Session Token in URL

Sensitive Information within URLs may be logged to various locations

Report generated by XSS.CX at Sun Mar 20 09:15:34 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler
Loading

1. Session token in URL

1.1. https://account.woot.com/twitter/authenticate

1.2. http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js

1.3. http://assets.mybcdna.com/JavaScript//registration/new/registration.js

1.4. http://assets.mybcdna.com/JavaScript/registration/new/registration.js

1.5. http://bh.contextweb.com/bh/set.aspx

1.6. http://canvas.myyearbook.com/canvas

1.7. http://charmingshoppesinter.tt.omtrdc.net/m2/charmingshoppesinter/mbox/standard

1.8. http://feedburner.google.com/fb/a/mailverify

1.9. http://fls.doubleclick.net/activityi

1.10. http://live.myyearbook.com/

1.11. http://mbox12e.offermatica.com/m2/tmobile/mbox/standard

1.12. http://sales.liveperson.net/hc/53643872/

1.13. https://sites.fastspring.com/richardsonsoftware/instant/editrocket

1.14. https://sites.fastspring.com/richardsonsoftware/order/customer

1.15. https://sites.fastspring.com/richardsonsoftware/view

1.16. http://www.facebook.com/extern/login_status.php

1.17. http://www.myyearbook.com/

1.18. http://www.ncl.com/nclweb/cruiser/cmsPages.html

1.19. http://www.quantcast.com/js/top-sites.js

1.20. http://www.quantcast.com/top-sites-1

1.21. http://www.quantcast.com/top-sites/US/2

1.22. http://www.t-mobile.com/assets/styles/master.css


1. Session token in URL
There are 22 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

1.1. https://account.woot.com/twitter/authenticate  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://account.woot.com
Path:   /twitter/authenticate

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /twitter/authenticate HTTP/1.1
Host: account.woot.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; ASP.NET_SessionId=22t2jnvelpxe2wdtgccitn1b; __utmb=87498951.2.10.1300624488; __qca=P0-1285104554-1300624487224;

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://api.twitter.com/oauth/authenticate?oauth_token=lSTdR3K33mnehaXftedacATlweA7jsKrQbbuOW8L39E
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 20 Mar 2011 14:03:41 GMT
Connection: close
Content-Length: 215

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://api.twitter.com/oauth/authenticate?oauth_token=lSTdR3K33mnehaXftedacATlweA7jsKrQbbuOW8L39E">here</a>.</h2>
<
...[SNIP]...
1.2. http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://assets.0.mybcdna.com
Path:   /JavaScript/apps/HomeBeforeLogin/hblv2.js

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /JavaScript/apps/HomeBeforeLogin/hblv2.js?64244 HTTP/1.1
Host: assets.0.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Tue, 15 Mar 2011 14:01:23 GMT
ETag: "3975857351"
Content-Type: text/javascript
Accept-Ranges: bytes
Date: Sun, 20 Mar 2011 12:44:13 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 13:14:13 GMT
X-CDN: Cotendo
Connection: Keep-Alive
Content-Length: 273014

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...
</p><img src="https://h.online-metrix.net/fp/clear.png?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '&m=2"alt=""><script src="https://h.online-metrix.net/fp/check.js?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '"type="text/javascript"></script><object type="application/x-shockwave-flash"data="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '"width="1"height="1"id="obj_id"><param name="movie"value="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '"/>
...[SNIP]...
1.3. http://assets.mybcdna.com/JavaScript//registration/new/registration.js  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://assets.mybcdna.com
Path:   /JavaScript//registration/new/registration.js

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /JavaScript//registration/new/registration.js?64244 HTTP/1.1
Host: assets.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0wJm9sZD0xJmxvZ2luX2ZhaWx1cmU9dHJ1ZSZlbWFpbElkPWVtYWls
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Fri, 16 Apr 2010 15:59:01 GMT
ETag: "2697475991"
Content-Type: text/javascript
Accept-Ranges: bytes
Date: Sun, 20 Mar 2011 13:36:33 GMT
Server: lighttpd/1.4.19
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 14:06:33 GMT
X-CDN: Cotendo
Connection: Keep-Alive
Content-Length: 5052

$(function(){$('#display_remember_information').click(function(){$('#remember_information, #remember_information_login_failure').show();return false});$('#remember_information p.close a, #remember_inf
...[SNIP]...
</p><img src="https://h.online-metrix.net/fp/clear.png?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'&m=2" alt="" ><script src="https://h.online-metrix.net/fp/check.js?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'"type="text/javascript"></script><object type="application/x-shockwave-flash" data="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'" width="1" height="1" id="obj_id"><param name="movie" value="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'" />
...[SNIP]...
</p><img src="https://h.online-metrix.net/fp/clear.png?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'&m=2" alt="" ><script src="https://h.online-metrix.net/fp/check.js?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'"type="text/javascript"></script><object type="application/x-shockwave-flash" data="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'" width="1" height="1" id="obj_id"><param name="movie" value="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'" />
...[SNIP]...
1.4. http://assets.mybcdna.com/JavaScript/registration/new/registration.js  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://assets.mybcdna.com
Path:   /JavaScript/registration/new/registration.js

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /JavaScript/registration/new/registration.js HTTP/1.1
Host: assets.mybcdna.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 16 Apr 2010 15:59:01 GMT
ETag: "2697475991"
Content-Type: text/javascript
Accept-Ranges: bytes
Date: Sun, 20 Mar 2011 14:03:03 GMT
Server: lighttpd/1.4.19
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 14:33:03 GMT
X-CDN: Cotendo
Connection: close
Content-Length: 5052

$(function(){$('#display_remember_information').click(function(){$('#remember_information, #remember_information_login_failure').show();return false});$('#remember_information p.close a, #remember_inf
...[SNIP]...
</p><img src="https://h.online-metrix.net/fp/clear.png?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'&m=2" alt="" ><script src="https://h.online-metrix.net/fp/check.js?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'"type="text/javascript"></script><object type="application/x-shockwave-flash" data="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'" width="1" height="1" id="obj_id"><param name="movie" value="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'" />
...[SNIP]...
</p><img src="https://h.online-metrix.net/fp/clear.png?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'&m=2" alt="" ><script src="https://h.online-metrix.net/fp/check.js?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'"type="text/javascript"></script><object type="application/x-shockwave-flash" data="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'" width="1" height="1" id="obj_id"><param name="movie" value="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id='+threatMetrixSessionId+'" />
...[SNIP]...
1.5. http://bh.contextweb.com/bh/set.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://bh.contextweb.com
Path:   /bh/set.aspx

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /bh/set.aspx?action=add&advid=2452&token=TMHS1 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1803375;type=t-mob207;cat=t-moc188;ord=5131071771029.383?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CDSActionTracking6=rxYjeHcW6ZVB|GlchrMbA1MSR|516071|749|4426|42222|73391|56858|2|254|16|boston.com|2|8|1|0|2|1|2|DOTM5.CMST1.LOW21|1|1|0NHN21JG2RctrhRJEMBk_2cpxPqNqF8XjX2-c1AKWVc^|I|2qVT9|2BObB; C2W4=32S9hCcGYz3BhCx-4Dmhssu7xP3L1BddvcBxlQ4MHTj3TZsY_EbKppw; cr=141|1|-8589018238111413015|1; FC1-WC=^54463_2_2v0tA; __utmz=57563192.1300142889.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _jsuid=9731344706080960861; __utma=57563192.1578638003.1300142889.1300142889.1300142889.1; cwbh1=749%3B03%2F20%2F2011%3BDOT22%0A1485%3B03%2F19%2F2011%3BCMST1%0A2996%3B03%2F22%2F2011%3BLOW21%0A2837%3B03%2F23%2F2011%3BRCQU1%3B03%2F28%2F2011%3BRCQU9%0A357%3B03%2F25%2F2011%3BEMON1%3B03%2F30%2F2011%3BEHEX1%0A2532%3B03%2F28%2F2011%3BAMQU1%0A1931%3B04%2F16%2F2011%3BFE479%3B04%2F06%2F2011%3BFE311%3B04%2F02%2F2011%3BFE655%0A996%3B04%2F05%2F2011%3BFACO1; V=GlchrMbA1MSR

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1.1
CW-Server: cw-web81
Set-Cookie: V=GlchrMbA1MSR; Domain=.contextweb.com; Expires=Wed, 14-Mar-2012 13:03:23 GMT; Path=/
Set-Cookie: cwbh1=2996%3B03%2F22%2F2011%3BLOW21%0A2837%3B03%2F23%2F2011%3BRCQU1%3B03%2F28%2F2011%3BRCQU9%0A357%3B03%2F25%2F2011%3BEMON1%3B03%2F30%2F2011%3BEHEX1%0A2532%3B03%2F28%2F2011%3BAMQU1%0A1931%3B04%2F16%2F2011%3BFE479%3B04%2F06%2F2011%3BFE311%3B04%2F02%2F2011%3BFE655%0A996%3B04%2F05%2F2011%3BFACO1%0A2452%3B04%2F19%2F2011%3BTMHS1; Domain=.contextweb.com; Expires=Mon, 22-Feb-2016 13:03:23 GMT; Path=/
Content-Type: image/gif
Date: Sun, 20 Mar 2011 13:03:22 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;
1.6. http://canvas.myyearbook.com/canvas  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://canvas.myyearbook.com
Path:   /canvas

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /canvas?2e77d HTTP/1.1
Host: canvas.myyearbook.com
Proxy-Connection: keep-alive
Referer: http://live.myyearbook.com/?2e77d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eadfd64910ba=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=f3640abbd1b1cdb3:T=1300624489:S=ALNI_MbrX_Emgz4sKka8nHjyRqG1O3ly8w; __utmz=138725551.1300624490.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-193244728-1300624490343; __utma=138725551.528389796.1300624489.1300624489.1300627604.2; __utmv=138725551.|1=gender=unknown=1,; PHPSESSID=52f776710184304877da085942e36b39; mybRegTheme=Live; mybRegData=%5B%5D; POSTAff2Cookie=Live; MYB_TARGET=_unknown_1000_____

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 14:11:01 GMT
Server: Apache
Set-Cookie: PHPSESSID=52f776710184304877da085942e36b39; path=/; domain=.myyearbook.com
P3P: policyref="/w3c/p3p.xml",CP="NOI DSP COR CURa OUR STP UNI"
Cache-control: no-cache
Pragma: no-cache
Content-Length: 34456
Connection: close
Content-Type: text/html; charset=UTF-8;

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="UTF-8" xml:lang="UTF-8">
<he
...[SNIP]...
<li>The age listed on your profile must be accurate. (<a target="_top" href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX2NoYW5nZW15YWdl">correct my age</a>
...[SNIP]...
1.7. http://charmingshoppesinter.tt.omtrdc.net/m2/charmingshoppesinter/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://charmingshoppesinter.tt.omtrdc.net
Path:   /m2/charmingshoppesinter/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/charmingshoppesinter/mbox/standard?mboxHost=www.lanebryant.com&mboxSession=1300624488082-862731&mboxPage=1300624488082-862731&screenHeight=1200&screenWidth=1920&browserWidth=1017&browserHeight=916&browserTimeOffset=-300&colorDepth=16&mboxCount=1&path=%2F&mbox=LB_global&mboxId=0&mboxTime=1300606488088&mboxURL=http%3A%2F%2Fwww.lanebryant.com%2F&mboxReferrer=&mboxVersion=39 HTTP/1.1
Host: charmingshoppesinter.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.lanebryant.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=CE085DEBCBBADCDE

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 164
Date: Sun, 20 Mar 2011 12:49:50 GMT
Server: Test & Target

mboxFactories.get('default').get('LB_global',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1300624488082-862731.17");
1.8. http://feedburner.google.com/fb/a/mailverify  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://feedburner.google.com
Path:   /fb/a/mailverify

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /fb/a/mailverify HTTP/1.1
Host: feedburner.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Sun, 20 Mar 2011 14:03:30 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Set-Cookie: S=feedburner-control-panel=j8s_HBxmlXtcdLkLyCamMA; Domain=.google.com; Path=/; HttpOnly
Server: GSE
Expires: Sun, 20 Mar 2011 14:03:30 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>

<head>
<meta name="r
...[SNIP]...
<h1><a href="/fb/a/home?gsessionid=j8s_HBxmlXtcdLkLyCamMA">FeedBurner</a>
...[SNIP]...
<div id="footer">
&copy;2004&ndash;2011
Google
(<a href="http://feedburner.google.com/fb/a/tos?gsessionid=j8s_HBxmlXtcdLkLyCamMA">Terms of Service</a>
...[SNIP]...
1.9. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /activityi;src=1803375;type=t-mob207;cat=t-moc188;ord=5131071771029.383? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.t-mobile.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|2818894/957634/15036,578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Sun, 20 Mar 2011 13:03:11 GMT
Expires: Sun, 20 Mar 2011 13:03:11 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 643

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=2452&token=TMHS1" width="1" height="1" border="0"><!-- List Id = 35963 and List Name = CM_TMobileHispanic_T-moblilefutbol.com_boom -->
...[SNIP]...
1.10. http://live.myyearbook.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://live.myyearbook.com
Path:   /

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET / HTTP/1.1
Host: live.myyearbook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 14:02:31 GMT
Server: Apache
Set-Cookie: PHPSESSID=ab205f83ffdb802c3df4b241e3260e85; path=/; domain=.myyearbook.com
Set-Cookie: mybRegTheme=Live; expires=Sun, 27-Mar-2011 14:02:31 GMT; path=/; domain=.myyearbook.com
Set-Cookie: mybRegData=%5B%5D; expires=Sun, 27-Mar-2011 14:02:31 GMT; path=/; domain=.myyearbook.com
Set-Cookie: POSTAff2Cookie=Live; expires=Mon, 19-Mar-2012 14:02:31 GMT; path=/; domain=.myyearbook.com
Set-Cookie: nid=deleted; expires=Sat, 20-Mar-2010 14:02:30 GMT; path=/; domain=.myyearbook.com
Set-Cookie: mcim=deleted; expires=Sat, 20-Mar-2010 14:02:30 GMT; path=/; domain=.myyearbook.com
Set-Cookie: meeboCIM672=deleted; expires=Sat, 20-Mar-2010 14:02:30 GMT; path=/; domain=.myyearbook.com
Set-Cookie: MYB_TARGET=_unknown_1000_____; path=/; domain=.myyearbook.com
Cache-control: no-cache
Pragma: no-cache
Content-Length: 15918
Connection: close
Content-Type: text/html; charset=UTF-8;

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2002/REC-xhtml1-20020801/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="UTF-8" xml:
...[SNIP]...
<li class="profileMenu" data-id="profile">
<a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGU=">
Profile
</a>
...[SNIP]...
<li id="reportIcon" class="headerSprite" data-id="reportabuse">
<a href="http://www.myyearbook.com/?mysession=bGlzdGluZ19ib2d1cw==">
Report
</a>
...[SNIP]...
<li data-id="signup">
<a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0w">Sign Up</a>
...[SNIP]...
<li data-id="login"><a href="http://www.myyearbook.com//?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0wJm9sZD0x">Login</a>
...[SNIP]...
<li data-id="browsepeople">
<a href="http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaF9yZXN1bHRzX2FkdmFuY2VkJnNlYXJjaHR5cGU9QkFTSUMmZmlyc3RwYWdlPXk=">
Browse People
</a>
...[SNIP]...
<li data-id="namesearch">
<a href="http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaCZzZWFyY2h0eXBlPU5BTUU=">
Name Search
</a>
...[SNIP]...
<li data-id="emailsearch">
<a href="http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaCZzZWFyY2h0eXBlPUVNQUlM">
Email Search
</a>
...[SNIP]...
<li data-id="schoolsearch">
<a href="http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaCZzZWFyY2h0eXBlPVlFQVJCT09L">
School Search
</a>
...[SNIP]...
<li data-id="advancedsearch">
<a href="http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaF9yZXN1bHRzX2FkdmFuY2VkJnNlYXJjaHR5cGU9QURWQU5DRUQmZmlyc3RwYWdlPXk=">
Advanced Search
</a>
...[SNIP]...
<li data-id="myphotos">
<a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX215cGljdHVyZXM=">
My Photos
</a>
...[SNIP]...
<li data-id="myautographs">
<a href="http://www.myyearbook.com/?mysession=bGlzdGluZ192aWV3X2F1dG9ncmFwaHM=">
My Autographs
</a>
...[SNIP]...
<li data-id="mystickers">
<a href="http://www.myyearbook.com/?mysession=c3RpY2tlcnNfdmlld2FsbHN0aWNrZXJz=">
My Stickers
</a>
...[SNIP]...
<li data-id="myflirts">
<a href="http://www.myyearbook.com/?mysession=ZmxpcnRzX3ZpZXdGbGlydHM=">
My Flirts
</a>
...[SNIP]...
<li data-id="whateveriwant">
<a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3doYXRldmVyaXdhbnQ=">
Whatever I Want
</a>
...[SNIP]...
<li data-id="myvideos">
<a href="http://www.myyearbook.com/?mysession=dmlkZW9fdXNlcg==">
My Videos
</a>
...[SNIP]...
<li data-id="myblog">
<a href="http://www.myyearbook.com/?mysession=YmxvZ3NfYmxvZw==">
My Blog
</a>
...[SNIP]...
<li class="navbar_battles" data-id="battles"><a href="http://www.myyearbook.com/?mysession=YmF0dGxlc192b3RlX2JhdHRsZQ==">Battles</a></li><li class="navbar_mymag" data-id="mymag"><a href="http://www.myyearbook.com/?mysession=bWFnX2luZGV4">myMag</a>
...[SNIP]...
1.11. http://mbox12e.offermatica.com/m2/tmobile/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://mbox12e.offermatica.com
Path:   /m2/tmobile/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/tmobile/mbox/standard?mboxHost=www.t-mobile.com&mboxSession=1300624507874-511379&mboxPage=1300624510290-788077&mboxCount=2&mbox=hp_header_non_cookied&mboxId=0&mboxURL=http%3A%2F%2Fwww.t-mobile.com%2F&mboxReferrer=&mboxVersion=34 HTTP/1.1
Host: mbox12e.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.t-mobile.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 176
Date: Sun, 20 Mar 2011 12:35:09 GMT
Server: Test & Target

mboxFactories.get('default').get('hp_header_non_cookied',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1300624507874-511379.17");
1.12. http://sales.liveperson.net/hc/53643872/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /hc/53643872/

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /hc/53643872/?&visitor=44502044936234&msessionkey=692143054958629433&site=53643872&cmd=mTagInPage&lpCallId=386984824901-254171867389&protV=20&lpjson=1&page=http%3A//www.t-mobile.com/locator.aspx%3Freferer%3D%252fDefault.aspx&id=1818442163&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-T-Mobile-sales&activePlugin=none&cobrowse=true&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.t-mobile.com/locator.aspx?referer=%2fDefault.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=692143054958629433; HumanClickSiteContainerID_53643872=STANDALONE; LivePersonID=LP i=44502044936234,d=1297806164; ASPSESSIONIDCAABBQQQ=KMHOOFNCICJLBAJOOMEOEPBC

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 13:18:48 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_53643872=STANDALONE; path=/hc/53643872
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sun, 20 Mar 2011 13:18:48 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"386984824901-254171867389","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});
1.13. https://sites.fastspring.com/richardsonsoftware/instant/editrocket  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://sites.fastspring.com
Path:   /richardsonsoftware/instant/editrocket

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /richardsonsoftware/instant/editrocket HTTP/1.1
Host: sites.fastspring.com
Connection: keep-alive
Referer: http://editrocket.com/register.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: JSF/1.2
Set-Cookie: JSESSIONID=27597E28151A94B2FE97F491A8D9A527;Path=/richardsonsoftware;Version=1;
Set-Cookie: SessionData=SUQJYmZkelVTa1hTZ2VjMmRlWXozNk1iZwpHTG9jYWxlCWVuX1VTX1VTRAo0ZTkyM2MzYy1hMDg4LTRiYWEtYmZmZS01Mzg5OWM5ODNkYTU6U1NDdHhJZAk0ZjlmYjg4ZS02YmUwLTQ5ZTgtYWVlYy1lODY3ZTMzODFlOWU;Path=/richardsonsoftware;Version=1;
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:58:05 GMT
Content-Length: 116982

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml">    
<head>
   <title>Richardson Softwa
...[SNIP]...
<li class="store-product-detail-offer store-product-detail-offer-volume"><a href="http://sites.fastspring.com/richardsonsoftware/product/editrocket/pricing;jsessionid=27597E28151A94B2FE97F491A8D9A527" onclick="openDialog('productPricing', this.href, 300, 300); return false;" target="_blank"><span class="store-product-detail-offer-title">
...[SNIP]...
1.14. https://sites.fastspring.com/richardsonsoftware/order/customer  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://sites.fastspring.com
Path:   /richardsonsoftware/order/customer

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /richardsonsoftware/order/customer;jsessionid=814FD1DA84752AF7872A6197C210F629?csid=169019 HTTP/1.1
Host: sites.fastspring.com
Connection: keep-alive
Referer: https://sites.fastspring.com/richardsonsoftware/instant/editrocket
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=814FD1DA84752AF7872A6197C210F629; SessionData=SUQJbWwzZktRUFlSb21qbUY2MFY3cU9UZwpHTG9jYWxlCWVuX1VTX1VTRAo0ZTkyM2MzYy1hMDg4LTRiYWEtYmZmZS01Mzg5OWM5ODNkYTU6U1NDdHhJZAkyN2UxN2EyYy0yNzczLTQ4OTEtYjA1OC1hMWUyNjAwZTRjMjI

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: JSF/1.2
Set-Cookie: JSESSIONID=814FD1DA84752AF7872A6197C210F629;Path=/richardsonsoftware;Version=1;
Set-Cookie: SessionData=SUQJbWwzZktRUFlSb21qbUY2MFY3cU9UZwpHTG9jYWxlCWVuX1VTX1VTRAo0ZTkyM2MzYy1hMDg4LTRiYWEtYmZmZS01Mzg5OWM5ODNkYTU6U1NDdHhJZAkyN2UxN2EyYy0yNzczLTQ4OTEtYjA1OC1hMWUyNjAwZTRjMjI;Path=/richardsonsoftware;Version=1;
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 13:58:12 GMT
Content-Length: 40337

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml">    
<head>
   <title>Richardson Softwa
...[SNIP]...
1.15. https://sites.fastspring.com/richardsonsoftware/view  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://sites.fastspring.com
Path:   /richardsonsoftware/view

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

POST /richardsonsoftware/view;jsessionid=814FD1DA84752AF7872A6197C210F629 HTTP/1.1
Host: sites.fastspring.com
Connection: keep-alive
Referer: https://sites.fastspring.com/richardsonsoftware/instant/editrocket
Cache-Control: max-age=0
Origin: https://sites.fastspring.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=814FD1DA84752AF7872A6197C210F629; SessionData=SUQJbWwzZktRUFlSb21qbUY2MFY3cU9UZwpHTG9jYWxlCWVuX1VTX1VTRAo0ZTkyM2MzYy1hMDg4LTRiYWEtYmZmZS01Mzg5OWM5ODNkYTU6U1NDdHhJZAkyN2UxN2EyYy0yNzczLTQ4OTEtYjA1OC1hMWUyNjAwZTRjMjI
Content-Length: 10282

product=product&product%3Apid=8146a396-162e-4c65-9db2-7beb595c4781&product%3Adest=CHECKOUT&system_request_session=SUQJbWwzZktRUFlSb21qbUY2MFY3cU9UZwpHTG9jYWxlCWVuX1VTX1VTRAo0ZTkyM2MzYy1hMDg4LTRiYWEtYm
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
X-Powered-By: JSF/1.2
Set-Cookie: JSESSIONID=814FD1DA84752AF7872A6197C210F629;Path=/richardsonsoftware;Version=1;
Set-Cookie: SessionData=SUQJbWwzZktRUFlSb21qbUY2MFY3cU9UZwpHTG9jYWxlCWVuX1VTX1VTRAo0ZTkyM2MzYy1hMDg4LTRiYWEtYmZmZS01Mzg5OWM5ODNkYTU6U1NDdHhJZAkyN2UxN2EyYy0yNzczLTQ4OTEtYjA1OC1hMWUyNjAwZTRjMjI;Path=/richardsonsoftware;Version=1;
Location: https://sites.fastspring.com/richardsonsoftware/order/customer;jsessionid=814FD1DA84752AF7872A6197C210F629?csid=169025
Content-Length: 0
Date: Sun, 20 Mar 2011 13:58:11 GMT

1.16. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /extern/login_status.php?api_key=6c7cf65a3b49a7974b26a5d530aead6f&app_id=6c7cf65a3b49a7974b26a5d530aead6f&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df7601385c%26origin%3Dhttp%253A%252F%252Fwww.shockwave.com%252Ff1d6defa0c%26relation%3Dopener%26transport%3Dpostmessage%26frame%3Df2eed72454%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3e90e44c%26origin%3Dhttp%253A%252F%252Fwww.shockwave.com%252Ff1d6defa0c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2eed72454&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df509c751%26origin%3Dhttp%253A%252F%252Fwww.shockwave.com%252Ff1d6defa0c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2eed72454&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Dff3480ab8%26origin%3Dhttp%253A%252F%252Fwww.shockwave.com%252Ff1d6defa0c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2eed72454&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; gz=1; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Donline.wsj.com%26placement%3Drecommendations%26extra_1%3Dhttp%253A%252F%252Fonline.wsj.com%252Fhome-page%26extra_2%3DUS

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=0#cb=f509c751&origin=http%3A%2F%2Fwww.shockwave.com%2Ff1d6defa0c&relation=parent&transport=postmessage&frame=f2eed72454
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.92.47
X-Cnection: close
Date: Sun, 20 Mar 2011 12:34:17 GMT
Content-Length: 0

1.17. http://www.myyearbook.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.myyearbook.com
Path:   /

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET / HTTP/1.1
Host: www.myyearbook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 12:38:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Set-Cookie: PHPSESSID=801dea07b4525bb09a00f44dbe2a1e38; path=/; domain=.myyearbook.com
Set-Cookie: mybRegTheme=deleted; expires=Sat, 20-Mar-2010 12:38:53 GMT; path=/; domain=.myyearbook.com
Set-Cookie: mybRegData=deleted; expires=Sat, 20-Mar-2010 12:38:53 GMT; path=/; domain=.myyearbook.com
Set-Cookie: mybRegTheme=hbl; expires=Sun, 27-Mar-2011 12:38:54 GMT; path=/; domain=.myyearbook.com
Set-Cookie: mybRegData=%5B%5D; expires=Sun, 27-Mar-2011 12:38:54 GMT; path=/; domain=.myyearbook.com
Set-Cookie: POSTAff2Cookie=HBL; expires=Mon, 19-Mar-2012 12:38:54 GMT; path=/; domain=.myyearbook.com
Set-Cookie: MYB_TARGET=_unknown_1000_____; path=/; domain=.myyearbook.com
Cache-control: no-cache
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8;
X-MyPoolMember: 10.100.10.201
Content-Length: 25700

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<li class="login_forgot">
<a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX2ZvcmdvdHBhc3N3b3Jk">Forgot password?</a>
...[SNIP]...
<li class="navbar_battles" data-id="battles"><a href="http://www.myyearbook.com/?mysession=YmF0dGxlc192b3RlX2JhdHRsZQ==">Battles</a></li><li class="navbar_mymag" data-id="mymag"><a href="http://www.myyearbook.com/?mysession=bWFnX2luZGV4">myMag</a>
...[SNIP]...
1.18. http://www.ncl.com/nclweb/cruiser/cmsPages.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.ncl.com
Path:   /nclweb/cruiser/cmsPages.html

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /nclweb/cruiser/cmsPages.html HTTP/1.1
Host: www.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
P3P: policyref="http://www.ncl.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMo DEVo TAIo PSAo PSDo IVAo IVDo CONi HISo TELi OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV LOC"
Content-Type: text/html; charset=ISO-8859-1
Date: Sun, 20 Mar 2011 13:59:53 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JSESSIONID=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665; path=/
Set-Cookie: NCLPERSIST1=868788416.20480.0000; path=/
Content-Length: 57648


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta charset="utf-8">
<title>


Welcome to NC
...[SNIP]...
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico" />
<link rel="stylesheet" type="text/css" href="/nclweb/styles/locale_us/general.css;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665" />
<link rel="stylesheet" type="text/css" href="/nclweb/styles/superfish/superfish.css;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665" />
<link rel="stylesheet" type="text/css" href="/nclweb/styles/menu.css;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665" />


<link rel="stylesheet" type="text/css" href="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/assets/skins/sam/skin.css" />


<link rel="stylesheet" type="text/css" href="/nclweb/styles/shadowbox.css;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665" />
<link href="/nclweb/styles/app.css;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665" media="screen, projection" rel="stylesheet" type="text/css" />
<link href="/nclweb/styles/prt.css;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665" media="print" rel="stylesheet" type="text/css" />

<!--[if lt IE 8]>
...[SNIP]...
<![endif]-->

<link rel="stylesheet" type="text/css" href="/nclweb/styles/misc.css;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665" />


<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/utilities/utilities.js">
...[SNIP]...
</script>
<script type="text/javascript" src="/nclweb/script/yui-functional-0.4.0-min.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/20081216.001/common.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/20080331.001/global.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/20080331.001/ajax.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/20080331.001/shadowbox-yui.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/20080331.001/shadowbox_cookie.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/20080331.001/shadowbox.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/20080331.001/callback.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/20080331.001/cta/tools-min.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/20080331.001/cta/effects-min.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>

<script type="text/javascript" src="/nclweb/script/common/jquery.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/common/jquery-ui-1.7.2.custom.min.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/common/jquery.ajaxQueue.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/common/jquery.autocomplete.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/common/jquery.qtip-1.0.0-rc3.min.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/common/underscore-min.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/common/date.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/common/saved_vacations.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>

<script type="text/javascript" src="/nclweb/script/common/app.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/common/designYourVacation.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/20080331.001/cta/requestCall.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/tracking/s_code.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
<script type="text/javascript" src="/nclweb/script/tracking/omniture.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>


<script type="text/javascript" src="/nclweb/script/superfish/superfish.js;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"></script>
...[SNIP]...
<a id="sitewide_promo_link" href="/"><img id="sitewide_promo_banner" src="/nclweb/images/framework/x.gif;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665" alt="" /></a>
...[SNIP]...
<li id="topnav_home"><a href="/nclweb/home.html;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665">Home</a>
...[SNIP]...
<li><a href="/nclweb/contactUs.html;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665">Contact Us</a>
...[SNIP]...
<li><a href="/nclweb/cruiser/cmsPages.html;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665?pageId=FAQ">FAQs</a>
...[SNIP]...
<li id="topnav_sitemap" class="last"><a href="/nclweb/cruiser/cmsPages.html;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665?pageId=SiteMap">Site Map</a>
...[SNIP]...
<div id="planning" class="closed_plan">
    <a id="launch_planner" href="/nclweb/contactUs.html;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665">Need Help Planning?</a>
...[SNIP]...
</p>
<img id="sitewide_promo_toggle_img" src="/nclweb/images/framework/promo_plus.gif;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665" alt="Open" />
    </div>
...[SNIP]...
<div id="brand">
    <a href="/nclweb/home.html;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"><img id="logo" alt="Norwegian Cruise Line" src="/nclweb/images/framework/logo.gif;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665" /></a>
...[SNIP]...
<li><a href="/nclweb/secure/registrationRetrievalOptions.html;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"><b>
...[SNIP]...
<li class="last"><a href="/nclweb/secure/bookedGuestLanding.html;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665"><b>
...[SNIP]...
<div id="tel">
    <img src="/nclweb/images/framework/lbl_phone_number.png;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665" height="22" width="215" alt="Plan your cruise: 1-866-234-7350" />
    </div>
...[SNIP]...
</div>
   
       <img src="/nclweb/images/framework/bottom_wave.gif;jsessionid=NGLZ6vmHp9JgKgGGrdwbjZY22XPfhz2J!794536665" />
   
    <div id="footer">
...[SNIP]...
1.19. http://www.quantcast.com/js/top-sites.js  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.quantcast.com
Path:   /js/top-sites.js

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /js/top-sites.js;jsessionid=F8C72CDB444E881F86E48F2534922FBE?v=2011031903 HTTP/1.1
Host: www.quantcast.com
Proxy-Connection: keep-alive
Referer: http://www.quantcast.com/top-sites-1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1138661367-1297862290557; __utmz=14861494.1297862294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=14861494.1792645891.1297862294.1300282310.1300542320.13; qcVisitor=2|47|1297862270597|109|NOTSET; JSESSIONID=F8C72CDB444E881F86E48F2534922FBE

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Date: Sun, 20 Mar 2011 12:33:53 GMT
Expires: Tue, 19 Apr 2011 12:33:53 GMT
Cache-control: public, max-age=2592000
Set-Cookie: qcVisitor=2|47|1297862270597|110|NOTSET; Expires=Tue, 12-Mar-2041 12:33:53 GMT; Path=/
ETag: W/"813-1299860906000"
Last-Modified: Fri, 11 Mar 2011 16:28:26 GMT
Content-Type: application/x-javascript;charset=UTF-8
Content-Length: 813
Connection: close

jQuery(document).ready(function(){var a=jQuery("#jump-to").val().length>0?jQuery("#jump-to").val():((window.location.hash.length>0)?window.location.hash.substr(1):"");if(a&&a.length>0){var b=jQuery("#
...[SNIP]...
1.20. http://www.quantcast.com/top-sites-1  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.quantcast.com
Path:   /top-sites-1

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /top-sites-1 HTTP/1.1
Host: www.quantcast.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1138661367-1297862290557; __utmz=14861494.1297862294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=14861494.1792645891.1297862294.1300282310.1300542320.13; qcVisitor=2|47|1297862270597|109|NOTSET

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=F8C72CDB444E881F86E48F2534922FBE; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 12:33:52 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html>


<head>

<meta http-equiv="Content-Type" content="text/
...[SNIP]...
</h2>
<a href="/quantcast-top-million.zip;jsessionid=F8C72CDB444E881F86E48F2534922FBE" class="downArrowLink">Download top million site rankings (~10MB)</a>
...[SNIP]...
<li><a href="/top-sites/AF;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-af">
...[SNIP]...
<li><a href="/top-sites/AX;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ax">
...[SNIP]...
<li><a href="/top-sites/AL;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-al">
...[SNIP]...
<li><a href="/top-sites/DZ;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-dz">
...[SNIP]...
<li><a href="/top-sites/AS;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-as">
...[SNIP]...
<li><a href="/top-sites/AD;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ad">
...[SNIP]...
<li><a href="/top-sites/AO;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ao">
...[SNIP]...
<li><a href="/top-sites/AI;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ai">
...[SNIP]...
<li><a href="/top-sites/AQ;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-aq">
...[SNIP]...
<li><a href="/top-sites/AG;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ag">
...[SNIP]...
<li><a href="/top-sites/AR;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ar">
...[SNIP]...
<li><a href="/top-sites/AM;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-am">
...[SNIP]...
<li><a href="/top-sites/AW;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-aw">
...[SNIP]...
<li><a href="/top-sites/AU;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-au">
...[SNIP]...
<li><a href="/top-sites/AT;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-at">
...[SNIP]...
<li><a href="/top-sites/AZ;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-az">
...[SNIP]...
<li><a href="/top-sites/BS;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-bs">
...[SNIP]...
<li><a href="/top-sites/BH;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-bh">
...[SNIP]...
<li><a href="/top-sites/BD;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-bd">
...[SNIP]...
<li><a href="/top-sites/BB;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-bb">
...[SNIP]...
<li><a href="/top-sites/BY;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-by">
...[SNIP]...
<li><a href="/top-sites/BE;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-be">
...[SNIP]...
<li><a href="/top-sites/BZ;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-bz">
...[SNIP]...
<li><a href="/top-sites/BJ;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-bj">
...[SNIP]...
<li><a href="/top-sites/BM;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-bm">
...[SNIP]...
<li><a href="/top-sites/BT;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-bt">
...[SNIP]...
<li><a href="/top-sites/BO;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-bo">
...[SNIP]...
<li><a href="/top-sites/BA;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ba">
...[SNIP]...
<li><a href="/top-sites/BW;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-bw">
...[SNIP]...
<li><a href="/top-sites/BV;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-bv">
...[SNIP]...
<li><a href="/top-sites/BR;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-br">
...[SNIP]...
<li><a href="/top-sites/IO;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-io">
...[SNIP]...
<li><a href="/top-sites/BN;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-bn">
...[SNIP]...
<li><a href="/top-sites/BG;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-bg">
...[SNIP]...
<li><a href="/top-sites/BF;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-bf">
...[SNIP]...
<li><a href="/top-sites/BI;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-bi">
...[SNIP]...
<li><a href="/top-sites/KH;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-kh">
...[SNIP]...
<li><a href="/top-sites/CM;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-cm">
...[SNIP]...
<li><a href="/top-sites/CA;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ca">
...[SNIP]...
<li><a href="/top-sites/CV;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-cv">
...[SNIP]...
<li><a href="/top-sites/KY;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ky">
...[SNIP]...
<li><a href="/top-sites/CF;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-cf">
...[SNIP]...
<li><a href="/top-sites/TD;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-td">
...[SNIP]...
<li><a href="/top-sites/CL;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-cl">
...[SNIP]...
<li><a href="/top-sites/CN;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-cn">
...[SNIP]...
<li><a href="/top-sites/CX;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-cx">
...[SNIP]...
<li><a href="/top-sites/CC;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-cc">
...[SNIP]...
<li><a href="/top-sites/CO;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-co">
...[SNIP]...
<li><a href="/top-sites/KM;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-km">
...[SNIP]...
<li><a href="/top-sites/CG;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-cg">
...[SNIP]...
<li><a href="/top-sites/CD;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-cd">
...[SNIP]...
<li><a href="/top-sites/CK;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ck">
...[SNIP]...
<li><a href="/top-sites/CR;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-cr">
...[SNIP]...
<li><a href="/top-sites/CI;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ci">
...[SNIP]...
<li><a href="/top-sites/HR;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-hr">
...[SNIP]...
<li><a href="/top-sites/CU;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-cu">
...[SNIP]...
<li><a href="/top-sites/CY;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-cy">
...[SNIP]...
<li><a href="/top-sites/CZ;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-cz">
...[SNIP]...
<li><a href="/top-sites/DK;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-dk">
...[SNIP]...
<li><a href="/top-sites/DJ;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-dj">
...[SNIP]...
<li><a href="/top-sites/DM;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-dm">
...[SNIP]...
<li><a href="/top-sites/DO;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-do">
...[SNIP]...
<li><a href="/top-sites/EC;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ec">
...[SNIP]...
<li><a href="/top-sites/EG;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-eg">
...[SNIP]...
<li><a href="/top-sites/SV;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-sv">
...[SNIP]...
<li><a href="/top-sites/GQ;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-gq">
...[SNIP]...
<li><a href="/top-sites/ER;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-er">
...[SNIP]...
<li><a href="/top-sites/EE;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ee">
...[SNIP]...
<li><a href="/top-sites/ET;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-et">
...[SNIP]...
<li><a href="/top-sites/FK;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-fk">
...[SNIP]...
<li><a href="/top-sites/FO;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-fo">
...[SNIP]...
<li><a href="/top-sites/FJ;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-fj">
...[SNIP]...
<li><a href="/top-sites/FI;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-fi">
...[SNIP]...
<li><a href="/top-sites/FR;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-fr">
...[SNIP]...
<li><a href="/top-sites/GF;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-gf">
...[SNIP]...
<li><a href="/top-sites/PF;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-pf">
...[SNIP]...
<li><a href="/top-sites/TF;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-tf">
...[SNIP]...
<li><a href="/top-sites/GA;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ga">
...[SNIP]...
<li><a href="/top-sites/GM;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-gm">
...[SNIP]...
<li><a href="/top-sites/GE;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ge">
...[SNIP]...
<li><a href="/top-sites/DE;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-de">
...[SNIP]...
<li><a href="/top-sites/GH;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-gh">
...[SNIP]...
<li><a href="/top-sites/GI;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-gi">
...[SNIP]...
<li><a href="/top-sites/GR;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-gr">
...[SNIP]...
<li><a href="/top-sites/GL;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-gl">
...[SNIP]...
<li><a href="/top-sites/GD;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-gd">
...[SNIP]...
<li><a href="/top-sites/GP;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-gp">
...[SNIP]...
<li><a href="/top-sites/GU;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-gu">
...[SNIP]...
<li><a href="/top-sites/GT;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-gt">
...[SNIP]...
<li><a href="/top-sites/GG;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-gg">
...[SNIP]...
<li><a href="/top-sites/GN;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-gn">
...[SNIP]...
<li><a href="/top-sites/GW;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-gw">
...[SNIP]...
<li><a href="/top-sites/GY;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-gy">
...[SNIP]...
<li><a href="/top-sites/HT;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ht">
...[SNIP]...
<li><a href="/top-sites/HM;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-hm">
...[SNIP]...
<li><a href="/top-sites/VA;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-va">
...[SNIP]...
<li><a href="/top-sites/HN;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-hn">
...[SNIP]...
<li><a href="/top-sites/HK;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-hk">
...[SNIP]...
<li><a href="/top-sites/HU;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-hu">
...[SNIP]...
<li><a href="/top-sites/IS;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-is">
...[SNIP]...
<li><a href="/top-sites/IN;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-in">
...[SNIP]...
<li><a href="/top-sites/ID;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-id">
...[SNIP]...
<li><a href="/top-sites/IR;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ir">
...[SNIP]...
<li><a href="/top-sites/IQ;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-iq">
...[SNIP]...
<li><a href="/top-sites/IE;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ie">
...[SNIP]...
<li><a href="/top-sites/IM;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-im">
...[SNIP]...
<li><a href="/top-sites/IL;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-il">
...[SNIP]...
<li><a href="/top-sites/IT;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-it">
...[SNIP]...
<li><a href="/top-sites/JM;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-jm">
...[SNIP]...
<li><a href="/top-sites/JP;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-jp">
...[SNIP]...
<li><a href="/top-sites/JE;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-je">
...[SNIP]...
<li><a href="/top-sites/JO;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-jo">
...[SNIP]...
<li><a href="/top-sites/KZ;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-kz">
...[SNIP]...
<li><a href="/top-sites/KE;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ke">
...[SNIP]...
<li><a href="/top-sites/KI;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ki">
...[SNIP]...
<li><a href="/top-sites/KP;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-kp">
...[SNIP]...
<li><a href="/top-sites/KR;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-kr">
...[SNIP]...
<li><a href="/top-sites/KW;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-kw">
...[SNIP]...
<li><a href="/top-sites/KG;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-kg">
...[SNIP]...
<li><a href="/top-sites/LA;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-la">
...[SNIP]...
<li><a href="/top-sites/LV;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-lv">
...[SNIP]...
<li><a href="/top-sites/LB;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-lb">
...[SNIP]...
<li><a href="/top-sites/LS;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ls">
...[SNIP]...
<li><a href="/top-sites/LR;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-lr">
...[SNIP]...
<li><a href="/top-sites/LY;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ly">
...[SNIP]...
<li><a href="/top-sites/LI;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-li">
...[SNIP]...
<li><a href="/top-sites/LT;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-lt">
...[SNIP]...
<li><a href="/top-sites/LU;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-lu">
...[SNIP]...
<li><a href="/top-sites/MO;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-mo">
...[SNIP]...
<li><a href="/top-sites/MK;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-mk">
...[SNIP]...
<li><a href="/top-sites/MG;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-mg">
...[SNIP]...
<li><a href="/top-sites/MW;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-mw">
...[SNIP]...
<li><a href="/top-sites/MY;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-my">
...[SNIP]...
<li><a href="/top-sites/MV;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-mv">
...[SNIP]...
<li><a href="/top-sites/ML;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ml">
...[SNIP]...
<li><a href="/top-sites/MT;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-mt">
...[SNIP]...
<li><a href="/top-sites/MH;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-mh">
...[SNIP]...
<li><a href="/top-sites/MQ;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-mq">
...[SNIP]...
<li><a href="/top-sites/MR;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-mr">
...[SNIP]...
<li><a href="/top-sites/MU;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-mu">
...[SNIP]...
<li><a href="/top-sites/YT;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-yt">
...[SNIP]...
<li><a href="/top-sites/MX;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-mx">
...[SNIP]...
<li><a href="/top-sites/FM;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-fm">
...[SNIP]...
<li><a href="/top-sites/MD;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-md">
...[SNIP]...
<li><a href="/top-sites/MC;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-mc">
...[SNIP]...
<li><a href="/top-sites/MN;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-mn">
...[SNIP]...
<li><a href="/top-sites/ME;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-me">
...[SNIP]...
<li><a href="/top-sites/MS;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ms">
...[SNIP]...
<li><a href="/top-sites/MA;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ma">
...[SNIP]...
<li><a href="/top-sites/MZ;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-mz">
...[SNIP]...
<li><a href="/top-sites/MM;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-mm">
...[SNIP]...
<li><a href="/top-sites/NA;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-na">
...[SNIP]...
<li><a href="/top-sites/NR;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-nr">
...[SNIP]...
<li><a href="/top-sites/NP;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-np">
...[SNIP]...
<li><a href="/top-sites/NL;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-nl">
...[SNIP]...
<li><a href="/top-sites/AN;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-an">
...[SNIP]...
<li><a href="/top-sites/NC;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-nc">
...[SNIP]...
<li><a href="/top-sites/NZ;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-nz">
...[SNIP]...
<li><a href="/top-sites/NI;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ni">
...[SNIP]...
<li><a href="/top-sites/NE;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ne">
...[SNIP]...
<li><a href="/top-sites/NG;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ng">
...[SNIP]...
<li><a href="/top-sites/NU;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-nu">
...[SNIP]...
<li><a href="/top-sites/NF;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-nf">
...[SNIP]...
<li><a href="/top-sites/MP;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-mp">
...[SNIP]...
<li><a href="/top-sites/NO;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-no">
...[SNIP]...
<li><a href="/top-sites/OM;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-om">
...[SNIP]...
<li><a href="/top-sites/PK;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-pk">
...[SNIP]...
<li><a href="/top-sites/PW;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-pw">
...[SNIP]...
<li><a href="/top-sites/PS;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ps">
...[SNIP]...
<li><a href="/top-sites/PA;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-pa">
...[SNIP]...
<li><a href="/top-sites/PG;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-pg">
...[SNIP]...
<li><a href="/top-sites/PY;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-py">
...[SNIP]...
<li><a href="/top-sites/PE;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-pe">
...[SNIP]...
<li><a href="/top-sites/PH;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ph">
...[SNIP]...
<li><a href="/top-sites/PN;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-pn">
...[SNIP]...
<li><a href="/top-sites/PL;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-pl">
...[SNIP]...
<li><a href="/top-sites/PT;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-pt">
...[SNIP]...
<li><a href="/top-sites/PR;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-pr">
...[SNIP]...
<li><a href="/top-sites/QA;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-qa">
...[SNIP]...
<li><a href="/top-sites/RE;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-re">
...[SNIP]...
<li><a href="/top-sites/RO;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ro">
...[SNIP]...
<li><a href="/top-sites/RU;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ru">
...[SNIP]...
<li><a href="/top-sites/RW;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-rw">
...[SNIP]...
<li><a href="/top-sites/SH;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-sh">
...[SNIP]...
<li><a href="/top-sites/KN;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-kn">
...[SNIP]...
<li><a href="/top-sites/LC;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-lc">
...[SNIP]...
<li><a href="/top-sites/PM;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-pm">
...[SNIP]...
<li><a href="/top-sites/VC;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-vc">
...[SNIP]...
<li><a href="/top-sites/WS;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ws">
...[SNIP]...
<li><a href="/top-sites/SM;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-sm">
...[SNIP]...
<li><a href="/top-sites/ST;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-st">
...[SNIP]...
<li><a href="/top-sites/SA;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-sa">
...[SNIP]...
<li><a href="/top-sites/SN;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-sn">
...[SNIP]...
<li><a href="/top-sites/RS;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-rs">
...[SNIP]...
<li><a href="/top-sites/SC;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-sc">
...[SNIP]...
<li><a href="/top-sites/SL;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-sl">
...[SNIP]...
<li><a href="/top-sites/SG;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-sg">
...[SNIP]...
<li><a href="/top-sites/SK;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-sk">
...[SNIP]...
<li><a href="/top-sites/SI;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-si">
...[SNIP]...
<li><a href="/top-sites/SB;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-sb">
...[SNIP]...
<li><a href="/top-sites/SO;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-so">
...[SNIP]...
<li><a href="/top-sites/ZA;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-za">
...[SNIP]...
<li><a href="/top-sites/GS;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-gs">
...[SNIP]...
<li><a href="/top-sites/ES;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-es">
...[SNIP]...
<li><a href="/top-sites/LK;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-lk">
...[SNIP]...
<li><a href="/top-sites/SD;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-sd">
...[SNIP]...
<li><a href="/top-sites/SR;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-sr">
...[SNIP]...
<li><a href="/top-sites/SJ;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-sj">
...[SNIP]...
<li><a href="/top-sites/SZ;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-sz">
...[SNIP]...
<li><a href="/top-sites/SE;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-se">
...[SNIP]...
<li><a href="/top-sites/CH;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ch">
...[SNIP]...
<li><a href="/top-sites/SY;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-sy">
...[SNIP]...
<li><a href="/top-sites/TW;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-tw">
...[SNIP]...
<li><a href="/top-sites/TJ;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-tj">
...[SNIP]...
<li><a href="/top-sites/TZ;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-tz">
...[SNIP]...
<li><a href="/top-sites/TH;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-th">
...[SNIP]...
<li><a href="/top-sites/TL;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-tl">
...[SNIP]...
<li><a href="/top-sites/TG;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-tg">
...[SNIP]...
<li><a href="/top-sites/TK;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-tk">
...[SNIP]...
<li><a href="/top-sites/TO;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-to">
...[SNIP]...
<li><a href="/top-sites/TT;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-tt">
...[SNIP]...
<li><a href="/top-sites/TN;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-tn">
...[SNIP]...
<li><a href="/top-sites/TR;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-tr">
...[SNIP]...
<li><a href="/top-sites/TM;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-tm">
...[SNIP]...
<li><a href="/top-sites/TC;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-tc">
...[SNIP]...
<li><a href="/top-sites/TV;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-tv">
...[SNIP]...
<li><a href="/top-sites/UG;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ug">
...[SNIP]...
<li><a href="/top-sites/UA;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ua">
...[SNIP]...
<li><a href="/top-sites/AE;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ae">
...[SNIP]...
<li><a href="/top-sites/GB;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-gb">
...[SNIP]...
<li><a href="/top-sites/US;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-us">
...[SNIP]...
<li><a href="/top-sites/UM;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-um">
...[SNIP]...
<li><a href="/top-sites/UY;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-uy">
...[SNIP]...
<li><a href="/top-sites/UZ;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-uz">
...[SNIP]...
<li><a href="/top-sites/VU;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-vu">
...[SNIP]...
<li><a href="/top-sites/VE;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ve">
...[SNIP]...
<li><a href="/top-sites/VN;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-vn">
...[SNIP]...
<li><a href="/top-sites/VG;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-vg">
...[SNIP]...
<li><a href="/top-sites/VI;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-vi">
...[SNIP]...
<li><a href="/top-sites/WF;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-wf">
...[SNIP]...
<li><a href="/top-sites/EH;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-eh">
...[SNIP]...
<li><a href="/top-sites/YE;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-ye">
...[SNIP]...
<li><a href="/top-sites/ZM;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-zm">
...[SNIP]...
<li><a href="/top-sites/ZW;jsessionid=F8C72CDB444E881F86E48F2534922FBE" rel="nofollow" class="country-link"><span class="country-zw">
...[SNIP]...
<td align="right">
<a href="/top-sites/US/2;jsessionid=F8C72CDB444E881F86E48F2534922FBE" class="next">Next 100</a>
...[SNIP]...
<td><a href="/google.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-0" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.google&country=US"></a>
...[SNIP]...
<td class="link"><a href="/google.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">google.com</a>
...[SNIP]...
<td><a href="/facebook.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-1" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.facebook&country=US"></a>
...[SNIP]...
<td class="link"><a href="/facebook.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">facebook.com</a>
...[SNIP]...
<td><a href="/youtube.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-2" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.youtube&country=US"></a>
...[SNIP]...
<td class="link"><a href="/youtube.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">youtube.com</a>
...[SNIP]...
<td><a href="/yahoo.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-3" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.yahoo&country=US"></a>
...[SNIP]...
<td class="link"><a href="/yahoo.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">yahoo.com</a>
...[SNIP]...
<td><a href="/amazon.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-4" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.amazon&country=US"></a>
...[SNIP]...
<td class="link"><a href="/amazon.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">amazon.com</a>
...[SNIP]...
<td><a href="/twitter.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-5" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.twitter&country=US"></a>
...[SNIP]...
<td class="link"><a href="/twitter.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">twitter.com</a>
...[SNIP]...
<td><a href="/msn.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-6" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.msn&country=US"></a>
...[SNIP]...
<td class="link"><a href="/msn.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">msn.com</a>
...[SNIP]...
<td><a href="/wikipedia.org;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-7" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:org.wikipedia&country=US"></a>
...[SNIP]...
<td class="link"><a href="/wikipedia.org;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">wikipedia.org</a>
...[SNIP]...
<td><a href="/live.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-8" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.live&country=US"></a>
...[SNIP]...
<td class="link"><a href="/live.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">live.com</a>
...[SNIP]...
<td><a href="/microsoft.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-9" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.microsoft&country=US"></a>
...[SNIP]...
<td class="link"><a href="/microsoft.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">microsoft.com</a>
...[SNIP]...
<td><a href="/answers.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-10" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.answers&country=US"></a>
...[SNIP]...
<td class="link"><a href="/answers.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">answers.com</a>
...[SNIP]...
<td><a href="/ebay.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-11" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.ebay&country=US"></a>
...[SNIP]...
<td class="link"><a href="/ebay.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">ebay.com</a>
...[SNIP]...
<td><a href="/blogspot.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-12" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.blogspot&country=US"></a>
...[SNIP]...
<td class="link"><a href="/blogspot.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">blogspot.com</a>
...[SNIP]...
<td><a href="/ask.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-13" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.ask&country=US"></a>
...[SNIP]...
<td class="link"><a href="/ask.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">ask.com</a>
...[SNIP]...
<td><a href="/ehow.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-14" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.ehow&country=US"></a>
...[SNIP]...
<td class="link"><a href="/ehow.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">ehow.com</a>
...[SNIP]...
<td><a href="/blogger.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-15" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.blogger&country=US"></a>
...[SNIP]...
<td class="link"><a href="/blogger.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">blogger.com</a>
...[SNIP]...
<td><a href="/bing.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-16" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.bing&country=US"></a>
...[SNIP]...
<td class="link"><a href="/bing.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">bing.com</a>
...[SNIP]...
<td><a href="/aol.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-17" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.aol&country=US"></a>
...[SNIP]...
<td class="link"><a href="/aol.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">aol.com</a>
...[SNIP]...
<td><a href="/craigslist.org;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-18" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:org.craigslist&country=US"></a>
...[SNIP]...
<td class="link"><a href="/craigslist.org;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">craigslist.org</a>
...[SNIP]...
<td><a href="/wordpress.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-19" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.wordpress&country=US"></a>
...[SNIP]...
<td class="link"><a href="/wordpress.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">wordpress.com</a>
...[SNIP]...
<td><a href="/about.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-20" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.about&country=US"></a>
...[SNIP]...
<td class="link"><a href="/about.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">about.com</a>
...[SNIP]...
<td><a href="/weather.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-21" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.weather&country=US"></a>
...[SNIP]...
<td class="link"><a href="/weather.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">weather.com</a>
...[SNIP]...
<td><a href="/adobe.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-22" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.adobe&country=US"></a>
...[SNIP]...
<td class="link"><a href="/adobe.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">adobe.com</a>
...[SNIP]...
<td><a href="/foxnews.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-23" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.foxnews&country=US"></a>
...[SNIP]...
<td class="link"><a href="/foxnews.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">foxnews.com</a>
...[SNIP]...
<td><a href="/linkedin.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-24" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.linkedin&country=US"></a>
...[SNIP]...
<td class="link"><a href="/linkedin.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">linkedin.com</a>
...[SNIP]...
<td><a href="/huffingtonpost.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-25" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.huffingtonpost&country=US"></a>
...[SNIP]...
<td class="link"><a href="/huffingtonpost.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">huffingtonpost.com</a>
...[SNIP]...
<td><a href="/paypal.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-26" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.paypal&country=US"></a>
...[SNIP]...
<td class="link"><a href="/paypal.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">paypal.com</a>
...[SNIP]...
<td><a href="/walmart.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-27" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.walmart&country=US"></a>
...[SNIP]...
<td class="link"><a href="/walmart.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">walmart.com</a>
...[SNIP]...
<td><a href="/go.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-28" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.go&country=US"></a>
...[SNIP]...
<td class="link"><a href="/go.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">go.com</a>
...[SNIP]...
<td><a href="/mapquest.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-29" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.mapquest&country=US"></a>
...[SNIP]...
<td class="link"><a href="/mapquest.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">mapquest.com</a>
...[SNIP]...
<td><a href="/myspace.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-30" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.myspace&country=US"></a>
...[SNIP]...
<td class="link"><a href="/myspace.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">myspace.com</a>
...[SNIP]...
<td><a href="/reference.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-31" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.reference&country=US"></a>
...[SNIP]...
<td class="link"><a href="/reference.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">reference.com</a>
...[SNIP]...
<td><a href="/godaddy.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-32" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.godaddy&country=US"></a>
...[SNIP]...
<td class="link"><a href="/godaddy.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">godaddy.com</a>
...[SNIP]...
<td><a href="/comcast.net;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-33" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:net.comcast&country=US"></a>
...[SNIP]...
<td class="link"><a href="/comcast.net;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">comcast.net</a>
...[SNIP]...
<td><a href="/windows.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-34" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.windows&country=US"></a>
...[SNIP]...
<td class="link"><a href="/windows.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">windows.com</a>
...[SNIP]...
<td><a href="/photobucket.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-35" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.photobucket&country=US"></a>
...[SNIP]...
<td class="link"><a href="/photobucket.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">photobucket.com</a>
...[SNIP]...
<td><a href="/pandora.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-36" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.pandora&country=US"></a>
...[SNIP]...
<td class="link"><a href="/pandora.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">pandora.com</a>
...[SNIP]...
<td><a href="/att.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-37" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.att&country=US"></a>
...[SNIP]...
<td class="link"><a href="/att.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">att.com</a>
...[SNIP]...
<td><a href="/imdb.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-38" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.imdb&country=US"></a>
...[SNIP]...
<td class="link"><a href="/imdb.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">imdb.com</a>
...[SNIP]...
<td><a href="/hulu.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-39" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.hulu&country=US"></a>
...[SNIP]...
<td class="link"><a href="/hulu.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">hulu.com</a>
...[SNIP]...
<td><a href="/overstock.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-40" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.overstock&country=US"></a>
...[SNIP]...
<td class="link"><a href="/overstock.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">overstock.com</a>
...[SNIP]...
<td><a href="/cnn.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-41" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.cnn&country=US"></a>
...[SNIP]...
<td class="link"><a href="/cnn.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">cnn.com</a>
...[SNIP]...
<td><a href="/tumblr.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-42" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.tumblr&country=US"></a>
...[SNIP]...
<td class="link"><a href="/tumblr.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">tumblr.com</a>
...[SNIP]...
<td><a href="/match.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-43" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.match&country=US"></a>
...[SNIP]...
<td class="link"><a href="/match.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">match.com</a>
...[SNIP]...
<td><a href="/manta.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-44" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.manta&country=US"></a>
...[SNIP]...
<td class="link"><a href="/manta.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">manta.com</a>
...[SNIP]...
<td><a href="/apple.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-45" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.apple&country=US"></a>
...[SNIP]...
<td class="link"><a href="/apple.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">apple.com</a>
...[SNIP]...
<td><a href="/whitepages.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-46" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.whitepages&country=US"></a>
...[SNIP]...
<td class="link"><a href="/whitepages.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">whitepages.com</a>
...[SNIP]...
<td><a href="/webmd.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-47" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.webmd&country=US"></a>
...[SNIP]...
<td class="link"><a href="/webmd.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">webmd.com</a>
...[SNIP]...
<td><a href="/bbc.co.uk;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-48" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:uk.co.bbc&country=US"></a>
...[SNIP]...
<td class="link"><a href="/bbc.co.uk;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">bbc.co.uk</a>
...[SNIP]...
<td><a href="/cnet.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-49" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.cnet&country=US"></a>
...[SNIP]...
<td class="link"><a href="/cnet.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">cnet.com</a>
...[SNIP]...
<td><a href="/flickr.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-50" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.flickr&country=US"></a>
...[SNIP]...
<td class="link"><a href="/flickr.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">flickr.com</a>
...[SNIP]...
<td><a href="/monster.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-51" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.monster&country=US"></a>
...[SNIP]...
<td class="link"><a href="/monster.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">monster.com</a>
...[SNIP]...
<td><a href="/chase.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-52" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.chase&country=US"></a>
...[SNIP]...
<td class="link"><a href="/chase.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">chase.com</a>
...[SNIP]...
<td><a href="/tmz.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-53" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.tmz&country=US"></a>
...[SNIP]...
<td class="link"><a href="/tmz.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">tmz.com</a>
...[SNIP]...
<td><a href="/target.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-54" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.target&country=US"></a>
...[SNIP]...
<td class="link"><a href="/target.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">target.com</a>
...[SNIP]...
<td><a href="/metrolyrics.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-55" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.metrolyrics&country=US"></a>
...[SNIP]...
<td class="link"><a href="/metrolyrics.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">metrolyrics.com</a>
...[SNIP]...
<td><a href="/bankofamerica.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-56" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.bankofamerica&country=US"></a>
...[SNIP]...
<td class="link"><a href="/bankofamerica.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">bankofamerica.com</a>
...[SNIP]...
<td><a href="/nytimes.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-57" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.nytimes&country=US"></a>
...[SNIP]...
<td class="link"><a href="/nytimes.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">nytimes.com</a>
...[SNIP]...
<td><a href="/yellowpages.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-58" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.yellowpages&country=US"></a>
...[SNIP]...
<td class="link"><a href="/yellowpages.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">yellowpages.com</a>
...[SNIP]...
<td><a href="/legacy.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-59" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.legacy&country=US"></a>
...[SNIP]...
<td class="link"><a href="/legacy.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">legacy.com</a>
...[SNIP]...
<td><a href="/people.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-60" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.people&country=US"></a>
...[SNIP]...
<td class="link"><a href="/people.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">people.com</a>
...[SNIP]...
<td><a href="/hp.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-61" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.hp&country=US"></a>
...[SNIP]...
<td class="link"><a href="/hp.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">hp.com</a>
...[SNIP]...
<td><a href="/mtv.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-62" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.mtv&country=US"></a>
...[SNIP]...
<td class="link"><a href="/mtv.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">mtv.com</a>
...[SNIP]...
<td><a href="/localpages.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-63" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.localpages&country=US"></a>
...[SNIP]...
<td class="link"><a href="/localpages.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">localpages.com</a>
...[SNIP]...
<td><a href="/irs.gov;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-64" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:gov.irs&country=US"></a>
...[SNIP]...
<td class="link"><a href="/irs.gov;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">irs.gov</a>
...[SNIP]...
<td><a href="/bizrate.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-65" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.bizrate&country=US"></a>
...[SNIP]...
<td class="link"><a href="/bizrate.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">bizrate.com</a>
...[SNIP]...
<td><a href="/comcast.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-66" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.comcast&country=US"></a>
...[SNIP]...
<td class="link"><a href="/comcast.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">comcast.com</a>
...[SNIP]...
<td><a href="/netflix.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-67" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.netflix&country=US"></a>
...[SNIP]...
<td class="link"><a href="/netflix.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">netflix.com</a>
...[SNIP]...
<td><a href="/yelp.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-68" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.yelp&country=US"></a>
...[SNIP]...
<td class="link"><a href="/yelp.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">yelp.com</a>
...[SNIP]...
<td><a href="/washingtonpost.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-69" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.washingtonpost&country=US"></a>
...[SNIP]...
<td class="link"><a href="/washingtonpost.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">washingtonpost.com</a>
...[SNIP]...
<td><a href="/drudgereport.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-70" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.drudgereport&country=US"></a>
...[SNIP]...
<td class="link"><a href="/drudgereport.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">drudgereport.com</a>
...[SNIP]...
<td><a href="/dailymotion.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-71" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.dailymotion&country=US"></a>
...[SNIP]...
<td class="link"><a href="/dailymotion.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">dailymotion.com</a>
...[SNIP]...
<td><a href="/wikia.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-72" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.wikia&country=US"></a>
...[SNIP]...
<td class="link"><a href="/wikia.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">wikia.com</a>
...[SNIP]...
<td><a href="/wunderground.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-73" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.wunderground&country=US"></a>
...[SNIP]...
<td class="link"><a href="/wunderground.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">wunderground.com</a>
...[SNIP]...
<td><a href="/wellsfargo.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-74" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.wellsfargo&country=US"></a>
...[SNIP]...
<td class="link"><a href="/wellsfargo.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">wellsfargo.com</a>
...[SNIP]...
<td><a href="/associatedcontent.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-75" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.associatedcontent&country=US"></a>
...[SNIP]...
<td class="link"><a href="/associatedcontent.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">associatedcontent.com</a>
...[SNIP]...
<td><a href="/searchassist.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-76" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.searchassist&country=US"></a>
...[SNIP]...
<td class="link"><a href="/searchassist.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">searchassist.com</a>
...[SNIP]...
<td><a href="/hubpages.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-77" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.hubpages&country=US"></a>
...[SNIP]...
<td class="link"><a href="/hubpages.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">hubpages.com</a>
...[SNIP]...
<td><a href="/careerbuilder.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-78" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.careerbuilder&country=US"></a>
...[SNIP]...
<td class="link"><a href="/careerbuilder.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">careerbuilder.com</a>
...[SNIP]...
<td><a href="/usps.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-79" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.usps&country=US"></a>
...[SNIP]...
<td class="link"><a href="/usps.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">usps.com</a>
...[SNIP]...
<td><a href="/bestbuy.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-80" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.bestbuy&country=US"></a>
...[SNIP]...
<td class="link"><a href="/bestbuy.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">bestbuy.com</a>
...[SNIP]...
<td><a href="/chacha.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-81" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.chacha&country=US"></a>
...[SNIP]...
<td class="link"><a href="/chacha.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">chacha.com</a>
...[SNIP]...
<td><a href="/norton.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-82" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.norton&country=US"></a>
...[SNIP]...
<td class="link"><a href="/norton.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">norton.com</a>
...[SNIP]...
<td><a href="/jcpenney.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-83" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.jcpenney&country=US"></a>
...[SNIP]...
<td class="link"><a href="/jcpenney.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">jcpenney.com</a>
...[SNIP]...
<td><a href="/twitpic.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-84" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.twitpic&country=US"></a>
...[SNIP]...
<td class="link"><a href="/twitpic.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">twitpic.com</a>
...[SNIP]...
<td><a href="/simplyhired.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-85" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.simplyhired&country=US"></a>
...[SNIP]...
<td class="link"><a href="/simplyhired.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">simplyhired.com</a>
...[SNIP]...
<td><a href="/reddit.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-86" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.reddit&country=US"></a>
...[SNIP]...
<td class="link"><a href="/reddit.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">reddit.com</a>
...[SNIP]...
<td><a href="/city-data.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-87" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.city-data&country=US"></a>
...[SNIP]...
<td class="link"><a href="/city-data.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">city-data.com</a>
...[SNIP]...
<td><a href="/causes.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-88" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.causes&country=US"></a>
...[SNIP]...
<td class="link"><a href="/causes.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">causes.com</a>
...[SNIP]...
<td><a href="/ups.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-89" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.ups&country=US"></a>
...[SNIP]...
<td class="link"><a href="/ups.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">ups.com</a>
...[SNIP]...
<td><a href="/metacafe.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-90" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.metacafe&country=US"></a>
...[SNIP]...
<td class="link"><a href="/metacafe.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">metacafe.com</a>
...[SNIP]...
<td><a href="/examiner.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-91" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.examiner&country=US"></a>
...[SNIP]...
<td class="link"><a href="/examiner.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">examiner.com</a>
...[SNIP]...
<td><a href="/time.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-92" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.time&country=US"></a>
...[SNIP]...
<td class="link"><a href="/time.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">time.com</a>
...[SNIP]...
<td><a href="/weatherbug.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-93" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.weatherbug&country=US"></a>
...[SNIP]...
<td class="link"><a href="/weatherbug.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">weatherbug.com</a>
...[SNIP]...
<td><a href="/vimeo.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-94" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.vimeo&country=US"></a>
...[SNIP]...
<td class="link"><a href="/vimeo.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">vimeo.com</a>
...[SNIP]...
<td><a href="/merriam-webster.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-95" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.merriam-webster&country=US"></a>
...[SNIP]...
<td class="link"><a href="/merriam-webster.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">merriam-webster.com</a>
...[SNIP]...
<td><a href="/sears.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-96" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.sears&country=US"></a>
...[SNIP]...
<td class="link"><a href="/sears.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">sears.com</a>
...[SNIP]...
<td><a href="/squidoo.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-97" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.squidoo&country=US"></a>
...[SNIP]...
<td class="link"><a href="/squidoo.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">squidoo.com</a>
...[SNIP]...
<td><a href="/merchantcircle.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-98" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.merchantcircle&country=US"></a>
...[SNIP]...
<td class="link"><a href="/merchantcircle.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">merchantcircle.com</a>
...[SNIP]...
<td><a href="/coolmath-games.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US" class="sparkline-link" id="sparkline-99" rel="http://ak.quantcast.com/profile/favoritesGraph?wunit=wd:com.coolmath-games&country=US"></a>
...[SNIP]...
<td class="link"><a href="/coolmath-games.com;jsessionid=F8C72CDB444E881F86E48F2534922FBE?country=US">coolmath-games.com</a>
...[SNIP]...
<td align="right">
<a href="/top-sites/US/2;jsessionid=F8C72CDB444E881F86E48F2534922FBE" class="next">Next 100</a>
...[SNIP]...
<input type="hidden" value="" id="sparklines-root" />
<script type="text/javascript" src="/js/top-sites.js;jsessionid=F8C72CDB444E881F86E48F2534922FBE?v=2011031903"></script>
...[SNIP]...
1.21. http://www.quantcast.com/top-sites/US/2  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.quantcast.com
Path:   /top-sites/US/2

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /top-sites/US/2;jsessionid=F8C72CDB444E881F86E48F2534922FBE HTTP/1.1
Host: www.quantcast.com
Proxy-Connection: keep-alive
Referer: http://www.quantcast.com/top-sites-1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1138661367-1297862290557; __utmz=14861494.1297862294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=14861494.1792645891.1297862294.1300542320.1300624433.14; __utmc=14861494; __utmb=14861494.3.8.1300624434708; qcPageID=0; qcVisitor=2|47|1297862270597|112|NOTSET; JSESSIONID=686CB50C4B2A374C14A6F4326B6BFF47

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=B94D2CC7C2AFAD1E9C82A692FB8A28C9; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding
Date: Sun, 20 Mar 2011 12:33:56 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html>


<head>

<meta http-equiv="Content-Type" content="text/
...[SNIP]...
1.22. http://www.t-mobile.com/assets/styles/master.css  previous

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.t-mobile.com
Path:   /assets/styles/master.css

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /assets/styles/master.css?token=634357921947053067 HTTP/1.1
Host: www.t-mobile.com
Proxy-Connection: keep-alive
Referer: http://www.t-mobile.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TMobileCommon=TeaId=d676b058-7b88-48e0-a1a7-a54f7fb0806d; ASP.NET_SessionId=qquvpt55xmlorbb04afdz055; TMobileGeo=UserCurrentLocation=75207&UserCurrentCity=Dallas&UserCurrentCountry=United+States&GeoMarketId=8eb5dca0-f21b-4b24-8dc8-49933c6ff5d3&NeighborhoodName=Dallas&StateAbbreviation=TX&GeoMarketCode=DAT; TMobileUSStore=MarketUniqueID=8eb5dca0-f21b-4b24-8dc8-49933c6ff5d3&MarketCode=DAT&NeighborhoodName=Dallas&StateAbbreviation=TX&CityName=Dallas&StateName=Texas&ZIP=75207; TMobileSession=WT=&DCS=

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age:1800
Content-Type: text/css
Last-Modified: Tue, 15 Mar 2011 20:23:14 GMT
Accept-Ranges: bytes
ETag: "bc43d04ee3cb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Date: Sun, 20 Mar 2011 12:56:27 GMT
Content-Length: 158

... @import url(shell.css);@import url(layout.css);@import url(headandfoot.css);@import url(modules.css);@import url(poll.css);@import url(/css/tmobile2.css);
Report generated by XSS.CX at Sun Mar 20 09:15:34 CDT 2011.