F2%2C13%253B510576aa26d330cd%253B12ed360bc30%2C0%253B%253B%253B1101847734%2CKnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMLxg0y4BAAAAAAAAADA1NmVjYmI2LTUyZjMtMTFlMC04YWZhLTAwMzA0OGQ2ZDM4NgA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%2C/url/"></script>
...[SNIP]...
4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%2C/url/http://bs.serving-sys.com/BurstingPipe/BannerRedirect.asp?FlightID=1321455&Page=&PluID=0&Pos=2287" target="_blank"><img src="http://bs.serving-sys.com/BurstingPipe/BannerSource.asp?FlightID=1321455&Page=&PluID=0&Pos=2287" border=0 width=300 height=250></a>
...[SNIP]...

1.63. http://ad.turn.com/server/ads.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.htm

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.htm?&pub=2701141&code=5711646&cch=5711644&l=300x250&nonjs=1&sli=1989695&bli=1320666&exPub=298720&city=Dallas&acp=0.6000&rnd=1300626455&3c=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B510576aa26d330cd%253B12ed360bc30%2C0%253B%253B%253B1101847734%2CKnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMLxg0y4BAAAAAAAAADA1NmVjYmI2LTUyZjMtMTFlMC04YWZhLTAwMzA0OGQ2ZDM4NgA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252Fcategory%252Fplus%2Dfive%252F%2C&url=http%3A%2F%2Fbuzzya%2Ecom%2Fcategory%2Fplus%2Dfive%2F

The response contains the following links to other domains:

http://bs.serving-sys.com/BurstingPipe/BannerSource.asp?FlightID=1321455&Page=&PluID=0&Pos=2287
http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=1321455&PluID=0&w=300&h=250&ord=&ord=3617952785064839197&ucm=true&ncu=http://r.turn.com/r/tpclick/id/Hcjsp-OMNTJROAoAdgABAA/3c/http%3A%2F%2Fad.yieldmanager.com%2Fclk%3F2%2C13%253B510576aa26d330cd%253B12ed360bc30%2C0%253B%253B%253B1101847734%2CKnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMLxg0y4BAAAAAAAAADA1NmVjYmI2LTUyZjMtMTFlMC04YWZhLTAwMzA0OGQ2ZDM4NgA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%2C/url/

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=8392341830659049202; Domain=.turn.com; Expires=Fri, 16-Sep-2011 13:29:52 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=a6IdZs1opxHnzOHz8oFkkzkUetLz_CmwKsOLnKdb8uxh-L3XcPmT4hHXOQgApIlYHYX4_NcWdx3_ane6F4B-10LjetnAXP8P8UUmhTCSeh1GaLnf0zlcY_NlRLgfVWu_Ryr2PrOVwm1mZQiByzuJb1daZJtc92NbTZOJmvbfITKrfpUaKeFcSMZdU1LpdOcwFh3h8y-lTYbAFttcJZJpHifMZtqW06LRo26dh_6mdAGJGTELtL4GqGulFNiuT83_JW8PFWxYJ1q2_24dlRk_ah5icQ-UlIA9kPFGJHuyqaq5VL3rxbStQ7qJq0UYbCEIsUtODQcKNwexAxOYVwN1nK5X96dOre3quYO9Z-8ufvZDTyl_SWg8JF85Vro55plfoTgVQZo2IE3aGhkEGjHTkTFiBYl1Y5wme5TkSr2cG_wgfqVSXeBNVe3tcWgG-cKlb6X9zJjlpwSm9YUJH9a4gJTCk-tuxUia_8m_xGP0ng-vamqLuW_YXqfv_SJ_aE8WewT_9aYmy1_kglD2-j2O9xEN2WSuwULQaF3F5bjuxzhmEuJsfxP5f1y2CMVwcPBKjitRrpYhjNWTpkhfFGNz1pMs9g0Q0vhgJiFRvR8WD6y1byxKhk0zupa7mhXtOt59TSvsYEqhZ0OHSuNp70BrBPgFZPUXsLmq7zd2bgatqFEtgpfxqN_T7QEW7hJnuqjPvjaUahkeh2AIOXYNj81E2z9CvciRuIEJCv8yxQ13OGBfB4P3wQx6U2WiVVEP-_Y7EOaV0vIfQZsAGrAD9lknuVDiL3nhapvU0GeEL2HT-L8OVgkB2bwToPK0KdNC16-jTfAO5O3oP_bfifepQZJrTx5icQ-UlIA9kPFGJHuyqarB6alCNElibRNjAQJxQ3wScEcZhGdHz3dGIuUYDCisolLji3VTL1tjXfqm-esg2sewf4n0X2poBn_JF16R7_JpoTgVQZo2IE3aGhkEGjHTkeeFQfumNuZsM8qSWC1YO88e0aAoBCNnU0MrQhAnhIPCOUygdo-nXLnZpGMXrI7zLHABVz72fi9fhT0whWU6oVuvamqLuW_YXqfv_SJ_aE8WghrAn-Vi2vPEwMGFNlZbYxEN2WSuwULQaF3F5bjuxzh7HBG162ww7piqD1aguph5yjHL13DurDt14-jGkVE335Ms9g0Q0vhgJiFRvR8WD6ypA0SKEqBppDDJhLx8qKy9TSvsYEqhZ0OHSuNp70BrBFPAk0ENEI9AkFKrpbmzGs3jQ_DNJLeHeL0m2Znba1buvjaUahkeh2AIOXYNj81E2-JjZ5NuKJfCva75n_nDp_hfB4P3wQx6U2WiVVEP-_Y7anyk5GyGEYfAPBsxHQjGZSlxmSbeaAgfibEHTq6nsWGJGTELtL4GqGulFNiuT83_aWjrAVXVlG7OWMAFleaNmJbd5mJVeqDBeYockQCeOAxxDWE5tfMM7qZbrjn2eVJNHmJxD5SUgD2Q8UYke7KpqkQLRuw_4qwIZ0RgbwcKb_zPkrK-DNPDU2d6IfOlnKh298JoqNIrcIOFh27SKktj64bitenuXABFvYGLN_FjpjihOBVBmjYgTdoaGQQaMdORRSUpCyAfviw4AHYe3ZFe1j_H39CNFZoidFAH_Wwsr2KYkmu9Efz59RTTwRXe0-z-VzZOXR8fEEZYabQJ5OvIrK9qaou5b9hep-_9In9oTxYDFxyCqW2pHLJpyn6DipzREQ3ZZK7BQtBoXcXluO7HOHYn_JVSl2TRope3S5e7WdCOJuOFdBL4jJzlrGgOb4HBkyz2DRDS-GAmIVG9HxYPrCWrE7nz-KJuRo7xf7_4TaxNK-xgSqFnQ4dK42nvQGsE6ABEyeT6GgYO9T7bPr2uOIHF81yXCYglNgztjlxXYaK-NpRqGR6HYAg5dg2PzUTbalw8lqs5Yl_9jBwMs9Tj-V8Hg_fBDHpTZaJVUQ_79jtEExTCNts46MM726dOHk03EHP-IMF08vrzIT3Bb7Svo5bd5mJVeqDBeYockQCeOAxOo3HTnz6UEXwFhetL-lkMHmJxD5SUgD2Q8UYke7KpqjCzTD1GHFKXcyzidRcl9QVgKfB9VVbr4TUFv2p7bOInOewUt5gP_VlI1Ump9cof8bgUMqrglLkQZ2MmUdI_wRihOBVBmjYgTdoaGQQaMdORXsA1mfR2ULXMKrWuUdGM7RySCcjLsN_cxeO5d6Ll7ah1ym-8DGu-cUq_NzKN12epXgVQXjOJNmBQaMF-8bSNxK9qaou5b9hep-_9In9oTxbS-ghZdhmAasmF69aaImA6EQ3ZZK7BQtBoXcXluO7HOMQfuZ4AWvTJ-mwSNztcWshzAqXI_s6r0eNAoWe_e9VLkyz2DRDS-GAmIVG9HxYPrH5VjA_u5FxGvMqUnf9TQBxNK-xgSqFnQ4dK42nvQGsEmI9YI0NszyrnjSHCBrHOFxza7XGJk02qpauwWR7fdpZzHpbFxYCHf8ECnS552zQGcx6WxcWAh3_BAp0ueds0BnMelsXFgId_wQKdLnnbNAZzHpbFxYCHf8ECnS552zQGcx6WxcWAh3_BAp0ueds0Bq9Zeq-SSh_Sl3LXZc1HvVSvWXqvkkof0pdy12XNR71Ur1l6r5JKH9KXctdlzUe9VK9Zeq-SSh_Sl3LXZc1HvVSvWXqvkkof0pdy12XNR71UBUwKXxotsZ5wN398q3s3LAVMCl8aLbGecDd_fKt7NywFTApfGi2xnnA3f3yrezcsBUwKXxotsZ5wN398q3s3LMCaLwNSJrENmm7V1soGFz1PPYJ8usI-1hBBRr5uFxgFqfvBa32ACLSnDYXKF1oBeqn7wWt9gAi0pw2FyhdaAXqp-8FrfYAItKcNhcoXWgF6qfvBa32ACLSnDYXKF1oBeqn7wWt9gAi0pw2FyhdaAXq0Agj2dwrNNJ_4JlENwRdLeDq2PHxBb0G93bZOUEV_B3g6tjx8QW9Bvd22TlBFfwd4OrY8fEFvQb3dtk5QRX8HeDq2PHxBb0G93bZOUEV_Bz1F86Sl6DDY5Z3karVfdIA9RfOkpegw2OWd5Gq1X3SAPUXzpKXoMNjlneRqtV90gD1F86Sl6DDY5Z3karVfdICTA05Wuw6tFWAfUzmDvhmSFch-eoCuDk8x64052zPt2RXIfnqArg5PMeuNOdsz7dkVyH56gK4OTzHrjTnbM-3ZFch-eoCuDk8x64052zPt2RXIfnqArg5PMeuNOdsz7dmtfy5ud8CHYuLxZS3nEa0BE1zi3eUCecg106GXWo6ZhRNc4t3lAnnINdOhl1qOmYUTXOLd5QJ5yDXToZdajpmFcsF2TrKXHO28WTPH9fnpI_PSjW7H5Jkol9-9LsOFip_z0o1ux-SZKJffvS7DhYqf89KNbsfkmSiX370uw4WKn8yxKiKiTWPKkkiOcoAi4XKZa6cUR-KH2UMf-39oRIqSmWunFEfih9lDH_t_aESKkre8mUo35pyb_Uyl8_iI_jTd33erOmBTEWjk8EHWq8r_3d93qzpgUxFo5PBB1qvK__1RbVR9dS7n-36zeZhB68IWfp2FZ5JVuAq1se7SHkKdzzWCryk-h24TxI9jrNDh6Qy6mS_4UzvyBOZzWa9LlPM; Domain=.turn.com; Expires=Fri, 16-Sep-2011 13:29:52 GMT; Path=/
Set-Cookie: fc=k01_H3DQgin2gUWbqEfHVnEgVJOySuH7g303wn-3ThPBhSQ9y8oNWj2jHjllm2qL9SGC6KvWqijMODBe-PTw-vVibMqUG0iKKCPAs_vD_eA0A7iP8ARnu5R4osC1ayLKRfOX1MD02-o6SZ1b0c_HcdJnnDxsS-ubYBpridlzat8; Domain=.turn.com; Expires=Fri, 16-Sep-2011 13:29:52 GMT; Path=/
Set-Cookie: pf=-ogS4wUPp2uOthlAhkua7efecn2SRWQfzZHRnDXGAba6o4VUW939ncJz_M9dzB62dqrSo0rlQrgRZPnrV25dosiO_2dDHnR4-kSqUJ-Qkzk9LbrWX20-UrBjicbubJadUP_jXyHjnmjK3rrz51boI6CBxA1xPMI6FIxSqVGspWCSKqnEyrwCKenpGxRQV_T5jSa4oDXhxZzP0dJh6rPSnc3vKSZRPdlwmRVNzIEeWUEL0x8wFB4ST8OfQRd0AHkWNMyVJERjf-FGSRAtXD4Nhi-unhgxoADyHNLh6ZDzCvrf226xnTIQQQmq5EgT_iESfo-zyO2mzOd-Ch5JgiT1BrBRqZWHPzi54l3Mmy73qMYYephq_CTqNSwxH1pwvb85f0uXstituK4BLz5PJm_wP-PMU83diYb3Y7rpEHLNMQMpBOgDXF1T8wK6QnvAMocQ8c2fJyJeVO-VkDGuoHZoX961OccaC9LXa8TZbmhrtplN8Wv_lboyvPuVgkwWlyueoXrtnkQeCARtQrPGlAjjp_7TZje4YoYaVdxgHe70aWZO3jSbIiK-1ezhwhOSA__6Z9ex2ErzUPCDmXHPVip7liY2Qh6CaTHwP1FBJp6RrEmjFnmOhwYX94V3gbOTfK9JGJY4fF04_Xfkft25X76d7kpl4DxOQY91EWvajOdwUHJQQH5v8Tt-aYcpJ7mu3QSv0s7owuJGUDMkgd-lrYxlqsTw9Tyhs5-Lx2i-xccfpwakxyKbsTp7iwJkB5aBkvxQg3iTh7EJteIJxc3MMJpCWuKgQ8ZlmPUZsxOX4w-f66_WkEkcO9UmX4UESRvBPLCIQ8CnL0HqIS_oeQVIZx-kkk41zR9Dzd_LsvCsLyvPcxkHvsGBIlOL9YQyxjcczMLmBD5QuMG_P68KP296xTfSUKDZr1y42fW0Gp8hhYtibaTLP8yKitG5b79rtm0lM9hovySSItes1M7pqw_gT0NZbY-JRI28XUe3I_wibFgIfX0ItbUL2laTCY4uwlPM5yLhHirjZY2i8uALOlPJahZrAqIuNVsviQj2PAjAIIXz6eQ8eoEI4sgLSHGy6RAG-E-0ABI9WFjZ5jQ2afTPjHR41kxFdwO2AOmQl_ejbEhy-tzc8HFK-9DM5Ky9EwXdGW0BIpD6i7xs06BVFi02IieV5W0j1cd7tPYvwMWMM9bJJCpdUmvcXrd0BRBgx2si0fBNrAv7l31yA8hU0DTXIKvdCrqkXn-v_AtdloUzYpPUf3yKZF_Z_llO_BCN9M32kK_AqSds3f0y3LOnRAnfGQ9xW7Q-514KtnNO3DDfwJnVSi8RbzvYVg3rh0EbDIc8E_e2zLtY8hgIv7zj4dU-WZHIT5roxsjyE6sdhHHPvtgrBB5H9iBOvD7olsUnsrN1yGsn_lyVeHNxOykVE34Te4Roltn-QS63rrfi7qOR_2snq1yE9m-hEeKSnfaSKyWbi9FNJwChI073rWJlPatNx0dyP3UCik4VbEo1AKSAXIBNd1P2WP7zAmgNITc0E_1skmBGA9sOeQP4ljjECUChGrh3Bw; Domain=.turn.com; Expires=Fri, 16-Sep-2011 13:29:52 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:29:52 GMT
Content-Length: 2477

   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
   <html>
   <head>
   <title>Turn Ads</title>

                                                                                   </head>
       <body style="bac
...[SNIP]...
<div id="ad_24832903">
               <script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=1321455&PluID=0&w=300&h=250&ord=&ord=3617952785064839197&ucm=true&ncu=http://r.turn.com/r/tpclick/id/Hcjsp-OMNTJROAoAdgABAA/3c/http%3A%2F%2Fad.yieldmanager.com%2Fclk%3F2%2C13%253B510576aa26d330cd%253B12ed360bc30%2C0%253B%253B%253B1101847734%2CKnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMLxg0y4BAAAAAAAAADA1NmVjYmI2LTUyZjMtMTFlMC04YWZhLTAwMzA0OGQ2ZDM4NgA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%2C/url/"></script>
...[SNIP]...
4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%2C/url/http://bs.serving-sys.com/BurstingPipe/BannerRedirect.asp?FlightID=1321455&Page=&PluID=0&Pos=2287" target="_blank"><img src="http://bs.serving-sys.com/BurstingPipe/BannerSource.asp?FlightID=1321455&Page=&PluID=0&Pos=2287" border=0 width=300 height=250></a>
...[SNIP]...

1.64. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.js?pub=5757398&cch=5766863&code=5766875&l=300x250&aid=25369308&ahcid=535345&bimpd=ZjNFN2hZ4i-YlydCdXsT0zZTuD8IubLL42BCS9LH_kU7Yi7NnmKey7h5ce7BWIM3Rux1S_qG8vICQji47dy2E024eYgQT0HpFSZWVesdccUgQeaQijGiqit_QPicgHK5ZZMUs7NpCCTHXflWLyQ9gG-3wDj3m_hPLqVkJ_2jOq48xNSvPXXIt__p10AGZJLfhVd0yR51mYGgtr88kk9pKdB4KuxJT2VpTSwLNXwZXg4zCpHIfbwNI9gJXjnp9W21ujPToIsuRZGfl8WEkkUw9Ua8Y_pn6CI8FT2XEgvyDGuPJv9385Kf6G5E3heIgSIs687bp01UqXCTTP9aXrmld7-TAYHSK0sv3Lw3yXzZz4paS9RecWGAeiDyekIyHp83tNp7CQptCawVC-54p-UewRw2jc1G4rEkoLiW0MRZIYy0V62KSSlYnX0LIbOpP3Jz00_3gOdpgmrTp3Jy74JTl73wc-cQ7FRKnITKYzO3zYVwdOuxgdv5_CYp89cY01huOiySebhNVquMNpVX58Yf46HG1sTGVle5vnwDWXwqi3RFY4bguUnvRTz9bsqCxNCQcmxkY_zvBwV6oRrqmbjeXea4OcyT17faPheb_5alGxB6vDyiosWvDSM9GQ_OeB_RT9rMK7M0d9tZKhGFc8ggTaSfPRztPAxd7KicgD3lJEcNkr_RW7y1hSGjdb2Qvr9O0cwgc6AhycSnUsmX6q1X86NfrrOorlvGJGSqB0P9f_Q&acp=2.828999&3c=http://track1000.pubmatic.com/AdServer/AdDisplayTrackerServlet?clickData=RGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA==_url=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie4;abr=!ie5;sz=300x250;ord=4368258591177512398?
http://ad.doubleclick.net/adi/N5552.152304.TRADINGDESK/B5035357.75;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzxWTgUAeAABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/;
http://ad.doubleclick.net/adj/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzxWTgUAeAABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/;
http://segments.adap.tv/data/?p=cadreon&type=gif&segment=11&add=true
http://segments.adap.tv/data/?p=cadreon&type=gif&segment=12&add=true

Request

GET /server/ads.js?pub=5757398&cch=5766863&code=5766875&l=300x250&aid=25369308&ahcid=535345&bimpd=ZjNFN2hZ4i-YlydCdXsT0zZTuD8IubLL42BCS9LH_kU7Yi7NnmKey7h5ce7BWIM3Rux1S_qG8vICQji47dy2E024eYgQT0HpFSZWVesdccUgQeaQijGiqit_QPicgHK5ZZMUs7NpCCTHXflWLyQ9gG-3wDj3m_hPLqVkJ_2jOq48xNSvPXXIt__p10AGZJLfhVd0yR51mYGgtr88kk9pKdB4KuxJT2VpTSwLNXwZXg4zCpHIfbwNI9gJXjnp9W21ujPToIsuRZGfl8WEkkUw9Ua8Y_pn6CI8FT2XEgvyDGuPJv9385Kf6G5E3heIgSIs687bp01UqXCTTP9aXrmld7-TAYHSK0sv3Lw3yXzZz4paS9RecWGAeiDyekIyHp83tNp7CQptCawVC-54p-UewRw2jc1G4rEkoLiW0MRZIYy0V62KSSlYnX0LIbOpP3Jz00_3gOdpgmrTp3Jy74JTl73wc-cQ7FRKnITKYzO3zYVwdOuxgdv5_CYp89cY01huOiySebhNVquMNpVX58Yf46HG1sTGVle5vnwDWXwqi3RFY4bguUnvRTz9bsqCxNCQcmxkY_zvBwV6oRrqmbjeXea4OcyT17faPheb_5alGxB6vDyiosWvDSM9GQ_OeB_RT9rMK7M0d9tZKhGFc8ggTaSfPRztPAxd7KicgD3lJEcNkr_RW7y1hSGjdb2Qvr9O0cwgc6AhycSnUsmX6q1X86NfrrOorlvGJGSqB0P9f_Q&acp=2.828999&3c=http://track1000.pubmatic.com/AdServer/AdDisplayTrackerServlet?clickData=RGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA==_url= HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=Wonw4SKQzJYWGPurqxtl0nuUzYJk6jXTg2kkRxPsf5PfaqaDzVRu9ZiuBStYaftYL8XNm3b3wEFLrI-bYDGMZspa2dzalgG5fKshqZFQ0gPE-iovOq8fXLrOOSDX_7RE4aP5h09o7k3cRcJp8kFALhcUtCbH2AU91mt_IKIcvF-dnVEIXl_o2VKbCOQ18gKB3TdfaSMq8ZmQLhPF-HDmXEO0DkgoB2K7NtvRYr_WLBLd_glL1pkpHKTZt_lIPJBER1eWajsac7h1LLqoQJdxq_LVmIVMjE0CeQFu2rmZbM75ztlAPWqlo6WakHRHQDJIug3BBFPTzPZU9a_De5ObQfS-FOkT22lzSBi1SyH2rdOEyvGy9ARJOsbfKu5zwAtywK2T6I_iNDRolqjg1OzTcmOmBomBI971b1aEnAXt992jScb5ykHoHXGqgsU2JXsEhKy7DL4leWeiolkQACcMJeDFfNLII8GWE_POOZEqdvSAlwAd2SMpuXja-1oqTvA74Bv87ktR-V-CI_fBW8ozCqpHrzMG7a1O-Bw1uWV3nCTXMMhqubSRk012wJ9TI5YEXDd38XvwUG3nRYRagkvUuiCki6dv9_ZBTPOR80NtxF90Tx9NnkbuE9oFmALVgGEUfnOnpPStJvBD7eMTp4e86K9aYVqIo0QJ8uo_fgCPTXl4d6AzZ5kL0Q3seR-QMTT54aP5h09o7k3cRcJp8kFALqjI0RR666J6yMcKhWq6NL-dnVEIXl_o2VKbCOQ18gKB5OTiSkIyAtUIxcH0kc2Z_r8mFTCd5ttVGpgCWv23BFzd_glL1pkpHKTZt_lIPJBEcjaG10wigUMyya21D2XcWPLVmIVMjE0CeQFu2rmZbM6gr6LeWJgmS_GYEF0jBxMut0ENHBIEVq_lRqV1FbhAaWaIpCiKWJzFCjE_rpqGSQ_AMLkX3xVdMEoiwUWtkl_8wK2T6I_iNDRolqjg1OzTckKhKx8gNr7j1i4lKSwVZVo5786SEOCxaDqnPJjkYPAbhKy7DL4leWeiolkQACcMJcv5JGu7PR53V4XHAO3Io4OAlwAd2SMpuXja-1oqTvA7Sby-AWn9Ao08NtBsZeyI32iQebtfIQ-g95Am5CKbjjGdX9SGy_mLofSIrTkkkZy7q_kymVsfRU5lp0Pu2QVi0ARmUVnGxwLABzMMwaHgl6ZZhmeV2wkprz8192ZLKDYi5nfmk03YwEf-csTjfghefqxfpgzc1VS-2ZSEBy1bfilWXaAbFc49ghutKx-kX83sFbZDNzeTaTd_CskNnL-gJYUhrqV02c7lrfNhksNY6EUSKZoIDqD4G7bFKUqmMV-obRSQfOqKLvEIVYVzZt3x7fyt1kS60aRmpMuHWG916ExzRX1Syet26XYSL2aR6sdzgDpDtFR-MhBo4SKLASMedrNlhtwwehJKZV_vqQ6TPomFT0b0CNqL1yDov6pCERYHrjdcB3-hMeuXpkthOjrlfmpI2EXioEJjgLbV10VkcXuhwiZ-NmqDn980RgRl5YCRsSMBuuGGbFuPRJa8whW0k6IDQXAakeNb4-iGLLL6vhICsdnGaSRoEnqOcIv7G5CzrcZxzHUt8FlPxz9qsQnKe4yFw3wjTmxxOfzbjyejukYkwsYpf4klfvVA_XCLxuitV-DkChzNBAZA7664Ecm9sJ8KpnA_mwIUzpMMvoHHE8H69Nv8ZmvmIfccRX7ppIDmK81F_-m52Kk6mklb9Gkz7cULXDK_DJBsJiPg260VBuB21BharSCDQyZkIvsj3tYWKCBcgK1KIuX3WD1wJn8hu0zvl4YurMpkt_KNXf21GXmMh3NIrtrwJ-PytJzw0bCN1JbrGOVJbR84q2JjTjm8h96r_zTQjil_yu87szG0AJSpAmYGrgDwofgjre60aLEVwGQ7VXceHmC6gPGCEolElhIpmggOoPgbtsUpSqYxX6hAIdI1m55J5HPTGq2yMrwQrQe8folUTs7yHBhE3jXdIqirG5pEDTVYoLJvdXZlZ78KIcHzd1FxJAPOlCIDY7YsrjdcB3-hMeuXpkthOjrlfnsK60K6G5zIvDNin7d_-XihwiZ-NmqDn980RgRl5YCRK7JzRSpPkaFxPAb0V4qxxlETd_XsDWTPOMhkKKyRYsQCsdnGaSRoEnqOcIv7G5CzlX-q_nDsklvWZp_SxUEVsoyFw3wjTmxxOfzbjyejukagr6LeWJgmS_GYEF0jBxMulbT4k7I3RFcH9USEGB8d7ehp9hmy5VmQ13eGV0p5qLQhVwiAdydT3PpB-fIjCiWZK81F_-m52Kk6mklb9Gkz7Z0a7PGvOJoJ72EBTvuMQxml7tqppY6LFE2g2xxURyWGmrwVBz_RVN4-Di2560zu3yYkwvb4gvrvji-WnwN0XjuMh3NIrtrwJ-PytJzw0bCNnaladC9RU6ry0d69z-Zz7SkUb9qGemCfvAL5h3MLwHvc3yMGel4rk0Sx0kOS5kYLJdP9tfIoTz5TKsdQg5NBZiXT_bXyKE8-UyrHUIOTQWZQlrT0o0JDb5JXBZDXw8ZNGElOiRir5xHZ8kAaarjTbBhJTokYq-cR2fJAGmq402wYSU6JGKvnEdnyQBpquNNsGElOiRir5xHZ8kAaarjTbJUxYTKvEAE3JAT4SvkHOGiVMWEyrxABNyQE-Er5BzholTFhMq8QATckBPhK-Qc4aJUxYTKvEAE3JAT4SvkHOGgqNhuM1tUzQHYZ3GHdzM7ZKjYbjNbVM0B2Gdxh3czO2XJ9Sw3jdHwwRW1AzobtH9t81_gjdGUYVukJY8YG-hGu4FfPONitGRcGxKttYjNpmYIlBZfRYA7Tno9giphEEaGCJQWX0WAO056PYIqYRBGhgiUFl9FgDtOej2CKmEQRocaN03oKZzXwNGGcrv63Acnqd9GbyVer5Y4us9rEa4pE6nfRm8lXq-WOLrPaxGuKRPkX-td7VA8q5XtcSwY3rEtaHZAo8fYosnagZHyU5kzUakfxoAiYEuqsAs6lVyErOLNUzJM8pvIuJwp8fvrU-Bkl0_218ihPPlMqx1CDk0FmJdP9tfIoTz5TKsdQg5NBZiXT_bXyKE8-UyrHUIOTQWYl0_218ihPPlMqx1CDk0FmUJa09KNCQ2-SVwWQ18PGTRhJTokYq-cR2fJAGmq402wYSU6JGKvnEdnyQBpquNNsGElOiRir5xHZ8kAaarjTbNWAVpIeQy-_rvNmNJZl0MuVMWEyrxABNyQE-Er5BzholTFhMq8QATckBPhK-Qc4aJUxYTKvEAE3JAT4SvkHOGi4IMq_Q-b1Bsvq4IHMVMMGKjYbjNbVM0B2Gdxh3czO2So2G4zW1TNAdhncYd3MztkqNhuM1tUzQHYZ3GHdzM7ZF_hnwsZOFT5I4eRW46LWcrCzHp4KI8EJF3gYURnVkXqwsx6eCiPBCRd4GFEZ1ZF6ONWHBOP2kK7zVWFthcPDncbv-tY65jMfDKTbdfT8ug3G7_rWOuYzHwyk23X0_LoNxu_61jrmMx8MpNt19Py6Dcbv-tY65jMfDKTbdfT8ug1ygQv0vtIAWYRj1Bwp4i9DzbefliSJ1pdkKBMKwCbwM7hvU7dM3_gDWrNcfv9Lfj8; fc=P8r1GRRUBPzt1rj093eSUyd0kIOGQ-01IqHp4E6nJR0sgJfvPMxam1XE0VXjRZkHDvAB7dj0g9rEc92kPRVoFw0-m0BkBmdsMbfLJKocp81E28M44OKTmpkvbjqqib7MAp1BJ3k6cxFoa6z2wZnSQRA23o3kcOf_vksOCkd4aIk; pf=UGHb8zI4aWtxtAmZyNeJNOHVFbSxqG9hsprN4v3Lz7LQ4qp2i9jCVLo21ITPxTJXB9En7PzxQcEcevWyHskThbQXXj1jA2FyUlkwwkhF7Ro2ZM7BNfD3Nrq6VH58nArltBKmEiDSJc28wBcf6WsZnUwqlFt-IvrL3Cyer2N_b_mQBT67XG3r_GqqLNCDP6TWM6QtivX9DfUZcKCbSzspOG4m4SNemiZsDiwHpMom7zAuHGj61Fo18HFz7Miw6CJ_lAToSBCIK8xd4Nhi3WZ5RVrFAd6zRhrKdfWaTudRRtzdw3uPJsigd4Z03fwI832qp0yYZ8xsq2g2JzvVLF3m0wYmvQ-7zazlMMeR5t48rmodxWJcKS5DgWnPQyOG3H9dle4JdVl67EbeBoMsCr3yKTNk5q5Z7Ye-yqAjt8FV6TEs0w1Mf61wa5sbZduLkMcmu6BxGVr1a1EtZ6VakW9qP0UsyZ23YtDx8Hp9aqDHgS7TLwotn8ChX3Ao59tcjALmIsfXlHObMd1dM-9EmR9zq1feDyJ1JsMdvufmKTEv8zYWEcVWdTIfg0R3HCs5Zgu8aqqZRUbE5cNgHLG-cyhwp9zF6bIQmuyiOkEVXhOR34lY8hTahfCesI1SII1o7GCSTkQctMdsR8ol26b8wwOWRulLcAuUbWv5XradSS5Og7yWq1NAPlM-71DUoari4r4P1Y5A3tzwkjyyX8-0gYHGU5jnzszrbJmm4ATS7VE3nQTOLZuOv6rXl3lXT98xe_hpQk1J2tMJ7uf0wgawDl5tZsTT5kN5mzq7cQ_zim8SvdxF5k8za64BvapgLtKI75QWoFdHsE8JeyafKsb518Z8yG2rlDCHXdIcSLBgYtlkloVO9_IUqGf6VJi47Jt9VzE1iUilagnqDfZezBDAgKeQJqma1IxzDiCoqn5pMBzKyly1EGZOdFA2-qArtbtQRT50YdNPvJqt7eLAf5C0e2pQiKZbm53MKuxT-xACBztAh4jFDcYPKkwR30hpsQ3QHTsbR1jwb4Tknj1lRvA_43zRPga4UleoT5uXiADlzwkOVA067MXkh4FAeKVzg1ACtjgSr5Gp6DR1BdDSotYHbfNzBgKBFuNAXObQP9_MMOI3eG1WGdO281P8amOaY7gqA06Qz3ZYqAavLj_IiDm0PZqfexb3wevMxi_3MpY_DV3nsHFBx31PTcSHvXJd2U5JBFuC4zIXCy6m3DgsRU-dDxSk0aAqkW75gcATwU4afh3aZM0faU7ttedZBHKMSUKU2-CLArzpv1sCFqKO2OO_7QHd61ElSVhkX8nCFJ8XYbO8pgqPz6rxA2zJp0kRUBjlvUbWcclJ3ktilOIca42ILmxDGq12QBEWUhzuVA36zOFcdBowxbu4TWEkjnoG3y3BQoeZ0WJ4-WctW3Z_ONfcXbWfjQNvc84m9Ucmpn2n7616Wmjkp_YRqKp502Bw_HclXEDNxATqSEvwR6YWNJOibQmjAIOFfhKbFkHTBHoHJsdi8MjHFkcfi4c9KAVErlkS3F2SFWLNhm5B3_eb2Qy3toXmjExHhirQMRh4tcgyEqZ-0Ko; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7C8%7C9%7C1001%7C1002%7C1003%7Cundefined%7C1004%7C1005%7C12; rds=15054%7C15054%7C15054%7C15050%7Cundefined%7C15054%7C15054%7C15038%7C15054%7C15054%7C15054%7C15054%7Cundefined%7C15054%7C15050%7C15054; rv=1; uid=8392341830659049202

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 22 Mar 2011 12:34:46 GMT
Set-Cookie: uid=8392341830659049202; Domain=.turn.com; Expires=Fri, 16-Sep-2011 12:34:46 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=aWm1M4LjK5VIpxyiby4XYxEDYW1PshQ3vpBZa8uxHEph-L3XcPmT4hHXOQgApIlYh1NXgtHFGzzHzNFmm-KzX_9FnfDLNktuAMS6JsTomdlVpY3HjWkw231zQDelLH8_7MDefgoTZqF-bd3v_Qfs6OEZRtFGqduPVkD_gkg8VfV0ExsZAquLx2WiGNWvrnUszuICt27wBWASQBET6OeAytEy0WeBXOvyGLo3g2RyRxPMuJkSor3PooeE5HOb8MagG3H1Yh6KJus8Al0Tyl-_P0B_pSthw6Osds3vCU1DTz-z4otjDK2ixFI9HIYofu_jbt-1znRWuv4f0NnBSjg_DEGifQpKlSlg2JPncxaZQ7rJS-D340zJ0KEew_mwtQGaH27SKaSCTrWZJYQAanRpUpKgERJUW1YdGsZik0-okt7FAHdoDG0wmwYyeCzPe0spi39LGtEsLYa2RHjeXVKaXwxjz621UnXRIPElrss_9Bf3D5kPD76YDvIMjmnYUSqxgxaji_-otMFqmG9mmaQliekdOq3dCdMpBBYB6oxrLl9pdFEKrE3dKUxNz_PPP_A0oljWnUH_uUv0DheX3sKsfdGakli0ckXet5HgWuGAxOwjSx4LjXgDbmHu6Eh19fbovGRasNivyUiC-5nZMh1vJZclJZpWuXGcTDMvl_OekRPjS2MhCKHwMNU_BYoLCyOP7MDefgoTZqF-bd3v_Qfs6KVd2oSKolIwwEiITDQU2Lx0ExsZAquLx2WiGNWvrnUsd_PYU2DwATVpcslEDyf8hqiet1AIT80-jJlBpoUU7boLVM3uUWyLgHu6saG6i5PsBUqFp4KiueJFiSLkI0xYhQXlpwfxpWQdK7j4LVji2FVRCmp-Ng4uMeq-zvqbvux36ic_sEQwn-Xt_ClqlX8t_6DGXbcfdjdN_4BNnqMpaZCNRQCl9OpEhGua7KdmVMA9H27SKaSCTrWZJYQAanRpUjDmKTcPQFqbSQ5GlElX4-OPXp3pozvJlBPwzvc_9CbX0Eax0_okMfml7XV2gTBl77zbnfMNJ_ejhUj1ijcB8BL3D5kPD76YDvIMjmnYUSqxVTm50zwheMZKXjYTELCaRTMB1dlAsjcT9rVrLvj2jmVUL-jDhuW_PG6kDXW49rX2tzfWChaLz8qHVMsj8mXTQ5X_BsIvcSN0BmMTK-BlFS19ozX7FlWqx06TTt3zJMoidpDfoquYgeQVRQJMAHbPNzKbdG5BDLNqFInvCReDtR22Ma4NnjcBIUkCx_bHhhCO7MDefgoTZqF-bd3v_Qfs6BrVkQpn3sMfisSjNFR6Lph0ExsZAquLx2WiGNWvrnUsxG4zdt6QMXamb0MlO9-6e1Et3epiS-kFwEUk3ma5DYQLVM3uUWyLgHu6saG6i5PsCif1zoSmfZSqcudOf2tI_AtUze5RbIuAe7qxobqLk-whOajgwxbhQ2etCzicpyVTBeWnB_GlZB0ruPgtWOLYVT4g_J2kF4TffMfKOos7tSGYqdD0JO4s0XymPmMJRJDcQaJ9CkqVKWDYk-dzFplDuqwCXV-t7S-pFZ84tfYt394fbtIppIJOtZklhABqdGlSk3kOykyDTiOMXrl_1hSXbVPgP28vTqELfpOybpGjlbL1u2jaCL-G-9iQxe-i1zj0qnIvgJ1Cs1GitaawX0kTqPcPmQ8PvpgO8gyOadhRKrGUhUdZl_uWemjmxoBkqtZPlC4l-GnLAeLfqIKDfL1UZBu13BiEoKhy1nfBN8OlmthGyJL9eBp3R0ktcXzadt6Dlf8Gwi9xI3QGYxMr4GUVLSGbq4jqoA2S5xXIqloiZ1rJnlvqvTZp82d7AV1or2dUFOEFVYJjQMgMb7lS0C-xbKEPGbIcW-yfL1eczIB0nv7swN5-ChNmoX5t3e_9B-zo4ADEFwcAd4j4QaxZfExMqHQTGxkCq4vHZaIY1a-udSxde4MjDw009tPzSo6eSSgxdwNGJND06t-bjtn5J7KDlQtUze5RbIuAe7qxobqLk-zD_xVADK1Q9dfnRiJgoiDiBeWnB_GlZB0ruPgtWOLYVWRtxKwDSHoQbxPxzfXop_PGqBSQ6KpYW-OwrvDg8i80oMZdtx92N03_gE2eoylpkOa03F8PGEVyWKeOTLdjQBsfbtIppIJOtZklhABqdGlSTAOVu8HAwVUaLipJ9sHGrk8xcWupMSKM_8JiETgP7y2Lf0sa0SwthrZEeN5dUppfBHqNpdRWaYXKfEufY1_jM_cPmQ8PvpgO8gyOadhRKrEH2jhGaC4HJh3Lvv-bHhjZXJrqY1uo21_GLL5pntP7d1Qv6MOG5b88bqQNdbj2tfZUQpq4yPuFsSVWlf6dSHtGLEWhr4abofxDhC7P6sGwew4euBkqrCOJYGXaH5f2No8_2RdAhJaMbFOWHdRsIhatZ3trG8hf0eQqY8g-UGnErVl0dXhBHCfFaURcg86EWtLlFbsvCmEPdz0GvB-V7jB5awi2yagXokGer-T3duHYImsItsmoF6JBnq_k93bh2CJrCLbJqBeiQZ6v5Pd24dgi0fy9yH3cJpXYWOo6nSGwttH8vch93CaV2FjqOp0hsLaOT-BQHXXH-uznhhEs9x_Sw0tfzF6HcwwheEdKac2B-sNLX8xeh3MMIXhHSmnNgfoM2KaPI-sR5WE58gV6S3h5xnv5U9q3RmUdEcfcdtut4fcJCZU_BttKMXTDyrBfshtsU5_j_mocn2P_zfZY4qmabFOf4_5qHJ9j_832WOKpmug_cxXaULqo5K_--uRzgNIR8R--H-SzG21IeFe3_WqV2oTj14ksQ27ZtJZzx1gXZNqE49eJLENu2bSWc8dYF2TahOPXiSxDbtm0lnPHWBdk9C_Pu3wPYr2A_3dDgXogwmd09iZDTMtxv05d2hJrzm1ndPYmQ0zLcb9OXdoSa85tfCWfACzyR22c78m9rm0opXwlnwAs8kdtnO_Jva5tKKWGDrBTI6MoEsB4IrTcND0RHO90Ba4DNelbdwYVufELDtX6BfAY2sgFWzSh0EbYcfTBpmpd9hwiXKZXJsWFQCQVBsjiFrNHSK-_Gebf3rUW-DiUdeTQauTko8JT6bU5H7U4lHXk0Grk5KPCU-m1OR-1OJR15NBq5OSjwlPptTkftTiUdeTQauTko8JT6bU5H7WBDZuAVb1fiTqGwbz13XI0gQ2bgFW9X4k6hsG89d1yNIENm4BVvV-JOobBvPXdcjQoc_EAqGm2Vr9TWaHYU9GddhjhUYi9yiSqjz4yirqEttGX0otsn1Eo9ASeAp22-RzCmJKLA4L8yqghdd3XRDx7qf1MrHd4wjjnlzZT7-OanKn9TKx3eMI455c2U-_jmpyp_Uysd3jCOOeXNlPv45qc4FfPONitGRcGxKttYjNpmYIlBZfRYA7Tno9giphEEaGCJQWX0WAO056PYIqYRBGhxo3TegpnNfA0YZyu_rcByep30ZvJV6vlji6z2sRrikTqd9GbyVer5Y4us9rEa4pE6nfRm8lXq-WOLrPaxGuKROp30ZvJV6vlji6z2sRrikRAeKyhQvuA1Am1Hf99RKswWh2QKPH2KLJ2oGR8lOZM1ANe8zLs_kHddS6hlrOxdDk; Domain=.turn.com; Expires=Fri, 16-Sep-2011 12:34:46 GMT; Path=/
Set-Cookie: fc=k01_H3DQgin2gUWbqEfHVnEgVJOySuH7g303wn-3ThPBhSQ9y8oNWj2jHjllm2qL9SGC6KvWqijMODBe-PTw-vVibMqUG0iKKCPAs_vD_eA0A7iP8ARnu5R4osC1ayLKRfOX1MD02-o6SZ1b0c_HcdJnnDxsS-ubYBpridlzat8; Domain=.turn.com; Expires=Fri, 16-Sep-2011 12:34:46 GMT; Path=/
Set-Cookie: pf=iOSm4jWzkK1eBsanX_Zvyrj_v8l1Pk_8sHmv_UQh7c7Q4qp2i9jCVLo21ITPxTJXhUysT6tP_1ec7xFTzmyTOvZhkC75wKwc88nuAokFvQ82ZM7BNfD3Nrq6VH58nArltBKmEiDSJc28wBcf6WsZnUwqlFt-IvrL3Cyer2N_b_mQBT67XG3r_GqqLNCDP6TWM6QtivX9DfUZcKCbSzspOG4m4SNemiZsDiwHpMom7zAuHGj61Fo18HFz7Miw6CJ_lAToSBCIK8xd4Nhi3WZ5RVrFAd6zRhrKdfWaTudRRtzdw3uPJsigd4Z03fwI832qp0yYZ8xsq2g2JzvVLF3m0wYmvQ-7zazlMMeR5t48rmodxWJcKS5DgWnPQyOG3H9dle4JdVl67EbeBoMsCr3yKTNk5q5Z7Ye-yqAjt8FV6TEs0w1Mf61wa5sbZduLkMcmu6BxGVr1a1EtZ6VakW9qP0UsyZ23YtDx8Hp9aqDHgS7TLwotn8ChX3Ao59tcjALmIsfXlHObMd1dM-9EmR9zq1feDyJ1JsMdvufmKTEv8zYWEcVWdTIfg0R3HCs5Zgu8aqqZRUbE5cNgHLG-cyhwp9zF6bIQmuyiOkEVXhOR34lY8hTahfCesI1SII1o7GCSTkQctMdsR8ol26b8wwOWRulLcAuUbWv5XradSS5Og7yWq1NAPlM-71DUoari4r4P1Y5A3tzwkjyyX8-0gYHGU5jnzszrbJmm4ATS7VE3nQTOLZuOv6rXl3lXT98xe_hpQk1J2tMJ7uf0wgawDl5tZsTT5kN5mzq7cQ_zim8SvdxF5k8za64BvapgLtKI75QWoFdHsE8JeyafKsb518Z8yG2rlDCHXdIcSLBgYtlkloVO9_IUqGf6VJi47Jt9VzE1iUilagnqDfZezBDAgKeQJqma1IxzDiCoqn5pMBzKyly1EGZOdFA2-qArtbtQRT50YdNPvJqt7eLAf5C0e2pQiKZbm53MKuxT-xACBztAh4jFDcYPKkwR30hpsQ3QHTsbR1jwb4Tknj1lRvA_43zRPga4UleoT5uXiADlzwkOVA067MXkh4FAeKVzg1ACtjgSr5Gp6DR1BdDSotYHbfNzBgKBFuNAXObQP9_MMOI3eG1WGdO281P8amOaY7gqA06Qz3ZYqAavLj_IiDm0PZqfexb3wevMxi_3MpY_DV3nsHFBx31PTcSHvXJd2U5JBFuC4zIXCy6m3DgsRU-dDxSk0aAqkW75gcATwU4afh3aZM0faU7ttedZBHKMSUKU2-CLArzpv1sCFqKO2OO_7QHd61ElSVhkX8nCFJ8XYbO8pgqPz6rxA2zJp0kRUBjlvUbWcclJ3ktilOIca42ILmxDGq12QBEWUhzuVA36zOFcdBowxbu4TWEkjnoG3y3BQoeZ0WJ4-WctW3Z_ONfcXbWfjQNvc84m9Ucmpn2n7616Wmjkp_YRqKp502Bw_HclXEDNxATqSEvwR6YWNJOibQmjAIOFfhKbFkHTBHoHJsdi8MjHFkcfi4c9KAVErlkS3F2SFWLNhm5B3_eb2Qy3toXmjExHhirQMRh4tcgyEqZ-0Ko; Domain=.turn.com; Expires=Fri, 16-Sep-2011 12:34:46 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 12:34:45 GMT
Content-Length: 11395

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
oncept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;

document.write('\n\n\n    \n\n     \n    \n        \n        \n    \n\n\n\n\n\n\n        \n        \n        \n                \n                \n            \n                \n                <IFRAME SRC="http://ad.doubleclick.net/adi/N5552.152304.TRADINGDESK/B5035357.75;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzxWTgUAeAABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/;" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzxWTgUAeAABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/;">\n</SCRIPT>
...[SNIP]...
TkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/http://ad.doubleclick.net/jump/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie4;abr=!ie5;sz=300x250;ord=4368258591177512398?">\n<IMG SRC="http://ad.doubleclick.net/ad/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie4;abr=!ie5;sz=300x250;ord=4368258591177512398?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<img border="0" src="http://r.turn.com/r/beacon?b2=1nQDmgx-ioCVF-rYXxu_HoBa_2gfzWMwdYEyIOrBROq03_Y86yLq7uu3PPVLuSSsBeNZcjtgqDuPA_-FABFnjw&cid="> \n                    <img height="1" width="1" style="border-style:none;" alt="" src="http://segments.adap.tv/data/?p=cadreon&type=gif&segment=11&add=true"/> \n                    <img height="1" width="1" style="border-style:none;" alt="" src="http://segments.adap.tv/data/?p=cadreon&type=gif&segment=12&add=true"/> \n                </span>
...[SNIP]...

1.65. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.js?pub=5757398&cch=5766863&code=5766875&l=300x250&aid=25369308&ahcid=535345&bimpd=ZjNFN2hZ4i-YlydCdXsT0zZTuD8IubLL42BCS9LH_kU7Yi7NnmKey7h5ce7BWIM3Rux1S_qG8vICQji47dy2E024eYgQT0HpFSZWVesdccUgQeaQijGiqit_QPicgHK5ZZMUs7NpCCTHXflWLyQ9gG-3wDj3m_hPLqVkJ_2jOq48xNSvPXXIt__p10AGZJLfhVd0yR51mYGgtr88kk9pKdB4KuxJT2VpTSwLNXwZXg4zCpHIfbwNI9gJXjnp9W21ujPToIsuRZGfl8WEkkUw9Ua8Y_pn6CI8FT2XEgvyDGuPJv9385Kf6G5E3heIgSIs687bp01UqXCTTP9aXrmld7-TAYHSK0sv3Lw3yXzZz4paS9RecWGAeiDyekIyHp83tNp7CQptCawVC-54p-UewRw2jc1G4rEkoLiW0MRZIYy0V62KSSlYnX0LIbOpP3Jz00_3gOdpgmrTp3Jy74JTl73wc-cQ7FRKnITKYzO3zYVwdOuxgdv5_CYp89cY01huOiySebhNVquMNpVX58Yf46HG1sTGVle5vnwDWXwqi3RFY4bguUnvRTz9bsqCxNCQcmxkY_zvBwV6oRrqmbjeXea4OcyT17faPheb_5alGxB6vDyiosWvDSM9GQ_OeB_RT9rMK7M0d9tZKhGFc8ggTaSfPRztPAxd7KicgD3lJEcNkr_RW7y1hSGjdb2Qvr9O0cwgc6AhycSnUsmX6q1X86NfrrOorlvGJGSqB0P9f_Q&acp=2.828999&3c=http://track1000.pubmatic.com/AdServer/AdDisplayTrackerServlet?clickData=RGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA==_url=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie4;abr=!ie5;sz=300x250;ord=4368258591177512398?
http://ad.doubleclick.net/adi/N5552.152304.TRADINGDESK/B5035357.75;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzyhvAYAbwABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/;
http://ad.doubleclick.net/adj/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzyhvAYAbwABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/;
http://segments.adap.tv/data/?p=cadreon&type=gif&segment=11&add=true
http://segments.adap.tv/data/?p=cadreon&type=gif&segment=12&add=true

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 22 Mar 2011 12:42:40 GMT
Set-Cookie: uid=8392341830659049202; Domain=.turn.com; Expires=Fri, 16-Sep-2011 12:42:40 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=yIwFGXG_ONNXYT9KVa7ARgYdhMdutDjUYx3YtxoIw_Nh-L3XcPmT4hHXOQgApIlYh1NXgtHFGzzHzNFmm-KzX4g90G1H2vpZoNOb9achAhCIt1gxQlepUlp4ml3sdNG97MDefgoTZqF-bd3v_Qfs6OEZRtFGqduPVkD_gkg8VfV0ExsZAquLx2WiGNWvrnUs66TrumjmrgmOt_6bhgpouBxkPuTLEr5IiK0NPDoDdGZ4Jv2wOThiY_xtrMTwfOMAaAyMOd4uGF3MC-CGXX4vMW1u4GqmTEyg7jKVZpHKQe_PD4Xt-Js7qCjW6RNzUibJvhpXhsNU9dle8CO-Yq58yguZYY-JrvoL-qJXZJ1yuPxYvM25ZoHa0yz0_GF1-k26H27SKaSCTrWZJYQAanRpUp6-8ItWMu0zx8opffmAg80Q2NcoZq2DmOiL11Y1aSDa0Eax0_okMfml7XV2gTBl7_RilTlv7STTUt74jXnFmkxXmw30aAMs65cz_bx2zPbI-_ewAyRcl8PlkxKSnlGjeIn_EmNzOs9qkghvEthcqEgT7mtD-WyULU_RZ6fVg1KoOEsanzEgq58e7v0MXv-Zt5X_BsIvcSN0BmMTK-BlFS0PB-14JrUhoFLPnz5aKcvNvGRasNivyUiC-5nZMh1vJRLdlT7zaGlPa6bZSrikfyuR1XYHjyrzNA4VOnu-u85G7MDefgoTZqF-bd3v_Qfs6Ea-nsCtv-M0FVyWmgTaYJR0ExsZAquLx2WiGNWvrnUskfkh1c6UGWIS5N3Qjcruf8kSTz_yj_0xSYdw0Z1SFxELVM3uUWyLgHu6saG6i5Ps9kP5ppIhskAoCcoCTrAghAXlpwfxpWQdK7j4LVji2FWvMv2YxyHmLdaNustJLe4wL8t9STRgxor-Wv7_2JAlU0GifQpKlSlg2JPncxaZQ7oV42htM5jx1YoospMm3LO2H27SKaSCTrWZJYQAanRpUjDmKTcPQFqbSQ5GlElX4-OPXp3pozvJlBPwzvc_9CbX0Eax0_okMfml7XV2gTBl77zbnfMNJ_ejhUj1ijcB8BL3D5kPD76YDvIMjmnYUSqxo0veabwYiVBq7X_zb-YZYDMB1dlAsjcT9rVrLvj2jmV-EF7DnzPm9aZLOC1nQbZtlKVwFIz0fG1Bs_b6nhyhEpX_BsIvcSN0BmMTK-BlFS19ozX7FlWqx06TTt3zJMoidpDfoquYgeQVRQJMAHbPN_WiDC-9tPc3fXOMseuvq--K-zgO7NoLM_jmXGcGtU327MDefgoTZqF-bd3v_Qfs6Oxkijh9oVlxu6lBUms7z7J0ExsZAquLx2WiGNWvrnUsOVVvRY4AYRs50cGAbbAbGGZruOvapKdVErBX-QzpM90LVM3uUWyLgHu6saG6i5PswizSddZ377EjzJLxqJ-wIAtUze5RbIuAe7qxobqLk-waC6VbWziYzPzZYEsPOu6lBeWnB_GlZB0ruPgtWOLYVaXIseB1coQlNcUX8Tx6_BWmnIkrQMYyVV001NYeCx77QaJ9CkqVKWDYk-dzFplDup26fxxLi0cDamgwCGuPcFIfbtIppIJOtZklhABqdGlSn6tci3W8cVUumNv4e6Jsa79AYoCcuZQevJby7J8Rci2VoAtiLlGBIkVRKX8ZT8khpXgXWxiDfl7mMS75UiObs_cPmQ8PvpgO8gyOadhRKrH_e4sHVLWOIoaoYniTq0h_lC4l-GnLAeLfqIKDfL1UZJOz-o9DYD-roxjsJC1eyvS4MvbBsZIJDa4a_Eok4G_ulf8Gwi9xI3QGYxMr4GUVLY4zgboL1tHVOdRw6zHxG63JnlvqvTZp82d7AV1or2dUK-LG9BtoUFPBV0w0XjD81z84BWQWwTt_7VJ9kV3Yk0vswN5-ChNmoX5t3e_9B-zoL3LJqasE_Q8FVpKlHghtGXQTGxkCq4vHZaIY1a-udSzFgmY8QOetcaJ-cMDdy9pPjCYOHG27Q3GmZasY4qTHgwtUze5RbIuAe7qxobqLk-z2XHJXrFoSqU-vGEg4zU6PBeWnB_GlZB0ruPgtWOLYVUnc1s8GqvB0YPXoEkPp5nPmTrwiyoeHjcg_nRv07nfyaPBk4OYUvCvkVVAnHSDIbqD8NBes3o-Ce0dMzjVRBgYfbtIppIJOtZklhABqdGlScNkaD9ey5GwOXFSxSucsLViMOoBgvjVPmppZou5G5Oz1u2jaCL-G-9iQxe-i1zj0BHqNpdRWaYXKfEufY1_jM_cPmQ8PvpgO8gyOadhRKrH7GlnJshzgtoHSy0JW6hjS0Y71Gya6aNjlY8hGPjk2YaJDuoGirKaIGqy2d0dleyw2pQa3XTHbwOpyCpUheA7AFrTqbfLoyl3J8Nk85ayOjY1oNWlujSGtPqbH4Mc-ck9NK-xgSqFnQ4dK42nvQGsEC1BX8VG4DvOOTZvBGdh3W1l0dXhBHCfFaURcg86EWtLlFbsvCmEPdz0GvB-V7jB5awi2yagXokGer-T3duHYImsItsmoF6JBnq_k93bh2CJrCLbJqBeiQZ6v5Pd24dgi0fy9yH3cJpXYWOo6nSGwttH8vch93CaV2FjqOp0hsLaOT-BQHXXH-uznhhEs9x_Sw0tfzF6HcwwheEdKac2B-sNLX8xeh3MMIXhHSmnNgfoM2KaPI-sR5WE58gV6S3h5xnv5U9q3RmUdEcfcdtut4fcJCZU_BttKMXTDyrBfshtsU5_j_mocn2P_zfZY4qmabFOf4_5qHJ9j_832WOKpmug_cxXaULqo5K_--uRzgNIR8R--H-SzG21IeFe3_WqV2oTj14ksQ27ZtJZzx1gXZNqE49eJLENu2bSWc8dYF2TahOPXiSxDbtm0lnPHWBdk9C_Pu3wPYr2A_3dDgXogwmd09iZDTMtxv05d2hJrzm1ndPYmQ0zLcb9OXdoSa85tfCWfACzyR22c78m9rm0opXwlnwAs8kdtnO_Jva5tKKWGDrBTI6MoEsB4IrTcND0RHO90Ba4DNelbdwYVufELDtX6BfAY2sgFWzSh0EbYcfTBpmpd9hwiXKZXJsWFQCQVBsjiFrNHSK-_Gebf3rUW-DiUdeTQauTko8JT6bU5H7U4lHXk0Grk5KPCU-m1OR-1OJR15NBq5OSjwlPptTkftTiUdeTQauTko8JT6bU5H7WBDZuAVb1fiTqGwbz13XI0gQ2bgFW9X4k6hsG89d1yNIENm4BVvV-JOobBvPXdcjQoc_EAqGm2Vr9TWaHYU9GddhjhUYi9yiSqjz4yirqEtiAqptJsyQVI9zPJ_EVQb2i-PQC9ET8YNkY6cuXcGCAhqf1MrHd4wjjnlzZT7-OanKn9TKx3eMI455c2U-_jmpyp_Uysd3jCOOeXNlPv45qc4FfPONitGRcGxKttYjNpmYIlBZfRYA7Tno9giphEEaGCJQWX0WAO056PYIqYRBGhxo3TegpnNfA0YZyu_rcByep30ZvJV6vlji6z2sRrikTqd9GbyVer5Y4us9rEa4pE6nfRm8lXq-WOLrPaxGuKROp30ZvJV6vlji6z2sRrikRAeKyhQvuA1Am1Hf99RKswWh2QKPH2KLJ2oGR8lOZM1ANe8zLs_kHddS6hlrOxdDk; Domain=.turn.com; Expires=Fri, 16-Sep-2011 12:42:40 GMT; Path=/
Set-Cookie: fc=m5RiL1vO1RqpbeR06rDSQdi-P9L6OOiujCMMWa_OuuTBhSQ9y8oNWj2jHjllm2qL9SGC6KvWqijMODBe-PTw-vU2npYFHN-QFxss5iBZjoo0A7iP8ARnu5R4osC1ayLKRfOX1MD02-o6SZ1b0c_HcdJnnDxsS-ubYBpridlzat8; Domain=.turn.com; Expires=Fri, 16-Sep-2011 12:42:40 GMT; Path=/
Set-Cookie: pf=Jd1kXf3m4CvakOPnkhxyiBgeT54GpsYPK4MHyiMybC4gFjeMd3kmKZT55Ypg5r9L3EOz12FQ-uNCAdfU7PD5Wkp-Orrqozj3BCOMbMIkasA5AgPo6YSdwT3MDItRNsVTcovE94huridJuBPk0YijKO9TlgSlxQZrmzRRzeKacbL6GKdXH5UwUKfOLcy0VcYQruMvoxOUF9diy9mNGQhlq2JtMCQ7lVq-hyJTdbqiW3DoxS652rZ4yALKekpvWmMPcz_D1A7UZdU-C4yxPwlGbTPa39d2XxGIybmmwFXlboOK1lqrs-ez7riUogPhhxgdLjdsuNkt4kilIGPDdZFqTDxcQoXd5M_X9_PRQ49Ytla1lpuVo27yABVSuxB-u3ZG0p4_mcPekRR39c8F2gKW8gNrvrHStmZqKyXyPYTcZqLGhGX7RT3sasDtmLoxu3GEsHGwkDF76-hjSCoANLicpcMQ0hGgE0Z3MU9PLDig9hx7K-2H7d7c401PVwgyIrDAG7ySaBAXZRf4sBmLP5WLg4CEJ0dOxjsRR8Pz88E6zXZ5pfjSLF7a93-Dg8KdE2uA4jtF0Bb6HP0QLqH7z3cWrAlc0sTt939bCxraXAuBqiXjg5K98Qt4G3KrZaFnMjwwL59sTCW_yVCgn2KZHtwwc_L5lem7W3ab54Dfse3tW8rWOxEtBTjdIFdbBTXS7s9G89E7LxmTNw2SS8CZLarLGvd7dCPvCGckYs7tpHOd2E5V7lqy-7Ifd1e0FiUzQ16ledghu_4tIGwvFiG2FVwrZMdMCO4KO-3ucQr2lmoU5z6fTnKKKyaYUpAZvGhHq5b6Lm9YkKQoZc-aYtdal0jXRZoOlGDcIPyHaWyPhpX3BTji5FKHM9LdERx7h_JxDFFn2JMPd782uBBQwvI9a2Zqvc02000rpaW__bSfqt8hfV8OrOabXNqyQL3_oJgh3ZKwFh3f5Y5KtIvFYHTUuAytKKL5za2o_8t9mYcO2EtYyGlYqXooYa1h3WFAwaFMVeZ3MNKOvsZ_neR7vB3FgAbmNXDKcOZrhw0Vgy6fST-VOgQTQnWhkwBbDpUeoIaXzjhU4Q5sFFyY7gYaWoDLySHXlo1ffNWVz7UEQW1NpINmSsOnTvY9_7BawSDWTKZMo_1imyLi2tPI1oo-o09_IJsH7AmkDlbdo5Nbl-8VrqJWsNMvnqaB8cNQu2Wuc9QMWNcOZ-4dnCdNf8QSGwGEu-9b9pbPeWt0Shi-R6junPcdLvGLFQOVNlMxUXa_emQvVKP8E0h6ICwfrRymwUIbtSR9F5tXkH_Ks47vlfXtW_WL_MardlQbZQY9c7dkIBGuNrg5Mc5gn6ZlcIYufHW-xFM0SVKYmkh3Ak_uFdBP8dSQujlmGGG10bAL953SS0rCyYCab1Crak338ET_hkm4WC65Ws9JsgfSpyPx0haE0ybXsp0Bwr6W_-M2ZYOpYr4LqM2HKExeIiG0FjnK52Zq8COPwLcxqEf0QVtcgYljFzopq3VDVi3n1JVa5uwc4d3D-j9K-SiC1LCMvHaMGTQa3m7kgqk8sefG6GGrltSH-snHclT7jx9mmcbv5kmzGYVtLPRW; Domain=.turn.com; Expires=Fri, 16-Sep-2011 12:42:40 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 12:42:39 GMT
Content-Length: 11395

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
oncept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;

document.write('\n\n\n    \n\n     \n    \n        \n        \n    \n\n\n\n\n\n\n        \n        \n        \n                \n                \n            \n                \n                <IFRAME SRC="http://ad.doubleclick.net/adi/N5552.152304.TRADINGDESK/B5035357.75;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzyhvAYAbwABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/;" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie;sz=300x250;ord=4368258591177512398?;click=http://r.turn.com/r/tpclick/id/zhUvbgssnzyhvAYAbwABAA/3c/http%3A%2F%2Ftrack1000.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DRGcAAEVnAAACVQAA6AEAAAAAAAAAAAAAAAAAAAEAAAAAAAAA8wAAACwBAAD6AAAAAAAAAAIAAAA0M0E4QUJGQS03NDk3LTQ3MUEtOUFGNi0yOTc0RDE3RUYzMzUAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/;">\n</SCRIPT>
...[SNIP]...
TkNPTE9SAAAAAABOQ09MT1IAAAAAAE5DT0xPUgAAAAAATkNPTE9SAAAAAA%3D%3D_url%3D/url/http://ad.doubleclick.net/jump/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie4;abr=!ie5;sz=300x250;ord=4368258591177512398?">\n<IMG SRC="http://ad.doubleclick.net/ad/N5552.152304.TRADINGDESK/B5035357.75;abr=!ie4;abr=!ie5;sz=300x250;ord=4368258591177512398?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<img border="0" src="http://r.turn.com/r/beacon?b2=1nQDmgx-ioCVF-rYXxu_HoBa_2gfzWMwdYEyIOrBROq03_Y86yLq7uu3PPVLuSSsBeNZcjtgqDuPA_-FABFnjw&cid="> \n                    <img height="1" width="1" style="border-style:none;" alt="" src="http://segments.adap.tv/data/?p=cadreon&type=gif&segment=11&add=true"/> \n                    <img height="1" width="1" style="border-style:none;" alt="" src="http://segments.adap.tv/data/?p=cadreon&type=gif&segment=12&add=true"/> \n                </span>
...[SNIP]...

1.66. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?KnKABBt0GAAyz4UAAAAAAKwUIgAAAAAAAgAAAAYAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAABBtywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAASOF6FK5H9D9I4XoUrkf0PzMzMzMzM.8.MzMzMzMz.z8AAAAAAAAKQAAAAAAAAApAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3L--oUODOCQ2GUYTDE8B7CXQaUTsKgNAeJyW0AAAAAA==,,http%3A%2F%2Fbuzzya.com%2F,Z%3D728x90%26s%3D1602587%26_salt%3D483929992%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252F%26r%3D0,db8cfe30-52f2-11e0-8af9-003048d6d232

The response contains the following link to another domain:

http://ad.doubleclick.net/ad/oiq.rmx/;otp=11382;tile=1;sz=728x90;ord=123456789?

Request

GET /iframe3?KnKABBt0GAAyz4UAAAAAAKwUIgAAAAAAAgAAAAYAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAABBtywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAASOF6FK5H9D9I4XoUrkf0PzMzMzMzM.8.MzMzMzMz.z8AAAAAAAAKQAAAAAAAAApAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3L--oUODOCQ2GUYTDE8B7CXQaUTsKgNAeJyW0AAAAAA==,,http%3A%2F%2Fbuzzya.com%2F,Z%3D728x90%26s%3D1602587%26_salt%3D483929992%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252F%26r%3D0,db8cfe30-52f2-11e0-8af9-003048d6d232 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; ih="b!!!!J!%?RR!!!!%<rmMo!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1/]r!!!!#<rm6l!104d!!!!#<qn]E"; vuday1=1[Y'GI7PHz4d=[k!3w>80s=F:; liday1=!!o(=!3w>8dJn]d; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:06:25 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0321.2rm.ac4
Set-Cookie: ih="b!!!!K!%?RR!!!!%<rmMo!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; path=/; expires=Tue, 19-Mar-2013 13:06:25 GMT
Set-Cookie: vuday1=1[Y'GI7PHz4d=[k1[Y'G!3w>8TKT1*; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=!!o(=9.<FK!3w>8MNH=_; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:06:25 GMT
Pragma: no-cache
Content-Length: 1597
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(8769330);}
</script><!-- begin ad ta
...[SNIP]...
gA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2F,http://ad.doubleclick.net/jump/oiq.rmx/;otp=11382;tile=1;sz=728x90;u=rmxli_2930497|surl_http://buzzya.com/|pr_3.2500|pid_298720;ord=123456789?" target="_blank" ><img src="http://ad.doubleclick.net/ad/oiq.rmx/;otp=11382;tile=1;sz=728x90;ord=123456789?" border="0" alt="" /></a>
...[SNIP]...

1.67. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?KnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAA9yhcj8L12D.3KFyPwvXYPzQzMzMzM-M.NDMzMzMz4z80MzMzMzPjPzQzMzMzM-M.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABesxCRluDOCViSxm-ZYl7hHK-ojY2ZD-xTzD1fAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fplus-five%2F,Z%3D300x250%26s%3D1602587%26_salt%3D2720804788%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%26r%3D0,056ecbb6-52f3-11e0-8afa-003048d6d386

The response contains the following link to another domain:

http://ad.turn.com/server/ads.htm?&pub=2701141&code=5711646&cch=5711644&l=300x250&nonjs=1&sli=1989695&bli=1320666&exPub=298720&city=Dallas&acp=0.6000&rnd=1300626455&3c=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B510576aa26d330cd%253B12ed360bc30%2C0%253B%253B%253B1101847734%2CKnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMLxg0y4BAAAAAAAAADA1NmVjYmI2LTUyZjMtMTFlMC04YWZhLTAwMzA0OGQ2ZDM4NgA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252Fcategory%252Fplus%2Dfive%252F%2C&url=http%3A%2F%2Fbuzzya%2Ecom%2Fcategory%2Fplus%2Dfive%2F

Request

GET /iframe3?KnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAA9yhcj8L12D.3KFyPwvXYPzQzMzMzM-M.NDMzMzMz4z80MzMzMzPjPzQzMzMzM-M.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABesxCRluDOCViSxm-ZYl7hHK-ojY2ZD-xTzD1fAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fplus-five%2F,Z%3D300x250%26s%3D1602587%26_salt%3D2720804788%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%26r%3D0,056ecbb6-52f3-11e0-8afa-003048d6d386 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; lifb=8RJCHJ9E=%/(+W2; bh="b!!!%#!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!-?2!!!!*<pN)4!!-L3~~!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!04Z!!!!#<qgdp!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; liday1=8eD/s!!o(>9.<FK!3w>8aFdf(; ih="b!!!!P!%?RR!!!!'<rmNX!%?Rl!!!!%<rmNX!%?m7!!!!#<p]i+!'4A7!!!!%<rmNV!'4A9!!!!%<rmNV!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X3!!!!#<rmNa!1/X6!!!!$<rmNa!1/]r!!!!$<rmN1!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; vuday1=[cdPD1[Y'GI7PHz4d=[m1[Y'G!3w>8qxtPy; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:07:35 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0795.2rm.ac4
Set-Cookie: ih="b!!!!Q!%?RR!!!!'<rmNX!%?Rl!!!!%<rmNX!%?m7!!!!#<p]i+!'4A7!!!!%<rmNV!'4A9!!!!%<rmNV!(4uP!!!!#<p^*H!(^yZ!!!!#<rmNa!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X3!!!!#<rmNa!1/X6!!!!$<rmNa!1/]r!!!!$<rmN1!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; path=/; expires=Tue, 19-Mar-2013 13:07:35 GMT
Set-Cookie: vuday1=[cdPD1[Y'GI7PHz4d=[m1[Y'G!3w>8qxtPy; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!-!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!([!!v#F#IxPE!$Wiw!(^yZ!#PIK!!!%%!?5%!$px$-!w1K*!%0]Y!%7E2!$/h8~~~~~<rmNa~~"; path=/; expires=Tue, 19-Mar-2013 13:07:35 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=8eD/s!!o(>l-VP:9.<FK!3w>8mME=-; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:07:35 GMT
Pragma: no-cache
Content-Length: 1043
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(3489644);}
</script><iframe name="turn_ad_call_frame" width="300" height="250" frameborder="0" src="http://ad.turn.com/server/ads.htm?&pub=2701141&code=5711646&cch=5711644&l=300x250&nonjs=1&sli=1989695&bli=1320666&exPub=298720&city=Dallas&acp=0.6000&rnd=1300626455&3c=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B510576aa26d330cd%253B12ed360bc30%2C0%253B%253B%253B1101847734%2CKnKABBt0GABsPzUAAAAAAClFDgAAAAAAAgEAAAIAAAAAAP8AAAABCXmeHQAAAAAAP1weAAAAAADaJhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMLxg0y4BAAAAAAAAADA1NmVjYmI2LTUyZjMtMTFlMC04YWZhLTAwMzA0OGQ2ZDM4NgA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252Fcategory%252Fplus%2Dfive%252F%2C&url=http%3A%2F%2Fbuzzya%2Ecom%2Fcategory%2Fplus%2Dfive%2F" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no"></iframe>
...[SNIP]...

1.68. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAUW9GzVfJwT.2KFyPwvXYPwb6RJ4kXcs.MzMzMzMz4z-wJeSDns3WPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwVkO2l-DOCTGCXHbDfz0sufUj6vM0J-hwZAb8AAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fsports%2F,Z%3D300x250%26s%3D1602587%26_salt%3D796290819%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fsports%252F%26r%3D0,05b66e62-52f3-11e0-ba04-003048d6d066

The response contains the following link to another domain:

http://ad.doubleclick.net/ad/oiq.rmx/;otp=11042;tile=1;sz=300x250;ord=123456789?

Request

GET /iframe3?KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAUW9GzVfJwT.2KFyPwvXYPwb6RJ4kXcs.MzMzMzMz4z-wJeSDns3WPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwVkO2l-DOCTGCXHbDfz0sufUj6vM0J-hwZAb8AAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fsports%2F,Z%3D300x250%26s%3D1602587%26_salt%3D796290819%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fsports%252F%26r%3D0,05b66e62-52f3-11e0-ba04-003048d6d066 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; lifb=8RJCHJ9E=%/(+W2; bh="b!!!%#!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!-?2!!!!*<pN)4!!-L3~~!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!04Z!!!!#<qgdp!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; liday1=8eD/s!!o(>9.<FK!3w>8aFdf(; ih="b!!!!O!%?RR!!!!'<rmNX!%?Rl!!!!%<rmNX!%?m7!!!!#<p]i+!'4A7!!!!%<rmNV!'4A9!!!!%<rmNV!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!$<rmNa!1/]r!!!!$<rmN1!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; vuday1=[cdPD1[Y'GI7PHz4d=[m1[Y'G!3w>8qxtPy; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

1.69. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?qkaAABt0GAAyZScAAAAAALO6DQAAAAAAAgAIAAIAAAAAAP8AAAABCXmeHQAAAAAAtXkMAAAAAAAGchMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAFz.G3LWE2z8RWDm0yHbmP2C6SQwCK-U.SOF6FK5H8T-lcD0K16PxP83MzMzMzPw.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADu5FtsaeDOCYv3sRvSxprwnHoEirIo4nNC5D0hAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2F,Z%3D300x250%26s%3D1602587%26_salt%3D1181274879%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252F%26r%3D0,ea4ce35e-52f2-11e0-b423-003048d6d168

The response contains the following link to another domain:

http://content.yieldmanager.edgesuite.net/atoms/1e/76/1e767ba8693eab4c949153da36f873bb.js

Request

GET /iframe3?qkaAABt0GAAyZScAAAAAALO6DQAAAAAAAgAIAAIAAAAAAP8AAAABCXmeHQAAAAAAtXkMAAAAAAAGchMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAFz.G3LWE2z8RWDm0yHbmP2C6SQwCK-U.SOF6FK5H8T-lcD0K16PxP83MzMzMzPw.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADu5FtsaeDOCYv3sRvSxprwnHoEirIo4nNC5D0hAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2F,Z%3D300x250%26s%3D1602587%26_salt%3D1181274879%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252F%26r%3D0,ea4ce35e-52f2-11e0-b423-003048d6d168 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; liday1=!!o(>9.<FK!3w>8!0fWe; lifb=8RJCHJ9E=%/(+W2; ih="b!!!!M!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!#<rmN+!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; vuday1=[cdPCI7PHz4d=[l1[Y'G!3w>8Lq`:R; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:06:49 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0706.2rm.ac4
Set-Cookie: ih="b!!!!N!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!'4A7!!!!#<rmN1!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!#<rmN+!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; path=/; expires=Tue, 19-Mar-2013 13:06:49 GMT
Set-Cookie: vuday1=[cdPDI7PHz4d=[l1[Y'G!3w>8]+$lp; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:06:49 GMT
Pragma: no-cache
Content-Length: 327
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(2581810);}
</script><HTML>
<SCRIPT src='http://content.yieldmanager.edgesuite.net/atoms/1e/76/1e767ba8693eab4c949153da36f873bb.js'></SCRIPT>
...[SNIP]...

1.70. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?qkaAABt0GAB4wYMAAAAAAGOFIQAAAAAAAgAEAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAABDCiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAAAAAAAAAAAAAAEA9KCLqPwAAAAAAAAAAAACAVkYa9D8AAAAAAAAAAAAAwPKPwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhymQ8YuDOCRUFtY7Db1JM.z9f1WkTONKzERUkAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Ffriday-link-drop-9%2F,Z%3D300x250%26s%3D1602587%26_salt%3D1250101646%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252Ffeatured%252Ffriday-link-drop-9%252F%26r%3D0,e64bcd38-52f2-11e0-a664-003048d70576

The response contains the following link to another domain:

http://ad.doubleclick.net/ad/oiq.rmx/;otp=10932;tile=1;sz=300x250;ord=123456789?

Request

GET /iframe3?qkaAABt0GAB4wYMAAAAAAGOFIQAAAAAAAgAEAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAABDCiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAAAAAAAAAAAAAAEA9KCLqPwAAAAAAAAAAAACAVkYa9D8AAAAAAAAAAAAAwPKPwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhymQ8YuDOCRUFtY7Db1JM.z9f1WkTONKzERUkAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Ffriday-link-drop-9%2F,Z%3D300x250%26s%3D1602587%26_salt%3D1250101646%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252Ffeatured%252Ffriday-link-drop-9%252F%26r%3D0,e64bcd38-52f2-11e0-a664-003048d70576 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; ih="b!!!!K!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; vuday1=[cdPBI7PHz4d=[k1[Y'G!3w>8/WwDa; liday1=!!o(>9.<FK!3w>8!0fWe; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:06:43 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0915.2rm.ac4
Set-Cookie: ih="b!!!!L!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; path=/; expires=Tue, 19-Mar-2013 13:06:43 GMT
Set-Cookie: vuday1=[cdPCI7PHz4d=[k1[Y'G!3w>8WsZ:e; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: lifb=8RJCHJ9E=%/(+W2; path=/; expires=Sun, 20-Mar-2011 14:21:43 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:06:43 GMT
Pragma: no-cache
Content-Length: 1748
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(8634744);}
</script><!-- begin ad ta
...[SNIP]...
%2F,http://ad.doubleclick.net/jump/oiq.rmx/;otp=10932;tile=1;sz=300x250;u=rmxli_2886211|surl_http://www.therugged.com/featured/friday-link-drop-9/|pr_0.0000|pid_298720;ord=123456789?" target="_blank" ><img src="http://ad.doubleclick.net/ad/oiq.rmx/;otp=10932;tile=1;sz=300x250;ord=123456789?" border="0" alt="" /></a>
...[SNIP]...

1.71. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?qkaAABt0GABXJh8AAAAAAArUCQAAAAAAAAAAAAYAAAAAAA0AAQABCXmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjY8vVKW5z8NAiuHFtnwP7-fGi.dJPI.7FG4HoXr-T8.CtejcD3-P5qZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADCImL0YODOCdGDK9GnwdaAnPpH7qYYhGXawbabAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Ffriday-link-drop-9%2F,Z%3D728x90%26s%3D1602587%26_salt%3D1089396366%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252Ffeatured%252Ffriday-link-drop-9%252F%26r%3D0,e56df6d4-52f2-11e0-8af6-003048d6d61e

The response contains the following link to another domain:

http://imp.fetchback.com/serve/fb/adtag.js?tid=6436&type=lead&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B3348ad76d1b69cc3%253B12ed35fe792%2C0%253B%253B%253B2273949687%2CqkaAABt0GABXJh8AAAAAAArUCQAAAAAAAAAAAAYAAAAAAA0AAQABCXmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAkedf0y4BAAAAAAAAAGU1NmRmNmQ0LTUyZjItMTFlMC04YWY2LTAwMzA0OGQ2ZDYxZQA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fwww%2Etherugged%2Ecom%252Ffeatured%252Ffriday%2Dlink%2Ddrop%2D9%252F%2C

Request

GET /iframe3?qkaAABt0GABXJh8AAAAAAArUCQAAAAAAAAAAAAYAAAAAAA0AAQABCXmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjY8vVKW5z8NAiuHFtnwP7-fGi.dJPI.7FG4HoXr-T8.CtejcD3-P5qZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADCImL0YODOCdGDK9GnwdaAnPpH7qYYhGXawbabAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Ffriday-link-drop-9%2F,Z%3D728x90%26s%3D1602587%26_salt%3D1089396366%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252Ffeatured%252Ffriday-link-drop-9%252F%26r%3D0,e56df6d4-52f2-11e0-8af6-003048d6d61e HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; ih="b!!!!K!%?RR!!!!%<rmMo!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; vuday1=1[Y'GI7PHz4d=[k1[Y'G!3w>8TKT1*; liday1=!!o(=9.<FK!3w>8MNH=_; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:06:41 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad1135.2rm.ac4
Set-Cookie: ih="b!!!!K!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; path=/; expires=Tue, 19-Mar-2013 13:06:41 GMT
Set-Cookie: vuday1=[cdPBI7PHz4d=[k1[Y'G!3w>8/WwDa; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=!!o(>9.<FK!3w>8!0fWe; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:06:41 GMT
Pragma: no-cache
Content-Length: 795
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(2041431);}
</script><script language='javascript' type='text/javascript' src='http://imp.fetchback.com/serve/fb/adtag.js?tid=6436&type=lead&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B3348ad76d1b69cc3%253B12ed35fe792%2C0%253B%253B%253B2273949687%2CqkaAABt0GABXJh8AAAAAAArUCQAAAAAAAAAAAAYAAAAAAA0AAQABCXmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAkedf0y4BAAAAAAAAAGU1NmRmNmQ0LTUyZjItMTFlMC04YWY2LTAwMzA0OGQ2ZDYxZQA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fwww%2Etherugged%2Ecom%252Ffeatured%252Ffriday%2Dlink%2Ddrop%2D9%252F%2C'></script>
...[SNIP]...

1.72. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?KnKABBt0GAA-Jh8AAAAAAMmOHwAAAAAAAAAAAAIAAAAAAAMAAwABCXmeHQAAAAAAtXkMAAAAAABAjCkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAaZHtfD812j9pke18PzXaPylcj8L1KOQ.KVyPwvUo5D.NzMzMzMzwP83MzMzMzPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABpSavXj-DOCRzs9Pio4F71JSJEg.dGw-eNaOdqAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Ftech%2F,Z%3D300x250%26s%3D1602587%26_salt%3D976618604%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Ftech%252F%26r%3D0,01014b1c-52f3-11e0-b53a-003048d669d4

The response contains the following link to another domain:

http://imp.fetchback.com/serve/fb/adtag.js?tid=6438&type=mrect&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253Bcc03ec5ffa2b29e4%253B12ed3609d48%2C0%253B%253B%253B102709154%2CKnKABBt0GAA%2DJh8AAAAAAMmOHwAAAAAAAAAAAAIAAAAAAAMAAwABCXmeHQAAAAAAtXkMAAAAAABAjCkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAASJ1g0y4BAAAAAAAAADAxMDE0YjFjLTUyZjMtMTFlMC1iNTNhLTAwMzA0OGQ2NjlkNAA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252Fcategory%252Ftech%252F%2C

Request

GET /iframe3?KnKABBt0GAA-Jh8AAAAAAMmOHwAAAAAAAAAAAAIAAAAAAAMAAwABCXmeHQAAAAAAtXkMAAAAAABAjCkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAaZHtfD812j9pke18PzXaPylcj8L1KOQ.KVyPwvUo5D.NzMzMzMzwP83MzMzMzPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABpSavXj-DOCRzs9Pio4F71JSJEg.dGw-eNaOdqAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Ftech%2F,Z%3D300x250%26s%3D1602587%26_salt%3D976618604%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Ftech%252F%26r%3D0,01014b1c-52f3-11e0-b53a-003048d669d4 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; liday1=!!o(>9.<FK!3w>8!0fWe; lifb=8RJCHJ9E=%/(+W2; ih="b!!!!O!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!'4A7!!!!%<rmNV!'4A9!!!!%<rmNV!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!#<rmN+!1/]r!!!!$<rmN1!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; vuday1=[cdPD1[Y'GI7PHz4d=[m1[Y'G!3w>8qxtPy; bh="b!!!%#!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!-?2!!!!*<pN)4!!-L3~~!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!04Z!!!!#<qgdp!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:07:27 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad1330.2rm.ac4
Set-Cookie: ih="b!!!!O!%?RR!!!!'<rmNX!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!'4A7!!!!%<rmNV!'4A9!!!!%<rmNV!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!#<rmN+!1/]r!!!!$<rmN1!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; path=/; expires=Tue, 19-Mar-2013 13:07:27 GMT
Set-Cookie: vuday1=[cdPD1[Y'GI7PHz4d=[m1[Y'G!3w>8qxtPy; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=8eD/r!!o(>9.<FK!3w>8kHM^c; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:07:27 GMT
Pragma: no-cache
Content-Length: 768
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(2041406);}
</script><script language='javascript' type='text/javascript' src='http://imp.fetchback.com/serve/fb/adtag.js?tid=6438&type=mrect&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253Bcc03ec5ffa2b29e4%253B12ed3609d48%2C0%253B%253B%253B102709154%2CKnKABBt0GAA%2DJh8AAAAAAMmOHwAAAAAAAAAAAAIAAAAAAAMAAwABCXmeHQAAAAAAtXkMAAAAAABAjCkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAASJ1g0y4BAAAAAAAAADAxMDE0YjFjLTUyZjMtMTFlMC1iNTNhLTAwMzA0OGQ2NjlkNAA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252Fcategory%252Ftech%252F%2C'></script>
...[SNIP]...

1.73. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?qkaAABt0GAA0ZScAAAAAALO6DQAAAAAAAgAIAAYAAAAAAP8AAAABCXmeHQAAAAAAtXkMAAAAAAAGchMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAFz.G3LWE2z8RWDm0yHbmP2C6SQwCK-U.SOF6FK5H8T-lcD0K16PxP83MzMzMzPw.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACVVRtfaeDOCedv6r-OQrGz3DpvjTjKic0z2v78AAAAAA==,,http%3A%2F%2Fwww.therugged.com%2F,Z%3D728x90%26s%3D1602587%26_salt%3D2529262999%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252F%26r%3D0,ea7cbbf6-52f2-11e0-a172-003048d6d5de

The response contains the following link to another domain:

http://content.yieldmanager.edgesuite.net/atoms/11/75/1175ac11c3e9b6e2af69996ddbb8a325.js

Request

GET /iframe3?qkaAABt0GAA0ZScAAAAAALO6DQAAAAAAAgAIAAYAAAAAAP8AAAABCXmeHQAAAAAAtXkMAAAAAAAGchMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAFz.G3LWE2z8RWDm0yHbmP2C6SQwCK-U.SOF6FK5H8T-lcD0K16PxP83MzMzMzPw.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACVVRtfaeDOCedv6r-OQrGz3DpvjTjKic0z2v78AAAAAA==,,http%3A%2F%2Fwww.therugged.com%2F,Z%3D728x90%26s%3D1602587%26_salt%3D2529262999%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252F%26r%3D0,ea7cbbf6-52f2-11e0-a172-003048d6d5de HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; liday1=!!o(>9.<FK!3w>8!0fWe; lifb=8RJCHJ9E=%/(+W2; ih="b!!!!N!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!'4A7!!!!#<rmN1!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!#<rmN+!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; vuday1=[cdPDI7PHz4d=[l1[Y'G!3w>8]+$lp; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:06:49 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad1307.2rm.ac4
Set-Cookie: ih="b!!!!O!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!'4A7!!!!#<rmN1!'4A9!!!!#<rmN1!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!#<rmN+!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; path=/; expires=Tue, 19-Mar-2013 13:06:49 GMT
Set-Cookie: vuday1=[cdPEI7PHz4d=[l1[Y'G!3w>8mr.)N; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:06:49 GMT
Pragma: no-cache
Content-Length: 327
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(2581812);}
</script><HTML>
<SCRIPT src='http://content.yieldmanager.edgesuite.net/atoms/11/75/1175ac11c3e9b6e2af69996ddbb8a325.js'></SCRIPT>
...[SNIP]...

1.74. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAgAAAAYAAAAAAP8AAAABCHmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfI8Gb.tjOCUrprrxPD33NNXpvaMrAs.Da0NhMAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D225907243%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,7e71c7d4-52ee-11e0-ae4c-003048d6d3ac

The response contains the following link to another domain:

http://ad.doubleclick.net/ad/oiq.rmx/;otp=11047;tile=1;sz=728x90;ord=123456789?

Request

GET /iframe3?NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAgAAAAYAAAAAAP8AAAABCHmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfI8Gb.tjOCUrprrxPD33NNXpvaMrAs.Da0NhMAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D225907243%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,7e71c7d4-52ee-11e0-ae4c-003048d6d3ac HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; ih="b!!!!I!%?RR!!!!$<rm6l!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!104d!!!!#<qn]E"; vuday1=I7PHz!3w>8+87Sw; BX=6l13v316lnh2l&b=4&s=8i&t=47; liday1=!!o(<!3w>8I+R0c

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:35:11 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad1539.2rm.ac4
Set-Cookie: ih="b!!!!J!%?RR!!!!$<rm6l!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1/]r!!!!#<rm6l!104d!!!!#<qn]E"; path=/; expires=Tue, 19-Mar-2013 12:35:11 GMT
Set-Cookie: vuday1=I7PHz4d=[k!3w>8kY/*b; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 12:35:11 GMT
Pragma: no-cache
Content-Length: 1953
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(8689287);}
</script><!-- begin ad ta
...[SNIP]...
rmx/;otp=11047;tile=1;sz=728x90;u=rmxli_2904795|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;ord=123456789?" target="_blank" ><img src="http://ad.doubleclick.net/ad/oiq.rmx/;otp=11047;tile=1;sz=728x90;ord=123456789?" border="0" alt="" /></a>
...[SNIP]...

1.75. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?cLl-ABt0GABXJh8AAAAAAArUCQAAAAAAAAAAAAYAAAAAAA0AAQABCHmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjY8vVKW5z8NAiuHFtnwP7-fGi.dJPI.7FG4HoXr-T8.CtejcD3-P5qZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvvAOl.djOCUuT1BsThjs22HOeFbFpkZ8FEdeFAAAAAA==,,http%3A%2F%2Ftherugged.com%2F,Z%3D728x90%26s%3D1602587%26_salt%3D4236502337%26B%3D10%26u%3Dhttp%253A%252F%252Ftherugged.com%252F%26r%3D0,7e2442f2-52ee-11e0-b330-003048d56aa4

The response contains the following link to another domain:

http://imp.fetchback.com/serve/fb/adtag.js?tid=6436&type=lead&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253Bde8e87e7c08dcb01%253B12ed3430f73%2C0%253B%253B%253B3505910700%2CcLl%2DABt0GABXJh8AAAAAAArUCQAAAAAAAAAAAAYAAAAAAA0AAQABCHmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcw9D0y4BAAAAAAAAADdlMjQ0MmYyLTUyZWUtMTFlMC1iMzMwLTAwMzA0OGQ1NmFhNAA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Ftherugged%2Ecom%252F%2C

Request

GET /iframe3?cLl-ABt0GABXJh8AAAAAAArUCQAAAAAAAAAAAAYAAAAAAA0AAQABCHmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjY8vVKW5z8NAiuHFtnwP7-fGi.dJPI.7FG4HoXr-T8.CtejcD3-P5qZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvvAOl.djOCUuT1BsThjs22HOeFbFpkZ8FEdeFAAAAAA==,,http%3A%2F%2Ftherugged.com%2F,Z%3D728x90%26s%3D1602587%26_salt%3D4236502337%26B%3D10%26u%3Dhttp%253A%252F%252Ftherugged.com%252F%26r%3D0,7e2442f2-52ee-11e0-b330-003048d56aa4 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; ih="b!!!!N!%?RR!!!!#<pqk,!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!'cGC!!!!#<nQH-!'cKt!!!!$<nQH1!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,@lO!!!!#<nQHP!,@rl!!!!%<nQHf!,@s)!!!!#<nQHQ!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!104d!!!!#<qn]E"; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:35:10 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0824.2rm.ac4
Set-Cookie: ih="b!!!!I!%?RR!!!!#<pqk,!%?Rl!!!!$<rm6k!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!104d!!!!#<qn]E"; path=/; expires=Tue, 19-Mar-2013 12:35:10 GMT
Set-Cookie: vuday1=I7PHz!3w>8+87Sw; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=!!o(<!3w>8I+R0c; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 12:35:10 GMT
Pragma: no-cache
Content-Length: 749
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(2041431);}
</script><script language='javascript' type='text/javascript' src='http://imp.fetchback.com/serve/fb/adtag.js?tid=6436&type=lead&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253Bde8e87e7c08dcb01%253B12ed3430f73%2C0%253B%253B%253B3505910700%2CcLl%2DABt0GABXJh8AAAAAAArUCQAAAAAAAAAAAAYAAAAAAA0AAQABCHmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcw9D0y4BAAAAAAAAADdlMjQ0MmYyLTUyZWUtMTFlMC1iMzMwLTAwMzA0OGQ1NmFhNAA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Ftherugged%2Ecom%252F%2C'></script>
...[SNIP]...

1.76. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?cLl-ABt0GAA-Jh8AAAAAAArUCQAAAAAAAAAAAAIAAAAAABAAAQABCHmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjY8vVKW5z8NAiuHFtnwP7-fGi.dJPI.7FG4HoXr-T8.CtejcD3-P5qZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAByaQVT.djOCeig2-8jdUQ9vHVwhHXTwUaNnzTNAAAAAA==,,http%3A%2F%2Ftherugged.com%2F,Z%3D300x250%26s%3D1602587%26_salt%3D2466604242%26B%3D10%26u%3Dhttp%253A%252F%252Ftherugged.com%252F%26r%3D0,7e15f634-52ee-11e0-904f-003048d564ce

The response contains the following link to another domain:

http://imp.fetchback.com/serve/fb/adtag.js?tid=6438&type=mrect&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B8cf0969b0d70deb4%253B12ed34310c0%2C0%253B%253B%253B3725152111%2CcLl%2DABt0GAA%2DJh8AAAAAAArUCQAAAAAAAAAAAAIAAAAAABAAAQABCHmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAuRBD0y4BAAAAAAAAADdlMTVmNjM0LTUyZWUtMTFlMC05MDRmLTAwMzA0OGQ1NjRjZQBglCsAAAA%3D%2C%2Chttp%253A%252F%252Ftherugged%2Ecom%252F%2C

Request

GET /iframe3?cLl-ABt0GAA-Jh8AAAAAAArUCQAAAAAAAAAAAAIAAAAAABAAAQABCHmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjY8vVKW5z8NAiuHFtnwP7-fGi.dJPI.7FG4HoXr-T8.CtejcD3-P5qZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAByaQVT.djOCeig2-8jdUQ9vHVwhHXTwUaNnzTNAAAAAA==,,http%3A%2F%2Ftherugged.com%2F,Z%3D300x250%26s%3D1602587%26_salt%3D2466604242%26B%3D10%26u%3Dhttp%253A%252F%252Ftherugged.com%252F%26r%3D0,7e15f634-52ee-11e0-904f-003048d564ce HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; ih="b!!!!N!%?RR!!!!#<pqk,!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!'cGC!!!!#<nQH-!'cKt!!!!$<nQH1!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,@lO!!!!#<nQHP!,@rl!!!!%<nQHf!,@s)!!!!#<nQHQ!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!104d!!!!#<qn]E"; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:35:11 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0776.2rm.ac4
Set-Cookie: ih="b!!!!I!%?RR!!!!$<rm6l!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!104d!!!!#<qn]E"; path=/; expires=Tue, 19-Mar-2013 12:35:11 GMT
Set-Cookie: vuday1=I7PHz!3w>8+87Sw; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=!!o(<!3w>8I+R0c; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 12:35:11 GMT
Pragma: no-cache
Content-Length: 752
Content-Type: text/html
Age: 2
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(2041406);}
</script><script language='javascript' type='text/javascript' src='http://imp.fetchback.com/serve/fb/adtag.js?tid=6438&type=mrect&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B8cf0969b0d70deb4%253B12ed34310c0%2C0%253B%253B%253B3725152111%2CcLl%2DABt0GAA%2DJh8AAAAAAArUCQAAAAAAAAAAAAIAAAAAABAAAQABCHmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAuRBD0y4BAAAAAAAAADdlMTVmNjM0LTUyZWUtMTFlMC05MDRmLTAwMzA0OGQ1NjRjZQBglCsAAAA%3D%2C%2Chttp%253A%252F%252Ftherugged%2Ecom%252F%2C'></script>
...[SNIP]...

1.77. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?KnKABBt0GAA-Jh8AAAAAAArUCQAAAAAAAAAAAAIAAAAAAAoAAgABCXmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjY8vVKW5z8NAiuHFtnwP7-fGi.dJPI.7FG4HoXr-T8.CtejcD3-P5qZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHfRjwT-DOCXZVkMR3h8XN7fVBFkHuwZ70e0p-AAAAAA==,,http%3A%2F%2Fbuzzya.com%2F,Z%3D300x250%26s%3D1602587%26_salt%3D568724029%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252F%26r%3D0,db070fc8-52f2-11e0-9ed0-003048d56ba4

The response contains the following link to another domain:

http://imp.fetchback.com/serve/fb/adtag.js?tid=6438&type=mrect&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B0b4a8f1e26b5ba87%253B12ed35fa827%2C0%253B%253B%253B243984806%2CKnKABBt0GAA%2DJh8AAAAAAArUCQAAAAAAAAAAAAIAAAAAAAoAAgABCXmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAJ6hf0y4BAAAAAAAAAGRiMDcwZmM4LTUyZjItMTFlMC05ZWQwLTAwMzA0OGQ1NmJhNAA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252F%2C

Request

GET /iframe3?KnKABBt0GAA-Jh8AAAAAAArUCQAAAAAAAAAAAAIAAAAAAAoAAgABCXmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjY8vVKW5z8NAiuHFtnwP7-fGi.dJPI.7FG4HoXr-T8.CtejcD3-P5qZmZmZmQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHfRjwT-DOCXZVkMR3h8XN7fVBFkHuwZ70e0p-AAAAAA==,,http%3A%2F%2Fbuzzya.com%2F,Z%3D300x250%26s%3D1602587%26_salt%3D568724029%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252F%26r%3D0,db070fc8-52f2-11e0-9ed0-003048d56ba4 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; liday1=!!o(<!3w>8I+R0c; ih="b!!!!J!%?RR!!!!$<rm6l!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1/]r!!!!#<rm6l!104d!!!!#<qn]E"; vuday1=I7PHz4d=[k!3w>8kY/*b; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:06:24 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0771.2rm.ac4
Set-Cookie: ih="b!!!!J!%?RR!!!!%<rmMo!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1/]r!!!!#<rm6l!104d!!!!#<qn]E"; path=/; expires=Tue, 19-Mar-2013 13:06:24 GMT
Set-Cookie: vuday1=1[Y'GI7PHz4d=[k!3w>80s=F:; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=!!o(=!3w>8dJn]d; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:06:24 GMT
Pragma: no-cache
Content-Length: 746
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(2041406);}
</script><script language='javascript' type='text/javascript' src='http://imp.fetchback.com/serve/fb/adtag.js?tid=6438&type=mrect&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B0b4a8f1e26b5ba87%253B12ed35fa827%2C0%253B%253B%253B243984806%2CKnKABBt0GAA%2DJh8AAAAAAArUCQAAAAAAAAAAAAIAAAAAAAoAAgABCXmeHQAAAAAAtXkMAAAAAAAACA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAJ6hf0y4BAAAAAAAAAGRiMDcwZmM4LTUyZjItMTFlMC05ZWQwLTAwMzA0OGQ1NmJhNAA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252F%2C'></script>
...[SNIP]...

1.78. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAgAEAAYAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACuRBehYuDOCbD0Mw1JBIMJUujMVYQeaY37Y..rAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D3523619729%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,e67fc8ea-52f2-11e0-be41-003048d6697a

The response contains the following link to another domain:

http://ad.doubleclick.net/ad/oiq.rmx/;otp=11042;tile=1;sz=728x90;ord=123456789?

Request

GET /iframe3?NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAgAEAAYAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACuRBehYuDOCbD0Mw1JBIMJUujMVYQeaY37Y..rAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D3523619729%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,e67fc8ea-52f2-11e0-be41-003048d6697a HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; liday1=!!o(>9.<FK!3w>8!0fWe; ih="b!!!!L!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; vuday1=[cdPCI7PHz4d=[k1[Y'G!3w>8WsZ:e; lifb=8RJCHJ9E=%/(+W2; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:06:43 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0892.2rm.ac4
Set-Cookie: ih="b!!!!M!%?RR!!!!%<rmMo!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!#<rmN+!1/]r!!!!#<rm6l!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; path=/; expires=Tue, 19-Mar-2013 13:06:43 GMT
Set-Cookie: vuday1=[cdPCI7PHz4d=[l1[Y'G!3w>8Lq`:R; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:06:43 GMT
Pragma: no-cache
Content-Length: 1953
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(8688889);}
</script><!-- begin ad ta
...[SNIP]...
rmx/;otp=11042;tile=1;sz=728x90;u=rmxli_2904721|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;ord=123456789?" target="_blank" ><img src="http://ad.doubleclick.net/ad/oiq.rmx/;otp=11042;tile=1;sz=728x90;ord=123456789?" border="0" alt="" /></a>
...[SNIP]...

1.79. http://ad.yieldmanager.com/iframe3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/iframe3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/iframe3?KnKABBt0GABXJh8AAAAAAMmOHwAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAtXkMAAAAAABAjCkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAaZHtfD812j9pke18PzXaPylcj8L1KOQ.KVyPwvUo5D.NzMzMzMzwP83MzMzMzPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsTZ2qjuDOCYS6t9FpNklpk0nYrT.L0KPdRhTnAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Ftech%2F,Z%3D728x90%26s%3D1602587%26_salt%3D44461933%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Ftech%252F%26r%3D0,00bac764-52f3-11e0-8956-003048d60b40

The response contains the following link to another domain:

http://imp.fetchback.com/serve/fb/adtag.js?tid=6436&type=lead&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B124dd0dd4e9449b3%253B12ed3609e37%2C0%253B%253B%253B4263463099%2CKnKABBt0GABXJh8AAAAAAMmOHwAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAtXkMAAAAAABAjCkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAANp5g0y4BAAAAAAAAADAwYmFjNzY0LTUyZjMtMTFlMC04OTU2LTAwMzA0OGQ2MGI0MAA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252Fcategory%252Ftech%252F%2C

Request

GET /iframe3?KnKABBt0GABXJh8AAAAAAMmOHwAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAtXkMAAAAAABAjCkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAaZHtfD812j9pke18PzXaPylcj8L1KOQ.KVyPwvUo5D.NzMzMzMzwP83MzMzMzPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsTZ2qjuDOCYS6t9FpNklpk0nYrT.L0KPdRhTnAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Ftech%2F,Z%3D728x90%26s%3D1602587%26_salt%3D44461933%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Ftech%252F%26r%3D0,00bac764-52f3-11e0-8956-003048d60b40 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; lifb=8RJCHJ9E=%/(+W2; bh="b!!!%#!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!-?2!!!!*<pN)4!!-L3~~!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!04Z!!!!#<qgdp!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; ih="b!!!!O!%?RR!!!!'<rmNX!%?Rl!!!!$<rmN)!%?m7!!!!#<p]i+!'4A7!!!!%<rmNV!'4A9!!!!%<rmNV!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!#<rmN+!1/]r!!!!$<rmN1!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; vuday1=[cdPD1[Y'GI7PHz4d=[m1[Y'G!3w>8qxtPy; liday1=8eD/r!!o(>9.<FK!3w>8kHM^c; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:07:27 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0861.2rm.ac4
Set-Cookie: ih="b!!!!O!%?RR!!!!'<rmNX!%?Rl!!!!%<rmNX!%?m7!!!!#<p]i+!'4A7!!!!%<rmNV!'4A9!!!!%<rmNV!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!1(-6!!!!#<rmN+!1/X6!!!!#<rmN+!1/]r!!!!$<rmN1!104d!!!!#<qn]E!1:dV!!!!#<rmMp"; path=/; expires=Tue, 19-Mar-2013 13:07:27 GMT
Set-Cookie: vuday1=[cdPD1[Y'GI7PHz4d=[m1[Y'G!3w>8qxtPy; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=8eD/s!!o(>9.<FK!3w>8aFdf(; path=/; expires=Mon, 21-Mar-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 13:07:27 GMT
Pragma: no-cache
Content-Length: 766
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(2041431);}
</script><script language='javascript' type='text/javascript' src='http://imp.fetchback.com/serve/fb/adtag.js?tid=6436&type=lead&clicktrack=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B124dd0dd4e9449b3%253B12ed3609e37%2C0%253B%253B%253B4263463099%2CKnKABBt0GABXJh8AAAAAAMmOHwAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAtXkMAAAAAABAjCkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAANp5g0y4BAAAAAAAAADAwYmFjNzY0LTUyZjMtMTFlMC04OTU2LTAwMzA0OGQ2MGI0MAA4nyoAAAA%3D%2C%2Chttp%253A%252F%252Fbuzzya%2Ecom%252Fcategory%252Ftech%252F%2C'></script>
...[SNIP]...

1.80. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/pixel?&id=1156121&id=956405&id=1094107&id=1127720&id=939987&id=950991&id=1049055&id=298361&id=939942&id=1028574&id=1212819&id=1210932&id=1224511&id=1198835&id=1080693&id=940005&id=612033&id=698998&id=1023063&id=915172&id=294012&id=1238288&id=1212821&id=940004&id=1085597&id=992290&id=956404&id=1216952&id=939893&id=940026&id=1212735&id=1095717&id=1050626&t=1

The response contains the following links to other domains:

http://ad.doubleclick.net/activity;src=1906576;dcnet=4591;boom=18926;sz=1x1;ord=
http://www.googleadservices.com/pagead/conversion/1033191019/?label=Dtp9CMW-4AEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1033191019/?label=muhJCP2z9wEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=0pAQCKDe0wEQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=3CLYCPCM3AEQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=SWqcCPC66QEQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=fmIuCPjA2wEQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=uk38CIiX0QEQjPe59AM&guid=ON&script=0

Request

GET /pixel?&id=1156121&id=956405&id=1094107&id=1127720&id=939987&id=950991&id=1049055&id=298361&id=939942&id=1028574&id=1212819&id=1210932&id=1224511&id=1198835&id=1080693&id=940005&id=612033&id=698998&id=1023063&id=915172&id=294012&id=1238288&id=1212821&id=940004&id=1085597&id=992290&id=956404&id=1216952&id=939893&id=940026&id=1212735&id=1095717&id=1050626&t=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pv1="b!!!!0!!L7_!*:n8!$0c3!,+ZH!#WUL!!!!$!?5%!(KYu6!wDW,!%JFh!%Oo9!$8eI~~~~~<o,,><s?nHM.jTN!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#R%`!$5*F!$CM.!104d!$i70!!!!$!?5%!$T[s,!?vQ,!%c4C~~~~~~~<qn]E<rmC_!!!([!!qy:!$5*F!$6>P!1%3H!$Zu6!!!!$!?5%!$qXJ3!?vQ,!%Q#<~~~~~~~<qc=7<rb!Q!!!([!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!#P,C!-8F-!$V-H!0.2@!$u#J!!!!$!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqfN<qpLh!!!([!!LV3!-8F-!$V-H!,Dln!$tyI!!H<)!?5%!%QX7/!@Dj0!'%it~~~~~~~<pqk'<qpQA!!!([!#`ac!$5*F!$i@e!0oZP!%GRx!!H<)!?5%!$qXJ3!@Dj0!'NRE~~~~~~~<qc=9<sGhr!!!([!!Rl,!!E)$!$XwU!0pbc!$so$!#a.3!!,)#%5tS5!]7:6!%4=%!%g*F~~~~~~<qd6K<smWP!!!(["; uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; ih="b!!!!N!%?RR!!!!#<pqk,!%?Rl!!!!#<rap9!%?m7!!!!#<p]i+!'cGC!!!!#<nQH-!'cKt!!!!$<nQH1!(4uP!!!!#<p^*H!)AU7!!!!#<pN(R!*rnf!!!!#<pv/a!,+ZH!!!!#<o,,>!,?Kj!!!!$<pN)1!,@lO!!!!#<nQHP!,@rl!!!!%<nQHf!,@s)!!!!#<nQHQ!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!#<qc=8!.$Cr!!!!#<qc=7!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.`.U!!!!#<o'YF!0(6l!!!!#<p]b^!0.2@!!!!#<pqfN!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!#<qn]D!0oZP!!!!#<qc=9!0pbc!!!!$<qd6K!0vr,!!!!$<raoq!1%3H!!!!#<qc=7!104d!!!!#<qn]E"; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/j$!!!!%<nTlW!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:45:15 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%4!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!+Vp!!!!#<pqhD!!-?2!!!!*<pN)4!!-L3!!!!#<pqhD!!-LP!!!!#<pqhD!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!/pv!!!!#<pqhD!!04Z!!!!#<qgdp!!0O0!!!!#<pqhD!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!?VS!!<NC<qDX7!!L_w!!!!#<rm>u!!M=.!!!!*<rm>u!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N8v!!!!#<pqhD!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!g]F!!!!#<pqhD!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!nAU!!!!#<pqhD!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!uhi!!!!#<pqhD!!waQ!!!!#<pqhD!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!xw:!!!!#<pqhD!!yaE!!!!*<rm>u!!yq>!!!!#<re$l!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#*Xa!!!!#<rao$!#*Xb!!!!#<r)hx!#*Xc!!!!#<r)hx!#+x/!!!!#<nQdW!#.dO!!!!*<rm>u!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#K?^!!!!'<p_19!#Km+!!!!#<qppS!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!*<rm>u!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#Q*T!!!!*<rm>u!#Q+/!!!!#<rm>u!#Q+^!!!!#<rm>u!#Q+o!!!!#<rm>u!#Q+p!!!!*<rm>u!#Q,.!!!!$<rm>u!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#RY.!!!!#<rm>u!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!'<rm>u!#SCk!!!!#<rm>u!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#V,1!!!!#<pqhD!#VDX!!!!#<q4hD!#XA!!!!!#<rm>u!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#[Qv!!!!#<pqhD!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]W%!!!!#<rm>u!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^Bo!!!!#<rm>u!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!*<rm>u!#a=#!!!!#<o`%d!#aG>!!!!*<rm>u!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=(!!!!#<piFJ!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#eU%!!!!#<rm>u!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f8c!!!!#<rm>u!#f__!!!!#<pd^@!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#gHm!!!!#<rm>u!#g[h!!!!#<rm>u!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#l#]!!!!#<pd+P!#l*=!!!!#<rm>u!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#p#H!!!!#<rm>u!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!*<rm>u!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!*<rm>u!#wkr!!!!#<p2A7!#wmL!!!!#<rm>u!#wnK!!!!*<rm>u!#wnM!!!!*<rm>u!#x>u!!!!#<r:uS!#xI*!!!!*<rm>u!#xUM!!!!.<qd67!#yM#!!!!#<rm>u!$#2]!!!!#<r:uS!$#E+!!!!#<rm>u"; path=/; expires=Tue, 19-Mar-2013 12:45:15 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sun, 20 Mar 2011 12:45:15 GMT
Pragma: no-cache
Content-Length: 2018
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<img height="1" width="1" src="http://ad.yieldmanager.com/pixel?id=1231907&t=2" />');
document.write('<img height="1" width="1" src="http://ad.yieldmanager.com/pixel?id=1231614&t=2" />
...[SNIP]...
<img height="1" width="1" src="http://ad.yieldmanager.com/pixel?id=1231817&t=2" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=0pAQCKDe0wEQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://ad.yieldmanager.com/pixel?id=1231652&t=2" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=fmIuCPjA2wEQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=uk38CIiX0QEQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://ad.yieldmanager.com/pixel?id=1231766&t=2" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=Dtp9CMW-4AEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=SWqcCPC66QEQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=muhJCP2z9wEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://ad.yieldmanager.com/pixel?id=1231861&t=2" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=3CLYCPCM3AEQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://ad.doubleclick.net/activity;src=1906576;dcnet=4591;boom=18926;sz=1x1;ord=" />');
document.write('<img height="1" width="1" src="http://ad.yieldmanager.com/pixel?id=1231653&t=2" />
...[SNIP]...

1.81. http://ads.dotomi.com/ads_smokey.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.dotomi.com
Path:	/ads_smokey.php

Issue detail

The page was loaded from a URL containing a query string:

http://ads.dotomi.com/ads_smokey.php?ms=11

The response contains the following link to another domain:

http://www.stjude.org/stjude/v/index.jsp?vgnextoid=0c7ae4288633c210VgnVCM1000001e0215acRCRD&vgnextchannel=d6e9e4288633c210VgnVCM1000001e0215acRCRD&plt=STJGENBAALSAC1000005

Request

GET /ads_smokey.php?ms=11 HTTP/1.1
Host: ads.dotomi.com
Proxy-Connection: keep-alive
Referer: http://ads.dotomi.com/ads.php?pid=13200&mtg=0&ms=11&btg=1&mp=1&dres=iframe&rwidth=300&rheight=250&pp=0&cg=2084&tz=300
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DotomiUser=330200604563575498$0$875515842; DotomiNet=2$DjQqblZ1RXVBDW1dBgd8WgBHKSpAJ25FCVxoWiwcJzNkew0OAQhAWwIPV0JcFAYDaWJPKSIjOHRGd0YJZV4DBnhUCVN4fgNxAVNVHzNaUEl0IyQ7BAkGCUNZAABSR0hNQFpwNgo4OwwCPgUeQAdiWQ4DeF0BVHt4DHMEQA5cdAQRDW1%2FcitYTFRmFhdCaVRGSUJMX2diWHtualV0TXRAA3AJUkYqMgJQe38JEFgEUBk%2FFUYcKD8JfQkJDQRCXAIGUE5KSkNWYWBcaD4yEycqJApEC18BAXlQAA%3D%3D; DotomiSession=1_330200604563575498$0$875515842$21677106$2736

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.9
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:57 GMT
Connection: close
Content-Length: 444

<html>
<head></head>
<body bottommargin="0" rightmargin="0" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"><a href="http://www.stjude.org/stjude/v/index.jsp?vgnextoid=0c7ae4288633c210VgnVCM1000001e0215acRCRD&vgnextchannel=d6e9e4288633c210VgnVCM1000001e0215acRCRD&plt=STJGENBAALSAC1000005" target="_blank"><IMG alt="www.stjude.org" border="0" src="http://ads.dotomi.com/banners/stjudes/dotomi-300x250.gif">
...[SNIP]...

1.82. http://ads.dotomi.com/ads_smokey.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.dotomi.com
Path:	/ads_smokey.php

Issue detail

The page was loaded from a URL containing a query string:

http://ads.dotomi.com/ads_smokey.php?ms=18

The response contains the following link to another domain:

http://www.stjude.org/stjude/v/index.jsp?vgnextoid=0c7ae4288633c210VgnVCM1000001e0215acRCRD&vgnextchannel=d6e9e4288633c210VgnVCM1000001e0215acRCRD&plt=STJGENBAALSAC1000006

Request

GET /ads_smokey.php?ms=18 HTTP/1.1
Host: ads.dotomi.com
Proxy-Connection: keep-alive
Referer: http://ads.dotomi.com/ads.php?pid=13200&mtg=0&ms=18&btg=1&mp=1&dres=iframe&rwidth=728&rheight=90&pp=0&cg=2084&tz=300
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DotomiUser=330200604563575498$0$875515842; rt_1982=2; rt_12783=2; rt_14000=2; rt_15900=2; rt_17100=2; rt_19000=2; DotomiNet=2$DjQqblZ1RXVBDW1dBgd8WgBHKSpAJ25FCVxoWiwcJzNkew0OAQhAWwIPV0JcFAYDaWJPKSIjOHRGd0YJZV4DBnhUCVN4fgNxAVNVHzNaUEl0IyQ7BAkGCUNZAABSQkpJSFtwNgo4OwwCPgUeQAdiWQ4DeF0BVHt4DHMEQA5cdAQRDW1%2FcitYTFRmFhdCaVRGSUJMX2diWHtualV0TXRAA3AJUkYqMgJQe38JEFgEUBk%2FFUYcKD8JfQkJDQRCXAIGUE5KSkNWYWBcaD4yEycqJApEC18BAXlQAA%3D%3D; DotomiSession=1_330200604563575498$0$875515842$21677107$2736

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.9
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Sun, 20 Mar 2011 13:07:23 GMT
Connection: close
Content-Length: 443

<html>
<head></head>
<body bottommargin="0" rightmargin="0" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"><a href="http://www.stjude.org/stjude/v/index.jsp?vgnextoid=0c7ae4288633c210VgnVCM1000001e0215acRCRD&vgnextchannel=d6e9e4288633c210VgnVCM1000001e0215acRCRD&plt=STJGENBAALSAC1000006" target="_blank"><IMG alt="www.stjude.org" border="0" src="http://ads.dotomi.com/banners/stjudes/dotomi-728x90.gif">
...[SNIP]...

1.83. http://ads.pointroll.com/PortalServe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.pointroll.com
Path:	/PortalServe/

Issue detail

The page was loaded from a URL containing a query string:

http://ads.pointroll.com/PortalServe/?pid=1203631H30720110201170639&flash=10&time=0|9:5|-5&redir=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/3/0/%2a/p%3B235836628%3B0-0%3B3%3B52877536%3B4307-300/250%3B40571478/40589265/1%3Bu%3Dpos-atf|cat-2|%21category-hs_the_nightlife|show-hs_the_nightlife|demo-D|tag-adj|mtype-standard|sz-300x250|tile-3%3B%7Eaopt%3D2/0/d7/0%3B%7Esscs%3D%3f$CTURL$&r=0.1189111452549696

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /PortalServe/?pid=1203631H30720110201170639&flash=10&time=0|9:5|-5&redir=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/3/0/%2a/p%3B235836628%3B0-0%3B3%3B52877536%3B4307-300/250%3B40571478/40589265/1%3Bu%3Dpos-atf|cat-2|%21category-hs_the_nightlife|show-hs_the_nightlife|demo-D|tag-adj|mtype-standard|sz-300x250|tile-3%3B%7Eaopt%3D2/0/d7/0%3B%7Esscs%3D%3f$CTURL$&r=0.1189111452549696 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.teennick.com/shows/the-nightlife
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=D00A51F3-34D8-48E5-A65B-AEA8240476C5; PRbu=EnLjDMH8P; PRsl=11022007583617319321424330414S; S5HitachiSeq=1*1330995589; PRvt=CIJVpEnbEvypYtAK4BBeJDmEnbE3X1F4ACjBAeJcgEnehzmXD9AAVBCeIyeEndpCn0aKAPQBAeIrUEndpEM2mD!G5BAeJHsEnfjOwXZa!cxBCeIJfEnjeJXBN5!RfBCeJhKEnpgtxXiZABzBAe; PRgo=BBBAAsJvCBC_!B!BCVBF4FR; PRimp=989E0400-C52D-9978-0309-84A000730100; PRca=|AKIo*5:1|AJsP*1892:1|AKIk*492:1|AJx5*48:1|AJrW*9395:1|AJor*856:1|AIgT*1774:4|AJi6*1774:2|AJPO*396:1|AJWc*130:1|AJla*1499:2|AJ2e*1153:2|AKEA*263:3|AJeS*12722:1|AJwv*1153:3|AKEU*852:1|AJtd*1329:3|#; PRcp=|AKIoAAAF:1|AJsPAA46:1|AKIkAAHw:1|AJx5AAAm:1|AJrWAC17:1|AJorAANo:1|AIgTAA2c:4|AJi6AA2c:2|AJPOAAGY:1|AJWcAACG:1|AJ2eAC0U:1|AJlaAAYL:2|AJ2eAASb:1|AKEAAAEP:3|AJeSADTM:1|AJwvAASb:3|AKEUAANk:1|AJtdAAV1:3|#; PRpl=|FKgU:1|FBju:1|FIiy:1|ExE4:1|FHwz:1|Etmg:1|EBro:4|EwWo:2|FFCp:1|FFCm:1|E1AQ:1|Eib5:1|Ef30:1|Erny:1|Ernx:1|Ef3M:1|FFCn:1|FFI2:1|FDTA:3|FEo9:1|Es48:1|Es49:1|Es4a:1|#; PRcr=|GHNR:1|GBuk:1|GGJs:1|GAV8:1|GFdm:1|FyK3:1|F8uJ:4|FudI:1|Fvl7:1|GEH2:1|GEHe:1|FiUb:1|FwsR:1|Fq6d:1|Fx3k:1|FyJY:1|FujS:1|GEH7:1|Ft0s:1|GCq8:3|GDle:1|Fxpv:2|Fxpu:1|#; PRpc=|FKgUGHNR:1|FBjuGBuk:1|FIiyGGJs:1|ExE4GAV8:1|FHwzGFdm:1|EtmgFyK3:1|EBroF8uJ:4|EwWoFudI:1|EwWoFvl7:1|FFCpGEH2:1|FFCmGEHe:1|E1AQFiUb:1|Eib5FwsR:1|Ef30Fq6d:1|ErnyFx3k:1|ErnxFyJY:1|Ef3MFujS:1|FFCnGEH7:1|FFI2Ft0s:1|FDTAGCq8:3|FEo9GDle:1|Es48Fxpv:1|Es49Fxpv:1|Es4aFxpu:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 20 Mar 2011 14:05:05 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 9297
Set-Cookie:PRvt=CJJVpEnbEvypYtAK4BBeJDmEnbE3X1F4ACjBAeJcgEnehzmXD9AAVBCeIyeEndpCn0aKAPQBAeIrUEndpEM2mD!G5BAeJHsEnfjOwXZa!cxBCeIJfEnjeJXBN5!RfBCeJhKEnpgtxXiZABzBAeJUREnup-fJ66AABBAe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BBBAAsJvCBC_!B!BCVBF4FR;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=EA9E0400-7C7F-BA9E-0309-511000010100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AJv5*214:1|AKIo*5:1|AJsP*1892:1|AKIk*492:1|AJx5*48:1|AJrW*9395:1|AJor*856:1|AIgT*1774:4|AJi6*1774:2|AJPO*396:1|AJWc*130:1|AJla*1499:2|AJ2e*1153:2|AKEA*263:3|AJeS*12722:1|AJwv*1153:3|AKEU*852:1|AJtd*1329:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AJv5AAD2:1|AKIoAAAF:1|AJsPAA46:1|AKIkAAHw:1|AJx5AAAm:1|AJrWAC17:1|AJorAANo:1|AIgTAA2c:4|AJi6AA2c:2|AJPOAAGY:1|AJWcAACG:1|AJ2eAC0U:1|AJlaAAYL:2|AJ2eAASb:1|AKEAAAEP:3|AJeSADTM:1|AJwvAASb:3|AKEUAANk:1|AJtdAAV1:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FDHZ:1|FKgU:1|FBju:1|FIiy:1|ExE4:1|FHwz:1|Etmg:1|EBro:4|EwWo:2|FFCp:1|FFCm:1|E1AQ:1|Eib5:1|Ef30:1|Erny:1|Ernx:1|Ef3M:1|FFCn:1|FFI2:1|FDTA:3|FEo9:1|Es48:1|Es49:1|Es4a:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GDV7:1|GHNR:1|GBuk:1|GGJs:1|GAV8:1|GFdm:1|FyK3:1|F8uJ:4|FudI:1|Fvl7:1|GEH2:1|GEHe:1|FiUb:1|FwsR:1|Fq6d:1|Fx3k:1|FyJY:1|FujS:1|GEH7:1|Ft0s:1|GCq8:3|GDle:1|Fxpv:2|Fxpu:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FDHZGDV7:1|FKgUGHNR:1|FBjuGBuk:1|FIiyGGJs:1|ExE4GAV8:1|FHwzGFdm:1|EtmgFyK3:1|EBroF8uJ:4|EwWoFudI:1|EwWoFvl7:1|FFCpGEH2:1|FFCmGEHe:1|E1AQFiUb:1|Eib5FwsR:1|Ef30Fq6d:1|ErnyFx3k:1|ErnxFyJY:1|Ef3MFujS:1|FFCnGEH7:1|FFI2Ft0s:1|FDTAGCq8:3|FEo9GDle:1|Es48Fxpv:1|Es49Fxpv:1|Es4aFxpu:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
511000010100' onMouseOver=\"if(typeof(prRoll)=='function')prBOver('EA9E04007C7FBA9E0309511000010100');\" onMouseOut=\"if(typeof(prRoll)=='function')prBOut(event);\" style='position:absolute;z-index:1'><object id='prflsEA9E04007C7FBA9E0309511000010100' name='prflsEA9E04007C7FBA9E0309511000010100' classid=clsid:D27CDB6E-AE6D-11cf-96B8-444553540000 codebase=http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0 width='300' height='250' style='width:300px;height:250px'><param name='movie' value='http://speed.pointroll.com/PointRoll/Media/Banners/Nintendo/841577/ntdoDS_Training_300x250_Bnr_020211_Pr01_FH.swf?PRCampID=38161&PRPubID=nick&PRAdSize=300x250&PRFormat=EX&PRA
...[SNIP]...

1.84. http://altfarm.mediaplex.com/ad/js/10433-118675-1629-11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/10433-118675-1629-11

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/10433-118675-1629-11?mpt=1540631604&mpvc=http://r1-ads.ace.advertising.com/click/site=0000787694/mnum=0000985691/cstr=69689444=_4d85f5b3,1540631604,787694^985691^1183^0,1_/xsxdata=$XSXDATA/bnum=69689444/optn=64?trg=

The response contains the following link to another domain:

http://r1-ads.ace.advertising.com/click/site=0000787694/mnum=0000985691/cstr=69689444=_4d85f5b3,1540631604,787694^985691^1183^0,1_/xsxdata=$XSXDATA/bnum=69689444/optn=64?trg=http://altfarm.mediaplex.com/ad/ck/10433-118675-1629-11?mpt=1540631604

Request

GET /ad/js/10433-118675-1629-11?mpt=1540631604&mpvc=http://r1-ads.ace.advertising.com/click/site=0000787694/mnum=0000985691/cstr=69689444=_4d85f5b3,1540631604,787694^985691^1183^0,1_/xsxdata=$XSXDATA/bnum=69689444/optn=64?trg= HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

1.85. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-1

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1?mpt=3952788&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/177/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//buzzya.com/category/sports/|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B6db7f3ad8100ff53%3B12ed360bbcb,0%3B%3B%3B2273949687,KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAyrtg0y4BAAAAAAAAADA1YjY2ZTYyLTUyZjMtMTFlMC1iYTA0LTAwMzA0OGQ2ZDA2NgA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fsports%2F,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/177/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://buzzya.com/category/sports/|pr_0.3563|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;6db7f3ad8100ff53;12ed360bbcb,0;;;2273949687,KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAyrtg0y4BAAAAAAAAADA1YjY2ZTYyLTUyZjMtMTFlMC1iYTA0LTAwMzA0OGQ2ZDA2NgA4nyoAAAA=,,http://buzzya.com/category/sports/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-1?mpt=3952788

Request

GET /ad/js/1551-47634-23636-1?mpt=3952788&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/177/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//buzzya.com/category/sports/|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B6db7f3ad8100ff53%3B12ed360bbcb,0%3B%3B%3B2273949687,KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAyrtg0y4BAAAAAAAAADA1YjY2ZTYyLTUyZjMtMTFlMC1iYTA0LTAwMzA0OGQ2ZDA2NgA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fsports%2F, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAUW9GzVfJwT.2KFyPwvXYPwb6RJ4kXcs.MzMzMzMz4z-wJeSDns3WPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwVkO2l-DOCTGCXHbDfz0sufUj6vM0J-hwZAb8AAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fsports%2F,Z%3D300x250%26s%3D1602587%26_salt%3D796290819%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fsports%252F%26r%3D0,05b66e62-52f3-11e0-ba04-003048d6d066
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 748
Date: Sun, 20 Mar 2011 13:29:54 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/177/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://buzzya.com/category/sports/|pr_0.3563|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;6db7f3ad8100ff53;12ed360bbcb,0;;;2273949687,KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAyrtg0y4BAAAAAAAAADA1YjY2ZTYyLTUyZjMtMTFlMC1iYTA0LTAwMzA0OGQ2ZDA2NgA4nyoAAAA=,,http://buzzya.com/category/sports/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-1?mpt=3952788"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root300X250.jpg" >
...[SNIP]...

1.86. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-1

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1?mpt=5489882&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1c7/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/%3F5416e%22__________script_____alert%28document.cookie%29_____/script_____426ea6897eb%3D1|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Bd979d99524c44149%3B12ed3782fa5,0%3B%3B%3B370855845,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAUAAIAAAAAAAkAAwABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAApC940y4BAAAAAAAAADk5ZDYxZWFhLTUyZjYtMTFlMC1hMzk2LTAwMWIyNDc4M2JhZQA4nyoAAAA=,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%28document.cookie%29_____%2Fscript_____426ea6897eb%3D1,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1c7/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://www.therugged.com/?5416e

Request

GET /ad/js/1551-47634-23636-1?mpt=5489882&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1c7/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/%3F5416e%22__________script_____alert%28document.cookie%29_____/script_____426ea6897eb%3D1|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Bd979d99524c44149%3B12ed3782fa5,0%3B%3B%3B370855845,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAUAAIAAAAAAAkAAwABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAApC940y4BAAAAAAAAADk5ZDYxZWFhLTUyZjYtMTFlMC1hMzk2LTAwMWIyNDc4M2JhZQA4nyoAAAA=,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%28document.cookie%29_____%2Fscript_____426ea6897eb%3D1, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAUAAIAAAAAAAkAAwABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAUW9GzVfJwT.2KFyPwvXYPwb6RJ4kXcs.MzMzMzMz4z-wJeSDns3WPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC.N5g0mObOCR42D31ieGgp-uRJfKZXmqBC5LmIAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%28document.cookie%29_____%2Fscript_____426ea6897eb%3D1,Z%3D300x250%26s%3D1602587%26_salt%3D4256994081%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252F%253F5416e%252522__________script_____alert%28document.cookie%29_____%252Fscript_____426ea6897eb%253D1%26r%3D0,99d61eaa-52f6-11e0-a396-001b24783bae
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 891
Date: Sun, 20 Mar 2011 13:33:13 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1c7/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://www.therugged.com/?5416e"__________script_____alert(document.cookie)_____/script_____426ea6897eb=1|pr_0.3563|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;d979d99524c44149;12ed3782fa5,0;;;370855845,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAUAAIAAAAAAAkAAwABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAApC940y4BAAAAAAAAADk5ZDYxZWFhLTUyZjYtMTFlMC1hMzk2LTAwMWIyNDc4M2JhZQA4nyoAAAA=,,http://www.therugged.com/?5416e%22__________script_____alert(document.cookie)_____/script_____426ea6897eb=1,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-1?mpt=5489882"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root300X250.jpg" >
...[SNIP]...

1.87. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-1

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1?mpt=4489928&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1f3/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%19%2Bs-day/|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B8e07972affa36926%3B12ed368ee0d,0%3B%3B%3B2278561921,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAQAAIAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAADO5o0y4BAAAAAAAAADQ1ODhiMTg0LTUyZjQtMTFlMC04NTBhLTAwMzA0OGQ2ZDU4MgA4nyoAAAA=,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Fart-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%25e2%2580%2599s-day%2F,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1f3/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy.+s-day/|pr_0.3563|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;8e07972affa36926;12ed368ee0d,0;;;2278561921,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAQAAIAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAADO5o0y4BAAAAAAAAADQ1ODhiMTg0LTUyZjQtMTFlMC04NTBhLTAwMzA0OGQ2ZDU4MgA4nyoAAAA=,,http://www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%e2%80%99s-day/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-1?mpt=4489928

Request

GET /ad/js/1551-47634-23636-1?mpt=4489928&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1f3/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%19%2Bs-day/|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B8e07972affa36926%3B12ed368ee0d,0%3B%3B%3B2278561921,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAQAAIAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAADO5o0y4BAAAAAAAAADQ1ODhiMTg0LTUyZjQtMTFlMC04NTBhLTAwMzA0OGQ2ZDU4MgA4nyoAAAA=,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Fart-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%25e2%2580%2599s-day%2F, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAQAAIAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAUW9GzVfJwT.2KFyPwvXYPwb6RJ4kXcs.MzMzMzMz4z-wJeSDns3WPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHXmEhr-LOCR11i-2kw7nSXvlMDkksjh7J.so0AAAAAA==,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Fart-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%25e2%2580%2599s-day%2F,Z%3D300x250%26s%3D1602587%26_salt%3D2010477497%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252Ffeatured%252Fart-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%2525e2%252580%252599s-day%252F%26r%3D0,4588b184-52f4-11e0-850a-003048d6d582
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 977
Date: Sun, 20 Mar 2011 13:16:32 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1f3/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy.+s-day/|pr_0.3563|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;8e07972affa36926;12ed368ee0d,0;;;2278561921,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAQAAIAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAADO5o0y4BAAAAAAAAADQ1ODhiMTg0LTUyZjQtMTFlMC04NTBhLTAwMzA0OGQ2ZDU4MgA4nyoAAAA=,,http://www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%e2%80%99s-day/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-1?mpt=4489928"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root300X250.jpg" >
...[SNIP]...

1.88. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-1

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1?mpt=5523553&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1bf/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/%3F5416e%22__________script_____alert%280x0024%29_____/script_____426ea6897eb%3D1|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Bf3b74d4940bafbec%3B12ed378b3a2,0%3B%3B%3B2109358943,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAcAAIAAAAAAAIABAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAorN40y4BAAAAAAAAAGFkYmFhMzQ2LTUyZjYtMTFlMC1hZTc2LTAwMzA0ODYzMjg2NAA4nyoAAAA=,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%280x0024%29_____%2Fscript_____426ea6897eb%3D1,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1bf/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://www.therugged.com/?5416e

Request

GET /ad/js/1551-47634-23636-1?mpt=5523553&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1bf/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/%3F5416e%22__________script_____alert%280x0024%29_____/script_____426ea6897eb%3D1|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Bf3b74d4940bafbec%3B12ed378b3a2,0%3B%3B%3B2109358943,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAcAAIAAAAAAAIABAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAorN40y4BAAAAAAAAAGFkYmFhMzQ2LTUyZjYtMTFlMC1hZTc2LTAwMzA0ODYzMjg2NAA4nyoAAAA=,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%280x0024%29_____%2Fscript_____426ea6897eb%3D1, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAcAAIAAAAAAAIABAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAUW9GzVfJwT.2KFyPwvXYPwb6RJ4kXcs.MzMzMzMz4z-wJeSDns3WPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACiBmwPuebOCdbzitf3X69it4EgHZV8zGv.rzQBAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%280x0024%29_____%2Fscript_____426ea6897eb%3D1,Z%3D300x250%26s%3D1602587%26_salt%3D3609977906%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252F%253F5416e%252522__________script_____alert%280x0024%29_____%252Fscript_____426ea6897eb%253D1%26r%3D0,adbaa346-52f6-11e0-ae76-003048632864
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 874
Date: Sun, 20 Mar 2011 13:33:47 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1bf/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://www.therugged.com/?5416e"__________script_____alert(0x0024)_____/script_____426ea6897eb=1|pr_0.3563|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;f3b74d4940bafbec;12ed378b3a2,0;;;2109358943,qkaAABt0GAD2lIQAAAAAAMnCIQAAAAAAAAAcAAIAAAAAAAIABAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAorN40y4BAAAAAAAAAGFkYmFhMzQ2LTUyZjYtMTFlMC1hZTc2LTAwMzA0ODYzMjg2NAA4nyoAAAA=,,http://www.therugged.com/?5416e%22__________script_____alert(0x0024)_____/script_____426ea6897eb=1,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-1?mpt=5523553"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root300X250.jpg" >
...[SNIP]...

1.89. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-1

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-1?mpt=3954428&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/177/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//buzzya.com/category/gaming/|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Bf697ae1ea4f15758%3B12ed360c172,0%3B%3B%3B1235090291,KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcsFg0y4BAAAAAAAAADA2Mjc0NzVlLTUyZjMtMTFlMC04MzEwLTAwMzA0OGQ3MDM2YwA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fgaming%2F,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/177/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://buzzya.com/category/gaming/|pr_0.3563|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;f697ae1ea4f15758;12ed360c172,0;;;1235090291,KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcsFg0y4BAAAAAAAAADA2Mjc0NzVlLTUyZjMtMTFlMC04MzEwLTAwMzA0OGQ3MDM2YwA4nyoAAAA=,,http://buzzya.com/category/gaming/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-1?mpt=3954428

Request

GET /ad/js/1551-47634-23636-1?mpt=3954428&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/177/%2a/n%3B237863701%3B0-0%3B1%3B40342997%3B4307-300/250%3B41068870/41086657/1%3Bu%3Drmxli_2904721|surl_http%3A//buzzya.com/category/gaming/|pr_0.3563|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Bf697ae1ea4f15758%3B12ed360c172,0%3B%3B%3B1235090291,KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcsFg0y4BAAAAAAAAADA2Mjc0NzVlLTUyZjMtMTFlMC04MzEwLTAwMzA0OGQ3MDM2YwA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fgaming%2F, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAUW9GzVfJwT.2KFyPwvXYPwb6RJ4kXcs.MzMzMzMz4z-wJeSDns3WPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMjXll-DOCZTwLr35lTZTcNHeyRCw3ujSUisIAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fgaming%2F,Z%3D300x250%26s%3D1602587%26_salt%3D409150463%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fgaming%252F%26r%3D0,0627475e-52f3-11e0-8310-003048d7036c
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 748
Date: Sun, 20 Mar 2011 13:07:38 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/177/*/n;237863701;0-0;1;40342997;4307-300/250;41068870/41086657/1;u=rmxli_2904721|surl_http://buzzya.com/category/gaming/|pr_0.3563|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;f697ae1ea4f15758;12ed360c172,0;;;1235090291,KnKABBt0GAD2lIQAAAAAAMnCIQAAAAAAAgAAAAIAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcsFg0y4BAAAAAAAAADA2Mjc0NzVlLTUyZjMtMTFlMC04MzEwLTAwMzA0OGQ3MDM2YwA4nyoAAAA=,,http://buzzya.com/category/gaming/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-1?mpt=3954428"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root300X250.jpg" >
...[SNIP]...

1.90. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=5523194&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1bf/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/%3F5416e%22__________script_____alert%280x0024%29_____/script_____426ea6897eb%3D1|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B79a1bb441738f1a4%3B12ed378b146,0%3B%3B%3B3747464764,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAcAAYAAAAAAAIABQABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAARrF40y4BAAAAAAAAAGFkNzYyNDBhLTUyZjYtMTFlMC04ODNhLTAwMWU2ODM3ZTFkOQBmlSoAAAA=,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%280x0024%29_____%2Fscript_____426ea6897eb%3D1,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1bf/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://www.therugged.com/?5416e

Request

GET /ad/js/1551-47634-23636-2?mpt=5523194&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1bf/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/%3F5416e%22__________script_____alert%280x0024%29_____/script_____426ea6897eb%3D1|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B79a1bb441738f1a4%3B12ed378b146,0%3B%3B%3B3747464764,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAcAAYAAAAAAAIABQABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAARrF40y4BAAAAAAAAAGFkNzYyNDBhLTUyZjYtMTFlMC04ODNhLTAwMWU2ODM3ZTFkOQBmlSoAAAA=,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%280x0024%29_____%2Fscript_____426ea6897eb%3D1, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAcAAYAAAAAAAIABQABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABM4jKluebOCQCQotYdNVDfHpXrN0sIEBdtsSnpAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%280x0024%29_____%2Fscript_____426ea6897eb%3D1,Z%3D728x90%26s%3D1602587%26_salt%3D3134846924%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252F%253F5416e%252522__________script_____alert%280x0024%29_____%252Fscript_____426ea6897eb%253D1%26r%3D0,ad76240a-52f6-11e0-883a-001e6837e1d9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 872
Date: Sun, 20 Mar 2011 13:33:46 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1bf/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://www.therugged.com/?5416e"__________script_____alert(0x0024)_____/script_____426ea6897eb=1|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;79a1bb441738f1a4;12ed378b146,0;;;3747464764,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAcAAYAAAAAAAIABQABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAARrF40y4BAAAAAAAAAGFkNzYyNDBhLTUyZjYtMTFlMC04ODNhLTAwMWU2ODM3ZTFkOQBmlSoAAAA=,,http://www.therugged.com/?5416e%22__________script_____alert(0x0024)_____/script_____426ea6897eb=1,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=5523194"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.91. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=5490538&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1c8/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/%3F5416e%22__________script_____alert%28document.cookie%29_____/script_____426ea6897eb%3D1|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B067098bc1524b3a9%3B12ed3783175,0%3B%3B%3B1764904902,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAUAAYAAAAAAAkABAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAdDF40y4BAAAAAAAAADk5YjA5NWNjLTUyZjYtMTFlMC05YWIxLTAwMWU2ODQ5ZjBmNQA4nyoAAAA=,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%28document.cookie%29_____%2Fscript_____426ea6897eb%3D1,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1c8/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://www.therugged.com/?5416e

Request

GET /ad/js/1551-47634-23636-2?mpt=5490538&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1c8/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/%3F5416e%22__________script_____alert%28document.cookie%29_____/script_____426ea6897eb%3D1|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B067098bc1524b3a9%3B12ed3783175,0%3B%3B%3B1764904902,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAUAAYAAAAAAAkABAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAdDF40y4BAAAAAAAAADk5YjA5NWNjLTUyZjYtMTFlMC05YWIxLTAwMWU2ODQ5ZjBmNQA4nyoAAAA=,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%28document.cookie%29_____%2Fscript_____426ea6897eb%3D1, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAUAAYAAAAAAAkABAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACMl2Dul-bOCV4PVfVuIRGYnlIo0BfuD0en4L-KAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2F%3F5416e%2522__________script_____alert%28document.cookie%29_____%2Fscript_____426ea6897eb%3D1,Z%3D728x90%26s%3D1602587%26_salt%3D1658944558%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252F%253F5416e%252522__________script_____alert%28document.cookie%29_____%252Fscript_____426ea6897eb%253D1%26r%3D0,99b095cc-52f6-11e0-9ab1-001e6849f0f5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 890
Date: Sun, 20 Mar 2011 13:33:14 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1c8/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://www.therugged.com/?5416e"__________script_____alert(document.cookie)_____/script_____426ea6897eb=1|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;067098bc1524b3a9;12ed3783175,0;;;1764904902,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAUAAYAAAAAAAkABAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAdDF40y4BAAAAAAAAADk5YjA5NWNjLTUyZjYtMTFlMC05YWIxLTAwMWU2ODQ5ZjBmNQA4nyoAAAA=,,http://www.therugged.com/?5416e%22__________script_____alert(document.cookie)_____/script_____426ea6897eb=1,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=5490538"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.92. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=3907803&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1c9/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B1088d642802964e9%3B12ed36009b3,0%3B%3B%3B430966145,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAIAAYAAAAAAAoAAQABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAsglg0y4BAAAAAAAAAGVhODJlYjUyLTUyZjItMTFlMC1iNGJmLTAwMzA0OGQ3MDY2YQA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1c9/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;1088d642802964e9;12ed36009b3,0;;;430966145,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAIAAYAAAAAAAoAAQABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAsglg0y4BAAAAAAAAAGVhODJlYjUyLTUyZjItMTFlMC1iNGJmLTAwMzA0OGQ3MDY2YQA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3907803

Request

GET /ad/js/1551-47634-23636-2?mpt=3907803&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1c9/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B1088d642802964e9%3B12ed36009b3,0%3B%3B%3B430966145,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAIAAYAAAAAAAoAAQABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAsglg0y4BAAAAAAAAAGVhODJlYjUyLTUyZjItMTFlMC1iNGJmLTAwMzA0OGQ3MDY2YQA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAIAAYAAAAAAAoAAQABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5eIeFaeDOCT1h7.pWgJGKbKudBMyaMHyG8lPKAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D2621817419%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,ea82eb52-52f2-11e0-b4bf-003048d7066a
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 863
Date: Sun, 20 Mar 2011 13:06:50 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1c9/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;1088d642802964e9;12ed36009b3,0;;;430966145,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAIAAYAAAAAAAoAAQABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAsglg0y4BAAAAAAAAAGVhODJlYjUyLTUyZjItMTFlMC1iNGJmLTAwMzA0OGQ3MDY2YQA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3907803"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.93. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=3952710&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/179/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//buzzya.com/category/plus-five/|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B797e15b0b85c29fd%3B12ed360ba97,0%3B%3B%3B694141131,KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAlrpg0y4BAAAAAAAAADA1M2RjM2E0LTUyZjMtMTFlMC1hNDIzLTAwMzA0OGQ2ZDE4OAA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fplus-five%2F,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/179/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://buzzya.com/category/plus-five/|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;797e15b0b85c29fd;12ed360ba97,0;;;694141131,KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAlrpg0y4BAAAAAAAAADA1M2RjM2E0LTUyZjMtMTFlMC1hNDIzLTAwMzA0OGQ2ZDE4OAA4nyoAAAA=,,http://buzzya.com/category/plus-five/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3952710

Request

GET /ad/js/1551-47634-23636-2?mpt=3952710&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/179/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//buzzya.com/category/plus-five/|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B797e15b0b85c29fd%3B12ed360ba97,0%3B%3B%3B694141131,KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAlrpg0y4BAAAAAAAAADA1M2RjM2E0LTUyZjMtMTFlMC1hNDIzLTAwMzA0OGQ2ZDE4OAA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fplus-five%2F, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAPFUYluDOCW.jHLxg052BGKUFHu2dz6xg2DpzAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fplus-five%2F,Z%3D728x90%26s%3D1602587%26_salt%3D2371249129%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fplus-five%252F%26r%3D0,053dc3a4-52f3-11e0-a423-003048d6d188
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 751
Date: Sun, 20 Mar 2011 13:07:35 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/179/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://buzzya.com/category/plus-five/|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;797e15b0b85c29fd;12ed360ba97,0;;;694141131,KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAlrpg0y4BAAAAAAAAADA1M2RjM2E0LTUyZjMtMTFlMC1hNDIzLTAwMzA0OGQ2ZDE4OAA4nyoAAAA=,,http://buzzya.com/category/plus-five/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3952710"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.94. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=2008632&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1ca/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B2e75bab3029d4c42%3B12ed3431171,0%3B%3B%3B2825860846,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAgAAAAYAAAAAAP8AAAABCHmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcBFD0y4BAAAAAAAAADdlNzFjN2Q0LTUyZWUtMTFlMC1hZTRjLTAwMzA0OGQ2ZDNhYwA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1ca/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;2e75bab3029d4c42;12ed3431171,0;;;2825860846,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAgAAAAYAAAAAAP8AAAABCHmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcBFD0y4BAAAAAAAAADdlNzFjN2Q0LTUyZWUtMTFlMC1hZTRjLTAwMzA0OGQ2ZDNhYwA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=2008632

Request

GET /ad/js/1551-47634-23636-2?mpt=2008632&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1ca/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B2e75bab3029d4c42%3B12ed3431171,0%3B%3B%3B2825860846,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAgAAAAYAAAAAAP8AAAABCHmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcBFD0y4BAAAAAAAAADdlNzFjN2Q0LTUyZWUtMTFlMC1hZTRjLTAwMzA0OGQ2ZDNhYwA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAgAAAAYAAAAAAP8AAAABCHmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfI8Gb.tjOCUrprrxPD33NNXpvaMrAs.Da0NhMAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D225907243%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,7e71c7d4-52ee-11e0-ae4c-003048d6d3ac
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:9866/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=1551:23636/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534; expires=Wed, 20-Mar-2013 5:23:59 GMT; path=/; domain=.mediaplex.com;
Content-Type: text/html
Content-Length: 864
Date: Sun, 20 Mar 2011 13:02:27 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1ca/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;2e75bab3029d4c42;12ed3431171,0;;;2825860846,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAgAAAAYAAAAAAP8AAAABCHmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAcBFD0y4BAAAAAAAAADdlNzFjN2Q0LTUyZWUtMTFlMC1hZTRjLTAwMzA0OGQ2ZDNhYwA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=2008632"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.95. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=3952710&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/177/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//buzzya.com/category/sports/|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Bc3b9aa312f45a93b%3B12ed360bac5,0%3B%3B%3B1642188255,KnKABBt0GAD5lIQAAAAAAMnCIQAAAAAAAAAAAAYAAAAAAAIAAQABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAxbpg0y4BAAAAAAAAADA1NmViMDA0LTUyZjMtMTFlMC1iYTgyLTAwMzA0OGQ2NjliMAA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fsports%2F,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/177/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://buzzya.com/category/sports/|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;c3b9aa312f45a93b;12ed360bac5,0;;;1642188255,KnKABBt0GAD5lIQAAAAAAMnCIQAAAAAAAAAAAAYAAAAAAAIAAQABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAxbpg0y4BAAAAAAAAADA1NmViMDA0LTUyZjMtMTFlMC1iYTgyLTAwMzA0OGQ2NjliMAA4nyoAAAA=,,http://buzzya.com/category/sports/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3952710

Request

GET /ad/js/1551-47634-23636-2?mpt=3952710&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/177/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//buzzya.com/category/sports/|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Bc3b9aa312f45a93b%3B12ed360bac5,0%3B%3B%3B1642188255,KnKABBt0GAD5lIQAAAAAAMnCIQAAAAAAAAAAAAYAAAAAAAIAAQABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAxbpg0y4BAAAAAAAAADA1NmViMDA0LTUyZjMtMTFlMC1iYTgyLTAwMzA0OGQ2NjliMAA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fsports%2F, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?KnKABBt0GAD5lIQAAAAAAMnCIQAAAAAAAAAAAAYAAAAAAAIAAQABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC6uT-uluDOCXkWcpWCFKwWI-UCJ45u86PggoVhAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fsports%2F,Z%3D728x90%26s%3D1602587%26_salt%3D983079894%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fsports%252F%26r%3D0,056eb004-52f3-11e0-ba82-003048d669b0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 746
Date: Sun, 20 Mar 2011 13:07:36 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/177/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://buzzya.com/category/sports/|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;c3b9aa312f45a93b;12ed360bac5,0;;;1642188255,KnKABBt0GAD5lIQAAAAAAMnCIQAAAAAAAAAAAAYAAAAAAAIAAQABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAxbpg0y4BAAAAAAAAADA1NmViMDA0LTUyZjMtMTFlMC1iYTgyLTAwMzA0OGQ2NjliMAA4nyoAAAA=,,http://buzzya.com/category/sports/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3952710"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.96. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=3954585&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/177/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//buzzya.com/category/gaming/|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B5a0f68858e1af085%3B12ed360c280,0%3B%3B%3B1101847734,KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAf8Jg0y4BAAAAAAAAADA2NTg1YTkyLTUyZjMtMTFlMC1iYTNkLTAwMzA0OGQ2ZDJkMgA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fgaming%2F,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/177/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://buzzya.com/category/gaming/|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;5a0f68858e1af085;12ed360c280,0;;;1101847734,KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAf8Jg0y4BAAAAAAAAADA2NTg1YTkyLTUyZjMtMTFlMC1iYTNkLTAwMzA0OGQ2ZDJkMgA4nyoAAAA=,,http://buzzya.com/category/gaming/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3954585

Request

GET /ad/js/1551-47634-23636-2?mpt=3954585&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/177/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//buzzya.com/category/gaming/|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B5a0f68858e1af085%3B12ed360c280,0%3B%3B%3B1101847734,KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAf8Jg0y4BAAAAAAAAADA2NTg1YTkyLTUyZjMtMTFlMC1iYTNkLTAwMzA0OGQ2ZDJkMgA4nyoAAAA=,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fgaming%2F, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRVZDSmODOCYaU7sQq4jwyYHEpBPy17h7iW0SeAAAAAA==,,http%3A%2F%2Fbuzzya.com%2Fcategory%2Fgaming%2F,Z%3D728x90%26s%3D1602587%26_salt%3D1428182412%26B%3D10%26u%3Dhttp%253A%252F%252Fbuzzya.com%252Fcategory%252Fgaming%252F%26r%3D0,06585a92-52f3-11e0-ba3d-003048d6d2d2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 746
Date: Sun, 20 Mar 2011 13:07:37 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/177/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://buzzya.com/category/gaming/|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;5a0f68858e1af085;12ed360c280,0;;;1101847734,KnKABBt0GACHloQAAAAAAAPDIQAAAAAAAAAAAAYAAAAAAAIAAgABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAf8Jg0y4BAAAAAAAAADA2NTg1YTkyLTUyZjMtMTFlMC1iYTNkLTAwMzA0OGQ2ZDJkMgA4nyoAAAA=,,http://buzzya.com/category/gaming/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3954585"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.97. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=5524053&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1ca/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Ba039da8adc818620%3B12ed378b580,0%3B%3B%3B3331667696,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAUAAYAAAAAAAIABAABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAf7V40y4BAAAAAAAAAGFlMGU1YzhlLTUyZjYtMTFlMC05Zjc1LTAwMWIyNDkzNWYyZQA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1ca/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;a039da8adc818620;12ed378b580,0;;;3331667696,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAUAAYAAAAAAAIABAABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAf7V40y4BAAAAAAAAAGFlMGU1YzhlLTUyZjYtMTFlMC05Zjc1LTAwMWIyNDkzNWYyZQA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=5524053

Request

GET /ad/js/1551-47634-23636-2?mpt=5524053&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1ca/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Ba039da8adc818620%3B12ed378b580,0%3B%3B%3B3331667696,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAUAAYAAAAAAAIABAABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAf7V40y4BAAAAAAAAAGFlMGU1YzhlLTUyZjYtMTFlMC05Zjc1LTAwMWIyNDkzNWYyZQA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAUAAYAAAAAAAIABAABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJHWVNuebOCTWwzfCWq39H.RqCgLRr4X3gG9ZfAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D4001528636%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,ae0e5c8e-52f6-11e0-9f75-001b24935f2e
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 864
Date: Sun, 20 Mar 2011 13:33:47 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1ca/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;a039da8adc818620;12ed378b580,0;;;3331667696,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAUAAYAAAAAAAIABAABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAf7V40y4BAAAAAAAAAGFlMGU1YzhlLTUyZjYtMTFlMC05Zjc1LTAwMWIyNDkzNWYyZQA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=5524053"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.98. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=3900928&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1ca/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B3f6bd041223d37c3%3B12ed35ff119,0%3B%3B%3B3959689361,NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAgAEAAYAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAGPFf0y4BAAAAAAAAAGU2N2ZjOGVhLTUyZjItMTFlMC1iZTQxLTAwMzA0OGQ2Njk3YQA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1ca/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;3f6bd041223d37c3;12ed35ff119,0;;;3959689361,NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAgAEAAYAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAGPFf0y4BAAAAAAAAAGU2N2ZjOGVhLTUyZjItMTFlMC1iZTQxLTAwMzA0OGQ2Njk3YQA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3900928

Request

GET /ad/js/1551-47634-23636-2?mpt=3900928&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1ca/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B3f6bd041223d37c3%3B12ed35ff119,0%3B%3B%3B3959689361,NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAgAEAAYAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAGPFf0y4BAAAAAAAAAGU2N2ZjOGVhLTUyZjItMTFlMC1iZTQxLTAwMzA0OGQ2Njk3YQA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAgAEAAYAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACuRBehYuDOCbD0Mw1JBIMJUujMVYQeaY37Y..rAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D3523619729%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,e67fc8ea-52f2-11e0-be41-003048d6697a
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=10433:1629/1551:23636/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534; expires=Wed, 20-Mar-2013 4:53:35 GMT; path=/; domain=.mediaplex.com;
Content-Type: text/html
Content-Length: 864
Date: Sun, 20 Mar 2011 13:06:44 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1ca/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;3f6bd041223d37c3;12ed35ff119,0;;;3959689361,NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAgAEAAYAAAAAAP8AAAABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAGPFf0y4BAAAAAAAAAGU2N2ZjOGVhLTUyZjItMTFlMC1iZTQxLTAwMzA0OGQ2Njk3YQA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=3900928"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.99. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=4489569&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1c9/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B05f6f4cf250dacc6%3B12ed368ec98,0%3B%3B%3B601193790,NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAAAAwABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAl-xo0y4BAAAAAAAAADQ1NmViZTUwLTUyZjQtMTFlMC04NmQ0LTAwMzA0OGQ1NjQ5MgAQrSsAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1c9/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;05f6f4cf250dacc6;12ed368ec98,0;;;601193790,NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAAAAwABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAl-xo0y4BAAAAAAAAADQ1NmViZTUwLTUyZjQtMTFlMC04NmQ0LTAwMzA0OGQ1NjQ5MgAQrSsAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=4489569

Request

GET /ad/js/1551-47634-23636-2?mpt=4489569&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1c9/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3B05f6f4cf250dacc6%3B12ed368ec98,0%3B%3B%3B601193790,NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAAAAwABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAl-xo0y4BAAAAAAAAADQ1NmViZTUwLTUyZjQtMTFlMC04NmQ0LTAwMzA0OGQ1NjQ5MgAQrSsAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAAAAwABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACy418Lr-LOCddQp-f9q3WX68ux.bG78coIp1UmAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D3100501521%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,456ebe50-52f4-11e0-86d4-003048d56492
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 863
Date: Sun, 20 Mar 2011 13:16:32 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1c9/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;05f6f4cf250dacc6;12ed368ec98,0;;;601193790,NBAAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAAAAwABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAl-xo0y4BAAAAAAAAADQ1NmViZTUwLTUyZjQtMTFlMC04NmQ0LTAwMzA0OGQ1NjQ5MgAQrSsAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=4489569"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.100. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=5490897&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1ca/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Ba3d32bf33b4dfc61%3B12ed3783413,0%3B%3B%3B1658787106,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAQAAYAAAAAAAkAAwABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjR40y4BAAAAAAAAADlhMDI4OWE0LTUyZjYtMTFlMC1hZmY4LTAwMzA0ODYzMmFmNgA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1ca/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;a3d32bf33b4dfc61;12ed3783413,0;;;1658787106,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAQAAYAAAAAAAkAAwABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjR40y4BAAAAAAAAADlhMDI4OWE0LTUyZjYtMTFlMC1hZmY4LTAwMzA0ODYzMmFmNgA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=5490897

Request

GET /ad/js/1551-47634-23636-2?mpt=5490897&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1ca/%2a/a%3B237863703%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904795|surl_http%3A//rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Ba3d32bf33b4dfc61%3B12ed3783413,0%3B%3B%3B1658787106,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAQAAYAAAAAAAkAAwABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjR40y4BAAAAAAAAADlhMDI4OWE0LTUyZjYtMTFlMC1hZmY4LTAwMzA0ODYzMmFmNgA4nyoAAAA=,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAQAAYAAAAAAAkAAwABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABSTGkWmObOCRboNuvJw6cpg6hPukUEUWP-MQExAAAAAA==,,http%3A%2F%2Frotator.adjuggler.com%2Fservlet%2Fajrotator%2F1007517%2F0%2Fvh%3Fz%3Dpdn%26dim%3D753181%26pos%3D7%26kw%3D%26click%3D,Z%3D728x90%26s%3D1602587%26_salt%3D3246105502%26B%3D10%26u%3Dhttp%253A%252F%252Frotator.adjuggler.com%252Fservlet%252Fajrotator%252F1007517%252F0%252Fvh%253Fz%253Dpdn%2526dim%253D753181%2526pos%253D7%2526kw%253D%2526click%253D%26r%3D0,9a0289a4-52f6-11e0-aff8-003048632af6
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 864
Date: Sun, 20 Mar 2011 13:33:14 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1ca/*/a;237863703;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904795|surl_http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;a3d32bf33b4dfc61;12ed3783413,0;;;1658787106,NBAAABt0GACHloQAAAAAAAPDIQAAAAAAAAAQAAYAAAAAAAkAAwABCXmeHQAAAAAAhIAMAAAAAADbUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAEjR40y4BAAAAAAAAADlhMDI4OWE0LTUyZjYtMTFlMC1hZmY4LTAwMzA0ODYzMmFmNgA4nyoAAAA=,,http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=5490897"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.101. http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/1551-47634-23636-2

Issue detail

The page was loaded from a URL containing a query string:

http://altfarm.mediaplex.com/ad/js/1551-47634-23636-2?mpt=4487444&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1f2/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%19%2Bs-day/|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Be26631a9e4bf7c8b%3B12ed368e432,0%3B%3B%3B440975709,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMeRo0y4BAAAAAAAAADQ0NjkzNGFlLTUyZjQtMTFlMC1hMzMwLTAwMzA0OGQ2ZDYzMABmlSoAAAA=,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Fart-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%25e2%2580%2599s-day%2F,

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3ad0/17/1f2/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy.+s-day/|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;e26631a9e4bf7c8b;12ed368e432,0;;;440975709,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMeRo0y4BAAAAAAAAADQ0NjkzNGFlLTUyZjQtMTFlMC1hMzMwLTAwMzA0OGQ2ZDYzMABmlSoAAAA=,,http://www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%e2%80%99s-day/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=4487444

Request

GET /ad/js/1551-47634-23636-2?mpt=4487444&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ad0/17/1f2/%2a/g%3B237863698%3B0-0%3B1%3B40342997%3B3454-728/90%3B41068898/41086685/1%3Bu%3Drmxli_2904721|surl_http%3A//www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%19%2Bs-day/|pr_0.3500|pid_298720%3B%7Esscs%3D%3fhttp://ad.yieldmanager.com/clk?2,13%3Be26631a9e4bf7c8b%3B12ed368e432,0%3B%3B%3B440975709,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMeRo0y4BAAAAAAAAADQ0NjkzNGFlLTUyZjQtMTFlMC1hMzMwLTAwMzA0OGQ2ZDYzMABmlSoAAAA=,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Fart-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%25e2%2580%2599s-day%2F, HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAR7bz.dR4wT.2KFyPwvXYP-N6FK5H4co.MzMzMzMz4z9nZmZmZmbWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACydZlOreLOCUCegxsWkKNBD3qTKv.sqDdpKJcgAAAAAA==,,http%3A%2F%2Fwww.therugged.com%2Ffeatured%2Fart-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%25e2%2580%2599s-day%2F,Z%3D728x90%26s%3D1602587%26_salt%3D1054132058%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.therugged.com%252Ffeatured%252Fart-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%2525e2%252580%252599s-day%252F%26r%3D0,446934ae-52f4-11e0-a330-003048d6d630
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=1551:23636/10433:1629/3484:15222/15154:34833/12309:28674/14559:6676/12124:245/12896:1389/14302:28901/15017:13113/12525:37966/14960:18534

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 974
Date: Sun, 20 Mar 2011 13:16:30 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad0/17/1f2/*/g;237863698;0-0;1;40342997;3454-728/90;41068898/41086685/1;u=rmxli_2904721|surl_http://www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy.+s-day/|pr_0.3500|pid_298720;~sscs=?http://ad.yieldmanager.com/clk?2,13;e26631a9e4bf7c8b;12ed368e432,0;;;440975709,qkaAABt0GAD5lIQAAAAAAMnCIQAAAAAAAAAMAAYAAAAAAAcAAgABCXmeHQAAAAAAhIAMAAAAAACRUiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADH0QoAAAAAAAIAAwAAAAAAMeRo0y4BAAAAAAAAADQ0NjkzNGFlLTUyZjQtMTFlMC1hMzMwLTAwMzA0OGQ2ZDYzMABmlSoAAAA=,,http://www.therugged.com/featured/art-of-surviving-the-pub-crawl-how-to-keep-your-job-relationship-life-and-reputation-intact-on-st-paddy%e2%80%99s-day/,http://altfarm.mediaplex.com/ad/ck/1551-47634-23636-2?mpt=4487444"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/47634/Root728x90.jpg" >
...[SNIP]...

1.102. http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.0.mybcdna.com
Path:	/JavaScript/apps/HomeBeforeLogin/hblv2.js

Issue detail

The page was loaded from a URL containing a query string:

http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js?64244

The response contains the following links to other domains:

http://api.recaptcha.net/img/clean/audio.png
http://api.recaptcha.net/img/clean/help.png
http://api.recaptcha.net/img/clean/refresh.png
http://api.recaptcha.net/img/clean/text.png
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://games.myyearbook.com/landing/'+feedData.gamesFeedItems[y].game_name+'
http://recaptcha.net/popuphelp/
http://tv.myyearbook.com/series/'+feedData.tvFeedItems[y].series_id+'
http://tv.myyearbook.com/view/'+feedData.tvFeedItems[y].episode_id+'
https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
https://h.online-metrix.net/fp/check.js?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '
https://h.online-metrix.net/fp/clear.png?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '&m=2
https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '

Request

GET /JavaScript/apps/HomeBeforeLogin/hblv2.js?64244 HTTP/1.1
Host: assets.0.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Tue, 15 Mar 2011 14:01:23 GMT
ETag: "3975857351"
Content-Type: text/javascript
Accept-Ranges: bytes
Date: Sun, 20 Mar 2011 12:44:13 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 13:14:13 GMT
X-CDN: Cotendo
Connection: Keep-Alive
Content-Length: 273014

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...
</div><object id="giftFlash" height="360" width="640" name="giftFlash" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"><param value="'+swfPath+'" name="movie"/>
...[SNIP]...
</p><img src="https://h.online-metrix.net/fp/clear.png?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '&m=2"alt=""><script src="https://h.online-metrix.net/fp/check.js?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '"type="text/javascript"></script><object type="application/x-shockwave-flash"data="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '"width="1"height="1"id="obj_id"><param name="movie"value="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '"/>
...[SNIP]...
</strong>'}h+=' in <a href="http://games.myyearbook.com/landing/'+feedData.gamesFeedItems[y].game_name+'">';h+=feedData.gamesFeedItems[y].game_display_name;h+='</a>
...[SNIP]...
</div>';h+='<a href="http://games.myyearbook.com/landing/'+feedData.gamesFeedItems[y].game_name+'">';h+='<img src="'+imageURL('images/games/tiles/'+feedData.gamesFeedItems[y].game_id+'_'+'medium.gif')+'" ';h+='class="game_thumb" alt="'+feedData.gamesFeedItems[y].game_display_name+'" />
...[SNIP]...
</a>';h+=' watched ';h+='<a href="http://tv.myyearbook.com/series/'+feedData.tvFeedItems[y].series_id+'">';h+=feedData.tvFeedItems[y].series_title;h+='</a>';h+=' - ';h+='<a href="http://tv.myyearbook.com/view/'+feedData.tvFeedItems[y].episode_id+'">';h+=feedData.tvFeedItems[y].episode_title;h+='</a>
...[SNIP]...
<br />';h+='<a href="http://tv.myyearbook.com/view/'+feedData.tvFeedItems[y].episode_id+'">';h+='<img src="'+feedData.tvFeedItems[y].thumb_url;h+='" class="tv_thumb" alt="'+feedData.tvFeedItems[y].episode_title+'" />
...[SNIP]...
<a tabindex="-1" id="recaptcha_reload_btn" href="javascript:Recaptcha.reload ();" title="Get a new challenge"><img width="25" height="18" alt="Get a new challenge" id="recaptcha_reload" src="http://api.recaptcha.net/img/clean/refresh.png"/></a><a class="recaptcha_only_if_image" tabindex="-1" id="recaptcha_switch_audio_btn" href="javascript:Recaptcha.switch_type(\'audio\');" title="Get an audio challenge"><img width="25" height="15" alt="Get an audio challenge" id="recaptcha_switch_audio" src="http://api.recaptcha.net/img/clean/audio.png"/></a><a class="recaptcha_only_if_audio" tabindex="-1" id="recaptcha_switch_img_btn" href="javascript:Recaptcha.switch_type(\'image\');" title="Get a visual challenge"><img width="25" height="15" alt="Get a visual challenge" id="recaptcha_switch_img" src="http://api.recaptcha.net/img/clean/text.png"/></a><a tabindex="-1" id="recaptcha_whatsthis_btn" href="http://recaptcha.net/popuphelp/" target="_1" title="Help"><img width="25" height="16" id="recaptcha_whatsthis" src="http://api.recaptcha.net/img/clean/help.png" alt="Help"/></a>
...[SNIP]...
rl=S.server+"image?c="+S.challenge;if(httpwavurl.indexOf("https://")==0){httpwavurl="http://"+httpwavurl.substring(8)}var swfUrl=S.server+"/img/audiocaptcha.swf?v2";var embedCode;if(C._2()){embedCode='<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="audiocaptcha" width="0" height="0" codebase="https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab"><param name="movie" value="'+swfUrl+'" />
...[SNIP]...

1.103. http://assets.mybcdna.com/JavaScript//apps/RecaptchaAjax.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.mybcdna.com
Path:	/JavaScript//apps/RecaptchaAjax.js

Issue detail

The page was loaded from a URL containing a query string:

http://assets.mybcdna.com/JavaScript//apps/RecaptchaAjax.js?64244

The response contains the following links to other domains:

http://api.recaptcha.net/img/clean/audio.png
http://api.recaptcha.net/img/clean/help.png
http://api.recaptcha.net/img/clean/refresh.png
http://api.recaptcha.net/img/clean/text.png
http://recaptcha.net/popuphelp/
https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

Request

GET /JavaScript//apps/RecaptchaAjax.js?64244 HTTP/1.1
Host: assets.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0wJm9sZD0xJmxvZ2luX2ZhaWx1cmU9dHJ1ZSZlbWFpbElkPWVtYWls
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jan 2010 19:25:07 GMT
ETag: "4191081985"
Content-Type: text/javascript
Accept-Ranges: bytes
Date: Sun, 20 Mar 2011 13:36:41 GMT
Server: lighttpd/1.4.19
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 14:06:41 GMT
X-CDN: Cotendo
Connection: Keep-Alive
Content-Length: 30859

if ( typeof captchaBox == "undefined" )
{
var captchaBox = 'Enter this code: <div id="dynamicRecaptcha"><div id="recaptcha_image" class="recaptcha"></div><div id="recaptcha_buttons"><a tabindex="-1" id="recaptcha_reload_btn" href="javascript:Recaptcha.reload ();" title="Get a new challenge"><img width="25" height="18" alt="Get a new challenge" id="recaptcha_reload" src="http://api.recaptcha.net/img/clean/refresh.png"/></a><a class="recaptcha_only_if_image" tabindex="-1" id="recaptcha_switch_audio_btn" href="javascript:Recaptcha.switch_type(\'audio\');" title="Get an audio challenge"><img width="25" height="15" alt="Get an audio challenge" id="recaptcha_switch_audio" src="http://api.recaptcha.net/img/clean/audio.png"/></a><a class="recaptcha_only_if_audio" tabindex="-1" id="recaptcha_switch_img_btn" href="javascript:Recaptcha.switch_type(\'image\');" title="Get a visual challenge"><img width="25" height="15" alt="Get a visual challenge" id="recaptcha_switch_img" src="http://api.recaptcha.net/img/clean/text.png"/></a><a tabindex="-1" id="recaptcha_whatsthis_btn" href="http://recaptcha.net/popuphelp/" target="_blank" title="Help"><img width="25" height="16" id="recaptcha_whatsthis" src="http://api.recaptcha.net/img/clean/help.png" alt="Help"/></a>
...[SNIP]...
nge;
if (httpwavurl.indexOf("https://") == 0) {
httpwavurl = "http://" + httpwavurl.substring(8);
}
var swfUrl = $ST.server + "/img/audiocaptcha.swf?v2";
var embedCode;
if ($C._is_ie()) {
embedCode = '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="audiocaptcha" width="0" height="0" codebase="https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab"><param name="movie" value="' + swfUrl + '" />
...[SNIP]...

1.104. http://assets.mybcdna.com/JavaScript//registration/new/registration.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.mybcdna.com
Path:	/JavaScript//registration/new/registration.js

Issue detail

The page was loaded from a URL containing a query string:

http://assets.mybcdna.com/JavaScript//registration/new/registration.js?64244

The response contains the following links to other domains:

https://h.online-metrix.net/fp/check.js?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'
https://h.online-metrix.net/fp/clear.png?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'&m=2
https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'

Request

GET /JavaScript//registration/new/registration.js?64244 HTTP/1.1
Host: assets.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0wJm9sZD0xJmxvZ2luX2ZhaWx1cmU9dHJ1ZSZlbWFpbElkPWVtYWls
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Fri, 16 Apr 2010 15:59:01 GMT
ETag: "2697475991"
Content-Type: text/javascript
Accept-Ranges: bytes
Date: Sun, 20 Mar 2011 13:36:33 GMT
Server: lighttpd/1.4.19
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 14:06:33 GMT
X-CDN: Cotendo
Connection: Keep-Alive
Content-Length: 5052

$(function(){$('#display_remember_information').click(function(){$('#remember_information, #remember_information_login_failure').show();return false});$('#remember_information p.close a, #remember_inf
...[SNIP]...
</p><img src="https://h.online-metrix.net/fp/clear.png?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'&m=2" alt="" ><script src="https://h.online-metrix.net/fp/check.js?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'"type="text/javascript"></script><object type="application/x-shockwave-flash" data="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'" width="1" height="1" id="obj_id"><param name="movie" value="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'" />
...[SNIP]...
</p><img src="https://h.online-metrix.net/fp/clear.png?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'&m=2" alt="" ><script src="https://h.online-metrix.net/fp/check.js?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'"type="text/javascript"></script><object type="application/x-shockwave-flash" data="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'" width="1" height="1" id="obj_id"><param name="movie" value="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'" />
...[SNIP]...

1.105. http://assets.mybcdna.com/JavaScript/apps/site.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.mybcdna.com
Path:	/JavaScript/apps/site.js

Issue detail

The page was loaded from a URL containing a query string:

http://assets.mybcdna.com/JavaScript/apps/site.js?64244

The response contains the following link to another domain:

http://pixel.33across.com/ps/'+Math.ceil(1e6*Math.random())+'/?pid=112&uid='+obj.data.sender+'&gnd='+obj.data.senderGender+'&age='+obj.data.senderAge+'&zp='+obj.data.senderZipCode+'&f='+obj.data.receiver+'&gnd2='+obj.data.receiverGender+'&age2='+obj.data.receiverAge+'&zp2='+obj.data.receiverZipCode+'&tt=iframe

Request

GET /JavaScript/apps/site.js?64244 HTTP/1.1
Host: assets.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://live.myyearbook.com/?2e77d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eadfd64910ba=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Thu, 18 Nov 2010 19:54:51 GMT
ETag: "3447361013"
Content-Type: text/javascript
Accept-Ranges: bytes
Date: Sun, 20 Mar 2011 14:10:55 GMT
Server: lighttpd/1.4.19
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 14:40:55 GMT
X-CDN: Cotendo
Connection: Keep-Alive
Content-Length: 5001

$(document).ready(function(){var qsText=$('#quickSearchBox').val();var qsColor=$('#quickSearchBox').css('color');$('#quickSearchBox').click(function(){var val=$.trim($(this).val());if(val==qsText){$(t
...[SNIP]...
st:function(receiverUserId){$.ajax({url:SITE_URL+'apps/ads/thirdparty/thirtyThreeAcross/'+receiverUserId+'/',type:'get',dataType:'jsonp'})},sendData:function(obj){if(obj&&!obj.error){$('body').append('<iframe style="display:none;width:1px;height:1px;" src="http://pixel.33across.com/ps/'+Math.ceil(1e6*Math.random())+'/?pid=112&uid='+obj.data.sender+'&gnd='+obj.data.senderGender+'&age='+obj.data.senderAge+'&zp='+obj.data.senderZipCode+'&f='+obj.data.receiver+'&gnd2='+obj.data.receiverGender+'&age2='+obj.data.receiverAge+'&zp2='+obj.data.receiverZipCode+'&tt=iframe"</iframe>')}}}};if(top.location!=self.location){top.location=self.location.href}

1.106. http://assets.mybcdna.com/JavaScript/common.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.mybcdna.com
Path:	/JavaScript/common.js

Issue detail

The page was loaded from a URL containing a query string:

http://assets.mybcdna.com/JavaScript/common.js?64244

The response contains the following link to another domain:

http://pixel.33across.com/ps/'%20+%20Math.ceil(%201e6%20*%20Math.random(%20)%20)%20+%20'/?pid=112&uid=' + obj.data.sender + '&gnd=' + obj.data.senderGender + '&age=' + obj.data.senderAge + '&zp=' + obj.data.senderZipCode + '&f=' + obj.data.receiver + '&gnd2=' + obj.data.receiverGender + '&age2=' + obj.data.receiverAge + '&zp2=' + obj.data.receiverZipCode + '&tt=iframe

Request

GET /JavaScript/common.js?64244 HTTP/1.1
Host: assets.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0wJm9sZD0xJmxvZ2luX2ZhaWx1cmU9dHJ1ZSZlbWFpbElkPWVtYWls
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Wed, 10 Mar 2010 15:52:15 GMT
ETag: "457023075"
Content-Type: text/javascript
Accept-Ranges: bytes
Date: Sun, 20 Mar 2011 13:36:37 GMT
Server: lighttpd/1.4.19
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 14:06:37 GMT
X-CDN: Cotendo
Connection: Keep-Alive
Content-Length: 19803

//Jeremy Wischusen - global variables for use in other scripts 6-2-2007
var site_url = "http://"+window.location.host

function tryToHide(el,event){
var toEl=event.target||event.toElement;
va
...[SNIP]...
: 'jsonp'
});

},

sendData : function ( obj )
{

// ensure we have data
if ( obj && ! obj.error )
{

$('body').append( '<iframe style="display:none;width:1px;height:1px;" src="http://pixel.33across.com/ps/' + Math.ceil( 1e6 * Math.random( ) ) + '/?pid=112&uid=' + obj.data.sender + '&gnd=' + obj.data.senderGender + '&age=' + obj.data.senderAge + '&zp=' + obj.data.senderZipCode + '&f=' + obj.data.receiver + '&gnd2=' + obj.data.receiverGender + '&age2=' + obj.data.receiverAge + '&zp2=' + obj.data.receiverZipCode + '&tt=iframe"</iframe>' );

}

}

}

};

1.107. http://bidder.mathtag.com/iframe/notify previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bidder.mathtag.com
Path:	/iframe/notify

Issue detail

The page was loaded from a URL containing a query string:

http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MjE0MzI3MzgzNzgzNjYzNy8xMTEwNDAvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pd3Nzb1g4SlNGczg1RjlCN293LWNUay8/InA55NeIGGV4hzZENaajIegtkxo&price=3.757000

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N553.mediamath/B5123370.3945;sz=300x250;pc=;ord=62143273837836637?
http://ad.doubleclick.net/adj/N553.mediamath/B5123370.39;sz=300x250;pc=;click1=http://pixel.mathtag.com/click/img?mt_aid=62143273837836637&mt_id=111040&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=62143273837836637?
http://r.openx.net/set?pid=0b83a084-dd0b-4bfe-9e2e-ab3706fc9955&rtb=uuid%3D4d5b2371-3928-7a83-24fb-d52328f5624b

Request

GET /iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MjE0MzI3MzgzNzgzNjYzNy8xMTEwNDAvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pd3Nzb1g4SlNGczg1RjlCN293LWNUay8/InA55NeIGGV4hzZENaajIegtkxo&price=3.757000 HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mt_mop=10004:1299934992|1:1297862934|10001:1297818481|11:1299460723|2:1299285586|3:1299090747|4:1299460679|5:1297863542|9:1297862322; ts=1300283399; uuid=4d5b2371-3928-7a83-24fb-d52328f5624b

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:34:37 GMT
Set-Cookie: mt_mop=10004:1299934992|1:1297862934|10001:1297818481|11:1299460723|2:1299285586|3:1299090747|4:1299460679|5:1300624477|9:1297862322; domain=.mathtag.com; path=/; expires=Wed, 19 Mar 2014 12:34:37 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Sun, 20 Mar 2011 12:34:37 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x4, ewr-bidder-x2
Server: MMBD/3.4.6
Content-Length: 1582
Content-Type: text/html
Connection: keep-alive

<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://pixel.mathtag.com/creative/img?mt_adid=70&mt_aid=62143273837836637&mt_e
...[SNIP]...
</div><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.mediamath/B5123370.39;sz=300x250;pc=;click1=http://pixel.mathtag.com/click/img?mt_aid=62143273837836637&mt_id=111040&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=62143273837836637?">
</SCRIPT>
...[SNIP]...
836637&mt_id=111040&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=http://ad.doubleclick.net/jump/N553.mediamath/B5123370.3945;sz=300x250;pc=;ord=62143273837836637?" target="_blank">
<IMG SRC="http://ad.doubleclick.net/ad/N553.mediamath/B5123370.3945;sz=300x250;pc=;ord=62143273837836637?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://r.openx.net/set?pid=0b83a084-dd0b-4bfe-9e2e-ab3706fc9955&rtb=uuid%3D4d5b2371-3928-7a83-24fb-d52328f5624b' height='1' width='1'></div>
...[SNIP]...

1.108. http://bidder.mathtag.com/iframe/notify previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bidder.mathtag.com
Path:	/iframe/notify

Issue detail

The page was loaded from a URL containing a query string:

http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82NjQ5MDU0NzkyOTkyMTg5Mi8xMDk2NzUvMTAyMTc0LzMvcUNrUlV0a2tSODZTZllSNWtDMUZwb3dud0hreW5rUUl0bkxKeWNpUWlUcy8/65jF72MGHLbwsG7rxNVZ3X0o4uc&price=3.050000

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N553.mediamath/B5123370.4;sz=300x250;ord=66490547929921892?
http://ad.doubleclick.net/adj/N553.mediamath/B5123370.4;sz=300x250;click1=http://pixel.mathtag.com/click/img?mt_aid=66490547929921892&mt_id=109675&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=66490547929921892?
http://cdn.doubleverify.com/ncript22.js?agnc=525744&cmp=579441&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=3&plc= &advid=579437&sid=12345&adid=
http://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=4d5b2371-3928-7a83-24fb-d52328f5624b&expires=28]

Request

GET /iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82NjQ5MDU0NzkyOTkyMTg5Mi8xMDk2NzUvMTAyMTc0LzMvcUNrUlV0a2tSODZTZllSNWtDMUZwb3dud0hreW5rUUl0bkxKeWNpUWlUcy8/65jF72MGHLbwsG7rxNVZ3X0o4uc&price=3.050000 HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mt_mop=10004:1299934992|1:1297862934|10001:1297818481|11:1299460723|2:1299285586|3:1299090747|4:1299460679|5:1300624477|9:1297862322; ts=1300624479; uuid=4d5b2371-3928-7a83-24fb-d52328f5624b

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:34:44 GMT
Set-Cookie: mt_mop=10004:1299934992|1:1297862934|10001:1297818481|11:1299460723|2:1299285586|3:1299090747|4:1299460679|5:1300624477|9:1300624484; domain=.mathtag.com; path=/; expires=Wed, 19 Mar 2014 12:34:44 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Sun, 20 Mar 2011 12:34:44 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x4, ewr-bidder-x2
Server: MMBD/3.4.6
Content-Length: 1825
Content-Type: text/html
Connection: keep-alive

<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://pixel.mathtag.com/creative/img?mt_adid=70&mt_aid=66490547929921892&mt_e
...[SNIP]...
</div><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.mediamath/B5123370.4;sz=300x250;click1=http://pixel.mathtag.com/click/img?mt_aid=66490547929921892&mt_id=109675&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=66490547929921892?">
</SCRIPT>
...[SNIP]...
0547929921892&mt_id=109675&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=http://ad.doubleclick.net/jump/N553.mediamath/B5123370.4;sz=300x250;ord=66490547929921892?" target="_blank">
<IMG SRC="http://ad.doubleclick.net/ad/N553.mediamath/B5123370.4;sz=300x250;ord=66490547929921892?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<img style='margin-left:-10px; margin-top:-10px' src='http://action.mathtag.com/mm/rtb/AXPG/1102A0/imp?ci=&li=&pe=&pt=&pi=&sc=&ct=&vi=&px=&su=' height='1' width='1'><script type='text/javascript' language='javascript' style='position:absolute; left:-10px; top:-10px' src='http://cdn.doubleverify.com/ncript22.js?agnc=525744&cmp=579441&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=3&plc= &advid=579437&sid=12345&adid='></script></div><div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=4d5b2371-3928-7a83-24fb-d52328f5624b&expires=28]' height='1' width='1'></div>
...[SNIP]...

1.109. http://bidder.mathtag.com/iframe/notify previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bidder.mathtag.com
Path:	/iframe/notify

Issue detail

The page was loaded from a URL containing a query string:

http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82NTI1NTM0NzU0Nzg1MDI2Mi8xMDkxMzYvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pNV9uZzhjR2tYX2V2RFRVQkhKMDc2by8/kLZ4JSxx1rdBz3lzg4AXpbtWcHs&price=3.757000

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N553.mediamath/B5123370.34;sz=300x250;ord=65255347547850262?
http://ad.doubleclick.net/adj/N553.mediamath/B5123370.34;sz=300x250;click1=http://pixel.mathtag.com/click/img?mt_aid=65255347547850262&mt_id=109136&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=65255347547850262?
http://ads.adbrite.com/adserver/vdi/684339?d=uuid%3D4d5b2371-3928-7a83-24fb-d52328f5624b

Request

GET /iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82NTI1NTM0NzU0Nzg1MDI2Mi8xMDkxMzYvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pNV9uZzhjR2tYX2V2RFRVQkhKMDc2by8/kLZ4JSxx1rdBz3lzg4AXpbtWcHs&price=3.757000 HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mt_mop=10004:1299934992|1:1297862934|10001:1297818481|11:1299460723|2:1299285586|3:1299090747|4:1299460679|5:1300624477|9:1300624484; ts=1300624485; uuid=4d5b2371-3928-7a83-24fb-d52328f5624b

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:28:54 GMT
Set-Cookie: mt_mop=10004:1299934992|1:1300627734|10001:1297818481|11:1299460723|2:1299285586|3:1299090747|4:1299460679|5:1300624477|9:1300624484; domain=.mathtag.com; path=/; expires=Wed, 19 Mar 2014 13:28:54 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Sun, 20 Mar 2011 13:28:54 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x1, ewr-bidder-x2
Server: MMBD/3.4.6
Content-Length: 1532
Content-Type: text/html
Connection: keep-alive

<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://pixel.mathtag.com/creative/img?mt_adid=70&mt_aid=65255347547850262&mt_e
...[SNIP]...
</div><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.mediamath/B5123370.34;sz=300x250;click1=http://pixel.mathtag.com/click/img?mt_aid=65255347547850262&mt_id=109136&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=65255347547850262?"></SCRIPT>
...[SNIP]...
5347547850262&mt_id=109136&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=http://ad.doubleclick.net/jump/N553.mediamath/B5123370.34;sz=300x250;ord=65255347547850262?" target="_blank"><IMG SRC="http://ad.doubleclick.net/ad/N553.mediamath/B5123370.34;sz=300x250;ord=65255347547850262?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://ads.adbrite.com/adserver/vdi/684339?d=uuid%3D4d5b2371-3928-7a83-24fb-d52328f5624b' height='1' width='1'></div>
...[SNIP]...

1.110. http://bidder.mathtag.com/iframe/notify previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bidder.mathtag.com
Path:	/iframe/notify

Issue detail

The page was loaded from a URL containing a query string:

http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82ODE2MTkxMTA5OTI3ODg5Ny8xMTEwMjgvMTAyMDY1LzQvUWk0TlZFWk5SbHYyNzBhYklEZU9pNnVVc3gxWkxKNTF1eUliTF9ENTVvRS8/-9XGQbHIEhvOILhUzhCdoUfCrpo&price=TYYBMAAPDO4K5V1O5uwWh8i6E5fg5lHTaGL8tg&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBGjVqMAGGTe6ZPM66lQeHrbC3Dtzvj_EB-PbyvBGMmoSTEgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi0yMzMyODU2MDcyODM4MDY4oAHg6pnsA7IBDHd3dy53b290LmNvbboBCjMwMHgyNTBfYXPIAQnaATBodHRwOi8vd3d3Lndvb3QuY29tL0Jsb2cvVmlld0VudHJ5LmFzcHg_SWQ9MTY4NDGYAsgfwAIEyALWwYwO4AIA6gISd29vdC1ibG9nMS0zMDB4MjUwqAMB6AMp6APtAvUDDAQAxOAEAYAGhtS_14-5g4fmAQ%26num%3D1%26sig%3DAGiWqtwcOCUfqI_Ad5EH8p7xJXIzJMxpFA%26client%3Dca-pub-2332856072838068%26adurl%3D

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N553.mediamath/B5123370.1445;sz=300x250;pc=;ord=68161911099278897?
http://ad.doubleclick.net/adj/N553.mediamath/B5123370.14;sz=300x250;pc=;click1=http://pixel.mathtag.com/click/img?mt_aid=68161911099278897&mt_id=111028&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=68161911099278897?

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82ODE2MTkxMTA5OTI3ODg5Ny8xMTEwMjgvMTAyMDY1LzQvUWk0TlZFWk5SbHYyNzBhYklEZU9pNnVVc3gxWkxKNTF1eUliTF9ENTVvRS8/-9XGQbHIEhvOILhUzhCdoUfCrpo&price=TYYBMAAPDO4K5V1O5uwWh8i6E5fg5lHTaGL8tg&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBGjVqMAGGTe6ZPM66lQeHrbC3Dtzvj_EB-PbyvBGMmoSTEgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi0yMzMyODU2MDcyODM4MDY4oAHg6pnsA7IBDHd3dy53b290LmNvbboBCjMwMHgyNTBfYXPIAQnaATBodHRwOi8vd3d3Lndvb3QuY29tL0Jsb2cvVmlld0VudHJ5LmFzcHg_SWQ9MTY4NDGYAsgfwAIEyALWwYwO4AIA6gISd29vdC1ibG9nMS0zMDB4MjUwqAMB6AMp6APtAvUDDAQAxOAEAYAGhtS_14-5g4fmAQ%26num%3D1%26sig%3DAGiWqtwcOCUfqI_Ad5EH8p7xJXIzJMxpFA%26client%3Dca-pub-2332856072838068%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mt_mop=10004:1299934992|1:1297862934|10001:1297818481|11:1299460723|2:1299285586|3:1299090747|4:1299460679|5:1300624477|9:1300624484; ts=1300624485; uuid=4d5b2371-3928-7a83-24fb-d52328f5624b

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:42:47 GMT
Server: MMBD/3.4.6
Content-Type: text/html
Content-Length: 1308
x-mm-dbg: bid not found
Last-Modified: Sun, 20 Mar 2011 13:42:47 GMT
x-mm-host: ewr-bidder-x2
Connection: keep-alive

<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://pixel.mathtag.com/creative/img?mt_adid=70&mt_aid=68161911099278897&mt_e
...[SNIP]...
</div><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.mediamath/B5123370.14;sz=300x250;pc=;click1=http://pixel.mathtag.com/click/img?mt_aid=68161911099278897&mt_id=111028&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=68161911099278897?">
</SCRIPT>
...[SNIP]...
278897&mt_id=111028&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=http://ad.doubleclick.net/jump/N553.mediamath/B5123370.1445;sz=300x250;pc=;ord=68161911099278897?" target="_blank">
<IMG SRC="http://ad.doubleclick.net/ad/N553.mediamath/B5123370.1445;sz=300x250;pc=;ord=68161911099278897?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

1.111. http://bidder.mathtag.com/iframe/notify previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bidder.mathtag.com
Path:	/iframe/notify

Issue detail

The page was loaded from a URL containing a query string:

http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MjE0MzI3MzgzNzgzNjYzNy8xMTEwNDAvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pd3Nzb1g4SlNGczg1RjlCN293LWNUay8/InA55NeIGGV4hzZENaajIegtkxo&price=3.757000

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N553.mediamath/B5123370.3945;sz=300x250;pc=;ord=62143273837836637?
http://ad.doubleclick.net/adj/N553.mediamath/B5123370.39;sz=300x250;pc=;click1=http://pixel.mathtag.com/click/img?mt_aid=62143273837836637&mt_id=111040&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=62143273837836637?
http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:4d5b2371-3928-7a83-24fb-d52328f5624b

Request

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:36:11 GMT
Last-Modified: Sun, 20 Mar 2011 12:36:11 GMT
x-mm-dbg: bid not found
x-mm-host: ewr-bidder-x4, ewr-bidder-x2
Server: MMBD/3.4.6
Content-Length: 1614
Content-Type: text/html
Connection: keep-alive

<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://pixel.mathtag.com/creative/img?mt_adid=70&mt_aid=62143273837836637&mt_e
...[SNIP]...
</div><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.mediamath/B5123370.39;sz=300x250;pc=;click1=http://pixel.mathtag.com/click/img?mt_aid=62143273837836637&mt_id=111040&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=62143273837836637?">
</SCRIPT>
...[SNIP]...
836637&mt_id=111040&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=http://ad.doubleclick.net/jump/N553.mediamath/B5123370.3945;sz=300x250;pc=;ord=62143273837836637?" target="_blank">
<IMG SRC="http://ad.doubleclick.net/ad/N553.mediamath/B5123370.3945;sz=300x250;pc=;ord=62143273837836637?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:4d5b2371-3928-7a83-24fb-d52328f5624b' height='1' width='1'></div>
...[SNIP]...

1.112. http://cache.galaxy-s.t-mobile.com/resources.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cache.galaxy-s.t-mobile.com
Path:	/resources.js

Issue detail

The page was loaded from a URL containing a query string:

http://cache.galaxy-s.t-mobile.com/resources.js?22aa341b67760bf2985de8e54b7f0dee

The response contains the following links to other domains:

http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax309;ord=' + a + '?
http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax309;ord=1?
http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax448;ord=' + a + '?
http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax448;ord=1?
http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax836;ord=' + a + '?
http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax836;ord=1?
http://libs.coremetrics.com/configs/'%20+%20cm_ClientID.split(

Request

GET /resources.js?22aa341b67760bf2985de8e54b7f0dee HTTP/1.1
Host: cache.galaxy-s.t-mobile.com
Proxy-Connection: keep-alive
Referer: http://galaxy-s.t-mobile.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TMobileCommon=TeaId=d676b058-7b88-48e0-a1a7-a54f7fb0806d; TMobileGeo=UserCurrentLocation=75207&UserCurrentCity=Dallas&UserCurrentCountry=United+States&GeoMarketId=8eb5dca0-f21b-4b24-8dc8-49933c6ff5d3&NeighborhoodName=Dallas&StateAbbreviation=TX&GeoMarketCode=DAT; TMobileUSStore=MarketUniqueID=8eb5dca0-f21b-4b24-8dc8-49933c6ff5d3&MarketCode=DAT&NeighborhoodName=Dallas&StateAbbreviation=TX&CityName=Dallas&StateName=Texas&ZIP=75207; TMobileSession=WT=&DCS=; mbox=PC#1300624507874-511379.17#1301836707|check#true#1300627167|session#1300627094627-816279#1300628967; TMobileSpanish=IsSpanishUser=false

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, max-age=604800
Content-Type: application/x-javascript; charset=utf-8
Date: Sun, 20 Mar 2011 13:34:57 GMT
Expires: Sun, 27 Mar 2011 13:34:58 GMT
Last-Modified: Wed, 16 Mar 2011 22:43:36 GMT
Server: ECS (dca/53F3)
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Cache: HIT
X-Powered-By: ASP.NET
X-Tmo-Framework-Version: 0.5.1101.836
Content-Length: 546448

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date:
...[SNIP]...
=== "testdata.coremetrics.com")) {
           cm_Production_HOST = "data.coremetrics.com";
       }
       cm_HOST += "/cm?";
   }

   if (cookieDomain) {
       cm_JSFPCookieDomain=cookieDomain;
   }

   document.write('<script language="javascript1.2" src="//libs.coremetrics.com/configs/' + cm_ClientID.split(";",1) + '.js"></script>
...[SNIP]...
= $(this).attr("floodlight");

switch (trackedEvent) {

case 'topiwantone': // Top Nav IWantOne button
$('body').append('<iframe src="http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax448;ord=' + a + '?" width="1" height="1" frameborder="0"></iframe>');
$('body').append('<iframe src="http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax448;ord=1?" width="1" height="1" frameborder="0"></iframe>');
break;

case 'defaultiwantone': // Default Page IWantOne button
$('body').append('<iframe src="http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax836;ord=' + a + '?" width="1" height="1" frameborder="0"></iframe>');
$('body').append('<iframe src="http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax836;ord=1?" width="1" height="1" frameborder="0"></iframe>');
break;

case 'featureslink': // See all features link
$('body').append('<iframe src="http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax309;ord=' + a + '?" width="1" height="1" frameborder="0"></iframe>');
$('body').append('<iframe src="http://fls.doubleclick.net/activityi;src=998766;type=103pc741;cat=galax309;ord=1?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...

1.113. http://cache.t-mobile-coverage.t-mobile.com/resources.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cache.t-mobile-coverage.t-mobile.com
Path:	/resources.js

Issue detail

The page was loaded from a URL containing a query string:

http://cache.t-mobile-coverage.t-mobile.com/resources.js?e19a35599d12e0ddef70919eaa13c0db

The response contains the following link to another domain:

http://libs.coremetrics.com/configs/'%20+%20cm_ClientID.split(

Request

GET /resources.js?e19a35599d12e0ddef70919eaa13c0db HTTP/1.1
Host: cache.t-mobile-coverage.t-mobile.com
Proxy-Connection: keep-alive
Referer: http://t-mobile-coverage.t-mobile.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TMobileCommon=TeaId=d676b058-7b88-48e0-a1a7-a54f7fb0806d; TMobileGeo=UserCurrentLocation=75207&UserCurrentCity=Dallas&UserCurrentCountry=United+States&GeoMarketId=8eb5dca0-f21b-4b24-8dc8-49933c6ff5d3&NeighborhoodName=Dallas&StateAbbreviation=TX&GeoMarketCode=DAT; TMobileUSStore=MarketUniqueID=8eb5dca0-f21b-4b24-8dc8-49933c6ff5d3&MarketCode=DAT&NeighborhoodName=Dallas&StateAbbreviation=TX&CityName=Dallas&StateName=Texas&ZIP=75207; mbox=PC#1300624507874-511379.17#1301836695|check#true#1300627155|session#1300627094627-816279#1300628955; TMobileSpanish=IsSpanishUser=false; TMobileSession=WT=&DCS=

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, max-age=604800
Content-Type: application/x-javascript; charset=utf-8
Date: Sun, 20 Mar 2011 13:32:51 GMT
Expires: Sun, 27 Mar 2011 13:32:52 GMT
Last-Modified: Thu, 17 Mar 2011 23:20:24 GMT
Server: ECS (dca/53F3)
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Cache: HIT
X-Powered-By: ASP.NET
X-Tmo-Framework-Version: 0.5.1101.836
Content-Length: 793389

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date:
...[SNIP]...
=== "testdata.coremetrics.com")) {
           cm_Production_HOST = "data.coremetrics.com";
       }
       cm_HOST += "/cm?";
   }

   if (cookieDomain) {
       cm_JSFPCookieDomain=cookieDomain;
   }

   document.write('<script language="javascript1.2" src="//libs.coremetrics.com/configs/' + cm_ClientID.split(";",1) + '.js"></script>
...[SNIP]...

1.114. http://canvas.myyearbook.com/canvas previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://canvas.myyearbook.com
Path:	/canvas

Issue detail

The page was loaded from a URL containing a query string:

http://canvas.myyearbook.com/canvas?2e77d

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js
http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject_src.js
http://assets.mybcdna.com/JavaScript/apps/SuggestionBox.js?64244
http://assets.mybcdna.com/JavaScript/apps/Tools/JUMP.js?64244
http://assets.mybcdna.com/JavaScript/apps/VIP/VIP.js?64244
http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/Plugins/myYearbook.ActionIcons/myYearbook.ActionIcons.js?64244
http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/Plugins/myYearbook.DragonDrop/myYearbook.DragonDrop.js?64244
http://assets.mybcdna.com/css/apps/ActionIcons.css?64244
http://assets.mybcdna.com/css/apps/DragonDrop.css?64244
http://assets.mybcdna.com/css/apps/SuggestionBox.css?64244
http://assets.mybcdna.com/css/apps/VIP/VIP.css?64244
http://assets.mybcdna.com/css/apps/iframe.css?64244
http://assets.mybcdna.com/css/apps/reset.css?64244

Request

GET /canvas?2e77d HTTP/1.1
Host: canvas.myyearbook.com
Proxy-Connection: keep-alive
Referer: http://live.myyearbook.com/?2e77d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eadfd64910ba=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=f3640abbd1b1cdb3:T=1300624489:S=ALNI_MbrX_Emgz4sKka8nHjyRqG1O3ly8w; __utmz=138725551.1300624490.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-193244728-1300624490343; __utma=138725551.528389796.1300624489.1300624489.1300627604.2; __utmv=138725551.|1=gender=unknown=1,; PHPSESSID=52f776710184304877da085942e36b39; mybRegTheme=Live; mybRegData=%5B%5D; POSTAff2Cookie=Live; MYB_TARGET=_unknown_1000_____

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 14:11:01 GMT
Server: Apache
Set-Cookie: PHPSESSID=52f776710184304877da085942e36b39; path=/; domain=.myyearbook.com
P3P: policyref="/w3c/p3p.xml",CP="NOI DSP COR CURa OUR STP UNI"
Cache-control: no-cache
Pragma: no-cache
Content-Length: 34456
Connection: close
Content-Type: text/html; charset=UTF-8;

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="UTF-8" xml:lang="UTF-8">
<head>
<link rel="stylesheet" href="http://assets.mybcdna.com/css/apps/reset.css?64244" />
<link rel="stylesheet" href="http://assets.mybcdna.com/css/apps/iframe.css?64244" />
<link rel="stylesheet" href="http://assets.myyearbook.com/nerve/css/nerve.css?64244" />
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject_src.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript/apps/VIP/VIP.js?64244"></script>
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript/apps/Tools/JUMP.js?64244"></script>
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript/apps/SuggestionBox.js?64244"></script>

<link rel="stylesheet" href="http://assets.mybcdna.com/css/apps/DragonDrop.css?64244" media="screen, print" />
<link rel="stylesheet" href="http://assets.mybcdna.com/css/apps/ActionIcons.css?64244" media="screen, print" />
<link rel="stylesheet" href="http://assets.mybcdna.com/css/apps/VIP/VIP.css?64244" media="screen, print" />
<link rel="stylesheet" href="http://assets.mybcdna.com/css/apps/SuggestionBox.css?64244" media="screen, print" />

<script type="text/javascript">
...[SNIP]...
<link rel="stylesheet" href="http://canvas.myyearbook.com/static/CSS/Platform/platform.css?64244" type="text/css" />
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/Plugins/myYearbook.ActionIcons/myYearbook.ActionIcons.js?64244"></script>
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/Plugins/myYearbook.DragonDrop/myYearbook.DragonDrop.js?64244"></script>
...[SNIP]...

1.115. http://canvas.myyearbook.com/static/JavaScript/Platform/platform.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://canvas.myyearbook.com
Path:	/static/JavaScript/Platform/platform.js

Issue detail

The page was loaded from a URL containing a query string:

http://canvas.myyearbook.com/static/JavaScript/Platform/platform.js?64244

The response contains the following link to another domain:

http://www.adobe.com/go/getflashplayer

Request

GET /static/JavaScript/Platform/platform.js?64244 HTTP/1.1
Host: canvas.myyearbook.com
Proxy-Connection: keep-alive
Referer: http://canvas.myyearbook.com/canvas?2e77d
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=f3640abbd1b1cdb3:T=1300624489:S=ALNI_MbrX_Emgz4sKka8nHjyRqG1O3ly8w; __utmz=138725551.1300624490.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-193244728-1300624490343; mybRegTheme=Live; mybRegData=%5B%5D; POSTAff2Cookie=Live; MYB_TARGET=_unknown_1000_____; __utma=138725551.528389796.1300624489.1300627604.1300630269.3; __utmc=138725551; __utmv=138725551.|1=gender=unknown=1,; __utmb=138725551.1.10.1300630269; PHPSESSID=52f776710184304877da085942e36b39

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 14:11:05 GMT
Server: Apache
Last-Modified: Thu, 17 Mar 2011 15:58:36 GMT
ETag: "928288-289fe-49eafbbea4300"
Accept-Ranges: bytes
Content-Length: 166398
Connection: close
Content-Type: application/x-javascript
X-Pad: avoid browser bug

var Platform={instance:null,registeredComponents:[],data:{},registerComponent:function(f,m,g){if(typeof f!=="function")throw Error('Platform.registerComponent tried to register a component for "'+g+"\
...[SNIP]...
</h3><a href="http://www.adobe.com/go/getflashplayer" target="_blank"><img src="/static/Images/Platform/160x41_Get_Flash_Player.jpg" />
...[SNIP]...

1.116. http://citi.bridgetrack.com/a/s/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://citi.bridgetrack.com
Path:	/a/s/

Issue detail

The page was loaded from a URL containing a query string:

http://citi.bridgetrack.com/a/s/?BT_PID=232720&BT_CON=1&BT_PM=1&r=0.03269890369847417&_u=visitor&_d=http://www.citibank.com

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /a/s/?BT_PID=232720&BT_CON=1&BT_PM=1&r=0.03269890369847417&_u=visitor&_d=http://www.citibank.com HTTP/1.1
Host: citi.bridgetrack.com
Proxy-Connection: keep-alive
Referer: http://www.citibank.com/us/home.htm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AdData=S1C=1&S1T=201103200834330840&S1=98866z232719; ASB9=TX=1300624474&Pb=3&A=8&SID=C2E8E8D7F02C4526A3D003F851FC1370&Vn=271&Ct=0&Pc=0&S=&Cn=1&Pd=0&T=86408&Cr=98866&W=42840&Tr=42840&Cp=4112&P=232719&B=9; CitiBT=GUID=D6034485299F45568B293696E8A5B4AE; ATV9=14114d11V54Ac1c40Gc738Fc3c8Fc30HIc2KC8cc19QOc8ccc19QOccccc; CitiBTSES=SID=AAF5C5BACDB749E3BE014D9E94D40670

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/x-javascript
Expires: Sat, 19 Mar 2011 12:34:46 GMT
Vary: Accept-Encoding
Server:
P3P: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
Set-Cookie: CitiBT=GUID=D6034485299F45568B293696E8A5B4AE; expires=Wed, 14-Mar-2012 04:00:00 GMT; path=/
Set-Cookie: AdData=S2C=1&S1=98866z232719&S1T=201103200834330840&S2T=201103200834460757&S2=95350z232720&S1C=1; expires=Thu, 19-May-2011 04:00:00 GMT; path=/
Set-Cookie: CitiBTSES=SID=AAF5C5BACDB749E3BE014D9E94D40670; path=/
Date: Sun, 20 Mar 2011 12:34:46 GMT
Connection: close
Content-Length: 2661

var bt_ad_content232720=true;
function BTWrite(s) { document.write(s); }
function BTAdClick(szURL){window.open(szURL);};var n=navigator;var h="";var fmnv=5;var fmav=10;var btf="http://citi.bridgetrack
...[SNIP]...
ash"].description.replace(/\D*(\d+)\..*/,"$1"),10);}catch(e){}for(var i=fmav;i>=0;i--){try{if(new ActiveXObject("ShockwaveFlash.ShockwaveFlash."+i)){return i;}}catch(e){}}return 0;}if(fc()>=fmnv){h+=('<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=3,0,0,0" ID=FLASH_AD WIDTH=218 HEIGHT=88>' );h+=('<PARAM NAME=movie VALUE="'+btf+'">
...[SNIP]...

1.117. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=xplusone1&_r=1

The response contains the following link to another domain:

http://d.xp1.ru4.com/um?_r=1&_o=62795&_i=52786&_u=CAESEI5EsSknUMLanxORiFU2zbg&cver=1&_r=1

Request

GET /pixel?nid=xplusone1&_r=1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://d.xp1.ru4.com/meta?_o=179638&_t=cmcont&ssv_ptnr=pm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

HTTP/1.1 302 Found
Location: http://d.xp1.ru4.com/um?_r=1&_o=62795&_i=52786&_u=CAESEI5EsSknUMLanxORiFU2zbg&cver=1&_r=1
Date: Sun, 20 Mar 2011 12:38:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 306
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://d.xp1.ru4.com/um?_r=1&_o=62795&_i=52786&_u=CAESEI5EsSknUMLanxORiFU2zbg&cver=1&_r=1">here</A>
...[SNIP]...

1.118. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=turn1

The response contains the following link to another domain:

http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEH-HQ_x4I2dNiNCm8_bY604&cver=1

Request

GET /pixel?nid=turn1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=8392341830659049202&rnd=7699189076381337126&fpid=1&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

HTTP/1.1 302 Found
Location: http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEH-HQ_x4I2dNiNCm8_bY604&cver=1
Date: Sun, 20 Mar 2011 12:38:45 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEH-HQ_x4I2dNiNCm8_bY604&cver=1">here</A>
...[SNIP]...

1.119. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=dotomi&_cbust=WH9qYVd2Q3FGAWJeBgV%2BWQlbaXsQfgZCDFxlX1ZL

The response contains the following links to other domains:

http://www.google.com/
http://www.google.com/support/bin/answer.py?answer=86640

Request

GET /pixel?nid=dotomi&_cbust=WH9qYVd2Q3FGAWJeBgV%2BWQlbaXsQfgZCDFxlX1ZL HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://usweb.dotomi.com/renderer/delPublishersCookies.html?pid=13200&rurl=http%3A%2F%2Fads.dotomi.com%2Fads.php%3Fpid%3D13200%26mtg%3D0%26ms%3D11%26btg%3D1%26mp%3D1%26dres%3Diframe%26rwidth%3D300%26rheight%3D250%26pp%3D0%26cg%3D2084%26tz%3D300&u=WH9qYVd2Q3FGAWJeBgV%2BWQlbaXsQfgZCDFxlX1ZL&mpc=0&p=13200&pcg=2084&cg=2084&o=2084
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; L2676=1.1300710919721

Response

HTTP/1.1 403 Forbidden
Content-Length: 1207
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:21:33 GMT
Server: GFE/2.0

<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"/><title>Sorry...</title><style> body { font-family: verdana, arial, sans-serif; background-color: #fff; color: #000; }</s
...[SNIP]...
<div style="margin-left: 4em;">See <a href="http://www.google.com/support/bin/answer.py?answer=86640">Google Help</a>
...[SNIP]...
<div style="text-align: center; border-top: 1px solid #dfdfdf;">© 2009 Google - <a href="http://www.google.com">Google Home</a>
...[SNIP]...

1.120. http://cms.ad.yieldmanager.net/v1/cms previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cms.ad.yieldmanager.net
Path:	/v1/cms

Issue detail

The page was loaded from a URL containing a query string:

http://cms.ad.yieldmanager.net/v1/cms?esig=1~6451b4a684f76cdc256978b3b9011cd5f8ab2361&nwid=10000358902&sigv=1

The response contains the following link to another domain:

http://cookex.amp.yahoo.com/v2/cexposer/SIG=13hpsifc8/*http:/cms.ad.yieldmanager.net/v1/cms?esig=1~6451b4a684f76cdc256978b3b9011cd5f8ab2361&nwid=10000358902&sigv=1

Request

GET /v1/cms?esig=1~6451b4a684f76cdc256978b3b9011cd5f8ab2361&nwid=10000358902&sigv=1 HTTP/1.1
Host: cms.ad.yieldmanager.net
Proxy-Connection: keep-alive
Referer: http://www.lanebryant.com/user/login.jsp?dest=%2Fuser%2Fmain.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=61

Response

HTTP/1.1 302 Found
Date: Sun, 20 Mar 2011 13:35:18 GMT
Location: http://cookex.amp.yahoo.com/v2/cexposer/SIG=13hpsifc8/*http%3A//cms.ad.yieldmanager.net/v1/cms?esig=1~6451b4a684f76cdc256978b3b9011cd5f8ab2361&nwid=10000358902&sigv=1
Cache-Control: private
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 422

The document has moved <A HREF="http://cookex.amp.yahoo.com/v2/cexposer/SIG=13hpsifc8/*http%3A//cms.ad.yieldmanager.net/v1/cms?esig=1~6451b4a684f76cdc256978b3b9011cd5f8ab2361&nwid=10000358902&sigv=1">here</A>
...[SNIP]...

1.121. http://cms.ad.yieldmanager.net/v1/cms previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cms.ad.yieldmanager.net
Path:	/v1/cms

Issue detail

The page was loaded from a URL containing a query string:

http://cms.ad.yieldmanager.net/v1/cms?esig=1~6451b4a684f76cdc256978b3b9011cd5f8ab2361&nwid=10000358902&sigv=1&SIG=10vccidpm;x-cookie=6y13i316yau2y&o=4&f=8v

The response contains the following link to another domain:

http://admonkey.dapper.net/RMXCookieMonster?xid=UxCi9UcoAkFL11OKlcXS1.7k

Request

GET /v1/cms?esig=1~6451b4a684f76cdc256978b3b9011cd5f8ab2361&nwid=10000358902&sigv=1&SIG=10vccidpm;x-cookie=6y13i316yau2y&o=4&f=8v HTTP/1.1
Host: cms.ad.yieldmanager.net
Proxy-Connection: keep-alive
Referer: http://www.lanebryant.com/user/login.jsp?dest=%2Fuser%2Fmain.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=61

Response

HTTP/1.1 302 Found
Date: Sun, 20 Mar 2011 13:35:22 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=78;path=/; expires=Tue, 02-Jun-2037 20:00:00 GMT;domain=.yieldmanager.net
Set-Cookie: S=s=729j1dp6oc0kq&t=1300628122;path=/; expires=
Location: http://admonkey.dapper.net/RMXCookieMonster?xid=UxCi9UcoAkFL11OKlcXS1.7k
Cache-Control: private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 790

HTTP/1.1 302 Found
Date: Sun, 20 Mar 2011 13:35:22 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PU
...[SNIP]...
monkey.dapper.net/RMXCookieMonster?xid=UxCi9UcoAkFL11OKlcXS1.7k
Cache-Control: private
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

The document has moved <A HREF="http://admonkey.dapper.net/RMXCookieMonster?xid=UxCi9UcoAkFL11OKlcXS1.7k">here</A>
...[SNIP]...

1.122. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1700

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1700\x26title\x3dEmployee+Free+Choice+Act+or+100%25+Unionization+Act
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1700\x26title\x3dEmployee Free Choice Act or 100% Unionization Act

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1700 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:23 GMT
Expires: Sun, 20 Mar 2011 13:06:23 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1222

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1700\x26title\x3dEmployee+Free+Choice+Act+or+100%25+Unionization+Act" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1700\x26title\x3dEmployee Free Choice Act or 100% Unionization Act">Stumble It!</a>
...[SNIP]...

1.123. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1686

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1686\x26title\x3dWhy+Hollywood+Cooling+on+Obama+Is+Good+for+the+President
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1686\x26title\x3dWhy Hollywood Cooling on Obama Is Good for the President

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1686 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:22 GMT
Expires: Sun, 20 Mar 2011 13:06:22 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1234

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1686\x26title\x3dWhy+Hollywood+Cooling+on+Obama+Is+Good+for+the+President" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1686\x26title\x3dWhy Hollywood Cooling on Obama Is Good for the President">Stumble It!</a>
...[SNIP]...

1.124. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1672

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1672\x26title\x3dMiddle+Class+Is+Shrinking%3A+Who+Is+to+Blame%3F
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1672\x26title\x3dMiddle Class Is Shrinking: Who Is to Blame?

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1672 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:24 GMT
Expires: Sun, 20 Mar 2011 13:06:24 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1212

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1672\x26title\x3dMiddle+Class+Is+Shrinking%3A+Who+Is+to+Blame%3F" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1672\x26title\x3dMiddle Class Is Shrinking: Who Is to Blame?">Stumble It!</a>
...[SNIP]...

1.125. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1689

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1689\x26title\x3dWhy+GOP+Is+Right+%28and+Stupid%29+on+the+Youth+Vote
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1689\x26title\x3dWhy GOP Is Right (and Stupid) on the Youth Vote

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1689 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:22 GMT
Expires: Sun, 20 Mar 2011 13:06:22 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1220

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1689\x26title\x3dWhy+GOP+Is+Right+%28and+Stupid%29+on+the+Youth+Vote" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1689\x26title\x3dWhy GOP Is Right (and Stupid) on the Youth Vote">Stumble It!</a>
...[SNIP]...

1.126. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1693

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1693\x26title\x3d3+Recent+Taxation+Drawbacks%2C+or+Why+Politicians+Are+the+Dumbest+People+on+Earth
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1693\x26title\x3d3 Recent Taxation Drawbacks, or Why Politicians Are the Dumbest People on Earth

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1693 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:22 GMT
Expires: Sun, 20 Mar 2011 13:06:22 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1282

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1693\x26title\x3d3+Recent+Taxation+Drawbacks%2C+or+Why+Politicians+Are+the+Dumbest+People+on+Earth" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1693\x26title\x3d3 Recent Taxation Drawbacks, or Why Politicians Are the Dumbest People on Earth">Stumble It!</a>
...[SNIP]...

1.127. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1679

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1679\x26title\x3dMuammer+Gaddafi%3A+What+to+Do%2C+What+to+Do%3F
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1679\x26title\x3dMuammer Gaddafi: What to Do, What to Do?

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1679 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:24 GMT
Expires: Sun, 20 Mar 2011 13:06:24 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1208

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1679\x26title\x3dMuammer+Gaddafi%3A+What+to+Do%2C+What+to+Do%3F" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1679\x26title\x3dMuammer Gaddafi: What to Do, What to Do?">Stumble It!</a>
...[SNIP]...

1.128. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1669

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1669\x26title\x3dObama+Proposes+%2489+Billion+Cuts+in+Education+Spending
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1669\x26title\x3dObama Proposes $89 Billion Cuts in Education Spending

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1669 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:24 GMT
Expires: Sun, 20 Mar 2011 13:06:24 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1230

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1669\x26title\x3dObama+Proposes+%2489+Billion+Cuts+in+Education+Spending" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1669\x26title\x3dObama Proposes $89 Billion Cuts in Education Spending">Stumble It!</a>
...[SNIP]...

1.129. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1683

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1683\x26title\x3dClean+Water+Cuts%3A+Didn%E2%80%99t+Really+Need+That+Anyway
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1683\x26title\x3dClean Water Cuts: Didn\u2019t Really Need That Anyway

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1683 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:13:11 GMT
Expires: Sun, 20 Mar 2011 13:13:11 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1233

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1683\x26title\x3dClean+Water+Cuts%3A+Didn%E2%80%99t+Really+Need+That+Anyway" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1683\x26title\x3dClean Water Cuts: Didn\u2019t Really Need That Anyway">Stumble It!</a>
...[SNIP]...

1.130. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1676

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1676\x26title\x3dGallup+Shows+Democrat+States+Cut+in+Half+Over+2+Years%3A+Why%3F
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1676\x26title\x3dGallup Shows Democrat States Cut in Half Over 2 Years: Why?

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1676 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:24 GMT
Expires: Sun, 20 Mar 2011 13:06:24 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1244

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1676\x26title\x3dGallup+Shows+Democrat+States+Cut+in+Half+Over+2+Years%3A+Why%3F" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1676\x26title\x3dGallup Shows Democrat States Cut in Half Over 2 Years: Why?">Stumble It!</a>
...[SNIP]...

1.131. http://feeds.feedburner.com/~s/politicaldisgust previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/~s/politicaldisgust

Issue detail

The page was loaded from a URL containing a query string:

http://feeds.feedburner.com/~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1697

The response contains the following links to other domains:

http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1697\x26title\x3dWhy+the+Country+Is+Softening+on+Gay+Marriage
http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1697\x26title\x3dWhy the Country Is Softening on Gay Marriage

Request

GET /~s/politicaldisgust?i=http://www.politicaldisgust.com/?p=1697 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sun, 20 Mar 2011 13:06:22 GMT
Expires: Sun, 20 Mar 2011 13:06:22 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1210

document.write('<p class="feedburnerFlareBlock">');
document.write('<a href="http://digg.com/submit?phase\x3d2\x26partner\x3dfb\x26url\x3dhttp%3A%2F%2Fwww.politicaldisgust.com%2F%3Fp%3D1697\x26title\x3dWhy+the+Country+Is+Softening+on+Gay+Marriage" class="first">Digg This!</a>
...[SNIP]...
</span><a href="http://www.stumbleupon.com/submit?url\x3dhttp://www.politicaldisgust.com/?p\x3d1697\x26title\x3dWhy the Country Is Softening on Gay Marriage">Stumble It!</a>
...[SNIP]...

1.132. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityi;src=998766;type=tmobi838;cat=tmobi392;ord=4678929757792.503?

The response contains the following links to other domains:

http://a.tribalfusion.com/i.cid?c=191233&d=30&page=landingPage
http://action.media6degrees.com/orbserv/hbpix?pixId=5841&pcv=53
http://ad.trafficmp.com/a/bpix?adv=100&id=10&format=image&r=
http://ad.trafficmp.com/a/bpix?adv=100&id=2&format=image&r=
http://ads.bluelithium.com/pixel?id=1146583&t=2
http://ads.bluelithium.com/pixel?id=1195402&t=2
http://bp.specificclick.net/?pixid=99010384
http://conv.opt.fimserve.com/conv/1345/?
http://leadback.advertising.com/adcedge/lb?site=695501&betr=tmobilex_cs=[+]1[720],3[8760],4[168]
http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=tmowinterwindow_cs=1&betq=13027=434822
http://media.fastclick.net/w/tre?ad_id=24328;evt=17076;cat1=21132;cat2=21133;rand=[CACHEBUSTER]
http://mnis.secure-adserver.com/Segment.aspx?sid=61362ed2-6fb8-4041-a343-55e9bd1a1600
http://pixel.quantserve.com/pixel/p-e5k6DM2VGVzao.gif?labels=_fp.event.T-Mobile+Homepage
http://segment-pixel.invitemedia.com/pixel?pixelID=18848&partnerID=77&clientID=1969&key=segment
http://redcated/action/MMN_DR_TMobile_Shop_Unsecure
http://redcated/action/MMN_TMobile_Affordability_Landing_Unsecure

Request

GET /activityi;src=998766;type=tmobi838;cat=tmobi392;ord=4678929757792.503? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.t-mobile.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Sun, 20 Mar 2011 12:35:18 GMT
Expires: Sun, 20 Mar 2011 12:35:18 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 4054

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="http://ad.doubleclick.net/activity;src=1379696;dcnet=4155;boom=40089;sz=1x1;ord=1?"width=1 height=1 border=0><img src="http://segment-pixel.invitemedia.com/pixel?pixelID=18848&partnerID=77&clientID=1969&key=segment" width="1" height="1" /><img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=tmowinterwindow_cs=1&betq=13027=434822" width = "1" height = "1" border = "0"><img width="1" height="1" src="http://action.media6degrees.com/orbserv/hbpix?pixId=5841&pcv=53" />
...[SNIP]...
</script> <img src="http://leadback.advertising.com/adcedge/lb?site=695501&betr=tmobilex_cs=[+]1[720],3[8760],4[168]" width="1" height="1" /><img src="http://mnis.secure-adserver.com/Segment.aspx?sid=61362ed2-6fb8-4041-a343-55e9bd1a1600" width="1" height="1" /><img width=1 height=1 border=0 src="http://ad.trafficmp.com/a/bpix?adv=100&id=10&format=image&r="><img height="1" width="1" src="http://view.atdmt.com/action/MMN_TMobile_Affordability_Landing_Unsecure"/><img src="http://ads.bluelithium.com/pixel?id=1146583&t=2" width="1" height="1" /><img src='http://a.tribalfusion.com/i.cid?c=191233&d=30&page=landingPage' width='1' height='1' border='0'><noscript>
<img src="http://pixel.quantserve.com/pixel/p-e5k6DM2VGVzao.gif?labels=_fp.event.T-Mobile+Homepage" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript><img width=1 height=1 border=0 src="http://ad.trafficmp.com/a/bpix?adv=100&id=2&format=image&r="><IMG SRC="http://bp.specificclick.net?pixid=99010384" width=0 height=0 border=0><img height="1" width="1" src="http://view.atdmt.com/action/MMN_DR_TMobile_Shop_Unsecure"/><img src="http://media.fastclick.net/w/tre?ad_id=24328;evt=17076;cat1=21132;cat2=21133;rand=[CACHEBUSTER]" width="1" height="1" border="0"><img src="http://ads.bluelithium.com/pixel?id=1195402&t=2"; width="1" height="1" /><script language='javascript'>
...[SNIP]...
<noscript> <img src="http://conv.opt.fimserve.com/conv/1345/?"; width="1" height="1" border="0"> </noscript>
...[SNIP]...

1.133. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityi;src=1803375;type=t-mob207;cat=t-moc188;ord=5131071771029.383?

The response contains the following links to other domains:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=2452&token=TMHS1
http://redcated/action/Tmobile_Espanol_Homepage

Request

GET /activityi;src=1803375;type=t-mob207;cat=t-moc188;ord=5131071771029.383? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.t-mobile.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Sun, 20 Mar 2011 13:03:11 GMT
Expires: Sun, 20 Mar 2011 13:03:11 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 643

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=2452&token=TMHS1" width="1" height="1" border="0">
...[SNIP]...
<img height="1" width="1" src="http://view.atdmt.com/action/Tmobile_Espanol_Homepage"/></body>
...[SNIP]...

1.134. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2332856072838068&format=728x90_as&output=html&h=90&w=728&lmt=1300645740&channel=Blog728Image&ad_type=text_image&color_bg=FFFFFF&color_border=FFFFFF&color_link=4A6751&color_text=000000&color_url=B35A1E&flash=10.2.154&url=http%3A%2F%2Fwww.woot.com%2FForums%2F&dt=1300627740399&bpp=3&shv=r20110315&jsv=r20110317&correlator=1300627740639&frm=0&adk=453380111&ga_vid=473007276.1300627741&ga_sid=1300627741&ga_hid=602886886&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1096&bih=916&fu=0&ifi=1&dtd=506&xpc=A6InmP8TQy&p=http%3A//www.woot.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.woot.com/Forums/%26hl%3Den%26client%3Dca-pub-2332856072838068%26adU%3Dwww.networksolutions.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNGK6je6BfIIlJV19KGGKez0Ftw0Ag

Request

GET /pagead/ads?client=ca-pub-2332856072838068&format=728x90_as&output=html&h=90&w=728&lmt=1300645740&channel=Blog728Image&ad_type=text_image&color_bg=FFFFFF&color_border=FFFFFF&color_link=4A6751&color_text=000000&color_url=B35A1E&flash=10.2.154&url=http%3A%2F%2Fwww.woot.com%2FForums%2F&dt=1300627740399&bpp=3&shv=r20110315&jsv=r20110317&correlator=1300627740639&frm=0&adk=453380111&ga_vid=473007276.1300627741&ga_sid=1300627741&ga_hid=602886886&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1096&bih=916&fu=0&ifi=1&dtd=506&xpc=A6InmP8TQy&p=http%3A//www.woot.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; L2676=1.1300710919721

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 20 Mar 2011 13:41:40 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block
Content-Length: 2742

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><IFRAME SRC="http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googlead
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.woot.com/Forums/%26hl%3Den%26client%3Dca-pub-2332856072838068%26adU%3Dwww.networksolutions.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNGK6je6BfIIlJV19KGGKez0Ftw0Ag" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

1.135. http://ib.adnxs.com/acb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/acb

Issue detail

The page was loaded from a URL containing a query string:

http://ib.adnxs.com/acb?member=311&width=728&height=90&pb=300&cb=1958835&referrer=

The response contains the following link to another domain:

http://redcated/ADO/view/278612728/direct;wi.1;hi.1/01

Request

GET /acb?member=311&width=728&height=90&pb=300&cb=1958835&referrer= HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/hserver/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: acb217693=5_[r^kI/7ZsKwYn20/dRQ#LFv?enc=q6qqqqqqCkAAAAAAAAAIQAAAAAAAAAhAUbgehetRD0BmZmZmZmYRQGhgmDM5kQxGvNv2i6g_Cj5M9IVNAAAAAPA7AwA3AQAANQEAAAIAAAAK6wEAy10AAAEAAABVU0QAVVNEANgCWgCfGAAAAgkBAgUCAAUAAAAAZhuLjQAAAAA.&tt_code=cm.mtv&udj=uf%28%27a%27%2C+436%2C+1300624460%29%3Buf%28%27c%27%2C+1495%2C+1300624460%29%3Buf%28%27r%27%2C+125706%2C+1300624460%29%3Bppv%28658%2C+%275047568957240270952%27%2C+1300624460%2C+1301920460%2C+1495%2C+24011%29%3B&cnd=!MxRwEwjXCxCK1gcYACDLuwEoADFmZmZmZmYRQEITCAAQABgAIAEo_v__________AUgAUABYnzFgAGi1Ag..; sess=1; icu=ChEIs34QChgBIAEoATDM6JfsBBDM6JfsBBgA; acb697950=5_[r^208WMsKwYn20/dRQ#LFv?enc=q6qqqqqqCkAAAAAAAAAIQAAAAAAAAAhAUbgehetRD0BmZmZmZmYRQBD_V-7IrodtvNv2i6g_Cj5M9IVNAAAAAPA7AwA3AQAANQEAAAIAAAAP6wEAy10AAAEAAABVU0QAVVNEACwB-gCqFAAANAYBAgUCAAUAAAAAox1UPAAAAAA.&tt_code=cm.mtv&udj=uf%28%27a%27%2C+436%2C+1300624460%29%3Buf%28%27c%27%2C+1495%2C+1300624460%29%3Buf%28%27r%27%2C+125711%2C+1300624460%29%3Bppv%28658%2C+%277892469050005520144%27%2C+1300624460%2C+1301920460%2C+1495%2C+24011%29%3B&cnd=!OxSWFAjXCxCP1gcYACDLuwEoADFmZmZmZmYRQEITCAAQABgAIAEo_v__________AUgAUABYqilgAGi1Ag..; uuid2=4470455573253905340; anj=Kfw)m=m<8a)J7/OYr/'s=IwLU:$!UVASc>b?VIGE-N>UxOFRGr+YZ/FWNPLa6Bh9N?dv<eGA^d20uuJH/WLU-8t]Rv8(d4JJF/w:>DGr6rk41RgoZ*smVn:65s/UfZ1@>PiKfNerAIUr'2H4t8[M)4d2dvvPF$9o9++d4dySu*UHq3J8D]72n7FWvwRm7ymPwWuOn>Gj*L-CQ(0*kBs`m+(J0h%d7I*'nCR<y*iNU^Xb3G$W[g1zyDyqD/G7:gIb_'<mbJO@]Lred+Khf#0rO%^zuSU=%+y>PISEGOgn'7]jKU=n6-[hp+.._vyS57[0>ZkT5rjcqt=B=*z::$Ttv_G1*ohEc.?86_5dh>z+qG'TN-MGTl3M0:xto340:@KROI9[%y+=[bX>^BPQs3I8h7>XWjFBJ!!Bp>+-vHV^]nna`E?J3pkqePGS@IeL[=)n#WHcEB[meAr+vGF*agbW>PiuHpQ)X5n2k^hWH%9.*Q-jLf(uB14rBS/[@Iv?>J+s4<i-I1MCsIUb%5gkSeU`9/n1L6F0Jc@pmLC909x!rPw[<DsJ'NB15>SyA`)hq$W]n><h32LYK`2Nm2dvyF[V).u9QB+pj:HN/!%C^(!sUyI76!_Xb_Iu5(aFf3!a[#oOr*hBAc>5r:uaS?XC5s=RwE/Zwb:7I5j>1Mz(m3JU

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 21-Mar-2011 12:35:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4470455573253905340; path=/; expires=Sat, 18-Jun-2011 12:35:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb217693=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: uuid2=4470455573253905340; path=/; expires=Sat, 18-Jun-2011 12:35:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)mCZ#-r-!gzo>[kYTDmttkPca(V@/-5')OxxeV9l(T.NP!VQ*WxW8/AFd*uhL02T<DWLF=BsI%D@!OdH1zQs$UMud-Eh?sa'dqck(st3''KvohV@mP#_RKKm7@Z0r]ViD'sGrGuqI5$2LF<*fzhd2g8/Q_@CuwFz7dQT'!<c2TTAvhUnB#bx:l*%C=Hp(kQD(GLB?eA<KpRnzj9%KWGr^c$7s5n8=]+*UXW1A*u7'AW5q@QMN/QR@8>VM29jc[1)gCMa^An4d#E-hRp2UQA@asZ'sO*v>F3+w*x!NJGBK-cHou>7crTZw3q4(=t%W!j*1p#my5X!q#w6QvMP45d#I6eSpajwM0w_qgFc$7^XCMh+aC-Zp()FMzniQ)!=EOMc`TiQgJeA]EI3/]BEqxY3TGVFBFdm1Mb2V%dDGJhj:KPYB=a.8O+Dno3hTPTO+I2I`nv!Cc<Bjem)?.RJ%.IY%dA/egn2_@H>x9x5msI6M%PVse@J=L=?I?!urUvLxTt#X!rwk3Mt8:YrBc?[0LD'SMN!2t[CIf^H%jodr^N/HA?HRruC<d#Wp`_Eb]Y87XW@2`wlo37Uy)ybWng5S1#q0c%T+b_3BJX87R[7jJjWa0A?mY>a?P%O!]H.6-_>K^MiMP+=`bJcVn-fk*^N^FSF]UZYyo2b::nAN.v<lOH%]./>xn:; path=/; expires=Sat, 18-Jun-2011 12:35:12 GMT; domain=.adnxs.com; HttpOnly
Date: Sun, 20 Mar 2011 12:35:12 GMT
Content-Length: 646

<a href="http://ib.adnxs.com/click/q6qqqqqqCkAAAAAAAAAIQAAAAAAAAAhAUbgehetRD0BmZmZmZmYRQGhgmDM5kQxGvNv2i6g_Cj5M9IVNAAAAAPA7AwA3AQAANQEAAAIAAAAK6wEAy10AAAEAAABVU0QAVVNEANgCWgCfGAAAAgkBAQUCAAUAAAAAZRt6j
...[SNIP]...
</a><img src="http://view.atdmt.com/ADO/view/278612728/direct;wi.1;hi.1/01" width="1" height="1"/>

1.136. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The page was loaded from a URL containing a query string:

http://ib.adnxs.com/ptj?member=311&inv_code=cm.mtv&size=300x250&referrer=http%3A%2F%2Fredcated%2FPTR%2Fiview%2F240321409%2Fdirect%3Bwi.1%3Bhi.1%2F01%3Frelocate%3Dhttp%3A%2F%2Fviacom.adbureau.net%2FAFTRSERVER%2Fhserver%2Fheight%3D250%2Fwidth%3D300%2Fsite%3DSW.NOL%2Faamsz%3D300X250%2FNCP%3D1%2F&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.mtv%2Fgames_010111%3Bnet%3Dcm%3Bu%3D%2Ccm-81541724_1300624460%2C11e4f07c0988ac7%2Cmusic%2Cax.{PRICEBUCKET}-am.bk-cm.sportsreg-cm.sports_m-cm.ent_m-qc.ac-ex.6-bz.30-bz.51-bz.25-bz.ab-bz.ae-wfm.difi_h-iblocal.sports_h%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D928696%3Bcontx%3Dmusic%3Ban%3D{PRICEBUCKET}%3Bdc%3Dd%3Bbtg%3Dam.bk%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sports_m%3Bbtg%3Dcm.ent_m%3Bbtg%3Dqc.ac%3Bbtg%3Dex.6%3Bbtg%3Dbz.30%3Bbtg%3Dbz.51%3Bbtg%3Dbz.25%3Bbtg%3Dbz.ab%3Bbtg%3Dbz.ae%3Bbtg%3Dwfm.difi_h%3Bbtg%3Diblocal.sports_h%3Bord%3D%5Btimestamp%5D%3F

The response contains the following link to another domain:

http://redcated/iaction/adoapn_AppNexusDemoActionTag_1

Request

GET /ptj?member=311&inv_code=cm.mtv&size=300x250&referrer=http%3A%2F%2Fredcated%2FPTR%2Fiview%2F240321409%2Fdirect%3Bwi.1%3Bhi.1%2F01%3Frelocate%3Dhttp%3A%2F%2Fviacom.adbureau.net%2FAFTRSERVER%2Fhserver%2Fheight%3D250%2Fwidth%3D300%2Fsite%3DSW.NOL%2Faamsz%3D300X250%2FNCP%3D1%2F&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.mtv%2Fgames_010111%3Bnet%3Dcm%3Bu%3D%2Ccm-81541724_1300624460%2C11e4f07c0988ac7%2Cmusic%2Cax.{PRICEBUCKET}-am.bk-cm.sportsreg-cm.sports_m-cm.ent_m-qc.ac-ex.6-bz.30-bz.51-bz.25-bz.ab-bz.ae-wfm.difi_h-iblocal.sports_h%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D928696%3Bcontx%3Dmusic%3Ban%3D{PRICEBUCKET}%3Bdc%3Dd%3Bbtg%3Dam.bk%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sports_m%3Bbtg%3Dcm.ent_m%3Bbtg%3Dqc.ac%3Bbtg%3Dex.6%3Bbtg%3Dbz.30%3Bbtg%3Dbz.51%3Bbtg%3Dbz.25%3Bbtg%3Dbz.ab%3Bbtg%3Dbz.ae%3Bbtg%3Dwfm.difi_h%3Bbtg%3Diblocal.sports_h%3Bord%3D%5Btimestamp%5D%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/AFTRSERVER/hserver//height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1//ATCI=1297806090-11017856
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIItpsBEAoYASABKAEw3ufQ6wQQ3ufQ6wQYAA..; sess=1; uuid2=4470455573253905340; anj=Kfw)m=m<8a)J7/OYqA#I@e#eDE9=Py:WS'3:BpJ.3fNiVPfcBe9rn1aB/6H+D$XQ0gx^1'AYU`UR#oFwfHf%DH8<[[cjKwVBm*M(iqWjevsQZEt2q0oL5%0EmxK8z2_PCO6pHErdvz5r0KUET%2<YsAO_Z^s7PsD.>Bm?LyU?iq#_wUDqCS^'gH:aWk1QkZr6:NkA2]h$E7O+bJO6RMsO?dwCP@fx7k2x+rZE:PcvYUUGK<b$=!46J5RBmG!KCMY3qw<0ZsO.7m1@@J]dT?uqgHUeujm#J[F3Ic)xI:0h.IrKwLp@!nRoTs9TR.KV0HC-[aN-S.NM-..^QiGWP:tHK@c>eYPr`^5Ez$b+OpujL=?PpFw%0J9dl#KGP_e=!l<xtx<iM2697EY!itEF@@(y(ew>uw@1C]7=d?aFBLGcu`?E^7SP%Pq^pjR[>f'usl[sr#mFs%A#Lz4QOW2zZJM5$Xa2uAI<vpl^wyj]osr1=p(^NeLkR>kk*LRe'P4Y8XBZmVMx(bWFBNIBvZETU#!TWNP0xe^?..iZm#rpSqZ/9B<]t%dHA:JoO9O^4*(3[<uLv.R>7qZoqCw#Ng`=CV?vZuNc^A.l71pRb`8uQE!LK7!*Sb!Z-fE_Q(-A`z#bqz'6L)GTEX1YmmjQR+Jf!Mdu<9X_F5%v[KR(M^QzXCCpr%kkr]%b$

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 21-Mar-2011 12:34:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4470455573253905340; path=/; expires=Sat, 18-Jun-2011 12:34:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChEIs34QChgBIAEoATDM6JfsBBDM6JfsBBgA; path=/; expires=Sat, 18-Jun-2011 12:34:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb697950=5_[r^208WMsKwYn20/dRQ#LFv?enc=q6qqqqqqCkAAAAAAAAAIQAAAAAAAAAhAUbgehetRD0BmZmZmZmYRQBD_V-7IrodtvNv2i6g_Cj5M9IVNAAAAAPA7AwA3AQAANQEAAAIAAAAP6wEAy10AAAEAAABVU0QAVVNEACwB-gCqFAAANAYBAgUCAAUAAAAAox1UPAAAAAA.&tt_code=cm.mtv&udj=uf%28%27a%27%2C+436%2C+1300624460%29%3Buf%28%27c%27%2C+1495%2C+1300624460%29%3Buf%28%27r%27%2C+125711%2C+1300624460%29%3Bppv%28658%2C+%277892469050005520144%27%2C+1300624460%2C+1301920460%2C+1495%2C+24011%29%3B&cnd=!OxSWFAjXCxCP1gcYACDLuwEoADFmZmZmZmYRQEITCAAQABgAIAEo_v__________AUgAUABYqilgAGi1Ag..; path=/; expires=Mon, 21-Mar-2011 12:34:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4470455573253905340; path=/; expires=Sat, 18-Jun-2011 12:34:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)m=m<8a)J7/OYr/'s=IwLU:$!UVASc>b?VIGE-N>UxOFRGr+YZ/FWNPLa6Bh9N?dv<eGA^d20uuJH/WLU-8t]Rv8(d4JJF/w:>DGr6rk41RgoZ*smVn:65s/UfZ1@>PiKfNerAIUr'2H4t8[M)4d2dvvPF$9o9++d4dySu*UHq3J8D]72n7FWvwRm7ymPwWuOn>Gj*L-CQ(0*kBs`m+(J0h%d7I*'nCR<y*iNU^Xb3G$W[g1zyDyqD/G7:gIb_'<mbJO@]Lred+Khf#0rO%^zuSU=%+y>PISEGOgn'7]jKU=n6-[hp+.._vyS57[0>ZkT5rjcqt=B=*z::$Ttv_G1*ohEc.?86_5dh>z+qG'TN-MGTl3M0:xto340:@KROI9[%y+=[bX>^BPQs3I8h7>XWjFBJ!!Bp>+-vHV^]nna`E?J3pkqePGS@IeL[=)n#WHcEB[meAr+vGF*agbW>PiuHpQ)X5n2k^hWH%9.*Q-jLf(uB14rBS/[@Iv?>J+s4<i-I1MCsIUb%5gkSeU`9/n1L6F0Jc@pmLC909x!rPw[<DsJ'NB15>SyA`)hq$W]n><h32LYK`2Nm2dvyF[V).u9QB+pj:HN/!%C^(!sUyI76!_Xb_Iu5(aFf3!a[#oOr*hBAc>5r:uaS?XC5s=RwE/Zwb:7I5j>1Mz(m3JU; path=/; expires=Sat, 18-Jun-2011 12:34:20 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Sun, 20 Mar 2011 12:34:20 GMT
Content-Length: 757

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.mtv/games_010111;net=cm;u=,cm-81541724_1300624460,11e4f07c0988ac7,music,ax.300-am.bk-cm.sportsreg-cm.sports_m-cm.
...[SNIP]...
</scr'+'ipt>');document.write('<iframe src="http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...

1.137. http://mnis.secure-adserver.com/Segment.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mnis.secure-adserver.com
Path:	/Segment.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://mnis.secure-adserver.com/Segment.aspx?sid=61362ed2-6fb8-4041-a343-55e9bd1a1600

The response contains the following link to another domain:

https://a1.interclick.com/Segment.aspx?sid=61362ed2-6fb8-4041-a343-55e9bd1a1600

Request

GET /Segment.aspx?sid=61362ed2-6fb8-4041-a343-55e9bd1a1600 HTTP/1.1
Host: mnis.secure-adserver.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=998766;type=tmobi838;cat=tmobi392;ord=4678929757792.503?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Redirect
Content-Type: text/html; charset=UTF-8
Location: https://a1.interclick.com/Segment.aspx?sid=61362ed2-6fb8-4041-a343-55e9bd1a1600
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 20 Mar 2011 13:06:58 GMT
Content-Length: 202

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="https://a1.interclick.com/Segment.aspx?sid=61362ed2-6fb8-4041-a343-55e9bd1a1600">here</a></bod
...[SNIP]...

1.138. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/404157670@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/404157670@Bottom3

Issue detail

The page was loaded from a URL containing a query string:

http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/404157670@Bottom3?_RM_HTML_MM_=150105055115150005515

The response contains the following link to another domain:

http://imagen01.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/404157670@Bottom3?_RM_HTML_MM_=150105055115150005515 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801i4doAAvyI; BCN2010110741=1; S247S=1; RMFL=011Pxp1fU10KeT; NXCLICK2=011Pxp1fNX_TRACK_Nationalgeographic/Retarget_Natgeorealhomepage_Nonsecure!y!B3!KeT!ppm3; RMFD=011Q1HsmO1016kC|O1016oi|O1016oj|O1016x1|O10170Y

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:10:04 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 355
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sun, 20-Mar-2011 13:11:04 GMT;path=/;httponly

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure/1759597933/Bottom3/default/empty.gif/726348573830316934646f4141767949?_RM_HTML_MM_=150105055115150005515" target="_top"><IMG SRC="http://imagen01.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>

1.139. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/766798645@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/766798645@Bottom3

Issue detail

The page was loaded from a URL containing a query string:

http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/766798645@Bottom3?_RM_HTML_MM_=150105055115150005515

The response contains the following link to another domain:

http://imagen01.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/766798645@Bottom3?_RM_HTML_MM_=150105055115150005515 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801i4doAAvyI; BCN2010110741=1; S247S=1; RMFL=011Pxp1fU10KeT; NXCLICK2=011Pxp1fNX_TRACK_Nationalgeographic/Retarget_Natgeorealhomepage_Nonsecure!y!B3!KeT!ppm3; RMFD=011Q1HsmO1016kC|O1016oi|O1016oj|O1016x1|O10170Y

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:10:06 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 355
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e3145525d5f4f58455e445a4a423660;expires=Sun, 20-Mar-2011 13:11:06 GMT;path=/;httponly

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure/1745878690/Bottom3/default/empty.gif/726348573830316934646f4141767949?_RM_HTML_MM_=150105055115150005515" target="_top"><IMG SRC="http://imagen01.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>

1.140. http://rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:

http://rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&PG=VUSSH3&AP=1089&accyyyrandom=3572382&aamst=swzzznol&aamsz=300x250&AXW=300&AXH=250

The response contains the following links to other domains:

http://clk.redcated/CNT/go/302593025/direct;pc.106141155;wi.300;hi.250/01/
http://redcated/CNT/iview/302593025/direct;pc.106141155;wi.300;hi.250/01?click=
http://redcated/CNT/view/302593025/direct;pc.106141155;wi.300;hi.250/01/

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&PG=VUSSH3&AP=1089&accyyyrandom=3572382&aamst=swzzznol&aamsz=300x250&AXW=300&AXH=250 HTTP/1.1
Host: rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC01=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC05=FB=; FC06=FB=; FC07=FB=; FC08=FB=; FC09=FB=; MC1=V=3&GUID=1593e55bc6bd4a6fa24e1aa0798f062a; mh=MSFT; CC=US; CULTURE=EN-US; expid=id=2f286e706b7d43c2be7bbf23323df6c5&bd=2011-01-01T01:18:30.906&v=2; Sample=86; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; SRCHHPGUSR=AS=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 2456
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: FC06=FB=AgEAkg7i5pAB; expires=Tue, 19-Mar-2013 12:00:00 GMT; domain=.rad.msn.com; path=/; HttpOnly
X-RADID: P8442883-T41833464-C54000000000033242
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sun, 20 Mar 2011 13:01:18 GMT
Content-Length: 2456

//<![CDATA[
function getRADIds() { return{"adid":"54000000000033242","pid":"8442883","targetid":"41833464"};} if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 300, 250);if(pare
...[SNIP]...
</html>';ifrm.src = "javascript:void(document.write('" + s + "'));";}function renderAd_1644906639() {var adCode_1644906639=new Array();adCode_1644906639.push('<iframe src="http://view.atdmt.com/CNT/iview/302593025/direct;pc.106141155;wi.300;hi.250/01?click=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">\n');adCode_1644906639.push('<scr'+'ipt language="JavaScript" type="text/javascript">\n');adCode_1644906639.push('document.write(\'<a href="http://clk.atdmt.com/CNT/go/302593025/direct;pc.106141155;wi.300;hi.250/01/" target="_blank"><img src="http://view.atdmt.com/CNT/view/302593025/direct;pc.106141155;wi.300;hi.250/01/"/></a>
...[SNIP]...

1.141. http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rotator.adjuggler.com
Path:	/servlet/ajrotator/1007517/0/vh

Issue detail

The page was loaded from a URL containing a query string:

http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=

The response contains the following link to another domain:

http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587

Request

GET /servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click= HTTP/1.1
Host: rotator.adjuggler.com
Proxy-Connection: keep-alive
Referer: http://therugged.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ajess1_ADC1D6F36B45B656C8BC8A09=a; ajcmp=2023xy_39lD003AOp

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache, no-store
Expires: Tue, 01 Jan 2000 00:00:00 GMT
P3P: policyref="http://rotator.adjuggler.com:80/p3p/RotatorPolicyRef.xml", CP="NOI DSP COR CURa DEVa TAIa OUR SAMa NOR STP NAV STA LOC"
Set-Cookie: ajcmp=2023xy_39lD36Jz003Ic0; Expires=Tue, 19-Mar-2013 12:59:12 GMT; Path=/
Content-Type: text/html
Content-Length: 275
Date: Sun, 20 Mar 2011 12:59:12 GMT
Connection: close


<IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=728 HEIGHT=90 SRC="http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587"></IFRAME>
...[SNIP]...

1.142. http://showads.pubmatic.com/AdServer/AdServerServlet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://showads.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The page was loaded from a URL containing a query string:

http://showads.pubmatic.com/AdServer/AdServerServlet?operId=2&pubId=26436&siteId=26437&adId=21306&kadwidth=300&kadheight=250&prevkadIds=21304&kbgColor=ffffff&ktextColor=000000&klinkColor=FFFFFF&pageURL=http://www.woot.com/&frameName=http_www_woot_comkomli_ads_frame22643626437&kltstamp=2011-2-20%207%3A34%3A44&ranreq=0.6170628282707185&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=458x450&adVisibility=1

The response contains the following links to other domains:

http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82NjQ5MDU0NzkyOTkyMTg5Mi8xMDk2NzUvMTAyMTc0LzMvcUNrUlV0a2tSODZTZllSNWtDMUZwb3dud0hreW5rUUl0bkxKeWNpUWlUcy8/65jF72MGHLbwsG7rxNVZ3X0o4uc&price=3.050000
http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?labels=Shopping

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26436&siteId=26437&adId=21306&kadwidth=300&kadheight=250&prevkadIds=21304&kbgColor=ffffff&ktextColor=000000&klinkColor=FFFFFF&pageURL=http://www.woot.com/&frameName=http_www_woot_comkomli_ads_frame22643626437&kltstamp=2011-2-20%207%3A34%3A44&ranreq=0.6170628282707185&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=458x450&adVisibility=1 HTTP/1.1
Host: showads.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:4470455573253905340; KRTBCOOKIE_133=1873-6pgp44i37uxw; KRTBCOOKIE_27=1216-uid:4d5b2371-3928-7a83-24fb-d52328f5624b; KRTBCOOKIE_32=1386-WH9qYVd2Q3FGAWJeBgV+WQlbaXsQfgZCDFxlX1ZL; KRTBCOOKIE_53=424-20108b4d-f8d0-4008-b157-1529097b61ab; KRTBCOOKIE_97=3385-uid:3c8eb88b-c9c1-47d0-9235-2d5e32a3350f; KADUSERCOOKIE=43A8ABFA-7497-471A-9AF6-2974D17EF335; pubfreq_26437=; pubtime_26437=TMC; _curtime=1300624477; pubfreq_26437_21304_990920136=243-1; PMDTSHR=; KTPCACOOKIE=YES; KRTBCOOKIE_80=1336-002d9af2-d1e0-46f3-a4d5-a4e3b437adec.11265.18531.24197.6790.30337.8.6551.39832.10011.10012.4387.39857.7472.1073.51806.24680.39233.13893.13896.1097.13899.13902.38627.15694.15579.9691.51808.3427.18407.17256.24809.39536.39793.39794.11262.51069.1150.9855.; KRTBCOOKIE_22=488-pcv:1|uid:8392341830659049202; KRTBCOOKIE_58=1344-KH-00000000549735899; PUBRETARGET=78_1392641239.461_1392901736.403_1393381248.401_1393381248.1039_1301416785.1340_1393698747.362_1301682747.1469_1393892161.70_1301922274.1928_1302874361.375_1302874358.1376_1302874361.445_1308400481

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:34:37 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: _curtime=1300624477; domain=pubmatic.com; expires=Sun, 20-Mar-2011 13:44:37 GMT; path=/
Set-Cookie: pubfreq_26437_21306_1985489030=243-1; domain=pubmatic.com; expires=Sun, 20-Mar-2011 13:14:37 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Mon, 21-Mar-2011 12:34:37 GMT; path=/
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 1804

document.write('<div id="http_www_woot_comkomli_ads_frame22643626437" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=RGcAAEVnAAA6UwAAwAQAAAAAAA
...[SNIP]...
<'+'script type="text/javascript"> document.writeln(\'<iframe width="300" scrolling="no" height="250" frameborder="0" name="iframe0" allowtransparency="true" marginheight="0" marginwidth="0" vspace="0" hspace="0" src="http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82NjQ5MDU0NzkyOTkyMTg5Mi8xMDk2NzUvMTAyMTc0LzMvcUNrUlV0a2tSODZTZllSNWtDMUZwb3dud0hreW5rUUl0bkxKeWNpUWlUcy8/65jF72MGHLbwsG7rxNVZ3X0o4uc&price=3.050000"></iframe>
...[SNIP]...
</iframe>');document.writeln('<img src="http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?labels=Shopping" style="display: none;position:absolute;top:-15000px;" border="0" height="1" width="1" alt="Quantcast"/>');

1.143. http://showads.pubmatic.com/AdServer/AdServerServlet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://showads.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The page was loaded from a URL containing a query string:

http://showads.pubmatic.com/AdServer/AdServerServlet?operId=2&pubId=26436&siteId=26437&adId=21304&kadwidth=300&kadheight=250&kbgColor=ffffff&ktextColor=000000&klinkColor=FFFFFF&pageURL=http://www.woot.com/&frameName=http_www_woot_comkomli_ads_frame12643626437&kltstamp=2011-2-20%207%3A34%3A37&ranreq=0.7504880619235337&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=458x450&adVisibility=1

The response contains the following links to other domains:

http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MjE0MzI3MzgzNzgzNjYzNy8xMTEwNDAvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pd3Nzb1g4SlNGczg1RjlCN293LWNUay8/InA55NeIGGV4hzZENaajIegtkxo&price=3.757000
http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?labels=Shopping

Request

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:34:37 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: KADUSERCOOKIE=43A8ABFA-7497-471A-9AF6-2974D17EF335; domain=pubmatic.com; expires=Mon, 19-Mar-2012 12:34:37 GMT; path=/
Set-Cookie: pubfreq_26437=; domain=pubmatic.com; expires=Tue, 22-Mar-2011 12:34:37 GMT; path=/
Set-Cookie: pubtime_26437=TMC; domain=pubmatic.com; expires=Mon, 21-Mar-2011 12:34:37 GMT; path=/
Set-Cookie: _curtime=1300624477; domain=pubmatic.com; expires=Sun, 20-Mar-2011 13:44:37 GMT; path=/
Set-Cookie: pubfreq_26437_21304_990920136=243-1; domain=pubmatic.com; expires=Sun, 20-Mar-2011 13:14:37 GMT; path=/
Set-Cookie: PMDTSHR=; domain=pubmatic.com; expires=Mon, 21-Mar-2011 12:34:37 GMT; path=/
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 1800

document.write('<div id="http_www_woot_comkomli_ads_frame12643626437" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=RGcAAEVnAAA4UwAAwAQAAAAAAA
...[SNIP]...
<'+'script type="text/javascript"> document.writeln(\'<iframe width="300" scrolling="no" height="250" frameborder="0" name="iframe0" allowtransparency="true" marginheight="0" marginwidth="0" vspace="0" hspace="0" src="http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MjE0MzI3MzgzNzgzNjYzNy8xMTEwNDAvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pd3Nzb1g4SlNGczg1RjlCN293LWNUay8/InA55NeIGGV4hzZENaajIegtkxo&price=3.757000"></iframe>
...[SNIP]...
</iframe>');document.writeln('<img src="http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?labels=Shopping" style="display: none;position:absolute;top:-15000px;" border="0" height="1" width="1" alt="Quantcast"/>');

1.144. http://showadsak.pubmatic.com/AdServer/AdServerServlet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://showadsak.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The page was loaded from a URL containing a query string:

http://showadsak.pubmatic.com/AdServer/AdServerServlet?operId=2&pubId=26436&siteId=26437&adId=21304&kadwidth=300&kadheight=250&kbgColor=ffffff&ktextColor=000000&klinkColor=FFFFFF&pageURL=http://www.woot.com/&frameName=http_www_woot_comkomli_ads_frame12643626437&kltstamp=2011-2-20%208%3A28%3A56&ranreq=0.209514970658347&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=458x458&adVisibility=1

The response contains the following links to other domains:

http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82NTI1NTM0NzU0Nzg1MDI2Mi8xMDkxMzYvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pNV9uZzhjR2tYX2V2RFRVQkhKMDc2by8/kLZ4JSxx1rdBz3lzg4AXpbtWcHs&price=3.757000
http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?labels=Shopping

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26436&siteId=26437&adId=21304&kadwidth=300&kadheight=250&kbgColor=ffffff&ktextColor=000000&klinkColor=FFFFFF&pageURL=http://www.woot.com/&frameName=http_www_woot_comkomli_ads_frame12643626437&kltstamp=2011-2-20%208%3A28%3A56&ranreq=0.209514970658347&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=458x458&adVisibility=1 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:4470455573253905340; KRTBCOOKIE_133=1873-6pgp44i37uxw; KRTBCOOKIE_27=1216-uid:4d5b2371-3928-7a83-24fb-d52328f5624b; KRTBCOOKIE_53=424-20108b4d-f8d0-4008-b157-1529097b61ab; KRTBCOOKIE_97=3385-uid:3c8eb88b-c9c1-47d0-9235-2d5e32a3350f; KADUSERCOOKIE=43A8ABFA-7497-471A-9AF6-2974D17EF335; pubtime_26437=TMC; KTPCACOOKIE=YES; KRTBCOOKIE_80=1336-002d9af2-d1e0-46f3-a4d5-a4e3b437adec.11265.18531.24197.6790.30337.8.6551.39832.10011.10012.4387.39857.7472.1073.51806.24680.39233.13893.13896.1097.13899.13902.38627.15694.15579.9691.51808.3427.18407.17256.24809.39536.39793.39794.11262.51069.1150.9855.; KRTBCOOKIE_22=488-pcv:1|uid:8392341830659049202; KRTBCOOKIE_58=1344-KH-00000000549735899; PMAT=3q_xFPysNRRq5P6VdKt7tDWS4UmVb8m-YrrvHMmRPMfrin7Yk44Nd-Q; _curtime=1300624482; PMDTSHR=cat:; KRTBCOOKIE_32=1386-WH9qYVd2Q3FGAWJeBgV%2BWQlbaXsQfgZCDFxlX1ZL; PUBRETARGET=78_1392641239.461_1392901736.403_1393381248.401_1393381248.1039_1301416785.1340_1393698747.362_1301682747.1469_1393892161.70_1301922274.1928_1302874361.375_1302874358.1376_1302874361.445_1308400481.79_1300710881

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Sun, 20 Mar 2011 13:28:54 GMT
Connection: close
Set-Cookie: _curtime=1300627726; domain=pubmatic.com; expires=Sun, 20-Mar-2011 14:38:46 GMT; path=/
Set-Cookie: pubfreq_26437_21304_1705446939=243-1; domain=pubmatic.com; expires=Sun, 20-Mar-2011 14:08:46 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Mon, 21-Mar-2011 13:28:46 GMT; path=/
Content-Length: 1799

document.write('<div id="http_www_woot_comkomli_ads_frame12643626437" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=RGcAAEVnAAA4UwAAwAQAAAAAAA
...[SNIP]...
<'+'script type="text/javascript"> document.writeln(\'<iframe width="300" scrolling="no" height="250" frameborder="0" name="iframe0" allowtransparency="true" marginheight="0" marginwidth="0" vspace="0" hspace="0" src="http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTkROQk9FRkNSa0V0TnpRNU55MDBOekZCTFRsQlJqWXRNamszTkVReE4wVkdNek0xL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82NTI1NTM0NzU0Nzg1MDI2Mi8xMDkxMzYvMTAyMDY1LzMvUWk0TlZFWk5SbHYyNzBhYklEZU9pNV9uZzhjR2tYX2V2RFRVQkhKMDc2by8/kLZ4JSxx1rdBz3lzg4AXpbtWcHs&price=3.757000"></iframe>
...[SNIP]...
</iframe>');document.writeln('<img src="http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?labels=Shopping" style="display: none;position:absolute;top:-15000px;" border="0" height="1" width="1" alt="Quantcast"/>');

1.145. https://sites.fastspring.com/richardsonsoftware/order/customer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://sites.fastspring.com
Path:	/richardsonsoftware/order/customer

Issue detail

The page was loaded from a URL containing a query string:

https://sites.fastspring.com/richardsonsoftware/order/customer;jsessionid=814FD1DA84752AF7872A6197C210F629?csid=169019

The response contains the following links to other domains:

https://ajax.googleapis.com/ajax/libs/ext-core/3.1.0/ext-core.js
https://dcnz2rrcot657.cloudfront.net/_gz/country/fam/decorate.css

Request

GET /richardsonsoftware/order/customer;jsessionid=814FD1DA84752AF7872A6197C210F629?csid=169019 HTTP/1.1
Host: sites.fastspring.com
Connection: keep-alive
Referer: https://sites.fastspring.com/richardsonsoftware/instant/editrocket
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=814FD1DA84752AF7872A6197C210F629; SessionData=SUQJbWwzZktRUFlSb21qbUY2MFY3cU9UZwpHTG9jYWxlCWVuX1VTX1VTRAo0ZTkyM2MzYy1hMDg4LTRiYWEtYmZmZS01Mzg5OWM5ODNkYTU6U1NDdHhJZAkyN2UxN2EyYy0yNzczLTQ4OTEtYjA1OC1hMWUyNjAwZTRjMjI

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: JSF/1.2
Set-Cookie: JSESSIONID=814FD1DA84752AF7872A6197C210F629;Path=/richardsonsoftware;Version=1;
Set-Cookie: SessionData=SUQJbWwzZktRUFlSb21qbUY2MFY3cU9UZwpHTG9jYWxlCWVuX1VTX1VTRAo0ZTkyM2MzYy1hMDg4LTRiYWEtYmZmZS01Mzg5OWM5ODNkYTU6U1NDdHhJZAkyN2UxN2EyYy0yNzczLTQ4OTEtYjA1OC1hMWUyNjAwZTRjMjI;Path=/richardsonsoftware;Version=1;
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:58:12 GMT
Content-Length: 40337

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Richardson Softwa
...[SNIP]...
<link title="main" rel="stylesheet" href="//resource.fastspring.com/app/store/style/base.css?v=1300489828640&region=us" media="all" type="text/css" />


   <link title="main" rel="stylesheet" href="//dcnz2rrcot657.cloudfront.net/_gz/country/fam/decorate.css" media="all" type="text/css" />
   <link title="main" rel="stylesheet" href="//resource.fastspring.com/data/VGVtcGxhdGVTaXRlQ29uZmlndXJhdGlvbjphZDQ3NmNiYS03MmIyLTQwNTUtYjBkYi1iMTE4Mzk4NWYyYmQ%3D/70195431-28a0-47e0-9dc3-3fdd08398a63/ed
...[SNIP]...
</div>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/ext-core/3.1.0/ext-core.js"></script>
...[SNIP]...

1.146. http://tcla.mmismm.com/mmmss.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tcla.mmismm.com
Path:	/mmmss.php

Issue detail

The page was loaded from a URL containing a query string:

http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=msngames/ros/300x250/jx/ss/a/L28&mm_flag=

The response contains the following link to another domain:

http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/766798645@Bottom3?_RM_HTML_MM_=150105055115150005515

Request

GET /mmmss.php?mm_pub=87268797280&mm_pub_channel=msngames/ros/300x250/jx/ss/a/L28&mm_flag= HTTP/1.1
Host: tcla.mmismm.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: G=10104000001069486483

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:49:22 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR BUS COM NAV"
Content-Length: 261
Content-Type: text/html; charset=UTF-8

document.write('<IFRAME WIDTH=0 HEIGHT=0 FRAMEBORDER=0 MARGINHEIGHT=0 MARGINWIDTH=0 SCROLLING=NO SRC="HTTP://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/766798645@Bottom3?_RM_HTML_MM_=150105055115150005515"></IFRAME>
...[SNIP]...

1.147. http://tcla.mmismm.com/mmmss.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tcla.mmismm.com
Path:	/mmmss.php

Issue detail

The page was loaded from a URL containing a query string:

http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=msngames/ros/728x90/jx/ss/a/L27&mm_flag=

The response contains the following link to another domain:

http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/404157670@Bottom3?_RM_HTML_MM_=150105055115150005515

Request

GET /mmmss.php?mm_pub=87268797280&mm_pub_channel=msngames/ros/728x90/jx/ss/a/L27&mm_flag= HTTP/1.1
Host: tcla.mmismm.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: G=10104000001069486483

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:49:22 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR BUS COM NAV"
Content-Length: 261
Content-Type: text/html; charset=UTF-8

document.write('<IFRAME WIDTH=0 HEIGHT=0 FRAMEBORDER=0 MARGINHEIGHT=0 MARGINWIDTH=0 SCROLLING=NO SRC="HTTP://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/404157670@Bottom3?_RM_HTML_MM_=150105055115150005515"></IFRAME>
...[SNIP]...

1.148. http://tcla.mmismm.com/mmmss.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tcla.mmismm.com
Path:	/mmmss.php

Issue detail

The page was loaded from a URL containing a query string:

http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=msngames/ros/728x90/jx/ss/a/L27&mm_flag=

The response contains the following link to another domain:

http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/550901796@Bottom3?_RM_HTML_MM_=150105055115150005515

Request

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:09:46 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR BUS COM NAV"
Content-Length: 261
Content-Type: text/html; charset=UTF-8

document.write('<IFRAME WIDTH=0 HEIGHT=0 FRAMEBORDER=0 MARGINHEIGHT=0 MARGINWIDTH=0 SCROLLING=NO SRC="HTTP://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/550901796@Bottom3?_RM_HTML_MM_=150105055115150005515"></IFRAME>
...[SNIP]...

1.149. http://twitter.com/favorites/WootChatter.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/favorites/WootChatter.json

Issue detail

The page was loaded from a URL containing a query string:

http://twitter.com/favorites/WootChatter.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1300627740411=cachebust

The response contains the following links to other domains:

http://si0.twimg.com/sticky/error_pages/favicon.ico
http://si0.twimg.com/sticky/error_pages/twitter_logo_header.png
http://si0.twimg.com/sticky/error_pages/whale_error.gif

Request

GET /favorites/WootChatter.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1300627740411=cachebust HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1298770586.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=cloudscan.us; k=173.193.214.243.1300116881406694; __utma=43838368.1964851609.1298770586.1299808018.1300493696.7; __utmv=43838368.lang%3A%20en

Response

HTTP/1.1 503 Service Temporarily Unavailable
Date: Sun, 20 Mar 2011 13:28:58 GMT
Server: Apache
Last-Modified: Thu, 17 Mar 2011 00:18:27 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 7959

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
</title>
<link href="//si0.twimg.com/sticky/error_pages/favicon.ico" rel="shortcut icon" type="image/x-icon" />

<style type="text/css">
...[SNIP]...
<a href="//twitter.com"><img src="//si0.twimg.com/sticky/error_pages/twitter_logo_header.png" width="155" height="36" alt="Twitter.com" /></a>
...[SNIP]...
<div class="error"><img src="//si0.twimg.com/sticky/error_pages/whale_error.gif" alt="" width="755" height="397" /></div>
...[SNIP]...

1.150. http://redcated/APM/iview/142856443/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/APM/iview/142856443/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=

The response contains the following link to another domain:

http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=http:/clk.atdmt.com/go/142856443/direct;wi.300;hi.250;ai.204747814.206451833;ct.1/01

Request

GET /APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate= HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/hserver/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 12:52:19 GMT
Connection: close
Content-Length: 6871

<html><head><title>TGIF_MarchMaddness_300x250_3.17.11_JH</title>
<meta HTTP-EQUIV="expires" CONTENT="0"></meta>
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache"></meta>
</head><body style="border-width
...[SNIP]...
<noscript>
<a target="_blank" href="http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=http://clk.redcated/go/142856443/direct;wi.300;hi.250;ai.204747814.206451833;ct.1/01"><img border="0" src="HTTP://spe.redcated/ds/APAPMDRIVTFR/TGIF_MarchMaddness_300_Static.jpg?ver=1" width="300" height="250" />
...[SNIP]...

1.151. http://redcated/APM/iview/142856443/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/APM/iview/142856443/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=

The response contains the following link to another domain:

http://uac.advertising.com/wrapper/aceUAC.js

Request

GET /APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate= HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 12:46:21 GMT
Connection: close
Content-Length: 183

<script type='text/javascript'>
var ACE_AR = {site: '787693', size: '300250'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

1.152. http://redcated/APM/iview/142856445/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/APM/iview/142856445/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=

The response contains the following link to another domain:

http://uac.advertising.com/wrapper/aceUAC.js

Request

GET /APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate= HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/hserver/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 12:40:19 GMT
Connection: close
Content-Length: 183

<script type='text/javascript'>
var ACE_AR = {site: '787694', size: '728090'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

1.153. http://redcated/CNT/iview/302593025/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/CNT/iview/302593025/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/CNT/iview/302593025/direct;pc.106141155;wi.300;hi.250/01?click=

The response contains the following link to another domain:

http://cdn.doubleverify.com/script44.js?agnc=607671&cmp=CINGCIN14201CNT&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=2&plc=302593025&advid=607929&sid=302593025&adid=

Request

GET /CNT/iview/302593025/direct;pc.106141155;wi.300;hi.250/01?click= HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:11:40 GMT
Connection: close
Content-Length: 6582

<html><head><title>Freephone_March15_300x250_031511</title>
<meta HTTP-EQUIV="expires" CONTENT="0"></meta>
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache"></meta>
</head><body style="border-width:0px;
...[SNIP]...
</noscript>
<script type="text/javascript" language="javascript" src="http://cdn.doubleverify.com/script44.js?agnc=607671&cmp=CINGCIN14201CNT&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=2&plc=302593025&advid=607929&sid=302593025&adid="></script>
...[SNIP]...

1.154. http://redcated/M0N/jview/285781800/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/285781800/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/285781800/direct;wi.300;hi.250/01/2026858973?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/2026858973/x15/USNetwork/BCN2010110093_015_Sprint/Evo_GenCons_300.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/285781800/direct;wi.300;hi.250/01/2026858973?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/2026858973/x15/USNetwork/BCN2010110093_015_Sprint/Evo_GenCons_300.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:09:41 GMT
Connection: close
Content-Length: 6613

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...

if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSSC/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSSC1294354428098 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSSC1294354428098" width="300" height="250">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSSC/2011/20110109_EvoShift_Love_CrA_300x250.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/285781800/direct;wi.300;hi.250;ai.19
...[SNIP]...

1.155. http://redcated/M0N/jview/285781803/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/285781803/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/285781803/direct;wi.728;hi.90/01/716021695?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/716021695/Top1/USNetwork/BCN2010110093_015_Sprint/Evo_GenCons_728.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/285781803/direct;wi.728;hi.90/01/716021695?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/716021695/Top1/USNetwork/BCN2010110093_015_Sprint/Evo_GenCons_728.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:09:40 GMT
Connection: close
Content-Length: 6595

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...

if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSSC/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSSC1294416840466 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSSC1294416840466" width="728" height="90">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSSC/2011/20110109_EvoShift_Love_CrA_728x90.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/285781803/direct;wi.728;hi.90;ai.1983
...[SNIP]...

1.156. http://redcated/M0N/jview/285954644/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/285954644/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/285954644/direct;wi.300;hi.250/01/1719473945?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/1719473945/x15/USNetwork/BCN2010110206_007_SprintPCS/sprint_value_cc_300.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/285954644/direct;wi.300;hi.250/01/1719473945?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/1719473945/x15/USNetwork/BCN2010110206_007_SprintPCS/sprint_value_cc_300.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:30:56 GMT
Connection: close
Content-Length: 6462

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...
';
if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSSC/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSSC1298480365896 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSSC1298480365896" width="300" height="250">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSSC/2011/20110228_PortIn_numbers_300x250.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/285954644/direct;wi.300;hi.250;ai.20409
...[SNIP]...

1.157. http://redcated/M0N/jview/285954646/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/285954646/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/285954646/direct;wi.728;hi.90/01/1753683003?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/1753683003/Top1/USNetwork/BCN2010110206_007_SprintPCS/sprint_value_cc_728.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/285954646/direct;wi.728;hi.90/01/1753683003?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/1753683003/Top1/USNetwork/BCN2010110206_007_SprintPCS/sprint_value_cc_728.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:08:30 GMT
Connection: close
Content-Length: 6448

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...
';
if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSSC/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSSC1298480580420 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSSC1298480580420" width="728" height="90">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSSC/2011/20110228_PortIn_numbers_728x90.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/285954646/direct;wi.728;hi.90;ai.2040960
...[SNIP]...

1.158. http://redcated/M0N/jview/285954649/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/285954649/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/285954649/direct;wi.728;hi.90/01/69900028?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/69900028/Top1/USNetwork/BCN2010110206_008_SprintPCS/sprint_value_general_728.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/285954649/direct;wi.728;hi.90/01/69900028?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/69900028/Top1/USNetwork/BCN2010110206_008_SprintPCS/sprint_value_general_728.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:11:03 GMT
Connection: close
Content-Length: 6460

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...
';
if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSSC/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSSC1298480580420 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSSC1298480580420" width="728" height="90">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSSC/2011/20110228_PortIn_numbers_728x90.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/285954649/direct;wi.728;hi.90;ai.2040960
...[SNIP]...

1.159. http://redcated/M0N/jview/287619747/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/287619747/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/287619747/direct;wi.300;hi.250/01/1531065393?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/1531065393/x15/USNetwork/BCN2010110319_012_Sprint/Sprint_DDR_GC_300.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/287619747/direct;wi.300;hi.250/01/1531065393?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/1531065393/x15/USNetwork/BCN2010110319_012_Sprint/Sprint_DDR_GC_300.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:08:21 GMT
Connection: close
Content-Length: 6463

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...
'';
if(bIsRightVersion)
{
var strFQDN = "HTTP://ec.redcated/ds/0SM0NSPRTSSC/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSSC1299191003563 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSSC1299191003563" width="300" height="250">'
+ '<param name="movie" value="HTTP://ec.atdmt.com/ds/0SM0NSPRTSSC/2011/20110308_WE_lightswitch_zio_JAVA_300x250.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/287619747/direct;wi.300;hi.250;
...[SNIP]...

1.160. http://redcated/M0N/jview/289553602/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/289553602/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/289553602/direct;wi.728;hi.90/01?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/1357862638/Top1/USNetwork/BCN2010110157_008_Sprint/Sprint_Galaxy_adsafe_728.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/289553602/direct;wi.728;hi.90/01?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/1357862638/Top1/USNetwork/BCN2010110157_008_Sprint/Sprint_Galaxy_adsafe_728.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:07:50 GMT
Connection: close
Content-Length: 6620

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...

if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSSC/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSSC1295550081394 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSSC1295550081394" width="728" height="90">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSSC/2011/20110112_Tablet_Watch_728x90.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/289553602/direct;wi.728;hi.90;ai.200196023
...[SNIP]...

1.161. http://redcated/M0N/jview/289553603/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/289553603/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/289553603/direct;wi.300;hi.250/01/763487989?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/763487989/x15/USNetwork/BCN2010110157_008_Sprint/Sprint_Galaxy_adsafe_300x250.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/289553603/direct;wi.300;hi.250/01/763487989?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/763487989/x15/USNetwork/BCN2010110157_008_Sprint/Sprint_Galaxy_adsafe_300x250.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:07:49 GMT
Connection: close
Content-Length: 6658

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...

if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSSC/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSSC1295365725287 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSSC1295365725287" width="300" height="250">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSSC/2011/20110112_Tablet_Small_CrA_300x250.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/289553603/direct;wi.300;hi.250;ai.199
...[SNIP]...

1.162. http://redcated/M0N/jview/293182495/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/293182495/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/293182495/direct;wi.300;hi.250/01/574659390?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/574659390/x15/USNetwork/BCN2010110741_004_Sprint/sprint4g_cc_300.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/293182495/direct;wi.300;hi.250/01/574659390?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/574659390/x15/USNetwork/BCN2010110741_004_Sprint/sprint4g_cc_300.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000/height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:31:24 GMT
Connection: close
Content-Length: 6427

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...
';
if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSPR/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSPR1297094971938 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSPR1297094971938" width="300" height="250">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSPR/2011/20110211_SMB_unlimited_300x250.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/293182495/direct;wi.300;hi.250;ai.202419
...[SNIP]...

1.163. http://redcated/M0N/jview/293182496/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/293182496/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/293182496/direct;wi.728;hi.90/01/1379005222?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/1379005222/Top1/USNetwork/BCN2010110741_004_Sprint/sprint4g_cc_728.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/293182496/direct;wi.728;hi.90/01/1379005222?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/728x90/jx/ss/a/L27/1379005222/Top1/USNetwork/BCN2010110741_004_Sprint/sprint4g_cc_728.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856445/direct;wi.728;hi.90/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000133c0000000000000000/height=90/width=728/site=SW.NOL/aamsz=728X90/NCP=1/relocate=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:31:23 GMT
Connection: close
Content-Length: 6417

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...
';
if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSPR/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSPR1297095144680 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSPR1297095144680" width="728" height="90">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSPR/2011/20110211_SMB_unlimited_728x90.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/293182496/direct;wi.728;hi.90;ai.20241986
...[SNIP]...

1.164. http://redcated/M0N/jview/304190340/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://redcated
Path:	/M0N/jview/304190340/direct

Issue detail

The page was loaded from a URL containing a query string:

http://redcated/M0N/jview/304190340/direct;wi.300;hi.250/01/1244207516?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/1244207516/x15/USNetwork/BCN2011020809_016_Sprint/Sprint_GenConsumer_300.html/726348573830316934646f4141767949?

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /M0N/jview/304190340/direct;wi.300;hi.250/01/1244207516?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/msngames/ros/300x250/jx/ss/a/L28/1244207516/x15/USNetwork/BCN2011020809_016_Sprint/Sprint_GenConsumer_300.html/726348573830316934646f4141767949? HTTP/1.1
Host: redcated
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/142856443/direct;wi.300;hi.250/01?click=http://viacom.adbureau.net/accipiter/adclick/CID=000014700000000000000000ade90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1297806090-11017856; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; ach00=9cc2/1c4e:66c2/39a1:12eae/37b3:9cc2/26d97:94dd/33f2; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca:b97d026/39a1/1101ce62/66c2/4d6d14c5:c1c6eec/37b3/1208a1ac/12eae/4d76973e:b9e6a5b/26d97/11cab02b/9cc2/4d7b6f5f:b16ac93/33f2/fdea494/94dd/4d80f470

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/javascript
Expires: 0
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:08:05 GMT
Connection: close
Content-Length: 6462

document.write("<meta HTTP-EQUIV='expires' CONTENT='0'></meta>");
document.write("<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'></meta>");

var nRequiredVersion = 8;
var bIsRightVersion = f
...[SNIP]...
';
if(bIsRightVersion)
{
var strFQDN = "HTTP://spe.redcated/ds/0SM0NSPRTSSC/";
var index = strFQDN.indexOf("/ds/");
strFQDN = strFQDN.substring(0, index);
_strContentSSC1298480365896 = '' + '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="HTTP://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="idSWFSSC1298480365896" width="300" height="250">'
+ '<param name="movie" value="HTTP://spe.atdmt.com/ds/0SM0NSPRTSSC/2011/20110228_PortIn_numbers_300x250.swf?ver=1&clickTag1=!~!click!~!http://clk.redcated/go/304190340/direct;wi.300;hi.250;ai.20409
...[SNIP]...

1.165. http://www.celebgossipnet.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.celebgossipnet.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.celebgossipnet.com/?c2c36scriptalert

The response contains the following links to other domains:

http://edge.quantserve.com/quant.js
http://getclicky.com/246506
http://in.getclicky.com/249587ns.gif
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-1a-IbjbjEC-9k.gif
http://static.getclicky.com/js
http://static.getclicky.com/media/links/badge.gif
http://www.mediaquantics.net/stats/piwik.php?idsite=790
http://www.quantcast.com/p-1a-IbjbjEC-9k

Request

GET /?c2c36scriptalert HTTP/1.1
Host: www.celebgossipnet.com
Proxy-Connection: keep-alive
Referer: http://burp/show/12
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-485061537-1300626391651; __utmz=205167490.1300626399.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _jsuid=7083869468851009847; __utma=205167490.381782026.1300626399.1300626399.1300626399.1; __utmc=205167490; __utmb=205167490.9.10.1300626399; PHPSESSID=q9ojc08mjjsm7hocfn6buqkh15

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:34:11 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://www.celebgossipnet.com/xmlrpc.php
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 110896

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xf
...[SNIP]...
<p><img src="http://www.mediaquantics.net/stats/piwik.php?idsite=790" style="border:0" alt="" /></p>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-1a-IbjbjEC-9k" target="_blank"><img src="http://pixel.quantserve.com/pixel/p-1a-IbjbjEC-9k.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</div>

<a title="Google Analytics Alternative" href="http://getclicky.com/246506"><img alt="Google Analytics Alternative" src="http://static.getclicky.com/media/links/badge.gif" border="0" /></a>
<script src="http://static.getclicky.com/js" type="text/javascript"></script>
...[SNIP]...
<p><img alt="Clicky" width="1" height="1" src="http://in.getclicky.com/249587ns.gif" /></p>
...[SNIP]...

1.166. http://www.connect.facebook.com/widgets/fan.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.connect.facebook.com
Path:	/widgets/fan.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.connect.facebook.com/widgets/fan.php?api_key=e33f0b90d70bcd4d017f6994cfc6dce5&channel_url=http%3A%2F%2Fwww.thedailystew.com%2F%3Ffbc_channel%3D1&id=338489537518&name=&width=300&connections=10&stream=0&logobar=1&css=

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/161258_1189440311_1053130_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/161771_1371109005_5938185_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/174430_100000919097198_1361323_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186649_100001958460467_7644386_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187468_100000281957046_6402348_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/27383_551057146_6814_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/41620_100001604035386_8163_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/48657_1652937592_5216_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/48816_1089146223_3795093_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/50280_338489537518_4114391_q.jpg
http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/MKFH5dsVGK3.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/1tCvb1OvuW2.js
http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/LHHwWC8LQzG.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml
http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico

Request

GET /widgets/fan.php?api_key=e33f0b90d70bcd4d017f6994cfc6dce5&channel_url=http%3A%2F%2Fwww.thedailystew.com%2F%3Ffbc_channel%3D1&id=338489537518&name=&width=300&connections=10&stream=0&logobar=1&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.thedailystew.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; gz=1; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Donline.wsj.com%26placement%3Drecommendations%26extra_1%3Dhttp%253A%252F%252Fonline.wsj.com%252Fhome-page%26extra_2%3DUS

Response

1.167. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?api_key=6c7cf65a3b49a7974b26a5d530aead6f&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df39b90e2c4%26origin%3Dhttp%253A%252F%252Fwww.shockwave.com%252Ff1d6defa0c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=288&href=http%3A%2F%2Fwww.facebook.com%2Fshockwave&locale=en_US&sdk=joey&show_faces=true&stream=false&width=314

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/161455_100000680532372_5052396_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/161505_100000374975098_4762070_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/161511_533644557_216940_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/161658_100000316208218_802677_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/173504_1381797621_7207686_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/174300_100001717799215_7865793_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/174506_100001548992857_3244228_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/174515_1838995088_3024638_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/174535_100001654909478_4457142_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186610_100000431480979_2076775_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186720_100001132193031_1504610_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/186879_100001705124927_4542159_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187050_1762935939_4812108_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187496_100000685377871_618142_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187570_100000277046975_4050989_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187616_100000553918418_3349224_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187753_100000001408862_59675_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195338_100000510771009_20928_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195363_100001343198824_6433413_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195371_100002177178464_7713381_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195522_100000263032819_7292518_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195680_100002183582837_1432822_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/48892_100000063238052_1057477_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/49305_100001314725020_3668925_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/50253_56667156755_81570_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/70771_773181653_5877476_q.jpg
http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/MKFH5dsVGK3.css
http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/1tCvb1OvuW2.js
http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/LHHwWC8LQzG.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml
http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico

Request

GET /plugins/likebox.php?api_key=6c7cf65a3b49a7974b26a5d530aead6f&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df39b90e2c4%26origin%3Dhttp%253A%252F%252Fwww.shockwave.com%252Ff1d6defa0c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=288&href=http%3A%2F%2Fwww.facebook.com%2Fshockwave&locale=en_US&sdk=joey&show_faces=true&stream=false&width=314 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; gz=1; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Donline.wsj.com%26placement%3Drecommendations%26extra_1%3Dhttp%253A%252F%252Fonline.wsj.com%252Fhome-page%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.73.23
X-Cnection: close
Date: Sun, 20 Mar 2011 12:34:17 GMT
Content-Length: 17646

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>

<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/LHHwWC8LQzG.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/MKFH5dsVGK3.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/1tCvb1OvuW2.js"></script>
...[SNIP]...
</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a href="http://www.facebook.com/Shockwave" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/50253_56667156755_81570_q.jpg" alt="Shockwave" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1381797621" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/173504_1381797621_7207686_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000263032819" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195522_100000263032819_7292518_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001705124927" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186879_100001705124927_4542159_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001132193031" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186720_100001132193031_1504610_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000812740941" target="_blank"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000680532372" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161455_100000680532372_5052396_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1762935939" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187050_1762935939_4812108_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001548992857" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174506_100001548992857_3244228_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001717799215" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174300_100001717799215_7865793_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000374975098" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161505_100000374975098_4762070_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/jiratchaya.bell.al" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195338_100000510771009_20928_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000316208218" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161658_100000316208218_802677_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000553918418" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187616_100000553918418_3349224_q.jpg" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/70771_773181653_5877476_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000001408862" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187753_100000001408862_59675_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1838995088" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174515_1838995088_3024638_q.jpg" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161511_533644557_216940_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002177178464" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195371_100002177178464_7713381_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001654909478" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174535_100001654909478_4457142_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000277046975" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187570_100000277046975_4050989_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000431480979" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186610_100000431480979_2076775_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002183582837" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195680_100002183582837_1432822_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/yousef.r.batarseh" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187496_100000685377871_618142_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001314725020" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/49305_100001314725020_3668925_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000063238052" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/48892_100000063238052_1057477_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001343198824" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195363_100001343198824_6433413_q.jpg" /><div class="name">
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=1" tabindex="-1"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" width="14" height="14" /></a>
...[SNIP]...

1.168. http://www.lanebryant.com/user/login.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lanebryant.com
Path:	/user/login.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.lanebryant.com/user/login.jsp?dest=%2Fuser%2Fmain.jsp

The response contains the following links to other domains:

http://cts.channelintelligence.com/49058906_landing.js
http://stellaservice.com/index.php/top-retailers.html
http://twitter.com/LaneBryant
http://www.facebook.com/LaneBryant
http://www.giftcardpartners.com/csigiftcards/

Request

GET /user/login.jsp?dest=%2Fuser%2Fmain.jsp HTTP/1.1
Host: www.lanebryant.com
Proxy-Connection: keep-alive
Referer: http://www.lanebryant.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PIPELINE_SESSION_ID=d342b367c0a8bb684adf294095078605; __utmz=162580515.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162580515.1209933332.1300624488.1300624488.1300624488.1; __utmc=162580515; mbox=check#true#1300624549|session#1300624488082-862731#1300626349|PC#1300624488082-862731.17#1301834090; s_cc=true; c_m=undefinedDirect%20LoadDirect%20Load; s_evar32=Lane%20Bryant; s_cpm=%5B%5B%27Direct%20Load%27%2C%271300624489376%27%5D%5D; s_sq=%5B%5BB%5D%5D; LAST_PV=http%3A%2F%2Fwww.lanebryant.com%2Findex.jsp; JSESSIONID=3D67A259779AD3D9101A5768DE3D1ED1

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html;charset=ISO-8859-1
Date: Sun, 20 Mar 2011 13:34:53 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JSESSIONID=200A269C505509A3886FB407C2C9EFA1; Path=/
Content-Length: 63794

<!DOCTYPE html>
<html lang="en">
   <head>
        <link rel="shortcut icon" type="image/x-icon" href="http://www.lanebryant.com/assets/lb/assets/favicon.ico" />

<title>Member Login | Lane Bryant</
...[SNIP]...
<h5><a href="http://www.facebook.com/LaneBryant">find us on Facebook</a>
...[SNIP]...
<h5><a href="http://twitter.com/LaneBryant">follow us on twitter</a>
...[SNIP]...
<area shape="rect" coords="4,0,146,23" alt="join the Inside Curve" href="http://insidecurve.lanebryant.com" />
   <area shape="rect" coords="4,23,146,45" alt="find us on Facebook" href="http://www.facebook.com/LaneBryant" />
   <area shape="rect" coords="4,45,146,68" alt="follow us on twitter" href="http://twitter.com/LaneBryant" />
</map>
...[SNIP]...
</a>
   <a href="http://www.giftcardpartners.com/csigiftcards/">Corporate Gift Cards</a>
...[SNIP]...
<div align="center" id="forcustomerserviceonly" style="display:none;"><a href="http://stellaservice.com/index.php/top-retailers.html" target="_blank"><img src="/assets/ct/assets/images/cms/general/STELLAService-Excellent_1.png" border="0" />
...[SNIP]...
</script><script type="text/javascript" src="http://cts.channelintelligence.com/49058906_landing.js"></script>
...[SNIP]...

1.169. https://www.livejournal.com/login.bml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.livejournal.com
Path:	/login.bml

Issue detail

The page was loaded from a URL containing a query string:

https://www.livejournal.com/login.bml?ret=1

The response contains the following link to another domain:

https://www.zazzle.com/livejournal*

Request

POST /login.bml?ret=1 HTTP/1.1
Host: www.livejournal.com
Connection: keep-alive
Referer: http://www.livejournal.com/
Cache-Control: max-age=0
Origin: http://www.livejournal.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljuniq=GdoShltCUTBwAH3:1300624474:pgstats0:m0; show_sponsored_vgifts=1; __utmz=164322722.1300624490.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=164322722.1766814109.1300624490.1300624490.1300624490.1; __utmc=164322722
Content-Length: 26

mode=login&user=&password=

Response

HTTP/1.0 200 OK
Date: Sun, 20 Mar 2011 13:36:46 GMT
Server: Apache/2.2.3 (CentOS)
X-AWS-Id: ws13
Cache-Control: no-cache, no-cache
ETag: "dedb6bc234fd1e8808e862e0e3bda45c"
Content-length: 15293
Pragma: no-cache
Keep-Alive: timeout=30, max=100
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Language: en
Expires: Sun, 20 Mar 2011 13:36:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<li><a href="https://www.zazzle.com/livejournal*">Merchandise</a>
...[SNIP]...

1.170. http://www.myyearbook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0wJm9sZD0xJmxvZ2luX2ZhaWx1cmU9dHJ1ZSZlbWFpbElkPWVtYWls

The response contains the following links to other domains:

http://assets.mybcdna.com/JavaScript/apps/Connect/Connect.js?64244
http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/Plugins/jquery.validate-1.3.2/jquery.validate.js?64244
http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/jQuery.js?64244
http://assets.mybcdna.com/JavaScript/apps/jQuery-1.3.2/Plugins/myYearbook.DragonDrop/myYearbook.DragonDrop.js?64244
http://assets.mybcdna.com/JavaScript/common.js?64244
http://assets.mybcdna.com/JavaScript/registration/new/registration.js?64244
http://assets.mybcdna.com/css/apps/HomeBeforeLogin/hblv2.css?64244
http://assets.mybcdna.com/css/registration/new/registration.css?64244
http://assets.mybcdna.com/css/sitecss2.css?64244
http://assets.mybcdna.com/favicon.ico
http://assets.mybcdna.com/images/Connect/fb_login_xlg.png
http://assets.mybcdna.com/images/Connect/hbl_as_featured_in.png

Request

GET /?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0wJm9sZD0xJmxvZ2luX2ZhaWx1cmU9dHJ1ZSZlbWFpbElkPWVtYWls HTTP/1.1
Host: www.myyearbook.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; MYB_TARGET=_unknown_1000_____; __g_c=w%3A1%7Cb%3A2%7Cc%3A301947237237767%7Cd%3A1%7Ca%3A0%7Ce%3A0.01%7Cf%3A0; __g_u=301947237237767_1_0.01_0_5_1301056485872; __gads=ID=f3640abbd1b1cdb3:T=1300624489:S=ALNI_MbrX_Emgz4sKka8nHjyRqG1O3ly8w; __utmz=138725551.1300624490.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=138725551.528389796.1300624489.1300624489.1300624489.1; __utmc=138725551; __qca=P0-193244728-1300624490343; PHPSESSID=fdf70e60bc7204869a6429bf4a1984b3

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:36:21 GMT
Server: Apache
Set-Cookie: PHPSESSID=fdf70e60bc7204869a6429bf4a1984b3; path=/; domain=.myyearbook.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: mcim=deleted; expires=Sat, 20-Mar-2010 13:36:20 GMT; path=/; domain=.myyearbook.com
Set-Cookie: meeboCIM672=deleted; expires=Sat, 20-Mar-2010 13:36:20 GMT; path=/; domain=.myyearbook.com
Set-Cookie: _mybUtype=deleted; expires=Sat, 20-Mar-2010 13:36:20 GMT; path=/; domain=.myyearbook.com
P3P: policyref="/w3c/p3p.xml",CP="NOI DSP COR CURa OUR STP UNI"
X-Server-Name: web54
Connection: close
Content-Type: text/html; charset=UTF-8
X-MyPoolMember: 10.100.10.121
Content-Length: 11841

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>myYearbook </title>
<meta name="description" content="Mee
...[SNIP]...
<meta name="Googlebot" content="noarchive">
<link rel="stylesheet" href="http://assets.mybcdna.com/css/sitecss2.css?64244" type="text/css">
<link rel="stylesheet" href="http://assets.mybcdna.com//css/apps/HomeBeforeLogin/hblv2.css?64244" type="text/css">
<link rel="stylesheet" href="http://assets.mybcdna.com//css/registration/new/registration.css?64244" type="text/css">
<style type="text/css">
...[SNIP]...
</style>

<link rel="shortcut icon" href="http://assets.mybcdna.com//favicon.ico" type="image/ico">
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/jQuery.js?64244"></script>
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript/common.js?64244"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript//apps/jQuery-1.2.6/Plugins/jquery.validate-1.3.2/jquery.validate.js?64244"></script>
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript//registration/new/registration.js?64244"></script>
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript//apps/jQuery-1.3.2/Plugins/myYearbook.DragonDrop/myYearbook.DragonDrop.js?64244"></script>
<script type="text/javascript" src="http://assets.mybcdna.com/JavaScript//apps/Connect/Connect.js?64244"></script>
...[SNIP]...
( function() { FB.login( function( response ) {Connect.Facebook.connectLoginStatus( response ); }, {perms:Connect.config.Facebook.permissions_string} );}, 'Facebook' );">

<img id="fb_login_image" src="http://assets.mybcdna.com/images/Connect/fb_login_xlg.png" alt="Connect" />
</a>
...[SNIP]...
</h3>
<img src="http://assets.mybcdna.com/images/Connect/hbl_as_featured_in.png" />
</div>
...[SNIP]...

1.171. http://www.politicaldisgust.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.politicaldisgust.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.politicaldisgust.com/?cat=37

The response contains the following links to other domains:

http://44ca11ab-e665-4868-8ec3-ad41960012c9/EFCA_Rally_ALF-CIO_cropped.jpg
http://digg.com/api/diggthis.js
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://feeds.feedburner.com/politicaldisgust
http://feeds.feedburner.com/~fc/politicaldisgust?bg=000000&fg=ffffff&anim=0
http://finance.yahoo.com/news/How-the-middle-class-became-cnnm-2876148381.html
http://img1.cdn.adjuggler.com/banners/ajtg.js
http://izearanks.com/itk/show/politicaldisgust-com
http://player.jambovideonetwork.com/js/player.php?pubsite_id=12462&pr=12579
http://politicalirony.com/
http://socialspark.com/images/claimdot.gif
http://thefabempire.com/2010/01/26/state-of-the-union-viewing-reception-at-z-lounge/
http://tinyurl.com/2b5ojn
http://validator.w3.org/check?uri=referer
http://wordpress.org/
http://www.bestnewspolitics.com/
http://www.blogcatalog.com/directory/politics
http://www.blogcatalog.com/images/buttons/blogcatalog5.gif
http://www.blogged.com/
http://www.blogged.com/icons/vn_ja_1010896.gif
http://www.celebgossipnet.com/
http://www.dcsavvy.com/
http://www.descoop.com/
http://www.feedburner.com/
http://www.fhaloanprogram.com/
http://www.gamingahead.com/
http://www.level4collective.com/
http://www.newsmakers.co.uk/
http://www.solostream.com/
http://www.statcounter.com/counter/counter_xhtml.js
http://www.streetread.com/
http://www.theamericanvoters.com/forums
http://www.vr1online.com/
http://www.worldsitelist.com/
http://www.youtube.com/v/sxBl9BXLom4&hl=en&fs=1
https://www.e-junkie.com/ecom/gb.php?ii=59524&c=ib&aff=21117&ev=cfb9cd71a6

Request

GET /?cat=37 HTTP/1.1
Host: www.politicaldisgust.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=blu8eif9e3o7hld6vnv6ariv25

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:31:40 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.11
X-Pingback: http://www.politicaldisgust.com/xmlrpc.php
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 51924

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head profile="http://gmpg.org/x
...[SNIP]...
</script><script type="text/javascript" language="JavaScript" src="http://img1.cdn.adjuggler.com/banners/ajtg.js"></script>
...[SNIP]...
<div class="textwidget"><a target="_blank" href="http://www.streetread.com"><b>
...[SNIP]...
<br>
<a target="_blank" href="http://www.celebgossipnet.com"><b>
...[SNIP]...
<br>
<a target="_blank" href="http://www.gamingahead.com">
<b>
...[SNIP]...
<br>
<a target="_blank" href="http://www.theamericanvoters.com/forums">
<b>
...[SNIP]...
<br>
<a target="_blank" href="http://www.descoop.com">
<b>
...[SNIP]...
<br>
<a target="_blank" href="http://www.bestnewspolitics.com">
<b>
...[SNIP]...
<br>
<a target="_blank" href="http://politicalirony.com/">
<b>
...[SNIP]...
<br>
<a target="_blank" href="http://www.vr1online.com/">
<b>
...[SNIP]...
<br>
<a target="_blank" href="http://www.dcsavvy.com">
<b>
...[SNIP]...
<br>
<a target="_blank" href="http://www.newsmakers.co.uk">
<b>
...[SNIP]...
<div class="textwidget">
<a href="https://www.e-junkie.com/ecom/gb.php?ii=59524&c=ib&aff=21117&ev=cfb9cd71a6" target="ejejcsingle" ><b>
...[SNIP]...
<br><a href="http://www.worldsitelist.com/">World Site List</a><br>
<a href="http://www.blogged.com">
<img src="http://www.blogged.com/icons/vn_ja_1010896.gif" border="0" alt="Blog Directory - Blogged" title="Blog Directory - Blogged" /></a><a href="http://www.blogcatalog.com/directory/politics" title="Political Blogs - BlogCatalog Blog Directory"><img src="http://www.blogcatalog.com/images/buttons/blogcatalog5.gif" alt="Political Blogs - BlogCatalog Blog Directory" style="border: 0;" /></div>
...[SNIP]...
<li><a href="http://wordpress.org/" title="Powered by WordPress, state-of-the-art semantic personal publishing platform.">WordPress.org</a>
...[SNIP]...
<p style="text-align: center;"><img class="aligncenter" src="//44CA11AB-E665-4868-8EC3-AD41960012C9/EFCA_Rally_ALF-CIO_cropped.jpg" alt="EFCA_Rally_ALF-CIO_cropped.jpg" width="335" height="448" /></p>
...[SNIP]...
<p>CNN Money’s Annalyn Censky recently examined the decline of the middle class in a piece that ran on Yahoo Finance Wednesday. In the rather lengthy examination, which you can read <a href="http://finance.yahoo.com/news/How-the-middle-class-became-cnnm-2876148381.html" target="_blank">here</a>
...[SNIP]...
<p style="text-align: center;"><a href="http://thefabempire.com/2010/01/26/state-of-the-union-viewing-reception-at-z-lounge/"><img class="size-full wp-image-1651 aligncenter" src="http://www.politicaldisgust.com/wp-content/uploads/2011/01/25obama5_600.jpg" alt="25obama5_600" width="600" height="331" />
...[SNIP]...
</script><script type="text/javascript" src="http://digg.com/api/diggthis.js"></script>
...[SNIP]...
<p><object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width="325" height="244" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0"><param name="allowFullScreen" value="true" />
...[SNIP]...
<param name="src" value="http://www.youtube.com/v/sxBl9BXLom4&hl=en&fs=1" /><embed type="application/x-shockwave-flash" width="325" height="244" src="http://www.youtube.com/v/sxBl9BXLom4&hl=en&fs=1" allowscriptaccess="always" allowfullscreen="true"></embed>
...[SNIP]...
<br>
Delivered by <a href="http://www.feedburner.com" target="_blank">FeedBurner</a></p><p><a href="http://feeds.feedburner.com/politicaldisgust"><img src="http://feeds.feedburner.com/~fc/politicaldisgust?bg=000000&fg=ffffff&anim=0" height="26" width="88" style="border:0" alt="" /></a>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://player.jambovideonetwork.com/js/player.php?pubsite_id=12462&pr=12579"></script>
...[SNIP]...
<div class="textwidget">Learn about getting an <a target="_blank" href="http://www.fhaloanprogram.com"><b>
...[SNIP]...
<br>
<a target="_blank" href="http://www.level4collective.com">
<b>
...[SNIP]...
</script><script type="text/javascript" language="JavaScript" src="http://img1.cdn.adjuggler.com/banners/ajtg.js"></script>
...[SNIP]...
</script><script type="text/javascript" language="JavaScript" src="http://img1.cdn.adjuggler.com/banners/ajtg.js"></script>
...[SNIP]...
</script><script type="text/javascript" language="JavaScript" src="http://img1.cdn.adjuggler.com/banners/ajtg.js"></script>
...[SNIP]...
</a> 2008. All rights reserved. Powered by <a href="http://wordpress.org/">WordPress</a>. <a href="http://www.solostream.com">Wordpress Themes</a>. <a href="http://validator.w3.org/check?uri=referer">XHTML</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter_xhtml.js"></script>

<script type="text/javascript" src="http://tinyurl.com/2b5ojn"></script>
<img src="http://socialspark.com/images/claimdot.gif" alt="ss_blog_claim=f6da28c37539386f43e10ed620bcd1f0" /> <script type="text/javascript" src="http://izearanks.com/itk/show/politicaldisgust-com"></script>
<script type="text/javascript" src="http://izearanks.com/itk/show/politicaldisgust-com"></script>
<img src="http://socialspark.com/images/claimdot.gif" alt="ss_blog_claim=f6da28c37539386f43e10ed620bcd1f0" />
</body>
...[SNIP]...

1.172. http://www.quantcast.com/top-sites/US/2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.quantcast.com
Path:	/top-sites/US/2

Issue detail

The page was loaded from a URL containing a query string:

http://www.quantcast.com/top-sites/US/2;jsessionid=F8C72CDB444E881F86E48F2534922FBE

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js
http://pixel.quantserve.com/pixel/p-9fYuixa7g_Hm2.gif

Request

GET /top-sites/US/2;jsessionid=F8C72CDB444E881F86E48F2534922FBE HTTP/1.1
Host: www.quantcast.com
Proxy-Connection: keep-alive
Referer: http://www.quantcast.com/top-sites-1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1138661367-1297862290557; __utmz=14861494.1297862294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=14861494.1792645891.1297862294.1300542320.1300624433.14; __utmc=14861494; __utmb=14861494.3.8.1300624434708; qcPageID=0; qcVisitor=2|47|1297862270597|112|NOTSET; JSESSIONID=686CB50C4B2A374C14A6F4326B6BFF47

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=B94D2CC7C2AFAD1E9C82A692FB8A28C9; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 12:33:56 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html>

<head>

<meta http-equiv="Content-Type" content="text/
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js"></script>
...[SNIP]...
<div style="display: none;"><img src="http://pixel.quantserve.com/pixel/p-9fYuixa7g_Hm2.gif" height="1" width="1" alt="Quantcast"/></div>
...[SNIP]...

1.173. http://www.reliant.com/en_US/Page/Shop/Public/misc_LockedandLow_100_landingpage.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.reliant.com
Path:	/en_US/Page/Shop/Public/misc_LockedandLow_100_landingpage.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.reliant.com/en_US/Page/Shop/Public/misc_LockedandLow_100_landingpage.jsp?bc968'-alert(document.cookie)-'fdd40018f76=1&msg_code=|browser_support

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js
http://www.facebook.com/reliantenergy
http://www.flickr.com/ReliantEnergy
http://www.linkedin.com/company/157334
http://www.twitter.com/ReliantEnergy
http://www.youtube.com/ReliantEnergy

Request

GET /en_US/Page/Shop/Public/misc_LockedandLow_100_landingpage.jsp?bc968'-alert(document.cookie)-'fdd40018f76=1&msg_code=|browser_support HTTP/1.1
Host: www.reliant.com
Proxy-Connection: keep-alive
Referer: http://www.reliant.com/en_US/Page/Shop/Public/misc_LockedandLow_100_landingpage.jsp?bc968'-alert(document.cookie)-'fdd40018f76=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i_chronicle_id=090175228036e945; UserSessionFilterCookieID=730AC166-140D-01EA-2789-A816B0F33610; JSESSIONID=F3E703A189A9026310F9CC3DA2E5179F; language_code=en_US; site_location=Shop; CurrentAccountSegment=Generic; mbox=check#true#1300630048|session#1300629987035-862457#1300631848; s_cc=true; s_nr=1300629988527-New; s_evar17=9%3A00AM; s_evar18=Sunday; s_evar19=Weekend; c=undefinedburpburp; s_evar37cvp=%5B%5B'Other%20Referrers'%2C'1300629988532'%5D%5D; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Sun, 20 Mar 2011 14:06:26 GMT
Cache-control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-cookie: JSESSIONID=5127BF17E38795CB9418DF64FFBB9084; Path=/
Set-cookie: language_code=en_US; Domain=.reliant.com; Path=/
Set-cookie: i_chronicle_id=090175228036e945
Set-cookie: site_location=Shop; Domain=.reliant.com; Path=/
Set-cookie: CurrentAccountSegment=Generic; Domain=.reliant.com; Path=/
Pragma: no-cache
Content-type: text/html;charset=utf-8
Via: 1.1 https-www.reliant.com
Proxy-agent: Oracle-iPlanet-Web-Server/7.0
Content-Length: 81899

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd
...[SNIP]...
<li><a href="http://www.facebook.com/reliantenergy" target="_blank"><img src="/en_US/Images/Content_Images/Misc/soclnk_facebook_icon.png" title="Facebook" alt="Facebook"/>
...[SNIP]...
<li><a href="http://www.twitter.com/ReliantEnergy" target="_blank"><img src="/en_US/Images/Content_Images/Misc/soclnk_twitter_icon.png" title="Twitter" alt="Twitter"/>
...[SNIP]...
<li><a href="http://www.flickr.com/ReliantEnergy" target="_blank"><img src="/en_US/Images/Content_Images/Misc/soclnk_flickr_icon.png" title="Flickr" alt="Flickr"/>
...[SNIP]...
<li><a href="http://www.linkedin.com/company/157334" target="_blank"><img src="/en_US/Images/Content_Images/Misc/soclnk_linkedin_icon.png" title="LinkedIn" alt="LinkedIn"/>
...[SNIP]...
<li><a href="http://www.youtube.com/ReliantEnergy" target="_blank"><img src="/en_US/Images/Content_Images/Misc/soclnk_youtube_icon.png" title="YouTube" alt="YouTube"/>
...[SNIP]...
<div class="smartLeftCol">

<script language="javascript" type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js"></script>
...[SNIP]...

1.174. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=icur2yy4me&mid=241700943

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3422303&dw=50&dh=50&cs=093b352d5620a327efb2db9f7ea9af0c&rnd=567

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=icur2yy4me&mid=241700943 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3422303&dw=50&dh=50&cs=093b352d5620a327efb2db9f7ea9af0c&rnd=567
Content-Length: 153
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:55:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:55:21 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3422303&dw=50&dh=50&cs=093b352d5620a327efb2db9f7ea9af0c&rnd=567">here</a>

1.175. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=rjmulnx&mid=250528472

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1690353&dw=50&dh=50&cs=dd38097f46642b066f53f684eef15562&rnd=6568

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=rjmulnx&mid=250528472 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1690353&dw=50&dh=50&cs=dd38097f46642b066f53f684eef15562&rnd=6568
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:50:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:50:20 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1690353&dw=50&dh=50&cs=dd38097f46642b066f53f684eef15562&rnd=6568">here</a>

1.176. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=nannadebbie59&mid=250998556

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1957497&dw=50&dh=50&cs=5397d5d3deac2b925fd64ea0c77dd826&rnd=3143

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=nannadebbie59&mid=250998556 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1957497&dw=50&dh=50&cs=5397d5d3deac2b925fd64ea0c77dd826&rnd=3143
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:57:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:57:21 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1957497&dw=50&dh=50&cs=5397d5d3deac2b925fd64ea0c77dd826&rnd=3143">here</a>

1.177. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=pakuna&mid=250376776

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1687466&dw=50&dh=50&cs=21bb915c59db54a74c2689010bcc9779&rnd=4293

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=pakuna&mid=250376776 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1687466&dw=50&dh=50&cs=21bb915c59db54a74c2689010bcc9779&rnd=4293
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:25:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:25:28 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1687466&dw=50&dh=50&cs=21bb915c59db54a74c2689010bcc9779&rnd=4293">here</a>

1.178. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=bcampbell27&mid=249472317

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1486527&dw=50&dh=50&cs=70193bf5440f976ddcb8c33a1ac281b8&rnd=8801

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=bcampbell27&mid=249472317 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1486527&dw=50&dh=50&cs=70193bf5440f976ddcb8c33a1ac281b8&rnd=8801
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:17:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:17:27 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1486527&dw=50&dh=50&cs=70193bf5440f976ddcb8c33a1ac281b8&rnd=8801">here</a>

1.179. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=aleja1966&mid=244074053

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1247308&dw=50&dh=50&cs=bc82f574d774073b908dce0b8c1a716c&rnd=2816

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=aleja1966&mid=244074053 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1247308&dw=50&dh=50&cs=bc82f574d774073b908dce0b8c1a716c&rnd=2816
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:21:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:21:28 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1247308&dw=50&dh=50&cs=bc82f574d774073b908dce0b8c1a716c&rnd=2816">here</a>

1.180. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=ram727&mid=247190973

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1145998&dw=50&dh=50&cs=e47d8db294b555422898cae534fcb01a&rnd=779

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=ram727&mid=247190973 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1145998&dw=50&dh=50&cs=e47d8db294b555422898cae534fcb01a&rnd=779
Content-Length: 153
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:55:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:55:21 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1145998&dw=50&dh=50&cs=e47d8db294b555422898cae534fcb01a&rnd=779">here</a>

1.181. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=EdibleInsanity&mid=250177752

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2833563&dw=50&dh=50&cs=205bc0ba747a4ad810be5b0311402c0a&rnd=802

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=EdibleInsanity&mid=250177752 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; mbox=check#true#1300624515|session#1300624454318-408793#1300626315; s_pn=%2Fhome.jsp; s_nr=1300624454448; s_cc=true; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __cs_rr=1; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.1.10.1300624455; s_ppv=31; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2833563&dw=50&dh=50&cs=205bc0ba747a4ad810be5b0311402c0a&rnd=802
Content-Length: 153
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:35:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:35:17 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2833563&dw=50&dh=50&cs=205bc0ba747a4ad810be5b0311402c0a&rnd=802">here</a>

1.182. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=hlghlg&mid=251175289

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2143578&dw=50&dh=50&cs=6771aa4a8673fe2bdade3170502b9088&rnd=1894

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=hlghlg&mid=251175289 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2143578&dw=50&dh=50&cs=6771aa4a8673fe2bdade3170502b9088&rnd=1894
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:03:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:03:22 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2143578&dw=50&dh=50&cs=6771aa4a8673fe2bdade3170502b9088&rnd=1894">here</a>

1.183. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=0AKDRAGON&mid=249121418

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=806879&dw=50&dh=50&cs=c1ea165995d1968137a5717886a089bc&rnd=1260

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=0AKDRAGON&mid=249121418 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=806879&dw=50&dh=50&cs=c1ea165995d1968137a5717886a089bc&rnd=1260
Content-Length: 153
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:40:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:40:18 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=806879&dw=50&dh=50&cs=c1ea165995d1968137a5717886a089bc&rnd=1260">here</a>

1.184. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=dolly2478&mid=251738409

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2741524&dw=50&dh=50&cs=ef61b62b35252aa3c28d5292fcb76393&rnd=7038

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=dolly2478&mid=251738409 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2741524&dw=50&dh=50&cs=ef61b62b35252aa3c28d5292fcb76393&rnd=7038
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:26:30 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:26:30 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2741524&dw=50&dh=50&cs=ef61b62b35252aa3c28d5292fcb76393&rnd=7038">here</a>

1.185. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=cateyes23&mid=58755366

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1242125&dw=50&dh=50&cs=0652aa4b5d800d20d88d0770442ddf23&rnd=7920

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=cateyes23&mid=58755366 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1242125&dw=50&dh=50&cs=0652aa4b5d800d20d88d0770442ddf23&rnd=7920
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:41:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:41:18 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1242125&dw=50&dh=50&cs=0652aa4b5d800d20d88d0770442ddf23&rnd=7920">here</a>

1.186. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=LadyIce01&mid=231137776

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3458356&dw=50&dh=50&cs=a79f5c37af7197c7c16dd131f9c7748d&rnd=2955

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=LadyIce01&mid=231137776 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3458356&dw=50&dh=50&cs=a79f5c37af7197c7c16dd131f9c7748d&rnd=2955
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:38:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:38:17 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3458356&dw=50&dh=50&cs=a79f5c37af7197c7c16dd131f9c7748d&rnd=2955">here</a>

1.187. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=SweetDreamsCherry&mid=251173376

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2140132&dw=50&dh=50&cs=b6847780bc3eb168f26ce25eb7bb5d3f&rnd=3426

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=SweetDreamsCherry&mid=251173376 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2140132&dw=50&dh=50&cs=b6847780bc3eb168f26ce25eb7bb5d3f&rnd=3426
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:20:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:20:27 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2140132&dw=50&dh=50&cs=b6847780bc3eb168f26ce25eb7bb5d3f&rnd=3426">here</a>

1.188. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=laujunbo&mid=251027544

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2129007&dw=50&dh=50&cs=44a1ab495b82dc4844b797fbcf45b755&rnd=4641

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=laujunbo&mid=251027544 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2129007&dw=50&dh=50&cs=44a1ab495b82dc4844b797fbcf45b755&rnd=4641
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:51:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:51:20 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2129007&dw=50&dh=50&cs=44a1ab495b82dc4844b797fbcf45b755&rnd=4641">here</a>

1.189. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=navypeg&mid=249816846

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2062559&dw=50&dh=50&cs=77b8a1622f94b549b8fd7b8ea4a95274&rnd=7101

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=navypeg&mid=249816846 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2062559&dw=50&dh=50&cs=77b8a1622f94b549b8fd7b8ea4a95274&rnd=7101
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:14:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:14:25 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2062559&dw=50&dh=50&cs=77b8a1622f94b549b8fd7b8ea4a95274&rnd=7101">here</a>

1.190. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=azgodmom&mid=94600234

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2223093&dw=50&dh=50&cs=3be67396e1f573273a49a7f9438213c9&rnd=5393

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=azgodmom&mid=94600234 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2223093&dw=50&dh=50&cs=3be67396e1f573273a49a7f9438213c9&rnd=5393
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:21:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:21:27 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2223093&dw=50&dh=50&cs=3be67396e1f573273a49a7f9438213c9&rnd=5393">here</a>

1.191. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=&screenname=DanaOfShock&mid=

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=547816&dw=50&dh=50&cs=cb69c803b3243b8b6dbec5a5c3f84db1&rnd=9

Request

GET /member/avatarViewer.jsp?p=1&size=&screenname=DanaOfShock&mid= HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; mbox=check#true#1300624515|session#1300624454318-408793#1300626315; s_pn=%2Fhome.jsp; s_ppv=0; s_nr=1300624454448; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=547816&dw=50&dh=50&cs=cb69c803b3243b8b6dbec5a5c3f84db1&rnd=9
Content-Length: 150
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:34:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:34:16 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=547816&dw=50&dh=50&cs=cb69c803b3243b8b6dbec5a5c3f84db1&rnd=9">here</a>

1.192. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=Zbenzman&mid=251126615

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3081759&dw=50&dh=50&cs=d281f16d0dda3d0a1298c2d1721290ea&rnd=6323

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=Zbenzman&mid=251126615 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3081759&dw=50&dh=50&cs=d281f16d0dda3d0a1298c2d1721290ea&rnd=6323
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:25:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:25:28 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3081759&dw=50&dh=50&cs=d281f16d0dda3d0a1298c2d1721290ea&rnd=6323">here</a>

1.193. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=deianera&mid=249577166

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2622589&dw=50&dh=50&cs=52f30a349cb9dd0e478a1af6b8001f52&rnd=150

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=deianera&mid=249577166 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2622589&dw=50&dh=50&cs=52f30a349cb9dd0e478a1af6b8001f52&rnd=150
Content-Length: 153
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:37:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:37:17 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2622589&dw=50&dh=50&cs=52f30a349cb9dd0e478a1af6b8001f52&rnd=150">here</a>

1.194. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=sue1964&mid=251284384

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2259930&dw=50&dh=50&cs=78252d94c81717482bee75f2ad3db424&rnd=4544

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=sue1964&mid=251284384 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; mbox=check#true#1300624515|session#1300624454318-408793#1300626315; s_pn=%2Fhome.jsp; s_ppv=0; s_nr=1300624454448; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2259930&dw=50&dh=50&cs=78252d94c81717482bee75f2ad3db424&rnd=4544
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:34:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:34:16 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2259930&dw=50&dh=50&cs=78252d94c81717482bee75f2ad3db424&rnd=4544">here</a>

1.195. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=housemama&mid=76007613

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2805928&dw=50&dh=50&cs=b1f474ba9b4db441a7b7c55372ab7b89&rnd=6402

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=housemama&mid=76007613 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2805928&dw=50&dh=50&cs=b1f474ba9b4db441a7b7c55372ab7b89&rnd=6402
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:52:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:52:20 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2805928&dw=50&dh=50&cs=b1f474ba9b4db441a7b7c55372ab7b89&rnd=6402">here</a>

1.196. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=redwallet07&mid=251702911

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3476510&dw=50&dh=50&cs=8fcdac7e9a352cf15fc2ebaf6808e42e&rnd=475

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=redwallet07&mid=251702911 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3476510&dw=50&dh=50&cs=8fcdac7e9a352cf15fc2ebaf6808e42e&rnd=475
Content-Length: 153
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:16:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:16:26 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3476510&dw=50&dh=50&cs=8fcdac7e9a352cf15fc2ebaf6808e42e&rnd=475">here</a>

1.197. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=magicalunicorn001&mid=249585595

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=727599&dw=50&dh=50&cs=c3d926dcd8effb28b6cc8bb8232e418b&rnd=3304

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=magicalunicorn001&mid=249585595 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=727599&dw=50&dh=50&cs=c3d926dcd8effb28b6cc8bb8232e418b&rnd=3304
Content-Length: 153
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:15:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:15:26 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=727599&dw=50&dh=50&cs=c3d926dcd8effb28b6cc8bb8232e418b&rnd=3304">here</a>

1.198. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=GelidGuy&mid=244828213

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=649912&dw=50&dh=50&cs=3849ec058ef4bab89af78a6d026a3f30&rnd=7

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=GelidGuy&mid=244828213 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=649912&dw=50&dh=50&cs=3849ec058ef4bab89af78a6d026a3f30&rnd=7
Content-Length: 150
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:56:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:56:21 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=649912&dw=50&dh=50&cs=3849ec058ef4bab89af78a6d026a3f30&rnd=7">here</a>

1.199. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=nicbuddy&mid=246877806

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1526873&dw=50&dh=50&cs=db4b06180c3d81999f76a81760e6aefd&rnd=3978

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=nicbuddy&mid=246877806 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; mbox=check#true#1300624515|session#1300624454318-408793#1300626315; s_pn=%2Fhome.jsp; s_ppv=0; s_nr=1300624454448; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1526873&dw=50&dh=50&cs=db4b06180c3d81999f76a81760e6aefd&rnd=3978
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:34:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:34:16 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1526873&dw=50&dh=50&cs=db4b06180c3d81999f76a81760e6aefd&rnd=3978">here</a>

1.200. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=michelle1954&mid=207146408

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2062667&dw=50&dh=50&cs=1c31d448652e73e5fd218bc95f858d80&rnd=4811

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=michelle1954&mid=207146408 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2062667&dw=50&dh=50&cs=1c31d448652e73e5fd218bc95f858d80&rnd=4811
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:42:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:42:18 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2062667&dw=50&dh=50&cs=1c31d448652e73e5fd218bc95f858d80&rnd=4811">here</a>

1.201. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=rosiejo92&mid=50980646

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2443454&dw=50&dh=50&cs=3d2a3198e2b796f0e87a56768d71ca03&rnd=1495

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=rosiejo92&mid=50980646 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2443454&dw=50&dh=50&cs=3d2a3198e2b796f0e87a56768d71ca03&rnd=1495
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:54:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:54:21 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2443454&dw=50&dh=50&cs=3d2a3198e2b796f0e87a56768d71ca03&rnd=1495">here</a>

1.202. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=missusslippy&mid=250764912

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1843272&dw=50&dh=50&cs=0f8ea87795e04385b870c43d228e74d2&rnd=8727

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=missusslippy&mid=250764912 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1843272&dw=50&dh=50&cs=0f8ea87795e04385b870c43d228e74d2&rnd=8727
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:01:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:01:21 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1843272&dw=50&dh=50&cs=0f8ea87795e04385b870c43d228e74d2&rnd=8727">here</a>

1.203. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=pip2010&mid=251437678

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2582878&dw=50&dh=50&cs=d2e9e885338b84109aa4e9feeba2749b&rnd=1849

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=pip2010&mid=251437678 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2582878&dw=50&dh=50&cs=d2e9e885338b84109aa4e9feeba2749b&rnd=1849
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:01:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:01:22 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2582878&dw=50&dh=50&cs=d2e9e885338b84109aa4e9feeba2749b&rnd=1849">here</a>

1.204. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=blueyesoul&mid=249463364

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=813508&dw=50&dh=50&cs=c25c82f1e6294da091e95f59628c7ae6&rnd=3827

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=blueyesoul&mid=249463364 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=813508&dw=50&dh=50&cs=c25c82f1e6294da091e95f59628c7ae6&rnd=3827
Content-Length: 153
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:11:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:11:25 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=813508&dw=50&dh=50&cs=c25c82f1e6294da091e95f59628c7ae6&rnd=3827">here</a>

1.205. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=MountainMama&mid=244528156

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=617987&dw=50&dh=50&cs=6721bc9d4f4e64e233c788a17d3f4f93&rnd=7

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=MountainMama&mid=244528156 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=617987&dw=50&dh=50&cs=6721bc9d4f4e64e233c788a17d3f4f93&rnd=7
Content-Length: 150
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:37:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:37:17 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=617987&dw=50&dh=50&cs=6721bc9d4f4e64e233c788a17d3f4f93&rnd=7">here</a>

1.206. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=yokiyen&mid=111214445

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1247453&dw=50&dh=50&cs=7de0d32fce6d024bd4267e0221099cd0&rnd=3298

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=yokiyen&mid=111214445 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1247453&dw=50&dh=50&cs=7de0d32fce6d024bd4267e0221099cd0&rnd=3298
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:17:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:17:27 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1247453&dw=50&dh=50&cs=7de0d32fce6d024bd4267e0221099cd0&rnd=3298">here</a>

1.207. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=horsecrazy912&mid=252132089

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3562305&dw=50&dh=50&cs=0df8044c3f2e4bd20f0d84f27b0f3cea&rnd=9835

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=horsecrazy912&mid=252132089 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3562305&dw=50&dh=50&cs=0df8044c3f2e4bd20f0d84f27b0f3cea&rnd=9835
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:04:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:04:22 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3562305&dw=50&dh=50&cs=0df8044c3f2e4bd20f0d84f27b0f3cea&rnd=9835">here</a>

1.208. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=dayhooter&mid=251718991

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2700723&dw=50&dh=50&cs=bc8fbacde576d6c83370cc5cbcfaaf0a&rnd=1218

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=dayhooter&mid=251718991 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2700723&dw=50&dh=50&cs=bc8fbacde576d6c83370cc5cbcfaaf0a&rnd=1218
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:47:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:47:19 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2700723&dw=50&dh=50&cs=bc8fbacde576d6c83370cc5cbcfaaf0a&rnd=1218">here</a>

1.209. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=liltim&mid=109095629

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=890720&dw=50&dh=50&cs=516b79dce68049bfb5a2237ce0289f6f&rnd=2974

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=liltim&mid=109095629 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=890720&dw=50&dh=50&cs=516b79dce68049bfb5a2237ce0289f6f&rnd=2974
Content-Length: 153
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:36:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:36:17 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=890720&dw=50&dh=50&cs=516b79dce68049bfb5a2237ce0289f6f&rnd=2974">here</a>

1.210. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=dggsss45&mid=251617320

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2909660&dw=50&dh=50&cs=bc949535cb4d2cbb6d2fd92ee84376be&rnd=9272

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=dggsss45&mid=251617320 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2909660&dw=50&dh=50&cs=bc949535cb4d2cbb6d2fd92ee84376be&rnd=9272
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:38:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:38:17 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2909660&dw=50&dh=50&cs=bc949535cb4d2cbb6d2fd92ee84376be&rnd=9272">here</a>

1.211. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=myladygirls&mid=249096475

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1568894&dw=50&dh=50&cs=f89c4421d29a4a9a8ae05c577b4cd537&rnd=9189

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=myladygirls&mid=249096475 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1568894&dw=50&dh=50&cs=f89c4421d29a4a9a8ae05c577b4cd537&rnd=9189
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:58:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:58:21 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1568894&dw=50&dh=50&cs=f89c4421d29a4a9a8ae05c577b4cd537&rnd=9189">here</a>

1.212. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=dannysgranny&mid=247293692

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2565709&dw=50&dh=50&cs=7341859c002110bbd49d37e2205738e5&rnd=3891

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=dannysgranny&mid=247293692 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2565709&dw=50&dh=50&cs=7341859c002110bbd49d37e2205738e5&rnd=3891
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:51:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:51:20 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2565709&dw=50&dh=50&cs=7341859c002110bbd49d37e2205738e5&rnd=3891">here</a>

1.213. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=kaustubh25&mid=252050441

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3580823&dw=50&dh=50&cs=49128f47c6154671b175e73cb6361575&rnd=4183

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=kaustubh25&mid=252050441 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3580823&dw=50&dh=50&cs=49128f47c6154671b175e73cb6361575&rnd=4183
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:12:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:12:25 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3580823&dw=50&dh=50&cs=49128f47c6154671b175e73cb6361575&rnd=4183">here</a>

1.214. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=Mama6&mid=221255400

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1344255&dw=50&dh=50&cs=867af49f1aaf91010424d66db80bb7ba&rnd=4300

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=Mama6&mid=221255400 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1344255&dw=50&dh=50&cs=867af49f1aaf91010424d66db80bb7ba&rnd=4300
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:44:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:44:18 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1344255&dw=50&dh=50&cs=867af49f1aaf91010424d66db80bb7ba&rnd=4300">here</a>

1.215. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=chadodie&mid=251785015

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2815379&dw=50&dh=50&cs=ae6a1917152d691bced2998e97df922c&rnd=3281

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=chadodie&mid=251785015 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2815379&dw=50&dh=50&cs=ae6a1917152d691bced2998e97df922c&rnd=3281
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:17:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:17:27 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2815379&dw=50&dh=50&cs=ae6a1917152d691bced2998e97df922c&rnd=3281">here</a>

1.216. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=youngamer&mid=89082614

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2335838&dw=50&dh=50&cs=cb49ac8718e4f84c0071d32a49cb44d7&rnd=9507

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=youngamer&mid=89082614 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2335838&dw=50&dh=50&cs=cb49ac8718e4f84c0071d32a49cb44d7&rnd=9507
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:38:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:38:17 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2335838&dw=50&dh=50&cs=cb49ac8718e4f84c0071d32a49cb44d7&rnd=9507">here</a>

1.217. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=brookiecookie1994&mid=249410628

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1170027&dw=50&dh=50&cs=12f57778e8ff91b0ca8590fe87fa3310&rnd=4940

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=brookiecookie1994&mid=249410628 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1170027&dw=50&dh=50&cs=12f57778e8ff91b0ca8590fe87fa3310&rnd=4940
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:23:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:23:28 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1170027&dw=50&dh=50&cs=12f57778e8ff91b0ca8590fe87fa3310&rnd=4940">here</a>

1.218. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=Jinty684&mid=17189132

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1313965&dw=50&dh=50&cs=68d824a1b27b219cbfdf8822848a82b0&rnd=5947

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=Jinty684&mid=17189132 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1313965&dw=50&dh=50&cs=68d824a1b27b219cbfdf8822848a82b0&rnd=5947
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:10:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:10:25 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1313965&dw=50&dh=50&cs=68d824a1b27b219cbfdf8822848a82b0&rnd=5947">here</a>

1.219. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=Bubba07&mid=12715875

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1340991&dw=50&dh=50&cs=fb57041aaeb4b72ae8f8161d9677e67b&rnd=9892

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=Bubba07&mid=12715875 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1340991&dw=50&dh=50&cs=fb57041aaeb4b72ae8f8161d9677e67b&rnd=9892
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:56:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:56:21 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1340991&dw=50&dh=50&cs=fb57041aaeb4b72ae8f8161d9677e67b&rnd=9892">here</a>

1.220. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=butterflies090605&mid=248726144

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1470522&dw=50&dh=50&cs=80b39db725c6b7a18e05d6f09b1586b0&rnd=3823

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=butterflies090605&mid=248726144 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1470522&dw=50&dh=50&cs=80b39db725c6b7a18e05d6f09b1586b0&rnd=3823
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:48:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:48:19 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1470522&dw=50&dh=50&cs=80b39db725c6b7a18e05d6f09b1586b0&rnd=3823">here</a>

1.221. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=samstones&mid=251065159

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2163413&dw=50&dh=50&cs=575e58d4805365f70381d6d4c907981b&rnd=5238

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=samstones&mid=251065159 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2163413&dw=50&dh=50&cs=575e58d4805365f70381d6d4c907981b&rnd=5238
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:09:24 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:09:24 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2163413&dw=50&dh=50&cs=575e58d4805365f70381d6d4c907981b&rnd=5238">here</a>

1.222. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=lyndac90&mid=105344493

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=624028&dw=50&dh=50&cs=f1fdf3c812d2b479bdfb9f3a3d3cc838&rnd=3698

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=lyndac90&mid=105344493 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=624028&dw=50&dh=50&cs=f1fdf3c812d2b479bdfb9f3a3d3cc838&rnd=3698
Content-Length: 153
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:56:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:56:21 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=624028&dw=50&dh=50&cs=f1fdf3c812d2b479bdfb9f3a3d3cc838&rnd=3698">here</a>

1.223. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=HD990&mid=251831857

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2929886&dw=50&dh=50&cs=b91a322ace08faeaffd9582bd4083cf2&rnd=7733

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=HD990&mid=251831857 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2929886&dw=50&dh=50&cs=b91a322ace08faeaffd9582bd4083cf2&rnd=7733
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:12:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:12:25 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2929886&dw=50&dh=50&cs=b91a322ace08faeaffd9582bd4083cf2&rnd=7733">here</a>

1.224. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=millyghost&mid=251813082

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3317076&dw=50&dh=50&cs=e0195ee7a39028b9051ff95b8eaacb7d&rnd=9781

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=millyghost&mid=251813082 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3317076&dw=50&dh=50&cs=e0195ee7a39028b9051ff95b8eaacb7d&rnd=9781
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:11:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:11:25 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3317076&dw=50&dh=50&cs=e0195ee7a39028b9051ff95b8eaacb7d&rnd=9781">here</a>

1.225. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=geckopucko&mid=250843289

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1718652&dw=50&dh=50&cs=c44128126e2ccd87e41ab55b8cd09e23&rnd=508

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=geckopucko&mid=250843289 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1718652&dw=50&dh=50&cs=c44128126e2ccd87e41ab55b8cd09e23&rnd=508
Content-Length: 153
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:39:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:39:17 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1718652&dw=50&dh=50&cs=c44128126e2ccd87e41ab55b8cd09e23&rnd=508">here</a>

1.226. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=dq50&mid=250285302

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3382865&dw=50&dh=50&cs=51ef79c8a8ac2dd830847baf81c4a9f4&rnd=9925

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=dq50&mid=250285302 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3382865&dw=50&dh=50&cs=51ef79c8a8ac2dd830847baf81c4a9f4&rnd=9925
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:42:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:42:18 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3382865&dw=50&dh=50&cs=51ef79c8a8ac2dd830847baf81c4a9f4&rnd=9925">here</a>

1.227. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=JennyAnyDots&mid=249085240

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1403574&dw=50&dh=50&cs=bfe06a1ef34aba300c4a60566f108ee8&rnd=5849

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=JennyAnyDots&mid=249085240 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1403574&dw=50&dh=50&cs=bfe06a1ef34aba300c4a60566f108ee8&rnd=5849
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:19:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:19:27 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1403574&dw=50&dh=50&cs=bfe06a1ef34aba300c4a60566f108ee8&rnd=5849">here</a>

1.228. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=ullybaer&mid=224733134

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=564901&dw=50&dh=50&cs=7d267e82dd2969f5f923ba43c72b0f13&rnd=9

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=ullybaer&mid=224733134 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=564901&dw=50&dh=50&cs=7d267e82dd2969f5f923ba43c72b0f13&rnd=9
Content-Length: 150
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:53:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:53:20 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=564901&dw=50&dh=50&cs=7d267e82dd2969f5f923ba43c72b0f13&rnd=9">here</a>

1.229. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=jazzrabbit&mid=111684245

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1477688&dw=50&dh=50&cs=58a10d826c1a2e7be19861564ee90d89&rnd=8257

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=jazzrabbit&mid=111684245 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1477688&dw=50&dh=50&cs=58a10d826c1a2e7be19861564ee90d89&rnd=8257
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:40:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:40:18 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1477688&dw=50&dh=50&cs=58a10d826c1a2e7be19861564ee90d89&rnd=8257">here</a>

1.230. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=Topaz1948&mid=243939235

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2330906&dw=50&dh=50&cs=1c21771540fc4061780f36b5bb7ea7d0&rnd=808

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=Topaz1948&mid=243939235 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2330906&dw=50&dh=50&cs=1c21771540fc4061780f36b5bb7ea7d0&rnd=808
Content-Length: 153
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:52:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:52:20 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2330906&dw=50&dh=50&cs=1c21771540fc4061780f36b5bb7ea7d0&rnd=808">here</a>

1.231. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=gitanejazz&mid=250110527

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1123329&dw=50&dh=50&cs=0b09ef47590af184ecf3e877be4905a3&rnd=7643

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=gitanejazz&mid=250110527 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1123329&dw=50&dh=50&cs=0b09ef47590af184ecf3e877be4905a3&rnd=7643
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:17:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:17:27 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1123329&dw=50&dh=50&cs=0b09ef47590af184ecf3e877be4905a3&rnd=7643">here</a>

1.232. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=zatory&mid=251012986

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2073311&dw=50&dh=50&cs=21e003dd120fb1a706e907280f2de958&rnd=2330

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=zatory&mid=251012986 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2073311&dw=50&dh=50&cs=21e003dd120fb1a706e907280f2de958&rnd=2330
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:16:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:16:26 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2073311&dw=50&dh=50&cs=21e003dd120fb1a706e907280f2de958&rnd=2330">here</a>

1.233. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=amnmh&mid=250823909

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1697585&dw=50&dh=50&cs=1d59d7ff72afe739b2d05d7c0e6db24d&rnd=1880

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=amnmh&mid=250823909 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1697585&dw=50&dh=50&cs=1d59d7ff72afe739b2d05d7c0e6db24d&rnd=1880
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:00:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:00:21 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1697585&dw=50&dh=50&cs=1d59d7ff72afe739b2d05d7c0e6db24d&rnd=1880">here</a>

1.234. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=Jenna86&mid=250270220

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1241599&dw=50&dh=50&cs=81dce2a084bf8ce5e7e7c1ec184b355c&rnd=5682

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=Jenna86&mid=250270220 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1241599&dw=50&dh=50&cs=81dce2a084bf8ce5e7e7c1ec184b355c&rnd=5682
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:58:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:58:21 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1241599&dw=50&dh=50&cs=81dce2a084bf8ce5e7e7c1ec184b355c&rnd=5682">here</a>

1.235. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=grnbtfly613&mid=106212519

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1261073&dw=50&dh=50&cs=a7f851ab994135880f44a59f92dc00d4&rnd=6979

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=grnbtfly613&mid=106212519 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1261073&dw=50&dh=50&cs=a7f851ab994135880f44a59f92dc00d4&rnd=6979
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:40:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:40:18 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1261073&dw=50&dh=50&cs=a7f851ab994135880f44a59f92dc00d4&rnd=6979">here</a>

1.236. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=FAICBRAIKER84&mid=252107796

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3497837&dw=50&dh=50&cs=ed72c6e9281d33957246fa55d486b375&rnd=3400

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=FAICBRAIKER84&mid=252107796 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3497837&dw=50&dh=50&cs=ed72c6e9281d33957246fa55d486b375&rnd=3400
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:17:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:17:27 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3497837&dw=50&dh=50&cs=ed72c6e9281d33957246fa55d486b375&rnd=3400">here</a>

1.237. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=beesevencro&mid=251410545

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2407265&dw=50&dh=50&cs=39ac3edd0b3f98b9dbe6c3decca2d54a&rnd=6691

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=beesevencro&mid=251410545 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2407265&dw=50&dh=50&cs=39ac3edd0b3f98b9dbe6c3decca2d54a&rnd=6691
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:00:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:00:21 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2407265&dw=50&dh=50&cs=39ac3edd0b3f98b9dbe6c3decca2d54a&rnd=6691">here</a>

1.238. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=ecarGadnamA&mid=251779563

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2826921&dw=50&dh=50&cs=9ab4a3aef94b847519c2ae0b0ba0d7f0&rnd=6362

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=ecarGadnamA&mid=251779563 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2826921&dw=50&dh=50&cs=9ab4a3aef94b847519c2ae0b0ba0d7f0&rnd=6362
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:38:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:38:17 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2826921&dw=50&dh=50&cs=9ab4a3aef94b847519c2ae0b0ba0d7f0&rnd=6362">here</a>

1.239. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=kaydee512&mid=247330659

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2402968&dw=50&dh=50&cs=2f80069986f2143adc29ed1d030a58d3&rnd=2546

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=kaydee512&mid=247330659 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2402968&dw=50&dh=50&cs=2f80069986f2143adc29ed1d030a58d3&rnd=2546
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:09:24 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:09:24 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2402968&dw=50&dh=50&cs=2f80069986f2143adc29ed1d030a58d3&rnd=2546">here</a>

1.240. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=10granny&mid=224591503

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1449080&dw=50&dh=50&cs=2548970f47d124cb3c81efe22a5873eb&rnd=232

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=10granny&mid=224591503 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1449080&dw=50&dh=50&cs=2548970f47d124cb3c81efe22a5873eb&rnd=232
Content-Length: 153
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:59:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:59:21 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1449080&dw=50&dh=50&cs=2548970f47d124cb3c81efe22a5873eb&rnd=232">here</a>

1.241. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=redsox555&mid=251881812

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3030267&dw=50&dh=50&cs=52d4b1158e0099827746330588cf4125&rnd=8907

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=redsox555&mid=251881812 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3030267&dw=50&dh=50&cs=52d4b1158e0099827746330588cf4125&rnd=8907
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:01:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:01:22 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3030267&dw=50&dh=50&cs=52d4b1158e0099827746330588cf4125&rnd=8907">here</a>

1.242. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=elusivechic&mid=249434583

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3382156&dw=50&dh=50&cs=0aba7408ee32b768a9aeb7d66e5ac8b0&rnd=9276

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=elusivechic&mid=249434583 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3382156&dw=50&dh=50&cs=0aba7408ee32b768a9aeb7d66e5ac8b0&rnd=9276
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:19:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:19:27 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3382156&dw=50&dh=50&cs=0aba7408ee32b768a9aeb7d66e5ac8b0&rnd=9276">here</a>

1.243. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=kcasse&mid=105788107

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=832379&dw=50&dh=50&cs=74bbadd0a610fe43e11633f9f09c295e&rnd=7874

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=kcasse&mid=105788107 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=832379&dw=50&dh=50&cs=74bbadd0a610fe43e11633f9f09c295e&rnd=7874
Content-Length: 153
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:46:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:46:19 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=832379&dw=50&dh=50&cs=74bbadd0a610fe43e11633f9f09c295e&rnd=7874">here</a>

1.244. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=susan161&mid=252099323

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3463296&dw=50&dh=50&cs=17df79b1a0ff737e013501589a6ff843&rnd=1207

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=susan161&mid=252099323 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3463296&dw=50&dh=50&cs=17df79b1a0ff737e013501589a6ff843&rnd=1207
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:22:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:22:28 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3463296&dw=50&dh=50&cs=17df79b1a0ff737e013501589a6ff843&rnd=1207">here</a>

1.245. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=sheilaneo&mid=214988643

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1241767&dw=50&dh=50&cs=20f230db732bc792196b585a50b57a1e&rnd=1428

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=sheilaneo&mid=214988643 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1241767&dw=50&dh=50&cs=20f230db732bc792196b585a50b57a1e&rnd=1428
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:03:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:03:22 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1241767&dw=50&dh=50&cs=20f230db732bc792196b585a50b57a1e&rnd=1428">here</a>

1.246. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=nermom25&mid=251996630

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3562540&dw=50&dh=50&cs=ead8f49d41f8d382589c5ace0964636d&rnd=8672

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=nermom25&mid=251996630 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3562540&dw=50&dh=50&cs=ead8f49d41f8d382589c5ace0964636d&rnd=8672
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:54:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:54:21 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3562540&dw=50&dh=50&cs=ead8f49d41f8d382589c5ace0964636d&rnd=8672">here</a>

1.247. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=spiffwylie&mid=251603294

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2609527&dw=50&dh=50&cs=0766b6c51c15c31425d4b2f705ac9fc8&rnd=4063

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=spiffwylie&mid=251603294 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2609527&dw=50&dh=50&cs=0766b6c51c15c31425d4b2f705ac9fc8&rnd=4063
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:54:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:54:21 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2609527&dw=50&dh=50&cs=0766b6c51c15c31425d4b2f705ac9fc8&rnd=4063">here</a>

1.248. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=LTCProf&mid=251523255

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3154895&dw=50&dh=50&cs=df1d23c72a6b4728a22d94cb6cc8684d&rnd=5252

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=LTCProf&mid=251523255 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3154895&dw=50&dh=50&cs=df1d23c72a6b4728a22d94cb6cc8684d&rnd=5252
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:20:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:20:28 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3154895&dw=50&dh=50&cs=df1d23c72a6b4728a22d94cb6cc8684d&rnd=5252">here</a>

1.249. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=NancyUK&mid=91772008

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1414434&dw=50&dh=50&cs=6667279716e1df9bc31431f0717bd922&rnd=7692

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=NancyUK&mid=91772008 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1414434&dw=50&dh=50&cs=6667279716e1df9bc31431f0717bd922&rnd=7692
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:41:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:41:18 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1414434&dw=50&dh=50&cs=6667279716e1df9bc31431f0717bd922&rnd=7692">here</a>

1.250. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=cbardezbain&mid=251037782

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2095714&dw=50&dh=50&cs=2a16dd4a3ee18c825b3ed0b7dffdf353&rnd=5442

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=cbardezbain&mid=251037782 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; mbox=check#true#1300624515|session#1300624454318-408793#1300626315; s_pn=%2Fhome.jsp; s_ppv=0; s_nr=1300624454448; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2095714&dw=50&dh=50&cs=2a16dd4a3ee18c825b3ed0b7dffdf353&rnd=5442
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:34:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:34:16 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2095714&dw=50&dh=50&cs=2a16dd4a3ee18c825b3ed0b7dffdf353&rnd=5442">here</a>

1.251. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=thibya&mid=251657687

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3345034&dw=50&dh=50&cs=3bc9bfa4fffe98cc96a659248a4cf8e3&rnd=4718

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=thibya&mid=251657687 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3345034&dw=50&dh=50&cs=3bc9bfa4fffe98cc96a659248a4cf8e3&rnd=4718
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:21:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:21:27 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3345034&dw=50&dh=50&cs=3bc9bfa4fffe98cc96a659248a4cf8e3&rnd=4718">here</a>

1.252. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=kermitbust&mid=97724548

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1343519&dw=50&dh=50&cs=f86a6fa7cf8702de460d6aabec2c9675&rnd=1529

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=kermitbust&mid=97724548 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1343519&dw=50&dh=50&cs=f86a6fa7cf8702de460d6aabec2c9675&rnd=1529
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:46:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:46:19 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1343519&dw=50&dh=50&cs=f86a6fa7cf8702de460d6aabec2c9675&rnd=1529">here</a>

1.253. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=SpOrTyGaL01&mid=251650149

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2708227&dw=50&dh=50&cs=7d83b884888d434ed42cae3434f46ca3&rnd=6048

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=SpOrTyGaL01&mid=251650149 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2708227&dw=50&dh=50&cs=7d83b884888d434ed42cae3434f46ca3&rnd=6048
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:41:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:41:18 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2708227&dw=50&dh=50&cs=7d83b884888d434ed42cae3434f46ca3&rnd=6048">here</a>

1.254. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=telota&mid=251453426

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2473774&dw=50&dh=50&cs=d332fab83ab9ec48165d44873daca937&rnd=6626

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=telota&mid=251453426 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2473774&dw=50&dh=50&cs=d332fab83ab9ec48165d44873daca937&rnd=6626
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:45:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:45:18 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=2473774&dw=50&dh=50&cs=d332fab83ab9ec48165d44873daca937&rnd=6626">here</a>

1.255. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=pammygirl57&mid=243380334

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3501046&dw=50&dh=50&cs=1511ffbaeede4d9baaaee17445e1b7c7&rnd=6540

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=pammygirl57&mid=243380334 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3501046&dw=50&dh=50&cs=1511ffbaeede4d9baaaee17445e1b7c7&rnd=6540
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:38:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:38:17 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=3501046&dw=50&dh=50&cs=1511ffbaeede4d9baaaee17445e1b7c7&rnd=6540">here</a>

1.256. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=alibate2001&mid=248663983

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1117028&dw=50&dh=50&cs=d801ebc480a5c329455c9e586805f101&rnd=3001

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=alibate2001&mid=248663983 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1117028&dw=50&dh=50&cs=d801ebc480a5c329455c9e586805f101&rnd=3001
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:58:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:58:21 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1117028&dw=50&dh=50&cs=d801ebc480a5c329455c9e586805f101&rnd=3001">here</a>

1.257. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=01yildiz&mid=247394391

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1925331&dw=50&dh=50&cs=85c4a2ab911fe2039c06b58c5405a049&rnd=3824

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=01yildiz&mid=247394391 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1925331&dw=50&dh=50&cs=85c4a2ab911fe2039c06b58c5405a049&rnd=3824
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:10:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:10:25 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1925331&dw=50&dh=50&cs=85c4a2ab911fe2039c06b58c5405a049&rnd=3824">here</a>

1.258. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=kimmc515&mid=250787915

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1667084&dw=50&dh=50&cs=869f07fe399b0d1146cc39923f23b08e&rnd=4420

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=kimmc515&mid=250787915 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1667084&dw=50&dh=50&cs=869f07fe399b0d1146cc39923f23b08e&rnd=4420
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 13:18:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 13:18:27 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1667084&dw=50&dh=50&cs=869f07fe399b0d1146cc39923f23b08e&rnd=4420">here</a>

1.259. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=Amercedesbenz&mid=217597250

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1857865&dw=50&dh=50&cs=14661acffbaf67423e4a24c80882c1a1&rnd=8965

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=Amercedesbenz&mid=217597250 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1857865&dw=50&dh=50&cs=14661acffbaf67423e4a24c80882c1a1&rnd=8965
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:44:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:44:18 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1857865&dw=50&dh=50&cs=14661acffbaf67423e4a24c80882c1a1&rnd=8965">here</a>

1.260. http://www.shockwave.com/member/avatarViewer.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shockwave.com
Path:	/member/avatarViewer.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.shockwave.com/member/avatarViewer.jsp?p=1&size=small&screenname=Alotchka&mid=215830018

The response contains the following link to another domain:

http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1229924&dw=50&dh=50&cs=83c399279993b83a2e6e51e090b27589&rnd=3614

Request

GET /member/avatarViewer.jsp?p=1&size=small&screenname=Alotchka&mid=215830018 HTTP/1.1
Host: www.shockwave.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=adbHr0Y82SFkD9VaJqt7s; __qca=P0-668179243-1300624455024; mtvn_guid=1299937743-92; __utmz=153495162.1300624455.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D1607%253Bdemo%253D1306%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D792%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1300624454318-408793#1300626432|check#true#1300624632; s_pn=%2Fmember%2FavatarViewer.jsp48e63%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Eecdcc990455; s_nr=1300624572007; s_cc=true; __cs_rr=1; __utma=153495162.870092848.1300624455.1300624455.1300624455.1; __utmc=153495162; __utmb=153495162.2.10.1300624455; s_ppv=57; s_sq=viashockwave%3D%2526pid%253D%25252Fhome.jsp%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.shockwave.com%25252Fhome.jsp%252523%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a Resin/3.1.2
Location: http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1229924&dw=50&dh=50&cs=83c399279993b83a2e6e51e090b27589&rnd=3614
Content-Length: 154
Content-Type: text/html
Expires: Sun, 20 Mar 2011 12:47:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 20 Mar 2011 12:47:19 GMT
Connection: close
Vary: Accept-Encoding

The URL has moved <a href="http://vhss-d.oddcast.com/php/vhss_editors/thumb/sc=1229924&dw=50&dh=50&cs=83c399279993b83a2e6e51e090b27589&rnd=3614">here</a>

1.261. http://www.t-mobile.com/locator.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.t-mobile.com
Path:	/locator.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.t-mobile.com/locator.aspx?referer=%2fDefault.aspx

The response contains the following links to other domains:

http://cdn.mercent.com/js/tracker.js
http://libs.coremetrics.com/eluminate.js
http://link.mercent.com/image.ashx?merchantID=TMobile
http://www.mobilizewitht-mobile.com/
http://www.sidekick.com/
http://www.t-mobilepr.com/
http://www.telekom.com/

Request

GET /locator.aspx?referer=%2fDefault.aspx HTTP/1.1
Host: www.t-mobile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TMobileCommon=TeaId=d676b058-7b88-48e0-a1a7-a54f7fb0806d; ASP.NET_SessionId=qquvpt55xmlorbb04afdz055; TMobileGeo=UserCurrentLocation=75207&UserCurrentCity=Dallas&UserCurrentCountry=United+States&GeoMarketId=8eb5dca0-f21b-4b24-8dc8-49933c6ff5d3&NeighborhoodName=Dallas&StateAbbreviation=TX&GeoMarketCode=DAT; TMobileUSStore=MarketUniqueID=8eb5dca0-f21b-4b24-8dc8-49933c6ff5d3&MarketCode=DAT&NeighborhoodName=Dallas&StateAbbreviation=TX&CityName=Dallas&StateName=Texas&ZIP=75207; cmTPSet=Y; TMobileSession=WT=&DCS=; mbox=PC#1300624507874-511379.17#1301836695|check#true#1300627155|session#1300627094627-816279#1300628955; mr_referredVisitor=0; TMobileSpanish=IsSpanishUser=false; WT_FPC=id=10.134.111.248-1143909120.30140155:lv=1300616298452:ss=1300616298452

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Last-Modified: Mon, 01 Sep 1997 01:03:33 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: PartnerExpiration=PARTNER=!4%2f3%2f2011+1%3a32%3a11+PM; domain=.t-mobile.com; expires=Tue, 20-Mar-2012 13:32:11 GMT; path=/
Set-Cookie: TMobilePartner=; domain=.t-mobile.com; expires=Mon, 20-Mar-2006 13:32:11 GMT; path=/
Set-Cookie: PartnerExpiration=; domain=.t-mobile.com; expires=Mon, 20-Mar-2006 13:32:11 GMT; path=/
Set-Cookie: TMobileSession=WT=&DCS=; domain=.t-mobile.com; path=/
Date: Sun, 20 Mar 2011 13:32:11 GMT
Content-Length: 42163

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><style type="text/css" media="
...[SNIP]...
<li class="last-list-item"><a href="http://www.sidekick.com/" manual_cm_sp="global nav>explore-_-whats new-_-Sidekick" ><span>
...[SNIP]...
<li class="first-list-item"><a href="http://www.mobilizewitht-mobile.com/" manual_cm_sp="global nav>explore-_-making a difference-_-Mobilize" ><span>
...[SNIP]...
<li class="last"><a href="http://www.t-mobilepr.com">Puerto Rico</a>
...[SNIP]...
<li><a href="http://www.telekom.com/">Deutsche Telekom</a>
...[SNIP]...
</script><script type="text/javascript" src="http://cdn.mercent.com/js/tracker.js"></script>
...[SNIP]...
<noscript> <img alt="" src="http://link.mercent.com/image.ashx?merchantID=TMobile" style="display: none;" /> </noscript>
...[SNIP]...
</script>
<script type="text/javascript" src="http://libs.coremetrics.com/eluminate.js"></script>
...[SNIP]...

1.262. http://www.t-mobile.com/promotions/generic.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.t-mobile.com
Path:	/promotions/generic.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.t-mobile.com/promotions/generic.aspx?PAsset=Pro_Pro_MastHeadCoverage

The response contains the following links to other domains:

http://cdn.mercent.com/js/tracker.js
http://libs.coremetrics.com/eluminate.js
http://link.mercent.com/image.ashx?merchantID=TMobile
http://www.mobilizewitht-mobile.com/
http://www.sidekick.com/
http://www.t-mobilepr.com/
http://www.telekom.com/

Request

GET /promotions/generic.aspx?PAsset=Pro_Pro_MastHeadCoverage HTTP/1.1
Host: www.t-mobile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TMobileCommon=TeaId=d676b058-7b88-48e0-a1a7-a54f7fb0806d; ASP.NET_SessionId=qquvpt55xmlorbb04afdz055; TMobileGeo=UserCurrentLocation=75207&UserCurrentCity=Dallas&UserCurrentCountry=United+States&GeoMarketId=8eb5dca0-f21b-4b24-8dc8-49933c6ff5d3&NeighborhoodName=Dallas&StateAbbreviation=TX&GeoMarketCode=DAT; TMobileUSStore=MarketUniqueID=8eb5dca0-f21b-4b24-8dc8-49933c6ff5d3&MarketCode=DAT&NeighborhoodName=Dallas&StateAbbreviation=TX&CityName=Dallas&StateName=Texas&ZIP=75207; cmTPSet=Y; mbox=PC#1300624507874-511379.17#1301836695|check#true#1300627155|session#1300627094627-816279#1300628955; mr_referredVisitor=0; TMobileSpanish=IsSpanishUser=false; WT_FPC=id=10.134.111.248-1143909120.30140155:lv=1300616298452:ss=1300616298452; TMobileSession=WT=&DCS=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Last-Modified: Mon, 01 Sep 1997 01:03:33 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: PartnerExpiration=PARTNER=!4%2f3%2f2011+1%3a32%3a55+PM; domain=.t-mobile.com; expires=Tue, 20-Mar-2012 13:32:55 GMT; path=/
Set-Cookie: TMobilePartner=; domain=.t-mobile.com; expires=Mon, 20-Mar-2006 13:32:55 GMT; path=/
Set-Cookie: PartnerExpiration=; domain=.t-mobile.com; expires=Mon, 20-Mar-2006 13:32:55 GMT; path=/
Set-Cookie: TMobileSession=WT=&DCS=; domain=.t-mobile.com; path=/
Date: Sun, 20 Mar 2011 13:32:54 GMT
Content-Length: 33370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><style type="text/css" media="
...[SNIP]...
<li class="last-list-item"><a href="http://www.sidekick.com/" manual_cm_sp="global nav>explore-_-whats new-_-Sidekick" ><span>
...[SNIP]...
<li class="first-list-item"><a href="http://www.mobilizewitht-mobile.com/" manual_cm_sp="global nav>explore-_-making a difference-_-Mobilize" ><span>
...[SNIP]...
<li class="last"><a href="http://www.t-mobilepr.com">Puerto Rico</a>
...[SNIP]...
<li><a href="http://www.telekom.com/">Deutsche Telekom</a>
...[SNIP]...
</script><script type="text/javascript" src="http://cdn.mercent.com/js/tracker.js"></script>
...[SNIP]...
<noscript> <img alt="" src="http://link.mercent.com/image.ashx?merchantID=TMobile" style="display: none;" /> </noscript>
...[SNIP]...
</script>
<script type="text/javascript" src="http://libs.coremetrics.com/eluminate.js"></script>
...[SNIP]...

1.263. http://www.therugged.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.therugged.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.therugged.com/?5416e%22%3E%3Cscript%3Ealert(0x0024)%3C/script%3E426ea6897eb=1

The response contains the following links to other domains:

http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=1602587
http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587
http://alphadogthebook.com/
http://c.statcounter.com/5083896/0/67163d31/1/
http://edge.quantserve.com/quant.js
http://forms.aweber.com/form/77/57823077.js
http://instash.com/
http://pixel.quantserve.com/pixel/p-69aSlljqStUXg.gif
http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/cc?z=pdn&pos=7
http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vc?z=pdn&dim=753181&pos=7&kw=&click=&abr=$imginiframe
http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click=
http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vj?z=pdn&dim=753181&pos=7&kw=&click=&abr=$scriptiniframe
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://static.getclicky.com/js
http://twitter.com/therugged
http://www.afrojacks.com/
http://www.asylum.co.uk/
http://www.buzzya.com/
http://www.cagepotato.com/
http://www.celebgossipnet.com/
http://www.culinaryzen.com/
http://www.doubleviking.com/hotties/
http://www.facebook.com/TheRuggedcom
http://www.google.com/cse/brand?form=cse-search-box&lang=en
http://www.gravatar.com/avatar.php?gravatar_id=01a18f06c53c5f57a4c66ef7e9c99e2b
http://www.gravatar.com/avatar.php?gravatar_id=06ecd5f46caf2a0a6b84624fbfe8bae9
http://www.gravatar.com/avatar.php?gravatar_id=0dbb8df6778d7b219b18c595898f4bec
http://www.gravatar.com/avatar.php?gravatar_id=6e504a343ba27a71c2b8af3e33ba3d9f
http://www.gravatar.com/avatar.php?gravatar_id=835dee724c5012cbd485339df2aa6832
http://www.gravatar.com/avatar.php?gravatar_id=cc89cacee8e4de426e1245259a198502
http://www.gravatar.com/avatar.php?gravatar_id=d87416fe0aed9914139dd0a93aa42d57
http://www.gravatar.com/avatar.php?gravatar_id=fafaba8252e41eef7588ab842013a422
http://www.mediaquantics.net/stats/piwik.php?idsite=788
http://www.mensweekly.net/
http://www.mikearonefitness.com/
http://www.politicaldisgust.com/
http://www.shavemagazine.com/
http://www.statcounter.com/counter/counter.js
http://www.statcounter.com/godaddy_website_tonight/
http://www.superbooyah.com/
http://www.thedailystew.com/
http://www.youtube.com/TheRuggedVideo

Request

GET /?5416e%22%3E%3Cscript%3Ealert(0x0024)%3C/script%3E426ea6897eb=1 HTTP/1.1
Host: www.therugged.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1818978010-1300624508291; _jsuid=8651665616604869668; __utmz=14936179.1300626402.2.2.utmcsr=therugged.com|utmccn=(referral)|utmcmd=referral|utmcct=/; PHPSESSID=qu4riiab0adpdtk3u18avdops0; __utma=14936179.1046767921.1300624509.1300624509.1300626402.2; __utmc=14936179; __utmb=14936179.8.10.1300626402; fbsetting_b307530015170f0db3bdfd78aaa30915=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:43:19 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://www.therugged.com/xmlrpc.php
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 89693

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="http://www.fa
...[SNIP]...
<p><img src="http://www.mediaquantics.net/stats/piwik.php?idsite=788" style="border:0" alt="" /></p>
...[SNIP]...
</script>

<script type="text/javascript"
src="http://www.statcounter.com/counter/counter.js"></script><noscript><div
class="statcounter"><a title="godaddy stats"
href="http://www.statcounter.com/godaddy_website_tonight/"
target="_blank"><img class="statcounter"
src="http://c.statcounter.com/5083896/0/67163d31/1/"
alt="godaddy stats" ></a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-69aSlljqStUXg.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...
<li ><a href="http://www.buzzya.com/" target="_blank">Buzzya</a></li>
<li><a href="http://www.culinaryzen.com" target="_blank">Cullinary Zen</a>
...[SNIP]...
<li><a href="http://www.politicaldisgust.com" target="_blank">Political Disgust</a>
...[SNIP]...
<li><a href="http://www.thedailystew.com" target="_blank">The Daily Stew</a>
...[SNIP]...
<li class="last"><a href="http://www.celebgossipnet.com" target="_blank">Celeb Gossip Net</a>
...[SNIP]...
</span>
<a rel="nofollow" href="http://twitter.com/therugged">twitter</a>
<a rel="nofollow" href="http://www.facebook.com/TheRuggedcom">facebook</a>
...[SNIP]...

<IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=728 HEIGHT=90 SRC="http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=1602587"></IFRAME>
...[SNIP]...
<span id="a12354" class="mydiv" style="display:none;"><img src="http://www.gravatar.com/avatar.php?gravatar_id=835dee724c5012cbd485339df2aa6832" alt="gravatar" /><span class="ae_close">
...[SNIP]...
<span id="a12542" class="mydiv" style="display:none;"><img src="http://www.gravatar.com/avatar.php?gravatar_id=835dee724c5012cbd485339df2aa6832" alt="gravatar" /><span class="ae_close">
...[SNIP]...
<span id="a12380" class="mydiv" style="display:none;"><img src="http://www.gravatar.com/avatar.php?gravatar_id=01a18f06c53c5f57a4c66ef7e9c99e2b" alt="gravatar" /><span class="ae_close">
...[SNIP]...
<span id="a12548" class="mydiv" style="display:none;"><img src="http://www.gravatar.com/avatar.php?gravatar_id=06ecd5f46caf2a0a6b84624fbfe8bae9" alt="gravatar" /><span class="ae_close">
...[SNIP]...
<span id="a12496" class="mydiv" style="display:none;"><img src="http://www.gravatar.com/avatar.php?gravatar_id=6e504a343ba27a71c2b8af3e33ba3d9f" alt="gravatar" /><span class="ae_close">
...[SNIP]...
</b> <a rel="nofollow" href="http://www.mikearonefitness.com">http://www.mikearonefitness.com</a>
...[SNIP]...
<span id="a12504" class="mydiv" style="display:none;"><img src="http://www.gravatar.com/avatar.php?gravatar_id=cc89cacee8e4de426e1245259a198502" alt="gravatar" /><span class="ae_close">
...[SNIP]...
</b> <a rel="nofollow" href="http://alphadogthebook.com">http://alphadogthebook.com</a>
...[SNIP]...
<span id="a12476" class="mydiv" style="display:none;"><img src="http://www.gravatar.com/avatar.php?gravatar_id=fafaba8252e41eef7588ab842013a422" alt="gravatar" /><span class="ae_close">
...[SNIP]...
<span id="a12064" class="mydiv" style="display:none;"><img src="http://www.gravatar.com/avatar.php?gravatar_id=d87416fe0aed9914139dd0a93aa42d57" alt="gravatar" /><span class="ae_close">
...[SNIP]...
<span id="a12482" class="mydiv" style="display:none;"><img src="http://www.gravatar.com/avatar.php?gravatar_id=0dbb8df6778d7b219b18c595898f4bec" alt="gravatar" /><span class="ae_close">
...[SNIP]...

<IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=300 HEIGHT=250 SRC="http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=1602587"></IFRAME>
...[SNIP]...
<div class="top-banner floatright">

<iframe width="728" height="90" noresize scrolling=No frameborder=0 marginheight=0 marginwidth=0 src="http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vh?z=pdn&dim=753181&pos=7&kw=&click="><script language=JavaScript src="http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vj?z=pdn&dim=753181&pos=7&kw=&click=&abr=$scriptiniframe"></script><noscript><a href="http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/cc?z=pdn&pos=7"><img src="http://rotator.adjuggler.com/servlet/ajrotator/1007517/0/vc?z=pdn&dim=753181&pos=7&kw=&click=&abr=$imginiframe" width="728" height="90" border="0"></a>
...[SNIP]...
<li><a href="http://www.facebook.com/TheRuggedcom" target="_blank">Facebook</a></li>
<li><a href="http://twitter.com/therugged" target="_blank">Twitter</a></li>
<li><a href="http://www.youtube.com/TheRuggedVideo" target="_blank">YouTube</a>
...[SNIP]...
<li><a href="http://www.afrojacks.com/">AfroJacks</a></li>
<li><a href="http://www.asylum.co.uk/">Asylum</a></li>
<li><a href="http://www.cagepotato.com" title="MMA News & UFC News" target="_blank">CagePotato</a>
...[SNIP]...
<li><a href="http://www.doubleviking.com/hotties/" title="The best MENtertainment on the web" target="_blank">Hot Chicks</a>
...[SNIP]...
<li><a href="http://instash.com/">inStash</a></li>
<li><a href="http://www.mensweekly.net/">MensWeekly</a>
...[SNIP]...
<li><a href="http://www.shavemagazine.com/" target="_blank">Shave Magazine</a>
...[SNIP]...
<li><a href="http://www.superbooyah.com" target="_blank">SuperBooyah</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-69aSlljqStUXg.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...
</script>

<script src="http://static.getclicky.com/js" type="text/javascript"></script>
...[SNIP]...
</link>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>

<script type="text/javascript" src="http://forms.aweber.com/form/77/57823077.js"></script>
...[SNIP]...

1.264. http://www.woot.com/Blog/ViewEntry.aspx previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.woot.com
Path:	/Blog/ViewEntry.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.woot.com/Blog/ViewEntry.aspx?Id=16841

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.7/jquery-ui.min.js
http://en.wikipedia.org/wiki/Point_of_view_(literature)
http://farm6.static.flickr.com/5256/5535452090_c661d30dd3_o_d.png
http://kathack.com/
http://partner.googleadservices.com/gampad/google_service.js
http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=4aff41e9-f642-4cb5-9fe1-b14cb5425cb2
http://widgets.twimg.com/j/2/widget.js
https://secure.quantserve.com/pixel/p-45WWkjSYwI3II.gif

Request

GET /Blog/ViewEntry.aspx?Id=16841 HTTP/1.1
Host: www.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/WhatIsWoot.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=b76efe6-12ed3745547-4621ae62-1; __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.6.10.1300624488

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Sun, 20 Mar 2011 13:42:39 GMT
Expires: Sun, 20 Mar 2011 13:43:10 GMT
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Via: 1.1 C aicache6
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Connection: keep-alive
Content-Length: 32787

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotoc
...[SNIP]...
</title>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js" type="text/javascript"></script>
<script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.7/jquery-ui.min.js" type="text/javascript"></script>
...[SNIP]...
<link href='http://gzip.static.woot.com/App_Themes/Woot/Styles/Theme.min.11269.css' rel='stylesheet' type='text/css' /><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=4aff41e9-f642-4cb5-9fe1-b14cb5425cb2"></script>
...[SNIP]...
</script>
<script src="http://partner.googleadservices.com/gampad/google_service.js" type="text/javascript"></script>
...[SNIP]...
<div align="center"><a href="http://kathack.com/"><img alt="" src="http://farm6.static.flickr.com/5256/5535452090_c661d30dd3_o_d.png" /></a>
...[SNIP]...
mos. And the other whimsical characters. But there's a bit of the completely non-Irish soundtrack to keep your aural palate cleansed for tonight's jigs and rolls! Simply follow the instructions of the <a href="http://kathack.com/">Katamari Hack</a>
...[SNIP]...
<div style='clear:both; padding-bottom:15px;'>
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
Woot.com is operated by Woot Services LLC.
Products on Woot.com are sold by Woot, Inc.
Product narratives are for entertainment purposes and frequently employ <a href="http://en.wikipedia.org/wiki/Point_of_view_(literature)">literary point of view</a>
...[SNIP]...
<noscript>
<img src="https://secure.quantserve.com/pixel/p-45WWkjSYwI3II.gif" style="display:none;" border="0" height="1" width="1" alt="Quantcast" />
</noscript>
...[SNIP]...

Report generated by XSS.CX at Sun Mar 20 09:19:38 CDT 2011.